Introduction
AllBlazing BV ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our health and fitness tracker mobile application ("App"). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not use the App.
Company Details
Company Name: AllBlazing BV
Address: c/o Stellar, Buitenwatersloot 81, 2613 TB Delft, The Netherlands
Tax: NL862946670B01
Chamber of Commerce (KvK): 83648941
Contact Email: hello@stellarapp.ai
Information We Collect
Personal Data
Identity Data: Name, username, or similar identifier.
Contact Data: Email address.
Health and Fitness Data
General Health Data: Data related to your overall health and fitness.
Sleep Data: Collected from watch trackers.
Sport Activities: GPS location, running, cycling, and other activities.
Nutrition: Food and drink intake tracked by you in the App.
Local Weather: Location data used to show local weather conditions.
Mindfulness Journal: Data from your interactions with the AI mindfulness journal.
Medical results: Data related to cholesterol, testosterone, nutrient deficiencies, and other general blood work and health results are stored to help provide preventative healthcare insights.
Technical Data
Device Information: IP address, browser type and version, time zone setting, operating system and platform, and other technology on the devices you use to access this App.
Usage Data: Information about how you use our App.
How We Use Your Information
We use the information we collect in the following ways: to provide, operate, and maintain the App; to improve, personalize, and expand our App; to understand and analyze how you use our App; to develop new products, services, features, and functionalities; to communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the App, and for marketing and promotional purposes; to process your transactions and manage your orders; to send you emails; to find and prevent fraud; to comply with legal obligations.
Legal Grounds for Processing Your Data
To process your personal data, we must have a valid reason, known as a legal basis. The legal bases applicable to our processing of your data include:
Explicit Consent: You have given clear consent for us to process your personal data for a specific purpose.
Contractual Obligation: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
Legitimate Interest: The processing is necessary for our legitimate interests or the legitimate interests of a third party, provided these interests are not overridden by your rights and interests.
Legal Obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
User Rights
As a user, you have the following rights regarding your personal data:
Right to Access: You have the right to request copies of your personal data.
Right to Rectification: You have the right to request correction of any information you believe is inaccurate.
Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Data Protection
We take precautions to protect your personal data and prevent unauthorized access, misuse, or disclosure. We implement technical and organizational measures to secure your information. Access to your data is limited to authorized personnel only.
Data Retention
We retain your personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy. For compliance with applicable laws, we may be required to retain certain data for a specific period. Medical data, including at-home diagnostic results, will be stored securely and only as long as necessary for medical purposes and in compliance with relevant health regulations.
Data Sharing
In certain circumstances, we may share your data with trusted third parties, including service providers and subcontractors, such as payment processors, technical support services, and cloud service providers; companies assisting us with marketing, advertising, and promotional activities; analytics and search engine providers helping us improve and optimize our App; and regulatory authorities, if required by law.
Note: We do not sell your personal data to third parties.
Compliance with GDPR, HIPAA, PCI DSS, CCPA, and EU AI Act
GDPR (General Data Protection Regulation)
Data Subject Rights: In line with GDPR, you have the right to access, rectify, erase, and restrict processing of your personal data. You also have the right to data portability and the right to object to the processing of your data.
Data Protection Officer (DPO): We have appointed a DPO to ensure our compliance with GDPR.
Data Breach Notifications: We will notify you and relevant authorities of any data breaches within 72 hours, where required by law.
HIPAA (Health Insurance Portability and Accountability Act)
Protected Health Information (PHI): We adhere to HIPAA regulations to ensure the protection and confidentiality of any health data we collect.
Business Associate Agreements (BAAs): We have BAAs in place with any third-party service providers that process PHI on our behalf.
PCI DSS (Payment Card Industry Data Security Standard)
Secure Payment Processing: We comply with PCI DSS standards to protect your payment card information during transactions.
Data Encryption: All payment data is encrypted to ensure secure processing and storage.
CCPA (California Consumer Privacy Act)
Consumer Rights: Under CCPA, California residents have the right to request disclosure of the personal data we collect, the right to request deletion of their personal data, and the right to opt-out of the sale of their personal data.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
EU AI Act (European Union Artificial Intelligence Act)
Transparency and Accountability: We ensure that our AI systems are transparent and that we can explain how they make decisions where necessary. We provide users with clear information about the AI’s functionality and limitations.
Risk Management: We perform regular risk assessments to identify and mitigate any potential harms associated with our AI systems.
Human Oversight: We ensure that there is always a human in the loop to oversee and intervene in the AI’s decision-making process if necessary.
Robustness and Accuracy: Our AI systems are designed to be robust, accurate, and secure. We regularly test and validate the performance of our AI models.
Children's Privacy
Our App is not intended for children under the age of 16, and we do not knowingly collect personal data from children under 16. If we learn that we have collected personal data from a child under 16, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us at hello@stellarapp.ai.
Updates to This Privacy Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
Contact Information
If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at hello@stellarapp.ai or AllBlazing BV c/o Stellar, Buitenwatersloot 81, 2613 TB Delft, The Netherlands.
Regulatory Authority
You have the right to file a complaint with the relevant regulatory authority regarding our processing of your personal data. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Governing Law
This Privacy Policy is governed by Dutch law. Any disputes arising from or related to this Privacy Policy will be subject to the jurisdiction of the competent courts in Amsterdam.
