Effective Date: 12/09/2024
Introduction
Energize is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, share, and safeguard your data when you use our fitness mobile app. By accessing or using Energize, you agree to the practices outlined in this policy, which are designed to meet industry standards including SOC 2, ISO 27001, and NIST 800-53.
1. Information We Collect
We collect various types of personal information to provide you with personalized fitness services and improve app functionality. This includes:
Personally Identifiable Information (PII): Name, email address, phone number, age, gender, and other contact details.
Sensitive Personally Identifiable Information (SPII): Health data, workout routines, fitness goals, biometric data (e.g., heart rate, weight), and other related information.
Location Data: Precise geolocation data to enable location-based fitness recommendations and activities.
We collect this information through direct input, automatic data collection technologies (such as GPS), and by observing how you interact with our app.
2. How We Use Your Information
We use the collected information for the following purposes:
Personalization: Tailoring workout plans and fitness recommendations based on your health data and location.
App Functionality: Enhancing app performance, providing updates, and supporting customer service needs.
Analysis and Improvement: Conducting internal analytics to improve app services and user experience.
Marketing: With your consent, sending you relevant promotions and notifications.
3. Location Data Usage
Energize collects precise location data to improve your fitness experience by suggesting activities suited to your environment, such as outdoor runs or local fitness events.
How We Use Location Data: To offer recommendations based on your location, including workout routes and nearby gyms.
Control Over Location Data: You can adjust your device or app settings to control the collection of location data at any time.
4. Data Sharing and Disclosure
We may share your data under specific circumstances:
Service Providers: We work with trusted third-party vendors to support our app’s functionality, including data storage and analytics. These vendors are required to comply with our data protection standards.
Legal Compliance: We may disclose your information to meet legal requirements or protect the rights, safety, or property of Energize, our users, or the public.
5. Sale of Data to Third Parties
We may sell non-personally identifiable information and certain location-based insights to third parties, including advertisers and fitness industry partners, for business purposes. This may include aggregated data used for targeted advertising or creating new fitness solutions. However, we will not sell any sensitive personal health data without your explicit consent.
You can opt out of the sale of your data at any time by contacting us at [Insert Contact Information] or through your app settings.
6. Data Security
Energize adheres to strict security practices to protect your data, following ISO 27001, SOC 2, and NIST 800-53 standards. Our security measures include:
Encryption: We use AES-256 encryption to secure your data both at rest and in transit.
Access Controls: Role-based access controls (RBAC) and multi-factor authentication (MFA) are enforced to limit data access to authorized personnel only.
Audits and Monitoring: Continuous monitoring and regular third-party security audits are conducted to ensure the integrity of our systems. Audit logs are maintained to track data access and modifications.
While we take all necessary precautions, no security system is completely infallible. We encourage users to adopt strong passwords and enable additional security measures.
7. Auditing and Monitoring
Energize performs regular internal and third-party audits to ensure compliance with SOC 2, ISO 27001, and NIST standards. We continuously monitor our systems for potential security breaches, unauthorized access, or other security events. Detailed logs are maintained to track any access or modifications to personal data.
8. Incident Response and Data Breach Notification
In the event of a data breach or security incident, Energize has a comprehensive Incident Response Plan (IRP) in place. We will promptly investigate the incident and notify affected users and regulatory authorities in accordance with applicable laws. Our goal is to mitigate any harm, restore data security, and keep you informed throughout the process.
9. Data Retention and Disposal
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Once your data is no longer needed, we will securely delete or anonymize it using NIST-compliant data disposal methods to prevent unauthorized recovery or misuse.
10. Third-Party Vendor Management
Energize works with third-party service providers who assist in delivering our services. These vendors are carefully vetted and required to comply with SOC 2, ISO 27001, and NIST 800-53 security and privacy requirements. We conduct regular risk assessments and audits of these vendors to ensure they maintain the same security standards we uphold. Data Processing Agreements (DPAs) are in place with each vendor to ensure your data is handled securely.
11. User Rights
As an Energize user, you have the right to:
Access: Request access to your personal information.
Correction: Update or correct inaccurate information.
Deletion: Request the deletion of your data, subject to legal and business exceptions.
Opt-Out: Opt out of data sales or withdraw consent for specific data processing activities.
To exercise any of these rights, please contact us at [Insert Contact Information].
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or security standards. When material updates occur, we will notify you through the app or via email. Your continued use of Energize after such changes signifies your acceptance of the updated policy.
13. Contact Us
If you have any questions or concerns regarding this Privacy Policy or your data, please contact us:
Email: [email protected]
Phone: [Insert Contact Phone Number]
Mailing Address: [Insert Mailing Address]