This document outlines the privacy policy (hereinafter, the “Privacy Policy”) applicable to your personal data on the website https://www.realgrrt.com and the corresponding mobile application (hereinafter, referred to collectively as the “Platform”), owned by REALGRRT LIMITED (hereinafter, “RealGrrt” or the “Controller”).

All legal texts are accessible to users and/or interested parties on the Platform and may be modified and/or updated according to the needs and activities of RealGrrt.

GENERAL INFORMATION AND DATA CONTROLLER

RealGrrt is responsible for collecting and processing your personal data in connection with the services it provides. RealGrrt is committed to safeguarding your privacy and the security of your data. The identification details of the data controller are:

• Identity: REALGRRT Limited
• Registration Number: Companies House No. 15472251
• Postal address: 29-31 Castle Street, High Wycombe, Bucks, England, HP13 6RU
• Email: support@realgrrt.com
• Data Protection Officer: hello@realgrrt.com
• GDPR – Information Commission Office (ICO) Security Number CSN1521766

DATA PROCESSED

Direct Data Collection:

• Personal identification data and personal characteristics: name, surname, phone number, email, gender, and date of birth.
• Device characteristics: information about the operating system, battery, available storage space, device language, time zone, etc.

Technical Data Collection:

When using the Application, it automatically accesses the following data and elements of the mobile device:

• Access to photographs and multimedia files
• Read and write from the device’s storage memory
• Information about the device’s Wi-Fi connection

Sensitive Data Accessed via Apple Healthkit and Google Health Connect:

The Application accesses the following read-only sensitive data from Apple Healthkit and Google Health Connect:

• READ_HEART_RATE
• READ_STEPS
• READ_BLOOD_GLUCOSE
• READ_ACTIVE_CALORIES_BURNED
• READ_HEIGHT

Data Associated with Navigation:

• Browsing habits on the Platform

Data from Communications with RealGrrt:

• Metadata and content of communications

Data from User Tracking:

• Meals, weight, and calories consumed

Prohibited Data:

Users are prohibited from providing RealGrrt with or publishing on the Platform any content that contravenes the prohibitions and limitations established in the Terms of Service, including personal data that contain sensitive information.

Data in the Plus/Premium Plan:

• Goals (losing fat, gaining muscle, maintaining weight) and reasons
• Type of diet, allergies, intolerances, and food preferences
• Number of daily meals, variety in meals, consumption of coffee or tea, physical activity level
• Gender, age, height, and weight

PURPOSE AND LEGITIMATION FOR PROCESSING PERSONAL DATA

RealGrrt only collects the data necessary to offer its services and fulfill legal obligations. The purposes of data processing include:

• Administrative management: Necessary for contractual relationships (Article 6.1.b GDPR).
• Commercial communications: Based on consent (Article 6.1.a GDPR).
• Responding to inquiries: Based on consent or necessary for contractual relationships (Article 6.1.b GDPR).
• Service provision: Necessary for contractual relationships (Article 6.1.b GDPR).
• Contact and feedback: Legitimate interest in improving products and services (Article 6.1.f GDPR).
• Policy updates notification: Duty to inform (Article 13 GDPR).
• Statistical studies: Anonymized form for legitimate interest (Article 6.1.f GDPR).

HOW WE HANDLE SENSITIVE USER DATA

Data Collection and Usage: Sensitive data accessed via Apple Healthkit and Google Health Connect is collected and used to enhance the application functionality.

User Consent: Sensitive data is accessed only with explicit user consent.

Data Protection: Sensitive data from Apple Healthkit and Google Health Connect is protected using robust security measures, including:

• Encryption: Data is encrypted both in transit and at rest using industry-standard encryption protocols (TLS for data in transit, AES for data at rest).
• Access Controls: Strict role-based access control measures are in place to ensure only authorized personnel can access sensitive data.
• Regular Audits: Internal and external audits, penetration testing, and continuous monitoring of security practices.

Data Protection in Database:

• Encryption: All data stored is encrypted at rest using AES-256, and in transit using TLS.
• Authentication and Authorization: Fine-grained access control with Database Security Rules.
• Data Isolation: Multi-tenant architecture ensures cross-user data isolation.
• Backup and Recovery: Regular backups and disaster recovery plans.
• Database Security Rules: Granular data access control.

Data Protection in the App:

• Secure Storage: Device-specific secure storage (Keychain on iOS, Keystore on Android).
• Data Minimization: Only necessary data is collected.
• Regular Updates: Security updates and compliance with latest standards.
• User Controls: Users can manage permissions, delete data, and opt-out of collection.
• Secure Coding Practices: Adherence to security best practices (e.g., OWASP).

Appropriate Access and Use of Healthkit and Health Connect:

• Transparency: Requests to access data through Health APIs are clear and limited to user-beneficial features.
• Approved Use Cases: RealGrrt uses these APIs for journaling, monitoring, and analyzing user health and fitness data.

Limited Use:

• Data Usage: RealGrrt uses sensitive data only to improve features visible within the app.
• Data Transfer: Data is transferred to third parties only with user consent or for necessary reasons (security, legal obligations, or part of a merger/acquisition).
• Human Access: No human access unless explicitly consented, legally required, or data is aggregated for internal operations.

Prohibited Uses:

• No Sale or Transfer: RealGrrt does not sell user data for ads or credit checks.
• Medical Devices: Data is not used with any medical device product or service without approval from Apple or Google.
• Children’s Data: Healthkit and Health Connect are not used in apps targeting children.

Transparency and Control:

• User Disclosure: Users are informed about data types accessed and how to manage/delete data.
• Privacy Policy: This policy fully discloses collection, usage, sharing, and security measures.

Secure Data Handling:

• Security Measures: Reasonable steps taken to protect against unauthorized access, use, or disclosure.
• Periodic Security Assessment: If data is transferred off the device, RealGrrt may conduct third-party security assessments.

DATA RETENTION PERIOD

RealGrrt will process personal data as long as necessary to fulfill the purposes outlined in this Privacy Policy and in compliance with relevant laws and regulations.

DATA RECIPIENTS

Personal data will not be communicated to third parties.