Effective date: 20 Aug 2024
Introduction
This Privacy Policy explains how Palta Software Ltd. (further will be referred as “we” or “us”) collects, stores, uses and protects your personal data in connection with your use of our application Pallie (the “App”), as well as the rights you have in respect of your personal data.
Personal data that you provide:
General details. This includes your name, nickname, email, your age, account credentials.
Conversations with in-app AI Assistant. If you communicate with our AI Assistant in the App, we store the conversations.
Conversations with Telegram AI Assistant. We have an AI Assistant on Telegram as well, where you can easily communicate with it without having to use the App. When you interact with the AI Assistant on Telegram, we will collect the personal details related to your Telegram account (such as your username) as well the contents of communications with the AI Assistant.
Health and wellbeing data. When you use the App, you may choose to input personal data about you, such as your weight; height; body mass index (BMI, a value derived from the mass and height of a person); your physical parameters; information about your sport habits; any injuries or medical conditions you may have. With your consent, you may also allow us to connect to third-party services, such as Apple HealthKit or Google Health Connect, to enable us to import information about your health and activities into the App. Such imported data may include information about your fitness activities, weight, height, BMI, calories burnt, heart rate, number of steps/distance traveled, data about your menstrual cycles (if applicable). We will process these data to provide you with the App functionality and features. Importing such data is subject to the Google Health Connect and Apple HealthKit privacy policies and terms.
Customer Support Communication information. If you communicate with us through hey@pallie.ai, we collect your name, contact information, and contents of any messages you send.
Personal data that we receive automatically from your use of the Services:
Log data. It means the information that your browser automatically sends whenever you access the App. It includes the IP address, browser type, date and time of your access.
Usage details. It includes the features you use and your actions within the App, as well as your time zone, country, dates and times of access.
Device information. It includes the model and type of your device, unique device identifiers, and operating system information.
Cookies and similar tracking technologies. We use cookies and similar tracking technologies to operate and administer the App and improve your experience there. For details, please read Section “Cookies, Software Development Kits, and Other Tracking Technologies” below.
All the information above is your personal data, and we call it this way throughout the privacy policy.
We process your personal data for the following purposes:
To provide you with the App and its functions, such as providing the communications with personalized AI Assistant Mike.
To improve and develop our App and new features and conduct research.
To provide you with customer support and respond to your inquiries.
To send you service emails, including security alerts or transaction confirmations.
Upon your consent, where required, to send you marketing information about our App, promotions, insights. You can opt-out from receiving marketing emails by following the “Unsubscribe” link in the email or by contacting us at hey@pallie.ai.
To prevent misuse of our Services and to ensure the security of our IT systems, architecture, and networks.
To comply with legal obligations and protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party.
To anonymize your personal data.
Aggregated or de-identified information. We aggregate or de-identify your personal data so that it can no longer be used to identify you and use this information to:
conduct scientific research, or
analyze the effectiveness of the Services,
improve and add features to our Services, and
for such other similar purposes.
From time to time, we may share or publish aggregated information like general user statistics with third parties, including research institutions. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to re-identify the information unless required by law.
We will not sell or rent your personal data for monetary gain. We will not disclose your personal data except as otherwise described in this Privacy Policy. We will share your personal data with our service providers who support our services as described in this Privacy Policy. We will also not use information received through your use of the Apple HealthKit or Google Health Connect framework for advertising or similar services, or sell it to advertising platforms, data brokers, or information
When we process your personal data for the purposes described above, we rely on the following legal bases:
Purpose of processing
Type of personal data processed
Legal basis
To provide and maintain our Services
General details
Health and wellbeing data
Conversations with in-app AI Assistant
Conversations with iMessage AI Assistant
Conversations with Telegram AI Assistant
Customer Support Communication information
Log data
Usage details
Device information
Cookies and similar technologies
Where necessary to perform a contract with you, such providing you with a personalized plan, or enabling communications with AI Assistant.
For processing of your health and wellbeing data, we rely on your consent.
To improve and develop our Services and features and conduct research
General details
Conversations with in-app / Telegram AI Assistant (de-identified)
Log data
Usage details
Device information
Cookies and similar technologies
Where necessary for our legitimate interests, including in developing and improving, such as when we train our models or improve the App for your future experience.
To check if your age allows you to use the App
General details
Where necessary to perform a contract with you, such providing you with our services only if you meet the age threshold.
To provide you with customer support and respond to your inquiries
General details
Customer Support Communication information
Log data
Usage details
Device information
Where necessary for our legitimate interests, in particular in supporting your customer journey.
To provide you with customer support and respond to your inquiries
General details
Customer Support Communication information
Log data
Usage details
Device information
Where necessary to comply with an obligation arising out of a contract between us or out of applicable laws.
To send you marketing information about our Services, promotions, insights
General details
Customer Support Communication information
Log data
Usage details
Device information
Your consent where we ask for it to process your personal data for sharing with you promotions or insights
To integrate data between the Website and the App in connection with onboarding users
General details
Log data
Usage details
Device information
It’s our legitimate interest to ensure your smooth use of the Services.
To find audiences similar to our users
General details
Log data
Usage details
Device information
With your consent, we may share some of your non-health personal data with AppsFlyer or similar services to promote our Services.
To prevent misuse of our Services and to ensure the security of our IT systems, architecture, and networks
General details
Customer Support Communication information
Conversations with in-app / Telegram AI Assistant (de-identified)
Log data
Usage details
Device information
Cookies and similar technologies
Where necessary to comply with a legal obligation.
Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties, including in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse, and security threats in our Services.
To comply with legal obligations and protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party
General details
Customer Support Communication information
Conversations with in-app / Telegram AI Assistant (de-identified)
Log data
Usage details
Device information
Cookies and similar technologies
Where necessary to comply with a legal obligation.
Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties, including in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse, and security threats in our Services.
To anonymize your personal data
Health and wellbeing data
Usage details
Where necessary for our legitimate interests, such as when we use it to:
conduct scientific research, or
analyze the effectiveness of the Services, or
improve and add features to our Services, or
for such other similar purposes.
We retain your personal data for as long as your account is active or for as long as it is necessary for the purposes of its collection and processing (e.g., for resolving disputes, for safety and security reasons, or for complying with our legal obligations).
If you choose to deactivate your account, we retain your personal data for no longer than one month in case you decide to re-activate the Services. We also retain some of your information (General details, Details about in-app purchases, Communication information, your consent logs) as necessary to comply with our legal obligations, to resolve disputes and/or to enforce our agreements.
We may also anonymize your personal data (so that it can no longer be associated with you) for scientific research or statistical purposes, as well as for the purpose of Services improvement and development. In this case, we may use this information indefinitely without further notice to you.
We want to make sure that you are fully aware of all your data protection rights and the ways you can exercise them. These rights may differ across countries.
If you are EU, EEA or UK resident, you have the right to:
Access your personal data and information relating to how it is processed.
Transfer your personal data to a third party (right to data portability).
Correct your personal data (through the App settings or by requesting us).
Request deletion of your personal data.
Restrict how we process your personal data (for example, in cases where you contest inaccuracy).
To object to processing of your personal data for direct marketing at any time.
To object to how we process your personal data when our processing is based on our legitimate interests.
Withdraw your consent – where we rely on consent as the legal basis for processing at any time.
Lodge a complaint with the data protection authority. You have the right to lodge a complaint with a local data protection authority in the country of your residence, where you work or where an alleged infringement of the applicable data protection law took place. Please see a list of EU member states’ supervisory authorities here, and the UK’s supervisory authority (ICO) here.
Note that these rights may be limited: for example, if you ask us to delete information that we are required to retain by law or where we have compelling legitimate interests to keep.
If you are a resident of countries other than EU, EEA or UK:
How to exercise the rights:
Request the categories of personal data collected about you.
Request the categories of sources from which your personal data is collected.
Request the commercial purpose for collecting your personal data.
Request the categories of third parties to whom personal data is disclosed, and the categories of personal data disclosed.
Request the specific pieces of personal data collected about you.
Request that personal data collected about you be deleted.
Request that your inaccurate personal data be corrected.
Request that we do not sell or share your personal data.
You can exercise some of the rights above through the App settings. If you are unable to exercise your rights through the App, please submit your request through hey@pallie.ai.
If you make a request, typically we would perform it within one month. If we need any more time to help you exercise any of your rights, we will let you know.
If your request is vague or unclear, we may engage into a conversation with you to understand your request better. We may also refuse to act on manifestly unfounded and excessive requests.
We can ask you to prove your identity while exercising your data protection rights. This is made to ensure that you are indeed entitled to receive certain information and that no rights of third parties are violated by your request. If we can’t verify your request, we will not act on your request.
You may submit a request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may be required to independently verify your identity.
We take the protection of your personal data very seriously and we take reasonable and appropriate measures to protect them from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction.
Among others, we utilize the following information security measures to protect your personal data:
a. Encryption of your personal data in transit and in rest.
b. Systematic vulnerability scanning and penetration testing.
c. Protection of data integrity.
d. Organizational and legal measures. For example, our employees have different levels of access to your personal data and only those in charge of data management get access to your personal data and only for limited purposes required for the operation of the application. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your personal data.
Please understand that no security system is perfect and, as such, we cannot guarantee the absolute security of the Services, or that your information won’t be intercepted while being transmitted to us. In case your personal data got compromised due to a security breach, we will act promptly to identify the cause and take all reasonable steps to remedy the breach. We will inform you of the incident, if necessary, in connection with the applicable legislation.
If you want to report a security incident related to our Services, please contact us at hey@pallie.ai.
Our Services are not directed at, or intended for, children under 18 years old.
If you are aware of anyone under 18 using the Services, please contact us at hey@pallie.ai and we will take the required steps to delete such information and/or delete the account.
In some situations, we engage other companies to process your personal data on our behalf. We refer to these companies or service providers as “processors.”
Processors are companies that help us run the Services, support our communication with you, or perform other App-related activities. They process certain personal data on our behalf to accomplish the goals related to the App functions and deliver the Services and associated activities. We remain responsible for any acts or omissions of our processors, and we enter into data processing contracts with them to the extent required by applicable law.
Transfers of personal data outside of the European Union, the European Economic Area, and the United Kingdom. Where required under the EEA GDPR, in case of transfers of personal data from the EEA to countries outside the EEA, where we cannot rely on adequacy decisions adopted by the European Commission (for more information, please see here) we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the Standard Contractual Clauses of the European Commission (article 46(2)(c) GDPR). For more information on these Standard Contractual Clauses, please see here.
Where required under the UK GDPR, in case of transfers of personal data to countries outside the United Kingdom, we ensure appropriate safeguards are in place to guarantee the continued protection of your personal data, particularly by signing the UK Addendum to the EU Standard Contractual Clauses or the UK International Data Transfer Agreement, whichever is more appropriate in the given situation. For more information on the UK Addendum and the UK International Data Transfer Agreement please see here. We may also guarantee the protection of your personal data by relying on adequacy decisions adopted or approved by the authorities in the United Kingdom.
When you use our Services, we and our service providers, vendors, and partners, including third parties, may use cookies (a small text file placed on your computer or mobile device to identify your computer and web browser) and other similar technologies to collect or receive certain information about you and/or your use of our Services.
However, it’s not only cookies that can be used in this way. Functions performed by a cookie can be achieved by other means, too. This Section, therefore, also applies to any similar technology that stores or accesses information on your device. This could include, for example, HTML5 local storage, local shared objects, beacons, pixels, and plug-ins.
We also use third-party analytics tools (such as, but not limited to, AppsFlyer, Amplitude, Firebase), to help us measure traffic and usage trends of our Services, as well as for other analytics purposes. Such analytics tools collect information via third-party SDKs incorporated into the Services App, which includes information about features of the App you visit or use, your actions in the App, and information about your subscription. Such information may be used to provide content, advertising, or functionality. Third parties may also use such information for their own purposes. For the avoidance of doubt, we do not use health and wellbeing data for advertising purposes.
Cookies. Generally, there are many different ways to classify cookies. Most common ways are classification by duration, by provenance and by purpose.
Classified by their duration, there are Session and Persistent cookies. Session cookies expire once you close your browser (or once your session ends). Persistent cookies are stored on your hard drive until you erase them or until your browser erases them, depending on the cookie’s expiration date. All cookies have an expiration date, which is commonly embedded into their code. We use both session cookies and persistent cookies.
Classified by their provenance, there are first-party and third-party cookies. First-party cookies refer to cookies that Simple sets and uses directly. Third-party cookies refer to cookies set by third parties (such as our analytics providers) through our Website or via server cookies.
Classified by their purpose, we use Strictly Necessary, Performance and Marketing cookies.
Strictly Necessary cookies. These cookies are strictly necessary to provide you with the Website and the features you have requested, such as to allow you to log into secure areas of the Website. Because these cookies are essential for the Website and the features you have requested to work, you cannot reject them.
We use such cookies for the following essential purposes:
Functionality: Optimizing and improving access to the Website
Security: Preventing fraud and detecting nonhuman (bot) traffic, including authentication and secure logins
Cookie consent: Remembering your cookie consent preferences
Analysis: Traffic scheduling and network distribution
Billing: The ability to make payments
As explained above, these cookies are strictly necessary to operate our Websites and cannot be declined. Some of these cookies have a maximum duration of 13 months.
Performance cookies. We use analytics and performance cookies to analyze how you use the Website. This helps us to:
We use such cookies for the following essential purposes:
See which pages you view most often
Analyze which region you are visiting the Website from
Observe how you interact with the content
Measure any errors that occur
Test different design ideas
The above information is used to report and evaluate your activities and patterns as a user of the Website. Some of these cookies have a maximum duration of 13 months.
Marketing cookies. These cookies help us reach you and more people like you to spread the word about the App, as well as analyze whether we do that effectively. Simple does not use cookies to collect or analyze your health information for marketing purposes.
We use marketing cookies to analyze and improve our marketing campaigns. This helps us to:
Improve our marketing campaigns, including tracking ad conversions
Identify paid search keywords
Identify the source of traffic to the Website, such as search engine, social media, or specific website
Analyze which region you are visiting the Website from
See how you interact with the content
Software Development Kits (SDKs). SDKs are third-party software development kits that may be installed in our mobile application. SDKs help us understand how you interact with our App and collect certain information about the device and network you use to access the application.
Our App is never used to present you with third-party advertising. You can browse with full confidence in the protection of your privacy. Access is requested with the purpose of enabling the use of our services and improving their functioning.
Certain SDKs, where legally required, are subject to a prior consent request and the possibility of withdrawing this consent. Simple services may still be used even in the event of refusal or withdrawal of consent.
AppsFlyer SDK: Facilitates measurement of performance and analysis of customer acquisition campaigns. Further information about AppsFlyer SDK is available at https://www.appsflyer.com/product/security-and-privacy.
You can deactivate this data processing at any time via https://www.appsflyer.com/optout. In order to do so, you must have the Identifier for Advertisers (IDFA) of your mobile device.
You can also withdraw your consent for the collection of data for targeted advertising or sharing their data with third-party advertisers through your device’s settings.
Advertising ID. You can tailor your device settings to control your advertising ID:
On Apple devices, you can enable the “Limit Ad Tracking” setting in your device settings.
On Android devices, you can enable the “Opt out of Ads Personalization” in your device settings.
Interest-based Advertising. We may partner with ad networks and other ad-serving providers that serve ads on behalf of us and others on non-affiliated platforms. Some of those ads may be personalized, meaning that they are intended to be relevant to you based on information ad networks and ad serving providers collect about your use of the App over time, including information about relationships among different browsers and devices. This type of advertising is known as interest-based advertising.
Your Choices. Most browsers and devices are configured to accept cookies and similar tracking technologies automatically. You may be able to set your browser and device options so as to limit such technologies. You can visit the Digital Advertising Alliance (“DAA”) Webchoices tool at www.aboutads.info to learn more about this interest-based advertising and how to opt out of this kind of advertising by companies participating in the DAA self-regulatory program, and http://www.aboutads.info/appchoices for information on the DAA’s mobile app opt-out program. You can also opt out of receiving interest-based ads from members of the Network Advertising Initiative (“NAI”) by visiting the NAI consumer opt-out page at http://optout.networkadvertising.org/?c=1#!/. Opting out of receiving interest-based ads does not mean that you will no longer receive ads from us, but rather that the ads will not be tailored to your perceived interests.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.
For users in the European Economic Area, United Kingdom, and United States. You can manage the collection and processing of Personal Data via cookies, SDKs, and other tracking technologies by contacting us at hey@pallie.ai.
You may find that some parts of the App may not function properly if you have refused cookies or similar tracking technologies, and you should be aware that disabling cookies or similar tracking technologies may prevent you from accessing some of our content. Your choices are typically device and browser-specific.
If you are using our Services, you may receive electronic communications from us (e.g., by posting in-app notices, via push notifications or emails). We send some of these communications to you, such as those related to your subscriptions, technical and security notices, and updates to the Privacy Policy and Terms of Use, where necessary to perform our contract with you to provide the App or otherwise based on our legitimate interest in contacting you.
If required by law, we will ask for your consent to send you promotional and marketing emails, in-app communications, and push notifications about new products, features, or offers related to our Services.
Marketing & Promotional Emails. If you wish to stop receiving our promotional and marketing emails, you can do so by following the “Unsubscribe” links in any marketing email sent to you.
Push Notifications. If you wish to stop receiving push notifications, you can do so through your mobile device settings by tapping “Settings” -> “Notifications” -> Choose Pallie -> press the toggle to allow or forbid push notifications from the App.
The date this privacy policy was last reviewed is indicated at the top of the page. We may modify or update this privacy policy from time to time. Some changes do not require your consent: for example, when we add a new purpose of processing that is compatible with the existing purposes, or the new processing activity that falls under the users’ reasonable expectation. However, if the changes made may pose risk to your rights and freedoms (for example, by including a new purpose of the processing that is not compatible with the existing purposes of processing, a new legal basis, or a new category of personal data to be collected or a new data subject, all of which are not reasonably expected by the users), we will ask for your consent to those changes separately from this privacy policy. If you did not receive a request for your consent to the changes or refused to give consent, those changes will not apply to you. That fact can negatively affect some of our Services provided to you if those Services inevitably include consent to the changes.
Palta Software Ltd: hey@pallie.ai
Our DPO: privacy@palta.com (please indicate in the email subject that you are a Pallie user).
EU representative
DPOEU LTD
Email: info@dpoeu.eu
UK representative
Palta UK Ltd
Email: privacy@palta.com (please indicate in the email subject that you are a Pallie user).