Privacy Policy
Last updated December 23, 2024
This privacy policy applies to the Cens:ai app (hereby referred to as “app”) created by Evolve Biologix (hereby referred to as “Evolve Biologix”, “we”, “us”, or “our”), and the data generated by a heart rate sensor device (hereby referred to as “sensor”). Collectively referred to as “services” in this policy are the following activities: processing and collecting of data by app from sensor, providing website content, providing account services, and providing cloud data access, plus any future services we might offer.
We may change this policy from time to time. We will make changes by posting a revised copy of this policy to our website at https://www.evolvebiologix.com. Your continued use of our website and/or app after a revised version of this policy appears on the website will constitute your approval of the amended version.
Evolve Biologix value protecting the privacy of all information provided by you when you use our website and app. This privacy policy will describe the personal information and other data we collect, how we use it, the controls we give you over your personal information, with whom we share personal information, the measures we take to keep it safe, and your privacy rights.
For purposes of the European Union’s General Data Protection Regulation (“GDPR”) and users in the European Economic Area, the United Kingdom, or Switzerland, Evolve Biologix acts as a data controller.
Under the GDPR, you need to have a legal justification (called a “lawful basis” in the regulation) to use an individual’s personal data. We list these in each section and use the term “lawful basis.”
How We Use Your Information
This section outlines why we collect information and what we do with it. The next section outlines what information we collect. We use the information we collect for the following purposes.
Provide And Maintain Our Services
By using the account information that we collect, we can deliver services to you and honor our Terms of Service contract with you. For example, we need to use your information to provide you with your heart sensor data metrics, journal, and app settings, and to give you customer support. The lawful basis of processing this information is to perform our contract with you. Regarding sensor information constituting health information, the lawful basis of processing this information is consent.
Improve, Personalize, And Develop the Services
We use the information we collect to improve and personalize services and to develop new ones. For example, we use the information to troubleshoot and protect against errors, perform data analysis and testing, conduct research, and develop new features and Services. When you allow us to collect geolocation information, we use that information to display your sensor data metrics by location. We may use your information to make inferences and show you more relevant content. The lawful bases of processing this information are our legitimate interests in maintaining and improving our services, providing content relevant to our users, and develop new services and performing our contract with you to facilitate providing services in an effective and efficient manner. We only use this information anonymously. When data is anonymized and aggregated, we do not ask explicit permission.
Communicate With Us
We use your information when needed to send you service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in. You can control marketing communications via the “Unsubscribe” link in an email. The lawful basis of processing this information is our legitimate interests in responding to your communications and to grow our business.
Promote Safety and Security.
We use the information we collect to promote the safety and security of the services for our users and other parties. For example, we may use the information to authenticate users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies. We may also use collected information to investigate violations consistent with applicable laws, regulations, or other governmental authority. The lawful basis of processing this information is our legitimate interests to maintain Evolve Biologix’s and our users’ safety and security.
Information Collection and Use
When you use our services, we may collect the following types of information.
Personal Information You Provide Us
- Account Information. Some personal information is required to create an account on our services, such as your name, email address, and password. You may also optionally provide other types of information, such as a profile photo, city, country, and username.
- Photos. App enables users to create journal entries. You may optionally attach one or more photos to each journal entry.
- Additional Information. If you contact us, we collect the information you submit, such as your name, contact information, and message.
- Children Under the Age Of 13. Our services are not intended for anyone under the age of thirteen (13). See Section – Our Policies for Children for more details about our policies regarding personal information about children.
Information We Receive from Your Use of Our Services
- Device Information.
- When you use our services, we collect data about you to estimate a variety of metrics such as heart rate, heart rate variability, and heart rate variability-derived metrics like coherence (named EPI in app) and stress (named SI in app), time spent connected to the sensor, and time spent meditating. The data collected varies depending on which services you use. Learn more about the features of our various services in our Terms of Service. When your sensor connects with our app, data recorded through your sensor is transferred to our servers.
- Some of the sensor information we collect is health information. To the extent that information we collect is health data or another special category of personal data subject to the GDPR, we ask for your explicit consent to process the data. We obtain this consent separately when you take actions leading to our obtaining the data, for example, when you connect your sensor to app. You can use your account settings and tools to withdraw your consent at any time, including by stopping use of a feature, disconnecting your sensor, or deleting your account.
- Geolocation Information. Geolocation data, such as latitude and longitude, is used by app to geo-tag your journal entries. We collect this type of data when you grant app permission to use your location. On iPhone, you can block geolocation services by using your phone settings. Also, you can request deletion of this data. (See Section – How to Exercise Your Legal Rights for assistance.).
- IP Address. Your mobile device’s internet protocol (IP) address is used by app to communicate with our servers to save and retrieve data. Although your general location information can be inferred from your IP address, app does not directly save this location. It is used to determine your time zone, so that dates and times are presented correctly, such as for group meditations where the participants may be in different time zones.
- Calendar Events. If you grant app access to your Apple Calendar, app will tag your calendar events with your heart sensor data.
- Analytics and Usage Information. When you access or use our services, we may use various technologies, such as Google Analytics and Firebase Crashlytics, to learn more about how our services are used. We may receive certain usage or network activity information. This includes information about your interaction with services, for example, when you view or search content, install app, create or log in to your account, or connect your sensor to app. We may also receive information about app crashes and information from cookies. For more information on Google Analytics, including how Google Analytics collects, uses, and discloses information, refer to the following page: https://google.com/policies/privacy/partners/. For more information on Firebase Crashlytics including how Firebase Crashlytics collects, uses, and discloses information, refer to the following page https://firebase.google.com/docs/android/play-data-disclosure#crashlytics. For our cookie policy, refer to Section – Cookie Policy
- Device Token. A device token associated with your mobile device is stored on our servers to enable Apple Push Notification Service (APNS) to find your mobile device, so that you can receive push notifications. Push notifications are used to notify you of friend requests and requests to meditate with one or more friends. Notifications that originate from your mobile device as opposed to APNS are used for meditation, check-in reminders, and sensor disconnections. If you wish to opt-out of notifications, you may turn them off in your mobile device’s settings. Device tokens are not used for advertising or other tracking purposes.
Information We Receive from Third Parties
When you choose to access to our services via Apple or Google sign-in, we collect the account’s name and email address. You can stop sharing the information from a third-party service by changing settings in the applicable third-party service or submitting a request for deletion to that service.
Please note that app utilizes third-party services that have their own Privacy Policy about handling data. Apart from the use of Google Analytics and Firebase Crashlytics described above in Analytics and Usage Information, AWS Amplify libraries are used to communicate with services on Amazon AWS. Below are the links to the Privacy Policy of the third-party service providers used by app:
- Google Analytics for Firebase
- Firebase Crashlytics
- AWS Amplify
Cookie Policy
We use cookies and similar technologies for the purposes described above. For instance, we work with partners who provide us with analytics services. This includes helping us understand how users interact with our services. These companies may use cookies and similar technologies to collect information about your interactions with services and other websites and applications.
- Cookies are small data files stored on your browser or device. They may be served by the entity that operates the website you are visiting (“first-party cookies”) or by other companies (“third-party cookies”).
- Web beacons are small images on a web page or in an email. They collect information about your browser or device and can set cookies.
- The table below shows the ways we and our service providers use cookies and web beacons:
Category of Use | Purpose of Use |
|---|---|
Preferences | To help us remember your settings and preferences, like your preferred language or country of residence, so that we can provide you with a more personalized experience. |
Authentication and Security | To log you into services, enable us to show you your account data, and help us keep your data and the services safe and secure. |
Service Features and Performance | To provide you with functionality and optimize the performance of the Services. For example, to improve our website’s load speed and performance on www.evolvebiologix.com. |
Analytics and Research | To help us understand how you are using services so that we can make them better, faster, and safer. |
- Web browser or device settings may enable you to clear or decline the use of cookies. For example, on your iOS device, disable the “Allow Apps to Request to Track” setting, and on your Android device, enable the “Opt out of Ads Personalization” setting. However, if you disable the use of cookies, some of the features of our website or mobile applications may not function properly.
How Information Is Shared
We never sell the personal information of our users. We do not share your personal information except in the limited circumstances described below.
When You Agree or Direct Us to Share
You may direct us to disclose your information to others, such as when you use the community features of app like the activity and user feeds. Feeds are only visible to users to which you have given permission (your friends). You may revoke permission to a user by unfriending them in the community.
For Legal Reasons or To Prevent Harm
- We may preserve or disclose information about you to:
- Comply with a law, regulation, administrative or judicial process, other legal process, or governmental request;
- To assert legal rights or defend against legal claims;
- Or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Services or the physical safety of any person.
- Please note: Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
- We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, in research about aggregate sensor metrics.
- We may share or transfer personal information about you in connection with a merger, acquisition, reorganization, or sale of assets of our business, in the event of bankruptcy, or during the negotiations leading to such an event. We will seek assurances from any buyer that your personal information will be used, shared, maintained, and disclosed consistent with the terms of this privacy policy. We will also give affected users notice before transferring any personal information to a new entity.
YOUR RIGHTS TO ACCESS AND CONTROL YOUR PERSONAL DATA
Account Settings
We provide account settings and tools to access, control, and modify your personal information, as described below, regardless of where you live. If you live in certain jurisdictions, you may have legal rights with respect to your information, which your account settings and tools allow you to exercise, as outlined below.
Right of Access and Deletion
- You have the right to access, delete, and edit all your personal information within our systems by contacting us at privacy@evolvebiologix.com. The data stored on your mobile devices will be retained on those devices and requires deletion from those devices separately. On iOS, this can be done by uninstalling app. If you have questions about this or other data stored by Evolve Biologix, you can contact us at: privacy@evolvebiologix.com.
- If you choose to delete your account, please note that while most of your information will be deleted within 1 month, we may advise you that we may need an additional 1 month to delete all your information, like the data stored in our backup systems. This is due to the size and complexity of the systems we use to store data. We may also preserve data for legal reasons or to prevent harm, including as described in the Section – How Information Is Shared.
- If you would like to completely remove your data from our marketing systems, please send your request to support@evolvebiologix.com with “Remove” in subject line.
- Recipients of our newsletters can unsubscribe using the instructions listed at the end of the email newsletter.
- If your personally identifiable information changes (such as email address), please contact Customer Service at: support@evolvebiologix.com
Scientific Research on Anonymized Data
At Evolve Biologix, we are committed to advancing the science of emotion. To achieve this, we conduct ongoing research using anonymized customer data, including heart sensor metrics, meditation settings, and your tagged activities and emotions. “Anonymized” means that all personal identifiers are removed, so the data cannot be traced back to you. This research helps us to gain deeper insights into the benefits of increasing emotional awareness, ultimately leading to better techniques and products that support your well-being. Your participation helps us make meaningful strides in this important field.
Objecting To Data Use
Our app provides tools to control your data use. For example, within app you can set the visibility of journal entries to your community friends, delete journal entries, and unfriend users that you no longer wish to share your public journal entries. Using the notification settings of your mobile device’s operating system, you can limit the notifications you receive from us. You can also use the app to logout and/or disconnect your sensor at any time.
DATA RETENTION
We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. We keep your heart rate sensor metrics, journal, and amount of time spent on sensor, until you use your account settings to delete account, because we use this data to provide you with your personal statistics and other aspects of services. We also keep information about you and your use of services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in Section – How We Use Information and Section – How Information Is Shared sections of this document.
OUR POLICIES FOR CHILDREN
We do not knowingly solicit information from or market to children under the age of 13. Persons under the age of 13, or any higher minimum age in the jurisdiction where that person resides, are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at privacy@evolvebiologix.com.
INFORMATION SECURITY
We work hard to keep your personal information safe. We use administrative, technical, and physical security measures to help protect your personal information. No method of transmitting or storing information is completely secure, however. If you have a security-related concern, please contact Customer Service.
OUR INTERNATIONAL OPERATIONS AND DATA TRANSFERS
We process and back up personal data through a global operating and control infrastructure. Currently, we use cloud services deployed in the United States for processing personal data of users from around the World.
We rely on multiple legal bases to lawfully transfer personal data around the world. These include your consent and EU Commission approved model contractual clauses, which require certain privacy and security protections. You may obtain copies of the model contractual clauses by contacting us.
Please note that the countries where we operate may have privacy and data protection laws that differ from, and are potentially less protective than, the laws of your country. You agree to this risk when you create an account on app, irrespective of which country you live in. If you later wish to withdraw your consent, you can delete your account as described in Section – Your Rights To Access and Control Your Personal Data.
HOW TO EXERCISE YOUR LEGAL RIGHTS
Please review Section – Your Rights To Access and Control Your Personal Data for how your account settings and tools allow you to exercise your rights under the GDPR and this policy to access and control your personal data.
In addition to the various controls that we offer, in certain circumstances, you can seek to restrict our processing of your data, or object to our processing of your data based on our legitimate interests, including as described in Section – How We Use Information. Under the GDPR, you have a general right to object to the use of your information for direct marketing purposes. You may unsubscribe from marketing emails using the instructions listed at the end of the email or contacting us at support@evolvebiologix.com. Our Cookie Use statement describes your options for controlling how we and our partners use cookies. Please note that you can always delete your account at any time.
If you need further assistance regarding your rights, please contact our Data Protection Officer at dataprotection@evolvebiologix.com, and we will consider your request in accordance with applicable laws. You also have a right to lodge a complaint with your local data protection authority.
NOTICE TO CALIFORNIA RESIDENTS
See Appendix A to be informed about our practices to maintain the privacy of personal information from California residents.
WHO WE ARE AND HOW TO CONTACT US
If you have questions about this policy, or need help exercising your privacy rights, please contact our Data Protection Officer at: dataprotection@evolvebiologix.com.
APPENDIX A
NOTICE TO CALIFORNIA RESIDENTS
California Privacy Disclosures
If you are a California resident, please review the following additional privacy disclosures under the California Consumer Privacy Act (“CCPA”).
How to Exercise Your Legal Rights
You have the right to understand how we collect, use, and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights. You may exercise these rights as described in the Section – Your Rights To Access and Control Your Personal Data, for example:
- By logging into your account with app and using your app account settings, you may exercise your right to access your personal information and to understand how we collect, use, and disclose it.
- Your account settings also let you exercise your right to delete personal information.
- To request a deletion, please email support@evolvebiologix.com with the subject “Remove”.
If you need further assistance regarding your rights, please contact our Data Protection Officer at dataprotection@evolvebiologix.com, and we will consider your request in accordance with applicable laws.
Categories of Information We Collect, Use, and Disclose for Business Purposes
As described in the Information Collection section, we collect the categories of personal information listed below. We receive this information from you, your sensor, your use of services, including third parties like sign-in services you have connected to your app account and as otherwise described in this policy. We use and disclose these categories of information for the business purposes described in Section – How We Use Information and Section – How Information Is Shared, respectively. The categories are:
- Identifiers, like your name or username, email address, IP address, account identifiers, device identifiers, cookie identifiers, and other similar identifiers.
- Biometric information is all heart rate derived. We also note the meditation times and duration.
- Internet or other electronic network activity information, such as the usage data we receive when you access or use our services. This includes information about your interactions with services and about the devices you use to access the services.
- Geolocation data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs, if you have granted us access to that information.
- Electronic, visual, or similar information, such as your profile photo or other photos.
We never sell the personal information of our users. We do work with partners who provide us with analytics services as described in Section – Information We Receive from Third Parties. To learn more about how these partners collect data and your options for controlling the use of your information, please read our Cookie Use statement above.
Who We Are and How to Contact Us
If you have questions about this policy, or need help exercising your privacy rights, please contact our Data Protection Officer at: dataprotection@evolvebiologix.com