Legal

Breathing App, INC Privacy Policy

Last revised on 29 January 2024
Breathing App, Inc. (“we”) are committed to protecting and respecting your privacy. This Privacy Policy (“Policy”) (together with our Terms and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us and how you can get access to this information. If in doubt, the primary governing law of this policy is that of the state of Delaware, United States of America.
1. Purpose of this Policy
Breathing App provides you (the “User”) with access to the online and mobile services associated with Breathing App, including but not limited to thebreathing.app and www.breathingmed.com and all associated subdomains (the “Website”), and the Breathing App and The Breathing App for Diabetes mobile applications (the “Apps”), collectively the “Services.”
2. Processing your data
2.1 What is the purpose of our processing?
To provide you with the Services; To answer your questions or requests for information or handle your complaints; To ensure that content provided by the Services is presented in the most effective manner for you and for your computer or other device; To provide you with promotional communications, such as email, to the extent that you have provided consent and/or consistent with notice and any opt-out rights to receive such communications under applicable law; To carry out our obligations arising from any agreements entered into between you and us; To notify you about updates or changes to Services features and content; To manage your payments and orders.
2.2 What is our legal basis for processing?
We require consent from all users before processing their data. This consent can be withdrawn at any time.
2.3 What data we may collect?
Personal information
Personal Information or personal data or personal identifiable information (PII) means information relating to an identified or identifiable natural person who can be directly or indirectly identified by reference to an identifier. We may collect and use information like your name, email address, country, state, and age bracket to personalize the course and communicate with you. You're able to opt out of any external communications (i.e., email and push notifications) at any time.

Health information
We may collect information about your diabetes type in order to personalize our program and communication with you. We may also collect general information about your health and mental and physical well-being in order to evaluate progress against your self-defined goals.

Electronic identifiers
We may collect information about the devices you use to access the Services, including (but not limited to) IP address, mobile device UDID and IMEI numbers, operating system, browser type, and screen size. This information is used to provide you with customer support, for system administration, to tailor your experience of the Services, to report aggregate information internally, and to assist communication (e.g., push notifications).

Cookies
We may store cookies (small text files managed by your web browser) on your computer in order to improve your experience with the Services. Example uses of these cookies include recognizing you when you return to the Services, maintaining data you've entered across multiple sessions, and storing information about your personal preferences. You may refuse to accept cookies by changing the settings on your device to prevent cookies from being set. However, if you select this setting, you may be unable to access certain parts of the Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system may issue cookies when you visit the Services.

Non-identifiable informationNon-personal information means any information that does not reveal Your specific identity either directly or indirectly.

Usage DataInformation collected automatically through the Breathing App (or third-party services employed in The Breathing App), which can include: behavioural data (e.g. number of sessions you complete, what techniques you practice or how many times you practice the techniques), the IP addresses or domain names of the computers utilised by the Users who use the Breathing App, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilised by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
3. Who has access to that data?
Breathing App understands that your identifiable health information is private and personal and is dedicated to maintaining its confidentiality and integrity. As such, we will never sell or rent it, and we have policies, procedures, and other safeguards to help protect it from improper use and disclosure.

The following categories describe the ways in which we use your identifiable health information and the rare instances that require us to disclose it to persons and entities outside of Breathing App. We have not listed every use or disclosure within the categories below, but all permitted uses and disclosures will fall within one of the following categories. In addition, there are some uses and disclosures that may require your specific authorization.
3.1 Disclosure at your request
We may disclose information relating to your use of the Services when requested by you. This disclosure at your request may require written authorization by you.
3.2 Services and Operations
We may use and disclose your identifiable health information in connection with providing services for our internal operations, which include administration, eligibility, planning, analytics, and various activities that assess and improve the quality and cost-effectiveness of the service that we deliver to you. Examples are using information about you to improve the quality of the service, satisfaction surveys, de-identifying health information, customer services, and internal training.
3.3 Emails
We may receive a confirmation when you open an email from us, or click on a link in an email if your computer supports this type of program. We use this confirmation to help us make emails more interesting and helpful. When you receive an email from us, you can opt out of receiving further emails by following the included instructions to unsubscribe. However, by opting out of further email communications after you sign up, you may limit program reminders and other valuable program content and components.
3.4 Reminders and notifications
We may use and disclose your identifiable health information to contact you as a reminder to interact with or complete tasks relating to your use of the Services. You may make changes to the format and frequency of these reminders or cancel these reminders and/or notifications by logging into your Breathing App for Diabetes account in the App and/or by accessing the native notification settings on your mobile device when using the App.
3.5 Third-party service providers
There are some services provided in our organization through third-party services providers. Examples of third-party services providers include accounting services, server hosting and email delivery providers, business associates, vendors and other business partners, and reputable companies in the industry who subcontract to us or to those of your employer as our corporate customers, where permitted by law. We may disclose your identifiable information to our third-party services providers so that they can perform the job that is required of them. To protect your identifiable information, we require appropriate contracts or written agreements be in place that safeguard your identifiable health information.
3.6 As required by law
Certain laws permit or require certain uses and disclosures of identifiable health information for example, for public health activities, health oversight activities, and law enforcement. In these instances, the Breathing App will only use or disclose your identifiable health information to the extent the law requires.
3.7 For research and publicity purposes
We may use de-identifying health information for internal and external research and publicity purposes. This may include publishing aggregate information about our users in the context of providing public health information and conducting academic research. In certain instances, we may only provide such information with special waivers and permissions from you.
3.8 Analytics & Marketing
Some of the third-party services that we use to monitor and analyze web traffic to keep track of user behavior include:
Google Analytics to help us better understand traffic (add, organic, and paid) to and from our site and apps.
Facebook Analytics to help us better understand the traffic that comes from our Facebook and/or Facebook ads.
3.9 Transfer of business assets
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. If Breathing App or substantially all of its assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets. Breathing App will ensure that information transferred to third parties will only be used in a way that is compliant with our privacy principles and will remain liable in cases of onward transfers to third parties.
4. How do we store your data?
We store all your personal information on secure servers. In some cases, to ensure a fast user experience, we may store some data on your device.

Where you have chosen a password that enables you to access certain parts of our App, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.

Once we have received your information from the app or website, we will use strict procedures and security features to try to prevent unauthorized access. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Information you provide to us is stored on secure servers located in the US, which are owned and operated by Google Cloud Platform (GCP). GCP are industry leaders in the provision of hosting services and take security very seriously - you can find out more about their security policies and processes in their Security Whitepapers.
5. Your rights
Right to accessA user of the Services has the right to view all personal information that Breathing App has collected about them, as well as the disclosure of this data. In order to receive this data, please contact Breathing App. The first copy of this information is provided free of charge and in a portable/common electronic form (e.g., CSV file).

Right to accuracyA user of the Services has the right to ensure that the data we have stored is accurate. In most cases, the system allows you to directly modify your own information. However, if there is incorrect data within our system that you are not able to change, please contact Breathing App, and we will work directly with you to update this information.

Right to deletionSubject to any exemptions provided by law, a user of the Services has the right to request deletion of all data within the system. To request your data be deleted, please contact Breathing App. In most cases, this request will be completed within 30 days. If circumstances require a delay to this deletion, Breathing App will notify you directly, explaining the reason for the delay. Note also that in some cases, there may be a legal requirement to hold on to your data. Again, Breathing will notify you directly if this is the case.

Right to withdraw consent
A user of the Services has the right to withdraw their consent at any time by contacting Breathing App. Please note that without consent to process your data, we will be unable to deliver the Services.

Right to notification of disclosureIn addition to the right to request disclosures of your data specified in the "right to access" above, we will notify you as required by law if there has been a breach of the security of your identifiable health information.

Concerns or complaintsIf you believe that any of your rights with respect to your or others’ identifiable health information have been violated by us, our employees or agents, please communicate with Breathing App.
6. Amending this Policy
We reserve the right to revise this Policy without notification. Any changes or updates will be effective immediately upon posting to this page. Your continued use of the Services constitutes your agreement to abide by the Privacy Policy as changed. Under certain circumstances (for example, if we expand the ways in which we use your personal information beyond the uses stated in our Privacy Policy at the time of collection), we may also elect to notify you of changes or updates to our Privacy Policy by additional means, such as by sending you an email.
7. Who can you contact?
Breathing App, Inc.
430 Broome St., 2nd Floor
10013 New York, NY
United States of America
support@thebreathing.app
7.1 HIPAA
If we are subject to the Health Insurance Portability and Accountability Act (“HIPAA”), you may also contact the Secretary of the U.S. Department of Health and Human Services. Under no circumstances will we take any retaliation against you for filing a complaint.