What data do we collect?

What data do you collect and why?

We collect name, email address, training and nutrition data, weight, height, sleep patterns, workout details, meal info, dietary requirements, wearable activity data and lifestyle information. This is to provide personalised services like carb codes, fuel planning, nutrition recommendations, coaching, and recipes.

How is my data encrypted and stored?

Data is encrypted and stored on secure cloud servers within the EEA. Payment transactions are encrypted.

What measures do you take to ensure the security of my data?

Servers are secure and access is limited to necessary personnel. Transmissions are encrypted. Strong passwords, procedures and features prevent unauthorised access.

Do you comply with GDPR or other privacy regulations?

Yes, we comply with GDPR and other privacy regulations.The GDPR provides you with the following rights. To:

- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

- Request the transfer of your personal information to another party in certain formats, if practicable.

- Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s Office. The ICO can be contacted through this link: https://ico.org.uk/concerns/

How often do you update your privacy policy?

We update our privacy policy as needed and post changes online. This suggests we regularly review and update the policy to reflect current practices.

Can I download or export my data from the app?

You have the right under GDPR to request a copy of personal data we hold about you. So you can download or export your data.

Do we share data with third parties for advertising or analytics?

There are certain third parties we work with to help us deliver you the best service we can. In order to achieve this we will share your personal information with:

- Amazon Web Services, a secure cloud services platform. See https://aws.amazon.com/privacy/.

- Google Cloud, an online storage cloud where we store files and documents. See https://policies.google.com/privacy?hl=en-US.

- Point, a wearable data aggregator that allows us to integrate your wearable data. See https://www.areyouonpoint.co/privacy-cookies.

- Nutritics, a nutrition analysis software that allows us to analyse the nutritional information of foods and drinks. See https://www.nutritics.com/en/privacy-policy.

- Xero, accountancy software that allows us to manage our accounts and billing. See https://www.xero.com/uk/about/legal/privacy/.

- Stripe, an online payment processing platform that allows us to manage and process customer payments. See https://stripe.com/privacy.

- Zoho Creator, an automation tool that allows us to build databases. See https://www.zoho.com/privacy.html & https://www.zoho.com/gdpr.html.

- Slack, a developers and team collaboration tool. See https://slack.com/intl/en-gb/privacy-policy.

- Webflow, where our website is hosted and supported. See https://webflow.com/legal/privacy.

- Atlassian Jira, a planning and tracking tool for software development. See https://www.atlassian.com/legal/privacy-policy.

- Render, a secure cloud services platform. See https://render.com/privacy.

- Supabase, a hosted database platform and authentication service. See https://supabase.com/docs/company/privacy.

- PostgreSQL, a database system. See https://www.postgresql.org/about/policies/privacy/.

- Business partners, academic institutions & suppliers for the provision of Hexis' service to you.- Analytics and search engine providers that assist us in the improvement and optimisation of our platform.

How do I report a security vulnerability in the app?

We hope that we have shared with you all the information you need, but in the event that we haven’t, or if you have any questions then please do not hesitate to contact our Data Protection Officer, Michael Blakeley on mike@pangolindpc.co.uk