Loading...

Activix Privacy Policy

Effective Date: 01/01/2025

Activix (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what we collect, how we use it, with whom we share it, how long we retain it, and the rights you have. It applies to the Activix mobile app, websites, and related services (collectively, the “Services”).

If you do not agree with this policy, please do not use the Services.

 

1) Who We Are (Data Controller)

  • Controller: Activix (UmiLab Co., Ltd)
  • Address:5-4-4, Kotokucho, Nada, Kobe, Hyogo 657-0025 Japan
  • Contact (General & Privacy): info@umi-lab.com

2) What We Collect

We collect information that you provide directly, information from devices/sensors you connect, and information collected automatically when you use the Services.

A. Information You Provide

  • Account data: name, email, password (hashed), profile photo (optional), gender, age, height, weight (if you enter them).
  • Content & support: feedback, survey responses, bug reports, and communications with us.
  • Subscription & purchase info: receipts, plan type, renewal status (via App Store/Play billing).

B. Device & Sensor Data (from paired wearables and fitness sensors)

  • Activity & fitness metrics: heart rate, HRV, steps, sleep, calories, cadence, power, SpO (if supported), workout type, training load.
  • Location & route: GPS traces, distance, pace, elevation (if you enable location permissions).
  • Device metadata: device model, firmware version, battery status, connection timestamps.

Health Data: Some metrics may constitute health data under applicable laws. We process such data only with your explicit consent (where required), and you can withdraw consent at any time in-app or by contacting us.

C. App & Technical Data (collected automatically)

  • Usage & diagnostics: app version, crash logs, performance metrics, feature interactions.
  • Device & network: mobile OS version, language, country/region, IP (truncated or full per provider), Bluetooth status.
  • Cookies/SDK equivalents on mobile: used for authentication, analytics, security, and feature delivery (see §7).

D. Sources & Integrations (Optional)

  • Apple Health / HealthKit: We only read/write specific categories you authorize. We do not use HealthKit data for marketing, advertising, or data brokerage.
  • Google Fit (Android): Same principle as above—data flows only with your permission and only for the stated purposes.
  • Third-party platforms: If you link accounts (e.g., sign-in with Apple/Google), we receive limited identifiers necessary to authenticate you.

 

3) How We Use Your Information (Purposes & Legal Bases)

A. Core Service Delivery

  • Sync with wearables and sensors; record and visualize workouts; compute metrics and analyses; backup/sync across devices.
  • Legal basis (GDPR): Performance of a contract; Explicit consent for health data; Legitimate interests for security/anti-abuse.

B. Improvements & Research (Product analytics)

  • Aggregate/anonymous analysis to improve accuracy, performance, battery usage, UI/UX.
  • Legal basis: Legitimate interests; for health data—explicit consent or anonymization.

C. Communications

  • Service notifications (account, security, feature changes), customer support responses.
  • Optional emails/push about new features or training tips (you can opt out).
  • Legal basis: Legitimate interests; Consent where required.

D. Safety, Security & Compliance

  • Fraud prevention, abuse detection, debugging, legal requests, regulatory compliance.
  • Legal basis: Legal obligations; Legitimate interests.

We do not use your personal health data for targeted advertising.

 

4) When We Share Information

We do not sell personal data. We share data only as described below:

  • Service providers (processors): Cloud hosting, analytics, crash reporting, email delivery, customer support tools. They process data under contract and only on our instructions.
  • Integrations you enable: If you connect Apple Health/Google Fit or export to third-party platforms, we share only the categories you authorize.
  • Legal reasons: To comply with law, court orders, or to enforce our rights, address security or fraud issues.
  • Business transfers: In the event of a merger, acquisition, or asset sale, your data may transfer under this Policy’s protections.

We impose confidentiality, security, and limited-purpose obligations on all recipients where applicable.

 

5) Data Retention

  • Account & training data: Retained while your account is active. If you delete your account, we aim to delete or irreversibly anonymize your personal data within 30 days (backup logs may persist for an additional limited period per rotation policies).
  • Diagnostics & logs: Typically retained up to 12 months unless needed longer for security/compliance.
  • Legal holds: If required by law or to resolve disputes, we may retain specific records as necessary.

 

6) International Data Transfers

Your data may be processed in countries other than where you reside. Where we transfer data internationally, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum, or other lawful mechanisms) and conduct transfer risk assessments where required.

 

7) Third-Party SDKs & Subprocessors

We use selected SDKs and vendors to provide core functions:

Examples (replace with your actual stack):

  • Cloud & Storage: [e.g., AWS / Google Cloud / Azure]
  • Analytics: [e.g., Firebase Analytics / Amplitude / Mixpanel]
  • Crash Reporting: [e.g., Firebase Crashlytics / Sentry]
  • Error Monitoring & Performance: [e.g., Sentry / Datadog]
  • Email/Support: [e.g., SendGrid / Zendesk / Freshdesk]
  • Authentication: [e.g., Sign in with Apple / Google Identity]

We keep an up-to-date list of subprocessors here: [Insert link to a live Subprocessors page]. Each provider is bound by data protection terms and security obligations.

HealthKit / Google Fit restrictions: We do not use these SDKs’ data for advertising, nor share it with third parties for marketing or data brokerage.

 

8) Cookies & “Do Not Track”

We don’t use third-party advertising cookies in the app. On web, we may use strictly necessary and analytics cookies. Most browsers offer Do Not Track; because no common standard exists, we don’t respond to DNT signals, but you can manage cookies via browser settings.

 

9) Data Security

We apply administrative, technical, and physical safeguards, including encryption in transit (TLS), restricted access, and security monitoring. No method is 100% secure; we continuously improve our practices to reduce risk.

 

10) Your Rights

Depending on your location, you may have the following rights:

  • Access / Portability: Get a copy of your data.
  • Rectification: Correct inaccurate or incomplete data.
  • Deletion: Delete your data and account.
  • Restriction / Objection: Limit or object to certain processing.
  • Consent withdrawal: Where processing is based on consent (e.g., health data), you can withdraw it at any time without affecting prior processing.
  • Appeal: If we deny your request, you may have the right to appeal.

How to exercise:

  • Use in-app settings where available (e.g., export, delete account).
  • Or contact info@umi-lab.com with your request and the email associated with your account. We may verify your identity before fulfilling requests.

 

11) GDPR Disclosures (EEA/UK)

  • Controller: See §1.
  • Legal bases: See §3.
  • Health data: Processed only with explicit consent (Art. 9(2)(a)) or where another condition applies.
  • Data transfers: Protected via SCCs/UK IDTA (see §6).
  • Lodging a complaint: You may contact your local supervisory authority (e.g., ICO in the UK, or your EU country’s DPA).

 

12) CCPA / CPRA (California)

  • No sale / No sharing for cross-context behavioral advertising: We do not sell your personal information or share it for cross-context behavioral advertising.
  • Right to know, delete, correct: You can request details about categories and specific pieces of PI we collect, request deletion, or correction.
  • Sensitive Personal Information (e.g., health data): Used only for permitted purposes (service delivery, security) and not for inferring characteristics.
  • Non-discrimination: We will not discriminate against you for exercising your rights.

Submit requests via info@umi-lab.com.

 

13) Children’s Privacy

The Services are not directed to children under 13 (or under the minimum age required by your jurisdiction). We do not knowingly collect personal data from children without verifiable parental consent. If you believe a child has provided data to us, contact info@umi-lab.com and we will take appropriate action.

 

14) Your Choices & Controls

  • Permissions: You can disable location, Bluetooth, motion/fitness, notifications in your device settings; certain features may stop working.
  • Apple Health / Google Fit: You can revoke categories at any time via system settings.
  • Marketing communications: You can unsubscribe via links in emails or within app settings.

 

15) Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects without human review. Training recommendations are algorithmic insights intended for wellness/fitness only and are not medical advice.

 

16) Medical Disclaimer

Activix provides fitness and wellness information only. It is not a medical device or service. Do not rely on Activix for diagnosing, treating, curing, or preventing any disease. Consult a healthcare professional for medical concerns.

17) Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new Effective Date and, where required by law, seek your consent for material changes.

 

18) Contact Us

If you have questions or wish to exercise your privacy rights, contact:

Activix Privacy Team
Email: info@umi-lab.com
Address: 5-4-4, Kotokucho, Nada, Kobe, Hyogo 657-0025 Japan.