Amicado Privacy Policy

Last Updated: January 15, 2025

Amicado ("Amicado," "we," "us," or "our") is deeply committed to protecting your privacy and being transparent about our policies and practices. This Privacy Policy describes how Amicado collects, uses, stores, shares, and protects your information when you use our activity tracking and challenges mobile application and related services (the "Services"). This Privacy Policy is incorporated by reference into and subject to Amicado's Terms of Use.

I. COLLECTION OF INFORMATION

Information You Provide Directly to Us

When you create an account and use Amicado's Services, you may provide us with certain information voluntarily, which may include but is not limited to:

• Identification Information: Your name, email address, username, profile picture, date of birth, and any third-party platform identifiers (such as your Apple ID, Google account, or social media identifiers) if you choose to connect these accounts with Amicado
• Activity and Wellness Data: Physical activity data including steps, distance, calories burned, exercise duration and type, workout routines, activity goals, challenge participation and completion data, mood tracking information, wellness check-ins, and any notes or comments you add to your activities
• Social Interaction Data: Friend connections, team formations, challenge invitations, leaderboard participation, messages within challenges, kudos and encouragement sent to other users, and shared activity achievements
• Wellness Information: Basic wellness tracking such as perceived exertion levels, recovery status, wellness goals, and mood tracking that you choose to manually input (separate from HealthKit data which remains on-device only)
• User-Generated Content: Photos you upload for your profile or to document activities, custom challenge descriptions, motivational messages, activity comments, and any other content you create within the Services
• Communication Information: When you contact us for support, provide feedback, participate in surveys, or engage with our community features, we collect the content of your communications and any information you choose to provide

Information We Collect Automatically

When you access or use our Services, we automatically collect certain information about your device and usage patterns, including:

• Device Information: Hardware model, operating system and version, unique device identifiers, mobile network information, device settings relevant to the Services, app version, and crash data that helps us improve stability
• Usage Information: Features you use within Amicado, frequency and duration of app sessions, navigation patterns, challenge participation rates, goal completion statistics, interaction with push notifications, and performance metrics of the app
• Location Information: With your permission, we collect broad geographical location data to provide location-based challenges, suggest local activity routes, connect you with nearby users for challenges, and improve our Services' relevance to your region
• Analytics Data: Through PostHog, we collect interaction data, feature usage patterns, user flow information, and engagement metrics to understand how users interact with our Services and identify areas for improvement
• Technical Data: IP address (for general location and security purposes), browser type and language preferences (for web-based features), referring and exit pages, clickstream data, and other technical information necessary to provide and secure the Services

We may combine information we collect from multiple sources to provide you with a more seamless, consistent, and personalized experience. When we combine this information, we treat it in accordance with this Privacy Policy. Additionally, we may aggregate or de-identify information we collect so that it cannot reasonably be used to identify you individually. Aggregated or de-identified information is not subject to this Privacy Policy.

II. USE OF INFORMATION AND PURPOSE OF DATA PROCESSING

We use the information we collect for the following purposes necessary to provide our Services to you:

• Account Management and Authentication: Creating and managing your Amicado account, verifying your identity, enabling secure login, managing your preferences and settings, and maintaining the integrity of user accounts
• Service Delivery and Personalization: Providing core activity tracking functionality, facilitating challenge creation and participation, generating AI-powered insights on-device, calculating and displaying progress metrics, personalizing activity recommendations, suggesting relevant challenges based on your fitness level and interests, and customizing your experience based on your preferences
• Communication and Engagement: Sending you administrative communications about your account, notifying you about challenge invitations and updates, delivering achievement notifications and motivational messages, providing customer support and responding to your inquiries, sending you important service updates and security alerts, and facilitating social interactions within the app
• Analytics and Improvement: Understanding user engagement patterns, identifying popular features and areas for enhancement, conducting internal research and development, improving app performance and stability, developing new features and services, and ensuring the Services meet user needs effectively
• Community Building: Connecting you with friends and challenge partners, facilitating team formations and group challenges, maintaining leaderboards and rankings, enabling social features like kudos and comments, and fostering a supportive activity community

We also use information for the following additional business purposes:

• Marketing and Promotion: With your consent where required, sending you promotional communications about new features, upcoming challenges, partner offers, and Amicado news; conducting surveys and collecting feedback; analyzing the effectiveness of our marketing campaigns; and personalizing promotional content based on your interests and activity patterns
• Safety and Security: Detecting and preventing fraud, abuse, and security incidents; investigating suspicious activity; enforcing our Terms of Use and community guidelines; protecting users from harmful or inappropriate content; maintaining the security and integrity of our Services; and complying with legal obligations
• Legal and Compliance: Responding to legal requests and court orders; complying with applicable laws and regulations; protecting our rights, property, and interests; defending against legal claims; and maintaining records as required by law
• Business Operations: Managing our business relationships with service providers; conducting internal audits and assessments; facilitating business planning and development; managing corporate transactions such as mergers or acquisitions; and maintaining business records
• Research and Innovation: We may conduct research to improve health and wellness outcomes using only aggregated or de-identified data that cannot reasonably be used to identify you. This includes: developing new activity tracking methodologies; analyzing trends in physical activity and wellness; improving our AI insights generation; and contributing to the advancement of activity tracking technology. All research is conducted with data that has been de-identified and aggregated

III. DISCLOSURE OF INFORMATION

We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect. We do not sell your personal information to third parties, and we do not engage in cross-context behavioral advertising as defined under applicable privacy laws.

Service Providers and Business Partners

We may share your information with third-party service providers and business partners who perform services on our behalf, including:

• Infrastructure Providers: Cloud hosting services, content delivery networks, and database management providers that help us operate our Services reliably and at scale
• Analytics Providers: PostHog and other analytics services that help us understand usage patterns and improve our Services
• Communication Services: Email service providers, push notification services, and in-app messaging platforms that enable us to communicate with you
• Payment Processors: If we introduce premium features, secure payment processing services to handle transactions
• Customer Support Tools: Platforms that help us manage and respond to user inquiries efficiently
• Security Services: Providers that help us detect and prevent fraud, maintain security, and protect against malicious activity

These service providers are contractually obligated to use your information only to provide services to us and are prohibited from using your information for their own purposes.

Legal Requirements and Protection

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request
• Enforce our Terms of Use and other agreements
• Protect the rights, property, or safety of Amicado, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to emergency situations where the safety of an individual may be at risk

Business Transfers

If Amicado is involved in a merger, acquisition, reorganization, sale of assets, bankruptcy, or other similar event, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice within our Services of any change in ownership or uses of your personal information.

With Your Consent

We may share your information for any other purpose disclosed to you at the time we collect the information or with your explicit consent.

Public Activities and Social Features

Please be aware that certain features of our Services allow you to make information publicly visible, including:

• Public leaderboards displaying usernames and activity statistics
• Public challenges that other users can discover and join
• Shared achievements and activity summaries you choose to post
• Public profile information you choose to display

You are solely responsible for the information you choose to make public through these features. We cannot control how others may use public information you share through our Services.

Third-Party Integrations

If you choose to connect Amicado with third-party services (such as social media platforms, other fitness apps, or health platforms), those connections may involve sharing certain information with those third parties according to your settings and their privacy policies. While we process HealthKit data exclusively on-device and never collect it to our servers, other third-party integrations you authorize may involve data sharing subject to those services' own terms and privacy policies.

No Health Data Marketing: We absolutely never use any health-related information for advertising or marketing purposes. Since HealthKit data remains on your device, we don't even have access to it. Any wellness information you manually provide is used solely for service functionality, never for marketing.

IV. COOKIES AND SIMILAR TECHNOLOGIES

Amicado and our service providers use cookies, pixel tags, local storage, and similar technologies to automatically collect information, measure and analyze usage patterns, enhance functionality, and deliver relevant content. Cookies are small data files stored on your device that help us remember your preferences and understand how you use our Services.

Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the Services to function properly, including user authentication, security features, and maintaining your session while using the app or any web-based features
• Performance and Analytics Cookies: Help us understand how users interact with our Services, which features are most popular, where users encounter issues, and how we can improve performance and user experience
• Functionality Cookies: Enable enhanced functionality and personalization, such as remembering your preferences, language settings, challenge filters, and activity display preferences
• Promotional Cookies: We do not use third-party behavioral advertising cookies. If we ever introduce first-party promotional cookies (e.g., to highlight new Amicado features), they will only be used with your consent
• Social Media Cookies: Enable social media features within our Services, such as sharing achievements on social platforms or logging in using social media credentials
• Third-Party Cookies: Set by our service providers to provide their services to us, including analytics, security, and functionality enhancement

Do-Not-Track Signals

Some web browsers and devices allow you to broadcast a preference that your online activities not be tracked. We honor Global Privacy Control (GPC) signals as required under California law. For other Do-Not-Track signals, our Services do not currently respond to them, but we continue to evaluate potential responses to these signals as standards and practices evolve.

Personal Information Collected Through Cookies

The information collected through cookies and similar technologies may include personal information such as your IP address, device identifiers, and usage patterns. This information is handled in accordance with this Privacy Policy and is subject to the same protections and rights described throughout this document. You can manage your cookie preferences through your device settings and browser controls, though disabling certain cookies may impact the functionality of our Services.

V. YOUR RIGHTS AND CHOICES

You have certain rights and choices regarding your personal information, including:

• Access: Request information about the personal information we hold about you
• Rectification: Request correction of inaccurate or incomplete personal information
• Erasure: Request deletion of your personal information, subject to certain exceptions
• Portability: Request a copy of your personal information in a structured, commonly used format
• Restriction: Request that we restrict processing of your personal information in certain circumstances
• Objection: Object to our processing of your personal information where we rely on legitimate interests
• Consent Withdrawal: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before withdrawal

State-Specific Privacy Rights

US State Privacy Rights: Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have the right to access, delete, correct, and opt out of certain data uses as described above. To exercise these rights, contact help@amicado.app. We will respond to your request within 45 days as required by applicable law.

Additional Rights for Maryland, Minnesota, and Tennessee Residents (2025): Beginning on the effective dates of those laws, residents of Maryland (effective October 1, 2025), Minnesota (effective July 31, 2025), and Tennessee (effective July 1, 2025) will have enhanced rights including:

• Data Minimization: Right to request that we limit data collection to what is necessary for our services
• Enhanced Opt-Out Rights: Expanded ability to opt out of data sharing for certain purposes
• Sensitive Data Protection: Special protections for sensitive personal information
• Consumer Rights Enforcement: Right to file complaints with state attorneys general

Exercising Your Rights

To exercise these rights, please contact us at help@amicado.app with your request. We will respond to your request within the timeframe required by applicable law. To protect your privacy and security, we may need to verify your identity before processing your request by matching information you provide with information we have on file. In some jurisdictions, you may designate an authorized agent to make requests on your behalf. We may require proof that the agent has been authorized to act on your behalf.

In-App Data Management

Amicado provides built-in features to help you manage your data directly:

• Download Your Data: Access your complete data export through Settings > Privacy > Download My Data. Your data package will be prepared and made available for download within 48 hours. For security reasons, you can request a data download once every 24 hours. The export includes all your activity data, profile information, challenge history, and other information associated with your account
• Delete Your Account: Permanently delete your account and all associated data through Settings > Privacy > Delete Account. This action will immediately log you out and queue your data for permanent deletion. Please note that deletion is irreversible and you will lose all your activity history, achievements, and challenge progress. You may create a new account with the same email address if you choose to rejoin Amicado in the future

Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, provide you a different level or quality of services, or otherwise treat you differently because you exercised your privacy rights. However, if you choose to delete certain information or restrict our processing, some features of the Services that require that information may no longer be available to you.

VI. INTERNATIONAL TRANSFERS

Amicado operates globally and your information may be transferred to and processed in countries other than the country in which you reside, including the United States where our primary servers are located. These countries may have data protection laws that are different from those of your country. By using our Services, you consent to the transfer of your information to these countries.

For individuals in the European Economic Area (EEA) and United Kingdom (UK), we implement appropriate safeguards for transfers of personal information to countries outside the EEA and UK. For EEA transfers, we use Standard Contractual Clauses approved by the European Commission. For UK transfers, we rely on the UK International Data Transfer Addendum. These safeguards ensure recipients protect your personal information to standards equivalent to those in your jurisdiction.

VII. CHILDREN

Amicado's Services are intended for adults. You must be 18 years or older to use our Services. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it as quickly as possible. If you believe that a child under 18 has provided us with personal information, please contact us immediately at help@amicado.app.

VIII. HEALTHKIT AND ON-DEVICE DATA PROCESSING

We integrate with Apple HealthKit and Google Fit to provide comprehensive activity tracking while maintaining the highest privacy standards. Here's how we handle this sensitive data:

HealthKit Data Protection

On-Device Processing: All HealthKit and Google Fit data remains exclusively on your device. HealthKit/Google Fit-sourced data is processed on-device and is not transmitted to our servers. We do not use such data for advertising, sell it, or share it with third parties. We may process non-health app telemetry (e.g., crashes, feature usage) for analytics and service improvement, but never combine HealthKit/Google Fit-sourced values with advertising or analytics profiles. This includes:

• Heart rate data and patterns
• Step counts and distance measurements
• Workout data and activity types
• Health metrics and biometric information
• Any other data from HealthKit or Google Fit

AI Insights Generation

Local AI Processing: All AI insights about your fitness patterns, activity recommendations, and personalized coaching are generated locally on your device using advanced machine learning models. This means:

• Your health data never leaves your device for AI processing
• Insights are created without any server communication
• Your most sensitive information remains completely private
• AI models run locally without internet connectivity requirements

Absolute Prohibitions

We commit to the following absolute restrictions regarding HealthKit and health-related data:

• No Marketing Use: We will never use HealthKit data or any health information for advertising, marketing, or promotional purposes
• No Third-Party Sharing: We cannot and will not share HealthKit data with third parties for marketing purposes, as we don't have access to it
• No Data Sales: We will never sell any health-related information under any circumstances
• No Profiling: We do not create health profiles for advertising or commercial purposes

Wellness Information You Provide

Separate from HealthKit data, you may choose to manually provide wellness information such as:

• Perceived exertion levels
• Recovery status and sleep quality notes
• Wellness goals and preferences
• Mood tracking information
• Activity notes and reflections

This manually entered wellness information is used exclusively for providing personalized challenges, progress tracking, and improving our Services. It is never used for advertising or marketing purposes.

IX. DATA RETENTION, SECURITY, AND INTEGRITY

Data Retention Periods

We retain your personal information for as long as your account is active or as necessary to provide the Services and comply with legal obligations. When you delete your account, we aim to delete or de-identify personal information within 90 days, unless a longer period is required for legal, security, or legitimate business purposes. Specific retention periods include:

• Account Information: Retained while your account is active, then deleted within 90 days of account deletion unless required for legal purposes
• Activity Data: Retained for the duration of your account plus 30 days for backup purposes
• Communication Records: Retained for 2 years for customer service purposes or as required by law
• Analytics Data: Aggregated and anonymized within 6 months, then retained indefinitely for service improvement
• Legal Records: Retained as required by applicable law, typically 7 years for financial records
• HealthKit Data: Never retained on our servers as it never leaves your device

When retention periods expire, we securely delete or anonymize the information using industry-standard data destruction methods.

Security Measures

We implement reasonable security measures to protect your information against loss, theft, unauthorized access, disclosure, copying, misuse, or modification. These measures include:

• Encryption: Data encryption in transit and at rest
• Access Controls: Role-based access limitations for our personnel
• Security Monitoring: Continuous monitoring for security threats
• Regular Audits: Security assessments and vulnerability testing
• Incident Response: Established procedures for security incident handling
• Employee Training: Regular privacy and security training for our team
• Vendor Management: Security requirements for all service providers

However, please understand that no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. We are not responsible for the security practices of third-party services you choose to connect with Amicado. We also take steps to ensure that the information we collect is reliable for its intended use, accurate, complete, and current. You can help us maintain the accuracy of your information by updating your profile when your information changes.

X. CHANGES TO THE PRIVACY POLICY

We may revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated Privacy Policy on this page with a revised "Last Updated" date. We encourage you to review this Privacy Policy periodically to stay informed about our information practices and your privacy rights. Your continued use of our Services after changes to the Privacy Policy constitutes your acceptance of the revised policy.

XI. CONTACT INFORMATION

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at help@amicado.app.