Cheeky-Fit Privacy Policy
Effective Date: January 31, 2026Last Updated: January 31, 2026
Introduction
Welcome to Cheeky-Fit, Inc.’s Privacy Policy for the cheeky.fit mobile application (“Cheeky-Fit” or “the app”). We believe in being transparent and honest about how we collect, use, share, and sell your personal information. Cheeky-Fit is a data-intensive app – by using our app, you acknowledge that we collect virtually all data available through the app and your device (including unique identifiers, precise location, behavioral usage data, and any user-generated content) and that we may monetize this data, including by selling it to third parties. We do not delay or gate this data collection behind additional prompts or consents beyond what the law or platform (Apple/Google) strictly require. This policy explains our practices in detail, including what data we collect, how we use it, with whom we share or sell it, how we protect it, and your rights and choices under various privacy laws. We aim to comply with global privacy standards, including the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and relevant Apple App Store and Google Play Store requirements.
By using Cheeky-Fit, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the app. We do not use misleading language or euphemisms – our goal is to clearly inform you of our data practices, even if they are extensive.
Information We Collect
We collect personal data and device information automatically and through your input from the moment you begin using Cheeky-Fit. This includes almost all data the app can access, such as:
· Identifiers and Account Information: If you create an account, we collect your name, email address, username, and password. We also collect unique device identifiers (such as your phone’s device ID, advertising identifiers like Apple’s IDFA or Android’s Advertising ID), IP address, phone number (if you provide it), and other identifiers. These identifiers allow us to recognize you and your device and are used for functionalities and tracking across services.
· Location Data: We collect your device’s location information. This may include precise GPS coordinates (if you grant location permission) and general location inferred from your IP address or device settings. Location data is used for app features that require location (e.g., fitness route tracking or location-based content) and for analytics and advertising. We will request OS-level permission where required to access precise GPS location (for example, via the standard mobile prompt). Once permission is granted, we may continually collect location in the background. If you decline to share GPS location, we may still derive a coarse location from your IP or other data.
· Usage and Behavioral Data: We automatically collect data about how you use Cheeky-Fit. This includes the features you access, the content you view or create, the buttons or links you tap, and other in-app activities and preferences. We log timestamps of your sessions, workouts or activities logged (if applicable), interaction patterns, and referral/traffic data (how you arrived at the app). We also gather device and network information such as your device type, OS version, app version, browser type (if accessing web content), language, and mobile network. This behavioral and technical data helps us analyze engagement, diagnose issues, and personalize your experience.
· User-Generated Content: Any content you create, upload, or post on Cheeky-Fit is collected and stored. This includes photos, videos, comments, profile pictures, biometric or fitness information you input (for example, if the app allows you to log workouts, calories, or other health-related metrics), and any other data you submit within the app. Please note: content you choose to make public or share with others in the app may be visible to other users, but even if not public, we have access to it on our servers. We treat direct messages or private content as private to the users involved, but they are not end-to-end encrypted and our systems will still process them.
· Contacts and Integration Data (if applicable): If you choose to import contacts or integrate with third-party services (for example, linking the app to your phone’s contacts to find friends, or connecting to a health kit or social media account), we will collect the information you allow from those sources. This could include contact names and phone numbers/email addresses, or profile information from the linked service. We will request your permission before accessing such data (e.g., a prompt to access your contacts). Once given, we may store and use that data for features (like friend-finding) and potentially for other purposes described in this policy (such as analytics or recommendations).
· Sensor and Fitness Data: Cheeky-Fit may access data from your device’s sensors or other apps to provide certain features. For example, we might use the accelerometer or pedometer in your phone to count steps, or read fitness data (heart rate, steps, workouts) from Apple HealthKit or Google Fit if you connect those. We only access these if you allow us to (you’ll see a prompt specific to those services). Any such data (e.g., step count, calories burned, etc.) will be collected and treated as personal data. Important: If we integrate with Apple HealthKit or Google Fit, note that those platforms impose additional rules (e.g., HealthKit data generally cannot be used for advertising or sold). We will adhere to those rules where applicable and will not use such data in prohibited ways.
· Cookies and Similar Technologies: Although Cheeky-Fit is a mobile app, we (and our third-party partners) may use tracking technologies similar to cookies or beacons within the app. For instance, SDKs and analytics libraries in the app may place or utilize identifiers on your device to recognize you. If you visit our website or a web-view within the app, cookies may be used in your browser. These technologies collect information such as device identifiers, browsing events, and advertisement interactions.
Note: Even if you do not explicitly give us certain information, we may infer or collect it through other data sources. For example, we may infer your general location from your IP address, or deduce interests from your usage behavior. We may also receive information about you from other sources: if you log in via a social network or third-party platform, that platform may send us certain information (according to their privacy settings and policies). We combine all these data with data we collect directly for the purposes described in this policy. In summary, Cheeky-Fit collects as much personal and device data as it can obtain, through all available channels, to support our features and business model.
How We Use Your Information
We use the collected information for the following purposes, which include providing and improving the service as well as monetizing the data:
· Providing and Improving the App: We use your data to operate Cheeky-Fit’s core functionality. This includes using your personal information to create and manage your account, display the content you post (e.g., showing your uploaded photos or workout stats to you or others as applicable), and to enable social or interactive features (like leaderboards or friend connections if offered). We also use data to debug, troubleshoot, and improve the app’s performance. For example, logs of crashes or errors are analyzed to fix bugs. Usage patterns help us understand which features are popular or where users encounter problems, so we can refine the user experience.
· Personalization: Your information is used to personalize your experience. This could mean customizing the content or recommendations you see in the app. For instance, we might use your location to show local fitness challenges or content in your area, or use your usage history to suggest new features or workouts you might like. Personalization also includes tailoring the advertising you see – we and our partners might use your profile, behavior, and demographics to decide which ads or sponsored content to show you, in order to make them more relevant.
· Analytics and Aggregation: We aggregate data and perform analytics to understand how our user base as a whole interacts with Cheeky-Fit. This helps us generate insights about usage trends and demographics. For example, we might analyze the average daily time spent in the app, or how engagement varies by region. These insights inform business decisions, product strategy, and marketing strategies. We may share aggregated, de-identified statistics publicly or with third parties (e.g., “X% of our users completed a workout this week”), but these stats will not identify you personally. Internally, however, we do maintain identifiable analytics for the other purposes in this policy.
· Communication: We may use your contact information (such as email or in-app notifications) to send you service-related and marketing communications. Service-related communications include verification emails, password reset messages, transactional notices, or important updates about the app (for example, changes to this Privacy Policy or alerts about security issues). Marketing communications include promotional emails or messages about new features, tips, or offers we or our partners provide. You can opt out of marketing emails by using the unsubscribe link in those emails or contacting us, but you will still receive essential service messages. If you agree to receive push notifications or in-app messages, we will send those to deliver updates, reminders (for example, a reminder to log a workout), or promotional content.
· Advertising and Monetization: This is a critical purpose of our data practices. We use your personal data to generate revenue by advertising and data sales. Specifically, we use your data to facilitate targeted advertising in the app, meaning third-party advertisers can show you ads tailored to your profile. We share certain data (detailed in the next section) with advertising networks and partners who use it to decide which ads to serve you. Additionally, we sell personal data to third parties (including data aggregators, marketers, and other businesses) for their own commercial uses. The data we monetize in this way may include identifiers (so you can be recognized across platforms), your contact information, demographic details, and information about your interests and activities in the app. These third parties may combine our data with information they have from other sources to profile you and target you with advertising or other content across different contexts. We do not provide any opt-in prompt before using your data for advertising or sale – by using the app, this use of data is enabled by default. (However, see “Your Rights and Choices” below for how you can opt out of certain data sharing or sale under applicable laws.)
· Business Operations and Security: We may use data for our legitimate business operations, such as maintaining our financial or business records, accounting, audits, and internal reporting. We also use data to maintain the security of our services and users – for example, we may monitor activity to detect and prevent fraud, abuse, illegal activities, or security breaches. If we detect fraudulent behavior or violations of our Terms of Service, we may use relevant data to investigate and take appropriate action (which could include moderating content or communicating with law enforcement if necessary). We also might use your data as needed to exercise or defend legal claims, to comply with court orders or legal obligations, or to respond to lawful requests from authorities.
· Compliance and Legal Obligations: Where we are subject to certain regulations or laws that require data processing, we will use your data to fulfill those requirements. For instance, privacy laws might require that we document consent or opt-outs – we will keep records as needed. If we are legally required to retain certain data (for tax, legal compliance, or dispute resolution), we will do so. Additionally, if we receive a legal request (subpoena, court order, etc.) that compels us to disclose user data, we will comply to the extent required and will use your data for that purpose (notifying you where permissible).
· Other Purposes (with Notice or Consent): If we intend to use your personal information for a purpose that is not already described above, we will update this Privacy Policy and, if required by law, notify you or obtain your consent. For example, if in the future Cheeky-Fit wants to use biometric identifiers or introduce a new data-heavy feature outside the current scope, we would explain the new data use at that time and get any necessary permission.
We strive to limit our uses to those that we have disclosed to you. In compliance with Google Play policy, we do not use personal data for any purpose that we haven’t clearly disclosed to you[1]. We also ensure that we only use data in ways that are consistent with the purposes we told you about[1]. In practice, this means we will not suddenly start using your data for unrelated purposes without updating this policy or obtaining necessary consent. However, please be aware that the scope of purposes above is broad – covering most conceivable uses from service delivery to monetization – and we do indeed leverage your data to the fullest extent described.
Sharing and Selling of Information
We do share your personal information with third parties, including by selling it for monetary or other valuable consideration. This section explains who these third parties are, what data they receive, and why. We do not hide the fact that your data is a business asset for us – sharing data with partners is integral to how Cheeky-Fit is funded and operates.
Categories of Third Parties and Data Sharing/Sales:
· Advertising Partners: We work with third-party ad networks, advertisers, and advertising technology companies to display ads in Cheeky-Fit and beyond. We may transmit identifiers (like your Advertising ID, device ID, or hashed email address), demographics (such as age range, gender if known), and contextual information (e.g., that you are using a fitness app, or your device’s general location) to these partners so they can target and serve ads to you. We also share information about your interactions with ads (for example, if you clicked an ad) with these partners for performance measurement. In many cases, this data sharing is considered a “sale” or “sharing” of personal information under laws like the CCPA/CPRA because it involves disclosing data to third parties for behavioral advertising or monetary benefit[2][3]. These advertising partners may use the data we provide to profile you and show you targeted ads in our app, on other apps, or on websites. They may also combine it with data collected from other apps and sites for broader ad targeting – this cross-context tracking on iOS will only occur if you have granted permission via Apple’s AppTrackingTransparency prompt (see “Platform-Specific Compliance” below). If you opt-out of tracking or personalized ads using platform settings (such as selecting “Ask App Not to Track” on iOS or opting out of Ads Personalization on Android), we will cease sharing your identifiers with third-party advertisers for targeted advertising on that device, as those are required signals we must honor. However, we may still serve you contextual ads (not tailored using personal data) and continue internal uses of your data.
· Analytics and Measurement Providers: We use third-party analytics tools (for example, Google Analytics for Firebase, or other SDKs) to understand app performance and user behavior. These tools often collect data directly through our app by means of their embedded code, and send it to their servers for analysis. The data can include your device identifiers, usage events, and other technical information. While we primarily use analytics data internally, these third-party providers process the data on our behalf. In some cases, an analytics provider may combine data from our app with data from others to improve their services or for benchmarking. We ensure any such provider is obligated to use data only for providing services to us (or as otherwise allowed by Google/Apple policies). We do not consider this a “sale” if the provider is a service provider or processor to us; however, if we allow them to use the data for their own purposes, that could be deemed a sale, and we will disclose it if so. For transparency, some analytics and tracking on Cheeky-Fit is done via third-party SDKs that may collect your data for their own use – for example, an SDK might use your data to improve its services or for aggregated market research. We list these in our App Store / Play Store disclosures and will treat those as third-party data sharing in this policy.
· Data Brokers and Partners: Aside from advertising networks, we may also sell or license data about our users to other businesses or data brokers who are interested in consumer data. This may include companies that aggregate consumer information to build marketing lists, credit risk profiles, or other consumer insights. The data we might sell could include your personal identifiers (like a unique user ID, device ID, or hashed contact information) and associated data like your app usage patterns, interests as inferred by us, and demographic or location information. We do not sell highly sensitive identifiers like passwords or financial info (which we don’t collect) or sensitive personal data like health conditions; our focus is on data that is valuable for advertising/marketing or analytical purposes. If you are a California resident, you have the right to opt out of this kind of sale of your personal information (see “Your Rights and Choices” below on how to exercise that). Unless you opt out (or unless you were under 16 years old and did not opt in – see “Children’s Privacy”), your data may be included in these sales by default, meaning we could be sharing information about your app activities with third parties in exchange for compensation without further notifying you at the point of each disclosure[4]. We disclose this here in our policy as required, and by continuing to use the app, you acknowledge that these sales may occur.
· Affiliated Companies: If Cheeky-Fit, Inc. is part of a corporate group (e.g., parent company, subsidiaries, or affiliates), we may share your information within that family of companies. Such sharing might occur for internal administrative purposes, for joint services, or because a related entity provides technology or data processing for the app. For example, if our subsidiary or an affiliated company helps in analytics or advertising, we’ll share data with them. Any affiliate receiving your data will be bound to treat it under the same privacy commitments we make in this policy. If in the future Cheeky-Fit, Inc. undergoes a merger, acquisition, investment, or asset sale, user data (including your personal information) may be disclosed to the parties involved (such as prospective purchasers and their advisors) as part of due diligence or transferred as part of the transaction. We will ensure any such parties are under obligations to keep the data confidential and use it only for evaluating the transaction. If a change of ownership occurs, we will provide notice to users (for example, via app notification or email) and the new owner would be bound to this privacy policy or one with similar protections.
· Service Providers: We share personal information with service providers or processors that perform functions on our behalf. These include cloud hosting providers (that store our databases and content), payment processors (if any financial transactions occur), customer support software providers, marketing email platforms, and other IT or security service providers. These companies act under contracts that limit their use of your data to providing the service to us and require them to safeguard it appropriately. We do not consider these “sales” of data, because we do not give it to them for their independent use. For example, if we use a cloud service like Amazon Web Services or Google Cloud, your data is stored on their servers but they are not allowed to access or use it for other purposes except as needed to keep it available to the app.
· Law Enforcement and Legal Requirements: We may disclose personal information to third parties (such as attorneys, auditors, law enforcement agencies, or regulators) if we believe in good faith that such disclosure is necessary to comply with a legal obligation or valid legal process (subpoena, court order, etc.); to respond to an emergency that we believe in good faith requires us to disclose data to prevent harm; or to protect our rights, users, or the public. For example, if law enforcement provides a lawful order to provide data related to a user’s account, we will comply and provide the requested information, after verifying the legitimacy of the request. We will attempt to notify you of such requests when permissible by law. We do not sell data in these scenarios; these are disclosures for legal compliance or safety purposes.
No Hidden Third Parties: We want to emphasize that whenever we share your data, it’s either with your direct interaction (like when using a feature that posts info publicly or integrates with another service) or with parties we’ve described above. We do not share information with employers, insurance companies, or other unexpected parties without consent, unless it falls under the categories above (for instance, if an insurance company is a business partner who buys data, that would be covered under data sales). We also do not currently share personal data with social networks or other apps unless you choose to link or share (e.g., if you share your Cheeky-Fit content to a social media platform, that action will send data to that platform, governed by their policies).
Third-Party Data Protections: When we share data with any third party, we contractually require (or otherwise ensure through terms and conditions) that they handle the data securely and consistent with applicable law. For example, Apple’s App Store guidelines require us to ensure any third party receiving user data provides at least the same level of data protection as our own privacy policy promises[5]. We take those requirements seriously. However, once data is transferred to a third party that is not acting solely as our service provider, that data becomes subject to the third party’s privacy practices. While we contractually or legally bind partners to certain standards, we cannot fully control what they do. We encourage you to review the privacy policies of any third-party services or partners that may collect or receive your data through our app. Notable third-party recipients in our context include advertising networks (who will have their own policies on data usage and opt-outs, such as Google’s or Facebook’s policies for ads).
Disclosure in the Past 12 Months (for CCPA/CPRA): In the past 12 months, Cheeky-Fit has collected and disclosed for business or commercial purposes all of the categories of personal information described in Information We Collect. Specifically, we have “sold” or “shared” (as those terms are defined by California law) identifiers, internet or app activity information, and geolocation data to third-party advertisers and data partners for advertising and marketing purposes. We have not sold any sensitive personal information like health data or account passwords (we don’t collect those). We do not knowingly sell personal information of consumers under 16 years of age without affirmative authorization (see Children’s Privacy below). If you are a California resident, you have the right to direct us to stop selling or sharing your personal information – refer to Your Rights and Choices below for how to exercise that right (via a “Do Not Sell or Share” request).
Legal Bases for Processing (EU/UK GDPR)
If you are located in the European Union, European Economic Area (EEA), or United Kingdom, we must comply with the EU GDPR or UK GDPR in how we process your personal data. These laws require that we have a “lawful basis” for processing your information. We explain those legal bases here, as well as some specific GDPR considerations:
· Consent: In some cases, we rely on your consent to process personal data. For example, if we send you marketing communications (such as promotional emails or push notifications that are not strictly service-related), we do so on the basis of your consent where required by law. Similarly, if we collect precise location or health data in the EU context, we may ask for your consent through the OS prompt or in-app before doing so. Where we use cookies or similar tracking technologies on our website or in the app that are not strictly necessary (e.g. for analytics or advertising), we will obtain consent via a consent banner or settings, as required by ePrivacy laws. You have the right to withdraw any consent you provide at any time (for example, you can opt out of marketing or disable location access later); withdrawing consent will not affect the lawfulness of processing that happened before the withdrawal.
· Performance of a Contract: When you sign up for and use Cheeky-Fit, you are entering into an agreement (the Terms of Service) with us to provide the app’s services. We process certain data as necessary to perform that contract – for example, using your login credentials to authenticate you, using your submitted content to display it back to you or to others as intended, or processing payment information if there are paid features (currently, our app is free with ads, so this may not apply yet). Essentially, any processing of data without which we could not provide the core features of Cheeky-Fit to you may fall under “necessary for performance of contract.” If you choose not to provide such necessary data, we may not be able to offer you the service or certain features.
· Legitimate Interests: This is likely our most relevant legal basis for many processing activities under GDPR. We process your data for purposes that are not strictly required for the service, but that are important for our business, under the justification of legitimate interests. This includes processing for improving our product, securing our platform, and monetizing our services through advertising and data sharing. We have a legitimate interest in analyzing and monetizing user data to fund our operations, and we believe this can be done in a balanced manner that does not override your rights and freedoms. We have conducted (and continue to revisit) assessments to weigh our interests against your privacy. For example, for personalized advertising in the EU, we understand this is an area where consent is often required under ePrivacy (for use of tracking technologies). We will respect applicable local requirements (like obtaining consent for cookies or mobile ad IDs if mandated). However, aside from those specific cases, we might rely on legitimate interests to create user profiles and share data with third parties for advertising. We only do so to the extent permitted by law and industry standards. Importantly, you have the right to object to any processing of your data that we conduct on the basis of our legitimate interests (see Your Rights and Choices below). If you exercise your right to object, we will review the request and cease or adjust the processing in question unless we have compelling legitimate grounds to continue (or if it’s needed for legal claims). We believe that in an era of data-driven services, our approach aligns with the opt-out model under some laws, but we are aware that GDPR favors an opt-in model[3]. We strive to bridge that gap by providing transparency and control (opt-out rights) for our EU/UK users even when we rely on legitimate interests.
· Legal Obligation: We may process and retain certain data to comply with our legal obligations under EU, UK, or member state laws. For example, if tax law requires us to keep transaction records, or if consumer protection laws mandate we keep evidence of consent or privacy compliance, we will process data for those purposes. Likewise, if a law enforcement authority lawfully requires data, processing that data (like retrieving and handing over certain information) is based on legal obligation.
· Vital Interests: This basis is unlikely to apply in the context of Cheeky-Fit, as it typically involves life-and-death situations. We mention it for completeness: if ever processing your data were necessary to protect someone’s life or prevent serious harm and you are incapable of consenting, we could invoke vital interests. (For example, if we become aware through your data of an imminent threat to your life or another’s, we might share data with authorities to prevent harm. This is a rare scenario.)
· Public Interest: We do not perform tasks in the public interest or exercise official authority, so this basis is not applicable to our processing.
EU/UK Data Subject Rights: Under GDPR, you have robust rights regarding your personal data, which we fully respect and will facilitate. These include the right to be informed (through this policy and any required notices), right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object, and rights related to automated decision-making (we do not engage in any solely automated decisions with legal or similarly significant effects on you, without human involvement)[6]. We provide more details on these rights and how to exercise them in the Your Rights and Choices section below.
International Transfers: If you are in the EU/EEA or UK, note that your personal data will be transferred to and processed in countries outside of your own, specifically in the United States (where our company is based) and potentially other jurisdictions where our partners or service providers operate. The data protection laws in these countries may not be as strict as those in your region. Whenever we transfer data out of the EEA/UK, we ensure appropriate safeguards are in place to protect it. Typically, this means we rely on European Commission-approved Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement/Addendum, which contractually oblige the recipient to protect your data to GDPR standards. We may also rely on an adequacy decision by the European Commission (if the destination country is deemed adequate) or other permitted derogations under GDPR in certain circumstances. You can request a copy of the relevant transfer safeguards by contacting us. By using our service, you understand that your data will be sent to the U.S. and other countries as needed for the purposes described. We continue to monitor legal developments around data transfers (e.g., Schrems II decision and subsequent guidance) to ensure compliance.
Opt-in vs. Opt-out Model: It is important to note that GDPR and CPRA have differing approaches to consent and data processing. GDPR generally requires an opt-in (consent-based) model for many types of data processing, meaning we should collect personal data only with your agreement in advance[3]. CPRA (California law) uses an opt-out model, allowing data collection by default as long as users are informed and given a way to opt out[7]. Cheeky-Fit tries to navigate these differences by complying with region-specific rules (for instance, presenting consent dialogs in the EU where required, versus providing opt-out mechanisms in California). Where no specific rule forces an opt-in, we tend to collect data by default but always give you notice (via this policy and possibly in-app notices) and an opportunity to opt out of certain uses. We want to be transparent that outside of jurisdictions that mandate prior consent, our default is to collect and use data as described once you start using the app, relying on mechanisms like CPRA’s notice and opt-out framework[4]. If you have questions or concerns about our legal bases or how we apply them, please contact us (see Contact Us).
Your Rights and Choices
You have a number of privacy rights and choices regarding your personal data. Depending on your jurisdiction, these rights may vary. We are committed to enabling these rights for users as applicable. Below we outline: (A) rights for individuals in the EU/UK under GDPR, (B) rights for California residents under CCPA/CPRA, and (C) general choices available to all users (like opting out of certain data uses or deleting your account).
A. Rights of EU/UK Users (GDPR)
If you are an individual in the European Union, European Economic Area, or United Kingdom, you have the following rights under the GDPR (and UK GDPR):
· Right to Access: You can request that we confirm whether we are processing your personal data, and if so, you have the right to request a copy of the personal data we hold about you, and to obtain supplementary information about our processing (much of which is provided in this Privacy Policy). This is commonly known as a “Data Subject Access Request.” We will provide you with a copy of your data in a structured, commonly used format, typically within one month as required by law. If your request is complex or numerous, we may extend this timeline by up to two further months (we will inform you if so).
· Right to Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to have it corrected or completed. You can also update certain information through your account settings (for example, you might be able to edit your profile information in the app directly). For any other corrections, contact us and we will rectify the data.
· Right to Erasure (Right to be Forgotten): You may request that we delete your personal data. This right is not absolute – GDPR outlines several grounds where you can request deletion, including: the data is no longer necessary for the purposes we collected it; you withdraw consent (if we relied on consent) and we have no other lawful basis; you object to processing based on legitimate interests and we have no overriding grounds to continue; we processed data unlawfully; or we have to erase data to comply with a legal obligation. We will honor valid deletion requests by erasing your data (and directing our processors to do so) unless an exception applies. Common exceptions include where we need to keep data to comply with a legal obligation or to establish/exercise/defend legal claims. We will inform you of any data we cannot delete and the reasons. Keep in mind that if you request deletion, this typically means deleting your account and all associated data – you will lose access to Cheeky-Fit and this action is generally irreversible.
· Right to Restrict Processing: In certain circumstances, you can ask us to restrict (pause) the processing of your data. This is an alternative to full deletion and might apply if: you contest the accuracy of data (we pause processing until it’s verified); the processing is unlawful but you prefer restriction over deletion; we no longer need the data but you need it for a legal claim; or you have objected to processing and we are verifying overriding grounds. When processing is restricted, we will still store your data but not use it further, except in limited scenarios such as with your consent or for legal claims, etc. We will inform you before lifting a restriction.
· Right to Data Portability: You have the right to receive certain personal data from us in a structured, commonly used, machine-readable format, and to transmit that data to another controller, where the processing was carried out by automated means and is based on your consent or the performance of a contract. In plain terms, this applies to data you provided to us (like your account information or content) and that we process electronically. Upon your request, we will provide you with a file of such data (for example, a CSV or JSON export of your basic account details and content). Where feasible, if you request, we may directly transmit the data to another service provider at your direction. Note that portability does not apply to data that is inferred by us or derived (like internal analytics or profiles we generate).
· Right to Object: You have the right to object to certain processing activities. You can object at any time to our processing of your personal data for direct marketing purposes – if you do so, we will stop using your data for marketing. This is an absolute right. You can also object to processing based on legitimate interests (or task in public interest) – in such cases, we will review your objection and will stop processing the data unless we can demonstrate compelling legitimate grounds that override your rights or if the processing is for establishment/exercise/defense of legal claims. Given that some of our processing for advertising and data monetization is based on legitimate interests, you have the right to object to our use of your data for those purposes. If you object, for example, to the use of your data for personalized ads, we will honor that objection by ceasing those activities for your data in the EU context (this might involve removing you from targeted advertising lists and/or limiting data flow to advertising partners). To object, you can contact us and specify which processing you object to.
· Right not to be subject to Automated Decision-Making: GDPR gives you the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you, unless it’s necessary for a contract, authorized by law, or based on your explicit consent. Cheeky-Fit does not engage in any such automated decisions with legal or significant impact (like credit approval or hiring decisions done by algorithm). While we do some profiling for advertising, it does not have a legal or similarly significant effect on you – it just influences the ads/content you see. However, we respect that you can object to profiling for marketing via the right to object (as noted above).
Exercising Your GDPR Rights: To exercise any of these EU/UK rights, please contact us at our designated contact (see Contact Us section). We may need to verify your identity before fulfilling your request (to ensure we don’t disclose or modify data to the wrong person). We will respond within one month of receiving a request. If necessary, we may extend the response time by an additional two months for complex requests, but we will inform you of this and explain why. There is no fee for making a request, but if your requests are manifestly unfounded or excessive (e.g., repetitive), we may either charge a reasonable fee or refuse to act (permitted under GDPR)[8][9] – but we will provide an explanation if that situation arises. You also have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe we have infringed your privacy rights. We encourage you to first reach out to us so we can address your concerns directly.
B. Rights of California Residents (CCPA/CPRA)
If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights (effective as of 2023) are designed to give you greater control over your personal information. They include:
· Right to Know: You have the right to request that we disclose what personal information we have collected about you, as well as details about our data practices. This is sometimes called an Access Request. Under the CCPA/CPRA, you may request that we provide you with: (1) the categories of personal information we have collected about you; (2) the specific pieces of personal information we have collected about you (a data portability request); (3) the categories of sources from which we collected the information; (4) the business or commercial purposes for collecting, selling, or sharing that information; (5) the categories of third parties with whom we have disclosed your personal information; and (6) if we sold or shared personal information, the categories of personal information and categories of third parties to whom the information was sold or shared[10][11]. You have the right to request this information for the 12-month period preceding your request (and for information collected on or after January 1, 2022, you can request beyond 12 months to the extent available, per CPRA). You may make a request up to twice in a 12-month period, free of charge[12]. When we receive a verifiable request to know, we will provide the responsive information in a portable and (if you request) readily usable format (often this means we will send you a report via email or secure download).
· Right to Delete: You have the right to request that we delete personal information we have collected from you. Upon receiving a verifiable deletion request, we will delete (and instruct our service providers to delete) your personal information from our records, unless an exception applies[13]. Deletion exceptions under CCPA/CPRA include, for example: if the information is needed to complete the transaction for which it was collected or to provide a good or service you requested; to detect security incidents, protect against malicious activity or prosecute those responsible; to debug/repair errors; to exercise free speech or ensure another’s exercise of free speech; to comply with a legal obligation; or for certain internal uses that are compatible with the context of collection (such as internal analytics). If we deny a deletion request in part or whole due to an exception, we will inform you of the reasons. Note that if you have an account, deleting your data typically means we will also need to deactivate your account (since we cannot maintain your account without processing your data). We will make that clear during the process.
· Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell your personal information to third parties, or to stop “sharing” your personal information for cross-context behavioral advertising[14]. “Selling” is defined broadly to include any disclosure of personal info to another business or third party for monetary or other valuable consideration[2]. “Sharing” (a concept introduced by CPRA) refers to disclosing personal info to a third party for cross-context behavioral advertising (targeted advertising) regardless of money changing hands. As described in the Sharing and Selling section, Cheeky-Fit does sell and share personal information (such as device IDs, usage profiles, etc.) with advertising and data partners. By law, we have to provide a mechanism for you to opt out of these activities. How to opt out: We have a “Do Not Sell or Share My Personal Information” link available on our website and within the app settings. By clicking that link or button, you will be guided through the process (which may involve confirming your identity or preferences) to register your preference that we not sell or share your data. You may also utilize an authorized agent to submit an opt-out request on your behalf (with appropriate proof of authorization). Additionally, if your browser or device is configured with a Global Privacy Control (GPC) signal, which is a mechanism that communicates an opt-out preference (often through a browser extension or setting), our website will honor that as a valid opt-out of sale/sharing request[15][16]. Note: GPC signals apply to web-based data collection; if you also use our mobile app, we recommend using the in-app opt-out or contacting us to ensure we capture your choice for the app data as well. Once you opt out, we will stop selling or sharing your personal info. If you later opt back in (for instance, if you initiate a transaction that requires sale of data, or if you toggle a preference), we will resume those practices until you opt out again. If you are under 16: We do not knowingly sell or share data of consumers we know to be under 16. We will never knowingly sell/share data of consumers under 16 without affirmative authorization (opt-in consent) as required by CCPA/CPRA.
· Right to Correct: As of January 1, 2023, California residents also have the right to request correction of inaccurate personal information we maintain about them[17]. If you believe any personal information we have is incorrect, you can submit a request for correction. Upon a verified request, we will use commercially reasonable efforts to correct the inaccurate information. In some cases, we may need additional context or documentation from you to verify the correct information (especially if we have conflicting information on record). If we cannot verify your identity or the accuracy of the new information, or if an exception applies, we may deny the request with explanation.
· Right to Limit Use of Sensitive Personal Information: CPRA gives consumers the right to limit our use or disclosure of “sensitive personal information” (SPI) if we use it for purposes beyond certain allowed purposes (such as providing the service). Sensitive personal info under California law includes things like precise geolocation, race/ethnicity, health info, biometric identifiers, etc[18]. In Cheeky-Fit’s case, the main sensitive info we might collect is precise geolocation (if you allow it) or possibly health-related data if you input it. We primarily use precise location to provide features to you (like mapping your run) and for limited analytics/ads. If you are a California user and you prefer that we limit the use of sensitive data to only what’s necessary to provide the service to you, you can submit a “Limit Use of My Sensitive Personal Information” request (we include this option alongside the Do Not Sell link, or you can contact us). When you exercise this right, if we are using sensitive data for additional purposes (like to build an advertising profile), we will stop doing so. For example, we would cease using your precise location for anything other than providing you with location-based features you request. Note: We do not use sensitive data for purposes like inferring characteristics or advertising if you opt to limit; any ads would be generalized. If we do not actually collect or use sensitive info beyond what’s necessary, we may reply that there’s no additional use to limit.
· Right of Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights[19][20]. This means we will not deny you our services, charge you different prices, or provide a different quality of service just because you exercised privacy rights. However, please note that opting out of sale/sharing or limiting certain uses may affect some features (for example, if you opt out of sale/sharing, you will still see ads but they will be less relevant, and some analytics or referral programs that rely on sharing data might be impacted). Any difference in service is a result of the changed data practices, not an punitive action against you. In certain cases, the CCPA allows offering financial incentives that involve different prices/rates for allowing data collection (e.g., a loyalty program). We do not currently offer any such programs. If we ever do, we will present terms and get opt-in consent from you, and you can revoke it at any time.
Exercising CCPA/CPRA Rights: To make a request to know, access, delete, correct, or opt-out, you (or your authorized representative) can use the following methods:
· Online (Recommended): Use the Privacy Settings or “Do Not Sell/Share” link in our app or on our website. For access/deletion/correction requests, we have a web form available at cheeky.fit/privacy-requests (URL hypothetical) where you can securely submit your request. Within the app, you may go to Settings > Privacy and find options to request your data or delete your account.
· Email: You may also email us at privacy@cheekyfit.com with your request details. Please include your name, the email associated with your Cheeky-Fit account (if any), and specify the request (e.g., “California Access Request” or “California Deletion Request”). If an authorized agent is emailing on your behalf, they must provide proof of their authorization (such as a signed permission from you or power of attorney) and we may still verify with you directly.
· Verification: For any request that is not an opt-out, we are required by law to verify that the person making the request is actually you (or your authorized agent). For account holders, verification is typically done by logging into the account or responding to a verification email. For non-account requests, we may ask for two or three pieces of personal information that we can match against our records (for example, last 4 digits of a phone number on file, or other profile info). We will use the information solely for verification. If we cannot verify your identity to a reasonable or high degree of certainty (depending on the data sensitivity), we will not be able to fulfill the request, and will notify you.
· Response Timing: We will confirm receipt of your request within 10 business days and provide information on how we will process it. We aim to respond substantively within 45 calendar days of receiving your request. If necessary, we may take a one-time extension of an additional 45 days (for a total of 90 days) but if so, we will inform you of the reason and length of the extension. For opt-out requests, we will comply as soon as feasibly possible (usually within a few days of receipt, and at most 15 business days as required by law).
· Scope of Data: Our response will cover the 12-month period preceding the verified request, unless you request data beyond 12 months and we are able to provide it (CPRA allows requests beyond 12 months in some cases). We will provide the information in a portable format (typically JSON or PDF). For deletion requests, we will either confirm deletion or explain what was deleted and what we retained (if something was retained under an exception). For correction, we will confirm when corrected or explain if we could not.
· Limitations: Certain information we collect may be exempt from the CCPA rights (for example, data subject to federal laws like HIPAA, if that applied, or data we handle as a service provider on behalf of others). Cheeky-Fit is a consumer app, so generally these exemptions won’t apply. But if any do, we will make that clear in our response.
If you have any issues or concerns with how we handled your request, you can contact us for further resolution. You also have the right to contact the California Privacy Protection Agency (CPPA) or the California Attorney General if you believe we have violated CCPA.
C. Other Choices for All Users
Regardless of where you live, we offer some universal choices to control your data:
· In-App Privacy Settings: We provide controls within Cheeky-Fit’s settings (Privacy section) where you can manage certain preferences. For example, you can toggle certain data sharing features on or off. We have an option to opt out of personalized ads within the app; enabling this will inform us to not use your data for targeting (we will then only serve generic ads). We also allow you to disable location collection after the fact (you can revoke location permission via your device settings, or use our in-app toggle if provided). If you granted us access to contacts or other integrations, you can disconnect those in the app settings at any time.
· Ad Preferences and Global Opt-Outs: Many advertising partners are part of industry self-regulation programs. You can opt out of targeted ads from participating companies via tools like the Digital Advertising Alliance (DAA) opt-out (optout.aboutads.info) or the Network Advertising Initiative (NAI) opt-out (optout.networkadvertising.org) for web-based tracking. For mobile apps, you can use the DAA’s AppChoices app to opt out of cross-app advertising from participating networks. These methods will send signals to limit data sharing with those ad networks. Additionally, both iOS and Android devices offer system-level settings: Apple iOS – if you enable the “Limit Ad Tracking” (on older iOS) or just deny tracking permission for our app via the App Tracking Transparency prompt, Apple will prevent us from accessing your IDFA and we will comply with that (resulting in no cross-app tracking on that device)[21]. Android – you can opt out of Ads Personalization in Google settings, which instructs apps not to use your advertising ID for building profiles or personalized ads. We respect and implement these system settings. Also, if you set up a Global Privacy Control (GPC) in your browser (for any web-based interactions with Cheeky-Fit, like our site), as mentioned, we treat it as an opt-out signal[14].
· Account Deactivation and Data Deletion: You can always choose to stop using Cheeky-Fit and delete the app. Simply uninstalling the app, however, does not automatically delete your account or data from our servers. If you wish to have your data removed from our active systems, you should use the in-app “Delete Account” feature (found in account settings) or contact us to request deletion (as detailed above for various regions). When you delete your account through the app, we treat that as a verified deletion request and will remove your personal data (except for any information we are permitted or required to retain as described in Data Retention below). We will also cease collecting any new data via the app once you’ve logged out and deleted it. Keep in mind that after deletion, we won’t be able to recover your account or any content you added.
· Communication Preferences: If you are receiving marketing emails or newsletters from us, you can opt out at any time by clicking the “unsubscribe” link at the bottom of those emails. You can also manage email preferences in your account settings if available. For push notifications on your device, you can disable them via the app’s settings or your device’s notification settings for Cheeky-Fit. Note that even if you opt out of marketing messages, we may still send you service-related communications (like important account or security notices).
· Cookies and Tracking on Website: If Cheeky-Fit has a web presence (like a marketing site or web portal), we will display a cookie banner or preference center allowing you to manage cookies. You can usually choose to accept only essential cookies and decline analytics/advertising cookies. Also, you can control cookies through your browser settings by deleting or blocking them. For our app, as mentioned, similar technologies can be opted out of through the device settings or in-app options.
· Do Not Track: “Do Not Track” (DNT) is a older browser setting that signals a preference not to be tracked across websites. Currently, there is no standard interpretation of DNT signals in the mobile app context, and we do not respond to DNT on our website beyond what GPC covers. Instead, we focus on the explicit privacy controls described above.
We are committed to making these controls accessible and user-friendly. If you have any difficulty finding or using a privacy setting, please reach out to our support or privacy contact for assistance.
Data Retention
We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice, this means:
· For active users: We will keep your information for as long as your account exists or as long as needed to provide you services. Your account data and content remain on our systems until you or we delete your account. There is no set expiration date – we assume you want us to retain your data to continue providing the service. This includes your profile information, settings, and any content or interactions (posts, messages, etc.) you have in the app. We also keep ongoing logs of your activities for purposes like analytics, although some logs may be rotated or summarized over time.
· If you deactivate or delete your account: When you request account deletion (or if we delete it due to inactivity or violation of terms), we will delete or anonymize your personal data in our production systems within approximately 30 days, unless otherwise required. However, certain data may persist in backup archives for up to 90 additional days or more. We maintain backups to ensure we can recover from disasters, and it is impractical to remove individual user data from these backups. Rest assured, backup data is protected and used only for restoration purposes. After the retention period, backups that include your data will be destroyed in the normal course of our backup lifecycle.
· Content you have shared: If you posted content or communicated with others on Cheeky-Fit, copies of that content might remain visible to others (for example, a comment you made on someone else’s post) even after you delete your account, similar to how a forum post might remain but under an anonymized name. We may dissociate your name from such content if you delete your account, but we might not purge the content if it’s integral to another user’s experience. However, we give users a way to delete content they have control over, and if something remains that you want removed, you can contact us.
· Legal and business retention: We may retain certain information for legal compliance or legitimate business purposes even after account deletion. For example, we might retain transaction records (if any financial transactions occurred) for accounting and tax purposes. We retain records of privacy requests and consents/opt-outs to demonstrate compliance with law. If we banned an account for malicious behavior, we might keep information necessary to identify that individual to prevent re-registration (legitimate interest in preventing fraud/abuse). Also, if there’s any litigation or legal claim, we’ll retain data pertinent to that as required. Typically, these retention needs are evaluated on a case-by-case basis and aligned with the statute of limitations or regulatory requirements.
· Aggregated or anonymized data: We may retain data that has been aggregated or anonymized such that it’s no longer associated with any identifiable user. For instance, overall usage statistics or market insights derived from user data may be kept indefinitely, as they no longer constitute personal information. We use this for historical analysis, business reporting, and product development.
· Email and communications: If you contacted us via support or email, we may retain those communications for a period (to track our relationship, any complaints, etc.). Typically support emails are kept for a couple of years at most, unless needed longer.
· Review Periods: We periodically review our stored data and our retention policies. We aim not to keep personal data longer than necessary. When data is no longer needed, we will ensure it is securely deleted or anonymized. For example, if you registered an account but then didn’t verify or use it, we might purge that unactivated account after a set time (say, 12 months). Or we might drop precise location logs after a certain timeframe and only keep generalized trends.
In summary, we try to align retention with the principle of storage limitation (GDPR) and practical business needs. If you have specific questions about how long a certain type of data is kept, you can contact us for more detail.
Data Security
We take the security of your personal information seriously and implement reasonable and appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of your data. Our security program includes:
· Encryption: We use encryption to protect data in transit and at rest. All communications between your app and our servers are encrypted using HTTPS/TLS protocols. This means that personal data (like login credentials, content, etc.) is transmitted securely over the internet. Sensitive data in our databases is encrypted at rest where feasible (for instance, passwords are stored hashed and salted, not in plain text). We also encrypt certain fields or backups containing personal info.
· Access Controls: We limit access to personal data to employees, contractors, and service providers who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations. Internal access to systems is protected via authentication, and we segment our network and databases to ensure that access is only via secure channels. We also employ measures like two-factor authentication for administrative access to our systems where possible.
· Monitoring and Testing: Our systems are monitored for security events and we maintain logs of access to detect any anomalies. We employ firewall protection and intrusion detection systems. We also conduct periodic security assessments and penetration testing (either internally or with external experts) to find and address vulnerabilities. Our software development lifecycle incorporates secure coding practices and code reviews for security issues.
· Third-Party Security: When we use third-party service providers (such as cloud hosting or analytics), we vet their security practices and ensure they commit to protecting our data. We also utilize features provided by those services (like database encryption or key management services) to enhance security.
· Training and Policies: We have internal policies to safeguard user data and we train our team on data protection best practices. Only authorized personnel have access to systems with user data, and they are trained on confidentiality and security protocols.
· Data Breach Response: Despite precautions, no system is immune to incidents. We have a breach response plan in place. In the event of a data breach that affects your personal information, we will promptly notify affected users and relevant authorities as required by law. We will also take steps to contain and remedy the breach, such as patching vulnerabilities, restoring integrity of data, and supporting users in mitigating any potential harm.
· Account Security: It’s important to note that you also play a role in keeping your data secure. Please maintain a strong, unique password for your Cheeky-Fit account and do not share it. We will never ask you for your password via unsolicited communication. If you suspect unauthorized access to your account, contact us immediately. We offer features like login alert notifications (if a new device logs in) – please pay attention to those and secure your account if something looks suspicious.
· No Guarantee: While we are committed to protecting your data, we cannot guarantee absolute security. No method of transmission over the internet or method of electronic storage is 100% secure. However, we follow industry standards and best practices to minimize risks. You acknowledge that there is some inherent risk in transmitting information via the internet, and we are not responsible for circumvention of any privacy settings or security measures on our platform by other users or third parties.
By using Cheeky-Fit, you entrust us with your data, and we strive to justify that trust by continuously improving our security measures. If you have questions about security or if you believe your Cheeky-Fit account or data might have been compromised, please contact us immediately using the information in the Contact Us section.
International Users
Cheeky-Fit is a global service. By using the app, you understand that your personal data may be processed in countries outside of your home country. Specifically, our servers are primarily in the United States, and our third-party partners may be located worldwide (for example, advertising or analytics partners could be in the EU, US, or Asia). This means your data might be subject to jurisdictions with different data protection laws. We have detailed in the GDPR section how we handle data transfers for EU users. For users in other regions (e.g., Canada, Australia, India, etc.), we similarly ensure that we comply with any local law requirements and provide appropriate protections.
If local laws grant you specific privacy rights (for instance, some other U.S. states like Virginia, Colorado, etc., have enacted privacy laws with rights similar to CCPA; or countries like Brazil (LGPD) and Canada (PIPEDA) have their own frameworks), we will honor legitimate requests under those laws as well. For example, if you’re in a U.S. state with an “opt-out of targeted advertising” right, our Do Not Sell/Share mechanism will cover that. If you’re in a country that requires a legal basis for processing similar to GDPR, you can refer to our GDPR section as to how we justify processing. Generally, we apply a universal standard of transparency and control, so even if your jurisdiction doesn’t mandate it, we try to provide the ability to access, delete, or opt out as described above.
Platform-Specific Disclosures (Apple App Store & Google Play)
Cheeky-Fit is distributed through the Apple App Store (for iOS devices) and Google Play Store (for Android devices). We adhere to the privacy requirements of these platforms, and this section highlights how we comply and what that means for you:
Apple App Store (iOS) Compliance:
· App Privacy “Nutrition Labels”: Apple requires every app to provide a summary of its privacy practices (the “App Privacy” section on the App Store product page). We have accurately filled out that information for Cheeky-Fit, disclosing the categories of data we collect (such as contact info, identifiers, usage data, location, etc.), and whether those are used for tracking or linked to you. This Privacy Policy provides the full details behind that summary. Apple’s guidelines mandate that the privacy policy must clearly identify data collected and its uses[22], and we have done so in sections above. The information we provided to Apple’s App Store is consistent with what you’ve read here. If you have viewed our App Store listing, you likely saw statements like “Data Used to Track You” and “Data Linked to You” for various categories – those reflect our use of third-party tracking (for ads/analytics) and linking data to your identity for functionality.
· App Tracking Transparency (ATT): Starting with iOS 14.5, Apple’s AppTrackingTransparency framework requires that we obtain your permission via a system prompt before tracking you across apps and websites owned by other companies for advertising purposes. “Tracking” in this context means, for example, linking your Cheeky-Fit data (or an ad identifier) with data from other apps/websites for targeted advertising or advertising measurement. Cheeky-Fit complies with this requirement: If we attempt to access your device’s IDFA (Identifier for Advertisers) or perform any tracking, you will see a prompt saying “[App] would like permission to track you across apps and websites owned by other companies”. You can choose “Allow” or “Ask App Not to Track”. We will abide by your choice. If you allow tracking, we will enable third-party advertising SDKs to collect your identifier and data for personalized ads, and these third parties may track you across other apps. If you deny tracking, we will not share your identifier or any information in a way that falls under Apple’s definition of tracking on that device[21]. You will still see ads, but they will be contextual or generic. Please note, even if you deny tracking, we may still collect data for our own analytics or to serve contextual ads – but we won’t connect it to third-party data for targeted ads. Apple may also enforce that we not track even via alternative means, and we respect that. In short, Cheeky-Fit does not circumvent the ATT prompt: we require opt-in consent via Apple’s APIs for any user-level tracking for advertising[23]. Apps that share user data without consent or not in compliance with privacy laws can be removed from the App Store[24], and we ensure our practices align with Apple’s policies.
· Permissions and Data Access: Apple guidelines also demand that apps request access only to data that’s needed for core functionality and to be transparent about those uses[25][26]. In Cheeky-Fit, we will prompt you for permissions such as Location, Contacts, Photos, Camera, Motion sensors, or other device features when those features are relevant. The iOS permission dialogs will have messages explaining why we need the access (we strive to make them clear, e.g., “Cheeky-Fit needs location to map your workouts”). You have the choice to grant or deny each permission. If you deny, we will either disable the related feature or offer a workaround if possible (for instance, not granting Contacts means you simply won’t be able to find friends by contacts, but you can manually invite them). We will respect your iOS privacy settings at all times – for example, if you deny Location, we won’t attempt to collect it in secret (and Apple would likely block it anyway). Apple’s review guidelines explicitly prohibit surreptitious data collection[27], so we do none of that. Also, we don’t condition using the app on you granting all permissions – you can use Cheeky-Fit with minimal permissions if you want, albeit with limited functionality.
· Third-Party SDK Compliance: We confirm that any third-party analytics or advertising SDKs in our iOS app are implemented in compliance with Apple’s requirements. For instance, Apple forbids the use of certain data (like information from other apps or contact lists) for building user profiles to sell[28]. We do not use any prohibited techniques (like scanning your device for other installed apps for analytics/ads purposes, which Apple disallows[29]). Our advertising SDKs (if any) only collect data you’ve permitted and that we’ve disclosed. We’ve also ensured that no HealthKit or sensitive data is shared with third parties in violation of Apple’s rules (if our app reads any Apple Health data, we use it solely for your benefit in the app, not for advertising – Apple requires explicit user consent for health data usage and prohibits selling HealthKit data[30], which we comply with).
· Privacy Policy Accessibility: Per Apple’s rules, we have made this Privacy Policy accessible both on our website and from within the app. In the iOS app, you can find a link to this policy in the Settings or About section, easily reachable for users[31]. If you’re reading this in the app, thank you for taking the time to do so.
· Data Security Commitment: Apple’s guidelines ask developers to declare that they secure user data[32]. We have detailed our security measures in the Data Security section above. We fulfill Apple’s requirement by implementing appropriate technical and organizational measures to safeguard user data collected through the app[32].
Google Play Store Compliance:
· Google Play Data Safety Section: Google Play requires developers to disclose their data collection, sharing, and security practices in the app listing’s “Data Safety” section. We have completed the Data Safety form in Google’s Play Console accurately, reflecting Cheeky-Fit’s practices regarding what data we collect, how we use it, whether we share it, and what security measures we take (such as encryption). This information is displayed on our app’s Google Play listing for you to review before installation[33][34]. The categories and purposes we disclosed align with what is written in this Privacy Policy. For example, we indicated that we collect location, personal info, and other data types, and that we share data for advertising purposes. We also indicated that we encrypt data in transit (which we do via HTTPS) and that users can request deletion of their data[35]. Our goal is full transparency on Google Play’s platform, which echoes this policy. If any discrepancy is found between our Data Safety form and this policy, please bring it to our attention so we can correct it – we understand we are responsible for the accuracy of those disclosures and compliance with Google’s policies[36][37].
· Privacy Policy Availability: Google Play mandates that apps post a privacy policy both on the store listing and accessible in-app[38]. We have provided a link to this Privacy Policy in our Play Store listing, and within the app’s settings menu[38]. This ensures you can always find detailed info about our data practices.
· Google Play User Data Policies: We comply with Google’s Developer Policy on user data. In particular, Google requires that apps are transparent about how they handle user data (collection, use, sharing) and that we limit our use of data to the purposes disclosed[1]. As you have seen, our policy is very explicit about our purposes. We do not use data in ways we haven’t described to you. Google also has specific prohibitions, for example on handling sensitive data like financial or ID numbers – Cheeky-Fit doesn’t handle those categories, but if we did, we would abide by those restrictions[39].
· Consent and Prominent Disclosure: Google’s policies require that for certain sensitive data access (like accessing device location in the background, or using the microphone/camera), the app must provide an in-app disclosure and obtain consent from the user, separate from general terms[40]. We fulfill this by giving clear prompts when enabling such features. For example, if we ever run location in the background, we would show a persistent notification or a clear explanation in-app aligning with Google’s guidelines, and of course the Android OS itself will ask for permission which we respect. We avoid bundling privacy disclosures with unrelated information – any prompt about data access will be standalone (not hidden in, say, a lengthy tutorial).
· Third-Party Code Compliance: Google expects developers to ensure that any third-party SDKs or code in the app also comply with its policies[39]. We have reviewed the SDKs in Cheeky-Fit (advertising, analytics, etc.) to ensure they don’t violate Google Play rules regarding personal and sensitive information. For example, Google forbids developers from selling personal and sensitive user data. While Cheeky-Fit does sell user data as described, we do so in a way that is disclosed and compliant with privacy laws – Google’s stance is mainly that you must disclose it and not violate any specific category restriction. We believe our implementation is compliant, but we remain vigilant: if any third-party SDK were to misbehave (like collecting data beyond what we agreed), we would take prompt action (update or remove it) to stay in compliance.
· ATT vs. Google: Unlike Apple, Google currently does not have a system-wide ATT prompt for apps. Instead, Google relies on the Data Safety disclosure and their own advertising ID rules. On Android, if you have opted out of Ads Personalization at the device level, Google signals that to us by providing a string of zeros as an Advertising ID. We honor that by not using that ID for ad targeting. Google’s policies also state that if a user opts out of personalized ads, we should not attempt to derive or track an identifier for them for advertising purposes (and we do not).
· Compliance with Laws: Google Play explicitly requires that apps comply with all applicable privacy laws and regulations in the regions they operate[41]. By following GDPR, CCPA, and others as described, we are also meeting this obligation. We remain aware of changes in legal requirements and will update our app and policies accordingly to maintain compliance on Google Play.
In summary, our presence on Apple’s App Store and Google Play means we meet their high standards for privacy transparency and user control. We have explicitly disclosed our data collection and sharing practices to both Apple and Google[1][22], and we follow required protocols like ATT on iOS and Data Safety on Android to give you, the user, clarity and choice. If you believe our app is not adhering to the promises made in the App Store or Play Store disclosures, please let us know – both users and the platforms themselves help hold developers accountable, and we welcome that accountability.
Children’s Privacy
Cheeky-Fit is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13, please do not use the app or submit any information about yourself. If we learn that we have inadvertently collected personal data from a child under 13, we will delete that information as quickly as possible. Parents or guardians who believe their child may have provided us personal information can contact us (see Contact Us below) to request deletion of that data.
For users between 13 and 18 (or the age of majority in your jurisdiction): If you are a minor but old enough to use the app (for example, 13+ in the US, or 16+ in the EU for consent in some cases), you should review this Privacy Policy with your parent or guardian to make sure you both understand it. We strongly encourage young users to exercise caution and not share any information in the app that could directly identify them or that is overly sensitive.
California minors: If you are a California resident under 18 and a registered user of Cheeky-Fit, California law (Business & Professions Code § 22581) permits you to request removal of content or information you have publicly posted. If you fit this description and wish to remove such content, please contact us with specifics of what you want removed. We will make reasonable good faith efforts to remove (or anonymize) the post from public view, or to the extent required by law. Keep in mind this does not ensure complete removal (for example, if someone else re-posted your content, or if it’s stored in backup, it may persist in some form).
Under 16 – Sale of Data: As noted, we do not knowingly sell personal information of consumers under 16 years of age. In the event we become aware that a user under 16 is using the app, we will refrain from selling or sharing their data unless we obtain appropriate consent (for ages 13-15, that would be the user’s opt-in; for under 13, that would be parental consent). We comply with the CPRA’s requirement to treat lack of opt-in from ages 13-15 as an opt-out (meaning default no sale)[42]. Practically, since we don’t allow under 13 at all, and we currently don’t have age gating for 13-15 beyond assuming users are older when signing up, if we ever identify a user as 13-15, we would prompt for an affirmative consent for data sale or stop processing their data beyond what’s needed for the service.
COPPA (Children’s Online Privacy Protection Act): We abide by COPPA which governs data collection from children under 13 in the U.S. We do not intentionally collect such data, and thus we don’t seek parental consent. Our app is not directed at kids. If in the future we decided to create a version of Cheeky-Fit for a younger audience, we would implement COPPA-compliant practices, but as of now we target a general audience mostly 18+ or at least 16+.
Parents and guardians: If you have any questions or concerns about your child’s use of our app or our data practices, please contact us. We will be happy to delete any information related to a minor that is stored in our systems if you make such a request and we verify the request is from a legitimate parent/guardian.
Changes to This Privacy Policy
We may update or modify this Privacy Policy from time to time to reflect changes in our data practices, technology, legal requirements, or for other operational reasons. When we make changes, we will post the updated policy here with a new “Last Updated” date at the top. If the changes are significant, we will provide a more prominent notice – for example, we might display an in-app notification or send you an email (if we have your email on file) informing you of the update. Significant changes could include, for instance, using your data for new purposes not previously identified, or making material changes to your rights.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Cheeky-Fit after any changes to this Privacy Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with any updates or modifications, you should stop using the app and can request us to delete your data.
For historical reference or regulatory compliance, we will maintain archives of previous versions of this policy and can provide them upon request (or link to them if we have a version control on our website).
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:
Cheeky-Fit, Inc. Attn: Privacy Team (Data Protection Officer) 1234 Fitness Ave, Suite 567 San Francisco, CA 94105, USA
Email: privacy@cheekyfit.com (For privacy-specific inquiries or rights requests. For general support, you might use support@cheekyfit.com, but privacy email will also be monitored for any privacy-related matters.)
We will respond to your inquiries as soon as reasonably possible, generally within 30 days. If you are contacting us to exercise a specific legal right (like a data access or deletion request), please make sure to mention the jurisdiction you are in (e.g., “I am an EU user exercising GDPR right of access”) so we can process it under the correct framework.
You also have the right to lodge a complaint or question with a regulatory authority. For EU users, this would be your local Data Protection Authority (a list can be found on the European Data Protection Board’s website). For UK users, it’s the Information Commissioner’s Office (ICO). For California users, you can contact the California Privacy Protection Agency or the state Attorney General’s office. We would appreciate the chance to address your concerns directly first, but you absolutely have these rights.
Thank you for taking the time to read our Privacy Policy. We tried to be as clear and comprehensive as possible, given the extensive data practices of Cheeky-Fit. Our goal is to give you both transparency and control. We understand that our app’s approach to data is broad, and we’ve designed this policy to meet legal requirements while plainly disclosing what we do. We remain committed to respecting your privacy rights and ensuring compliance with all applicable laws and platform policies as our service evolves.
[1] [35] [38] [39] [40] [41] Google to Require Apps to Display “Data Safety” Information by July 20, 2022 | Privacy World
https://www.privacyworld.blog/2022/05/google-to-require-apps-to-display-data-safety-information-by-july-20-2022/
[2] [3] [4] [7] [42] CPRA Do Not Sell or Share My Personal Information : Definition - Securiti
https://securiti.ai/blog/cpra-do-not-sell-definition/
[5] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] App Review Guidelines - Apple Developer
https://developer.apple.com/app-store/review/guidelines/
[6] [8] [9] Respect individuals’ rights | European Data Protection Board
https://www.edpb.europa.eu/sme-data-protection-guide/respect-individuals-rights_en
[10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General
https://oag.ca.gov/privacy/ccpa
[33] [34] [36] [37] Provide information for Google Play's Data safety section - Play Console Help
https://support.google.com/googleplay/android-developer/answer/10787469?hl=en
Cheeky-Fit Privacy Policy
Effective Date: January 31, 2026Last Updated: January 31, 2026
Introduction
Welcome to Cheeky-Fit, Inc.’s Privacy Policy for the cheeky.fit mobile application (“Cheeky-Fit” or “the app”). We believe in being transparent and honest about how we collect, use, share, and sell your personal information. Cheeky-Fit is a data-intensive app – by using our app, you acknowledge that we collect virtually all data available through the app and your device (including unique identifiers, precise location, behavioral usage data, and any user-generated content) and that we may monetize this data, including by selling it to third parties. We do not delay or gate this data collection behind additional prompts or consents beyond what the law or platform (Apple/Google) strictly require. This policy explains our practices in detail, including what data we collect, how we use it, with whom we share or sell it, how we protect it, and your rights and choices under various privacy laws. We aim to comply with global privacy standards, including the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and relevant Apple App Store and Google Play Store requirements.
By using Cheeky-Fit, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the app. We do not use misleading language or euphemisms – our goal is to clearly inform you of our data practices, even if they are extensive.
Information We Collect
We collect personal data and device information automatically and through your input from the moment you begin using Cheeky-Fit. This includes almost all data the app can access, such as:
· Identifiers and Account Information: If you create an account, we collect your name, email address, username, and password. We also collect unique device identifiers (such as your phone’s device ID, advertising identifiers like Apple’s IDFA or Android’s Advertising ID), IP address, phone number (if you provide it), and other identifiers. These identifiers allow us to recognize you and your device and are used for functionalities and tracking across services.
· Location Data: We collect your device’s location information. This may include precise GPS coordinates (if you grant location permission) and general location inferred from your IP address or device settings. Location data is used for app features that require location (e.g., fitness route tracking or location-based content) and for analytics and advertising. We will request OS-level permission where required to access precise GPS location (for example, via the standard mobile prompt). Once permission is granted, we may continually collect location in the background. If you decline to share GPS location, we may still derive a coarse location from your IP or other data.
· Usage and Behavioral Data: We automatically collect data about how you use Cheeky-Fit. This includes the features you access, the content you view or create, the buttons or links you tap, and other in-app activities and preferences. We log timestamps of your sessions, workouts or activities logged (if applicable), interaction patterns, and referral/traffic data (how you arrived at the app). We also gather device and network information such as your device type, OS version, app version, browser type (if accessing web content), language, and mobile network. This behavioral and technical data helps us analyze engagement, diagnose issues, and personalize your experience.
· User-Generated Content: Any content you create, upload, or post on Cheeky-Fit is collected and stored. This includes photos, videos, comments, profile pictures, biometric or fitness information you input (for example, if the app allows you to log workouts, calories, or other health-related metrics), and any other data you submit within the app. Please note: content you choose to make public or share with others in the app may be visible to other users, but even if not public, we have access to it on our servers. We treat direct messages or private content as private to the users involved, but they are not end-to-end encrypted and our systems will still process them.
· Contacts and Integration Data (if applicable): If you choose to import contacts or integrate with third-party services (for example, linking the app to your phone’s contacts to find friends, or connecting to a health kit or social media account), we will collect the information you allow from those sources. This could include contact names and phone numbers/email addresses, or profile information from the linked service. We will request your permission before accessing such data (e.g., a prompt to access your contacts). Once given, we may store and use that data for features (like friend-finding) and potentially for other purposes described in this policy (such as analytics or recommendations).
· Sensor and Fitness Data: Cheeky-Fit may access data from your device’s sensors or other apps to provide certain features. For example, we might use the accelerometer or pedometer in your phone to count steps, or read fitness data (heart rate, steps, workouts) from Apple HealthKit or Google Fit if you connect those. We only access these if you allow us to (you’ll see a prompt specific to those services). Any such data (e.g., step count, calories burned, etc.) will be collected and treated as personal data. Important: If we integrate with Apple HealthKit or Google Fit, note that those platforms impose additional rules (e.g., HealthKit data generally cannot be used for advertising or sold). We will adhere to those rules where applicable and will not use such data in prohibited ways.
· Cookies and Similar Technologies: Although Cheeky-Fit is a mobile app, we (and our third-party partners) may use tracking technologies similar to cookies or beacons within the app. For instance, SDKs and analytics libraries in the app may place or utilize identifiers on your device to recognize you. If you visit our website or a web-view within the app, cookies may be used in your browser. These technologies collect information such as device identifiers, browsing events, and advertisement interactions.
Note: Even if you do not explicitly give us certain information, we may infer or collect it through other data sources. For example, we may infer your general location from your IP address, or deduce interests from your usage behavior. We may also receive information about you from other sources: if you log in via a social network or third-party platform, that platform may send us certain information (according to their privacy settings and policies). We combine all these data with data we collect directly for the purposes described in this policy. In summary, Cheeky-Fit collects as much personal and device data as it can obtain, through all available channels, to support our features and business model.
How We Use Your Information
We use the collected information for the following purposes, which include providing and improving the service as well as monetizing the data:
· Providing and Improving the App: We use your data to operate Cheeky-Fit’s core functionality. This includes using your personal information to create and manage your account, display the content you post (e.g., showing your uploaded photos or workout stats to you or others as applicable), and to enable social or interactive features (like leaderboards or friend connections if offered). We also use data to debug, troubleshoot, and improve the app’s performance. For example, logs of crashes or errors are analyzed to fix bugs. Usage patterns help us understand which features are popular or where users encounter problems, so we can refine the user experience.
· Personalization: Your information is used to personalize your experience. This could mean customizing the content or recommendations you see in the app. For instance, we might use your location to show local fitness challenges or content in your area, or use your usage history to suggest new features or workouts you might like. Personalization also includes tailoring the advertising you see – we and our partners might use your profile, behavior, and demographics to decide which ads or sponsored content to show you, in order to make them more relevant.
· Analytics and Aggregation: We aggregate data and perform analytics to understand how our user base as a whole interacts with Cheeky-Fit. This helps us generate insights about usage trends and demographics. For example, we might analyze the average daily time spent in the app, or how engagement varies by region. These insights inform business decisions, product strategy, and marketing strategies. We may share aggregated, de-identified statistics publicly or with third parties (e.g., “X% of our users completed a workout this week”), but these stats will not identify you personally. Internally, however, we do maintain identifiable analytics for the other purposes in this policy.
· Communication: We may use your contact information (such as email or in-app notifications) to send you service-related and marketing communications. Service-related communications include verification emails, password reset messages, transactional notices, or important updates about the app (for example, changes to this Privacy Policy or alerts about security issues). Marketing communications include promotional emails or messages about new features, tips, or offers we or our partners provide. You can opt out of marketing emails by using the unsubscribe link in those emails or contacting us, but you will still receive essential service messages. If you agree to receive push notifications or in-app messages, we will send those to deliver updates, reminders (for example, a reminder to log a workout), or promotional content.
· Advertising and Monetization: This is a critical purpose of our data practices. We use your personal data to generate revenue by advertising and data sales. Specifically, we use your data to facilitate targeted advertising in the app, meaning third-party advertisers can show you ads tailored to your profile. We share certain data (detailed in the next section) with advertising networks and partners who use it to decide which ads to serve you. Additionally, we sell personal data to third parties (including data aggregators, marketers, and other businesses) for their own commercial uses. The data we monetize in this way may include identifiers (so you can be recognized across platforms), your contact information, demographic details, and information about your interests and activities in the app. These third parties may combine our data with information they have from other sources to profile you and target you with advertising or other content across different contexts. We do not provide any opt-in prompt before using your data for advertising or sale – by using the app, this use of data is enabled by default. (However, see “Your Rights and Choices” below for how you can opt out of certain data sharing or sale under applicable laws.)
· Business Operations and Security: We may use data for our legitimate business operations, such as maintaining our financial or business records, accounting, audits, and internal reporting. We also use data to maintain the security of our services and users – for example, we may monitor activity to detect and prevent fraud, abuse, illegal activities, or security breaches. If we detect fraudulent behavior or violations of our Terms of Service, we may use relevant data to investigate and take appropriate action (which could include moderating content or communicating with law enforcement if necessary). We also might use your data as needed to exercise or defend legal claims, to comply with court orders or legal obligations, or to respond to lawful requests from authorities.
· Compliance and Legal Obligations: Where we are subject to certain regulations or laws that require data processing, we will use your data to fulfill those requirements. For instance, privacy laws might require that we document consent or opt-outs – we will keep records as needed. If we are legally required to retain certain data (for tax, legal compliance, or dispute resolution), we will do so. Additionally, if we receive a legal request (subpoena, court order, etc.) that compels us to disclose user data, we will comply to the extent required and will use your data for that purpose (notifying you where permissible).
· Other Purposes (with Notice or Consent): If we intend to use your personal information for a purpose that is not already described above, we will update this Privacy Policy and, if required by law, notify you or obtain your consent. For example, if in the future Cheeky-Fit wants to use biometric identifiers or introduce a new data-heavy feature outside the current scope, we would explain the new data use at that time and get any necessary permission.
We strive to limit our uses to those that we have disclosed to you. In compliance with Google Play policy, we do not use personal data for any purpose that we haven’t clearly disclosed to you[1]. We also ensure that we only use data in ways that are consistent with the purposes we told you about[1]. In practice, this means we will not suddenly start using your data for unrelated purposes without updating this policy or obtaining necessary consent. However, please be aware that the scope of purposes above is broad – covering most conceivable uses from service delivery to monetization – and we do indeed leverage your data to the fullest extent described.
Sharing and Selling of Information
We do share your personal information with third parties, including by selling it for monetary or other valuable consideration. This section explains who these third parties are, what data they receive, and why. We do not hide the fact that your data is a business asset for us – sharing data with partners is integral to how Cheeky-Fit is funded and operates.
Categories of Third Parties and Data Sharing/Sales:
· Advertising Partners: We work with third-party ad networks, advertisers, and advertising technology companies to display ads in Cheeky-Fit and beyond. We may transmit identifiers (like your Advertising ID, device ID, or hashed email address), demographics (such as age range, gender if known), and contextual information (e.g., that you are using a fitness app, or your device’s general location) to these partners so they can target and serve ads to you. We also share information about your interactions with ads (for example, if you clicked an ad) with these partners for performance measurement. In many cases, this data sharing is considered a “sale” or “sharing” of personal information under laws like the CCPA/CPRA because it involves disclosing data to third parties for behavioral advertising or monetary benefit[2][3]. These advertising partners may use the data we provide to profile you and show you targeted ads in our app, on other apps, or on websites. They may also combine it with data collected from other apps and sites for broader ad targeting – this cross-context tracking on iOS will only occur if you have granted permission via Apple’s AppTrackingTransparency prompt (see “Platform-Specific Compliance” below). If you opt-out of tracking or personalized ads using platform settings (such as selecting “Ask App Not to Track” on iOS or opting out of Ads Personalization on Android), we will cease sharing your identifiers with third-party advertisers for targeted advertising on that device, as those are required signals we must honor. However, we may still serve you contextual ads (not tailored using personal data) and continue internal uses of your data.
· Analytics and Measurement Providers: We use third-party analytics tools (for example, Google Analytics for Firebase, or other SDKs) to understand app performance and user behavior. These tools often collect data directly through our app by means of their embedded code, and send it to their servers for analysis. The data can include your device identifiers, usage events, and other technical information. While we primarily use analytics data internally, these third-party providers process the data on our behalf. In some cases, an analytics provider may combine data from our app with data from others to improve their services or for benchmarking. We ensure any such provider is obligated to use data only for providing services to us (or as otherwise allowed by Google/Apple policies). We do not consider this a “sale” if the provider is a service provider or processor to us; however, if we allow them to use the data for their own purposes, that could be deemed a sale, and we will disclose it if so. For transparency, some analytics and tracking on Cheeky-Fit is done via third-party SDKs that may collect your data for their own use – for example, an SDK might use your data to improve its services or for aggregated market research. We list these in our App Store / Play Store disclosures and will treat those as third-party data sharing in this policy.
· Data Brokers and Partners: Aside from advertising networks, we may also sell or license data about our users to other businesses or data brokers who are interested in consumer data. This may include companies that aggregate consumer information to build marketing lists, credit risk profiles, or other consumer insights. The data we might sell could include your personal identifiers (like a unique user ID, device ID, or hashed contact information) and associated data like your app usage patterns, interests as inferred by us, and demographic or location information. We do not sell highly sensitive identifiers like passwords or financial info (which we don’t collect) or sensitive personal data like health conditions; our focus is on data that is valuable for advertising/marketing or analytical purposes. If you are a California resident, you have the right to opt out of this kind of sale of your personal information (see “Your Rights and Choices” below on how to exercise that). Unless you opt out (or unless you were under 16 years old and did not opt in – see “Children’s Privacy”), your data may be included in these sales by default, meaning we could be sharing information about your app activities with third parties in exchange for compensation without further notifying you at the point of each disclosure[4]. We disclose this here in our policy as required, and by continuing to use the app, you acknowledge that these sales may occur.
· Affiliated Companies: If Cheeky-Fit, Inc. is part of a corporate group (e.g., parent company, subsidiaries, or affiliates), we may share your information within that family of companies. Such sharing might occur for internal administrative purposes, for joint services, or because a related entity provides technology or data processing for the app. For example, if our subsidiary or an affiliated company helps in analytics or advertising, we’ll share data with them. Any affiliate receiving your data will be bound to treat it under the same privacy commitments we make in this policy. If in the future Cheeky-Fit, Inc. undergoes a merger, acquisition, investment, or asset sale, user data (including your personal information) may be disclosed to the parties involved (such as prospective purchasers and their advisors) as part of due diligence or transferred as part of the transaction. We will ensure any such parties are under obligations to keep the data confidential and use it only for evaluating the transaction. If a change of ownership occurs, we will provide notice to users (for example, via app notification or email) and the new owner would be bound to this privacy policy or one with similar protections.
· Service Providers: We share personal information with service providers or processors that perform functions on our behalf. These include cloud hosting providers (that store our databases and content), payment processors (if any financial transactions occur), customer support software providers, marketing email platforms, and other IT or security service providers. These companies act under contracts that limit their use of your data to providing the service to us and require them to safeguard it appropriately. We do not consider these “sales” of data, because we do not give it to them for their independent use. For example, if we use a cloud service like Amazon Web Services or Google Cloud, your data is stored on their servers but they are not allowed to access or use it for other purposes except as needed to keep it available to the app.
· Law Enforcement and Legal Requirements: We may disclose personal information to third parties (such as attorneys, auditors, law enforcement agencies, or regulators) if we believe in good faith that such disclosure is necessary to comply with a legal obligation or valid legal process (subpoena, court order, etc.); to respond to an emergency that we believe in good faith requires us to disclose data to prevent harm; or to protect our rights, users, or the public. For example, if law enforcement provides a lawful order to provide data related to a user’s account, we will comply and provide the requested information, after verifying the legitimacy of the request. We will attempt to notify you of such requests when permissible by law. We do not sell data in these scenarios; these are disclosures for legal compliance or safety purposes.
No Hidden Third Parties: We want to emphasize that whenever we share your data, it’s either with your direct interaction (like when using a feature that posts info publicly or integrates with another service) or with parties we’ve described above. We do not share information with employers, insurance companies, or other unexpected parties without consent, unless it falls under the categories above (for instance, if an insurance company is a business partner who buys data, that would be covered under data sales). We also do not currently share personal data with social networks or other apps unless you choose to link or share (e.g., if you share your Cheeky-Fit content to a social media platform, that action will send data to that platform, governed by their policies).
Third-Party Data Protections: When we share data with any third party, we contractually require (or otherwise ensure through terms and conditions) that they handle the data securely and consistent with applicable law. For example, Apple’s App Store guidelines require us to ensure any third party receiving user data provides at least the same level of data protection as our own privacy policy promises[5]. We take those requirements seriously. However, once data is transferred to a third party that is not acting solely as our service provider, that data becomes subject to the third party’s privacy practices. While we contractually or legally bind partners to certain standards, we cannot fully control what they do. We encourage you to review the privacy policies of any third-party services or partners that may collect or receive your data through our app. Notable third-party recipients in our context include advertising networks (who will have their own policies on data usage and opt-outs, such as Google’s or Facebook’s policies for ads).
Disclosure in the Past 12 Months (for CCPA/CPRA): In the past 12 months, Cheeky-Fit has collected and disclosed for business or commercial purposes all of the categories of personal information described in Information We Collect. Specifically, we have “sold” or “shared” (as those terms are defined by California law) identifiers, internet or app activity information, and geolocation data to third-party advertisers and data partners for advertising and marketing purposes. We have not sold any sensitive personal information like health data or account passwords (we don’t collect those). We do not knowingly sell personal information of consumers under 16 years of age without affirmative authorization (see Children’s Privacy below). If you are a California resident, you have the right to direct us to stop selling or sharing your personal information – refer to Your Rights and Choices below for how to exercise that right (via a “Do Not Sell or Share” request).
Legal Bases for Processing (EU/UK GDPR)
If you are located in the European Union, European Economic Area (EEA), or United Kingdom, we must comply with the EU GDPR or UK GDPR in how we process your personal data. These laws require that we have a “lawful basis” for processing your information. We explain those legal bases here, as well as some specific GDPR considerations:
· Consent: In some cases, we rely on your consent to process personal data. For example, if we send you marketing communications (such as promotional emails or push notifications that are not strictly service-related), we do so on the basis of your consent where required by law. Similarly, if we collect precise location or health data in the EU context, we may ask for your consent through the OS prompt or in-app before doing so. Where we use cookies or similar tracking technologies on our website or in the app that are not strictly necessary (e.g. for analytics or advertising), we will obtain consent via a consent banner or settings, as required by ePrivacy laws. You have the right to withdraw any consent you provide at any time (for example, you can opt out of marketing or disable location access later); withdrawing consent will not affect the lawfulness of processing that happened before the withdrawal.
· Performance of a Contract: When you sign up for and use Cheeky-Fit, you are entering into an agreement (the Terms of Service) with us to provide the app’s services. We process certain data as necessary to perform that contract – for example, using your login credentials to authenticate you, using your submitted content to display it back to you or to others as intended, or processing payment information if there are paid features (currently, our app is free with ads, so this may not apply yet). Essentially, any processing of data without which we could not provide the core features of Cheeky-Fit to you may fall under “necessary for performance of contract.” If you choose not to provide such necessary data, we may not be able to offer you the service or certain features.
· Legitimate Interests: This is likely our most relevant legal basis for many processing activities under GDPR. We process your data for purposes that are not strictly required for the service, but that are important for our business, under the justification of legitimate interests. This includes processing for improving our product, securing our platform, and monetizing our services through advertising and data sharing. We have a legitimate interest in analyzing and monetizing user data to fund our operations, and we believe this can be done in a balanced manner that does not override your rights and freedoms. We have conducted (and continue to revisit) assessments to weigh our interests against your privacy. For example, for personalized advertising in the EU, we understand this is an area where consent is often required under ePrivacy (for use of tracking technologies). We will respect applicable local requirements (like obtaining consent for cookies or mobile ad IDs if mandated). However, aside from those specific cases, we might rely on legitimate interests to create user profiles and share data with third parties for advertising. We only do so to the extent permitted by law and industry standards. Importantly, you have the right to object to any processing of your data that we conduct on the basis of our legitimate interests (see Your Rights and Choices below). If you exercise your right to object, we will review the request and cease or adjust the processing in question unless we have compelling legitimate grounds to continue (or if it’s needed for legal claims). We believe that in an era of data-driven services, our approach aligns with the opt-out model under some laws, but we are aware that GDPR favors an opt-in model[3]. We strive to bridge that gap by providing transparency and control (opt-out rights) for our EU/UK users even when we rely on legitimate interests.
· Legal Obligation: We may process and retain certain data to comply with our legal obligations under EU, UK, or member state laws. For example, if tax law requires us to keep transaction records, or if consumer protection laws mandate we keep evidence of consent or privacy compliance, we will process data for those purposes. Likewise, if a law enforcement authority lawfully requires data, processing that data (like retrieving and handing over certain information) is based on legal obligation.
· Vital Interests: This basis is unlikely to apply in the context of Cheeky-Fit, as it typically involves life-and-death situations. We mention it for completeness: if ever processing your data were necessary to protect someone’s life or prevent serious harm and you are incapable of consenting, we could invoke vital interests. (For example, if we become aware through your data of an imminent threat to your life or another’s, we might share data with authorities to prevent harm. This is a rare scenario.)
· Public Interest: We do not perform tasks in the public interest or exercise official authority, so this basis is not applicable to our processing.
EU/UK Data Subject Rights: Under GDPR, you have robust rights regarding your personal data, which we fully respect and will facilitate. These include the right to be informed (through this policy and any required notices), right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object, and rights related to automated decision-making (we do not engage in any solely automated decisions with legal or similarly significant effects on you, without human involvement)[6]. We provide more details on these rights and how to exercise them in the Your Rights and Choices section below.
International Transfers: If you are in the EU/EEA or UK, note that your personal data will be transferred to and processed in countries outside of your own, specifically in the United States (where our company is based) and potentially other jurisdictions where our partners or service providers operate. The data protection laws in these countries may not be as strict as those in your region. Whenever we transfer data out of the EEA/UK, we ensure appropriate safeguards are in place to protect it. Typically, this means we rely on European Commission-approved Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement/Addendum, which contractually oblige the recipient to protect your data to GDPR standards. We may also rely on an adequacy decision by the European Commission (if the destination country is deemed adequate) or other permitted derogations under GDPR in certain circumstances. You can request a copy of the relevant transfer safeguards by contacting us. By using our service, you understand that your data will be sent to the U.S. and other countries as needed for the purposes described. We continue to monitor legal developments around data transfers (e.g., Schrems II decision and subsequent guidance) to ensure compliance.
Opt-in vs. Opt-out Model: It is important to note that GDPR and CPRA have differing approaches to consent and data processing. GDPR generally requires an opt-in (consent-based) model for many types of data processing, meaning we should collect personal data only with your agreement in advance[3]. CPRA (California law) uses an opt-out model, allowing data collection by default as long as users are informed and given a way to opt out[7]. Cheeky-Fit tries to navigate these differences by complying with region-specific rules (for instance, presenting consent dialogs in the EU where required, versus providing opt-out mechanisms in California). Where no specific rule forces an opt-in, we tend to collect data by default but always give you notice (via this policy and possibly in-app notices) and an opportunity to opt out of certain uses. We want to be transparent that outside of jurisdictions that mandate prior consent, our default is to collect and use data as described once you start using the app, relying on mechanisms like CPRA’s notice and opt-out framework[4]. If you have questions or concerns about our legal bases or how we apply them, please contact us (see Contact Us).
Your Rights and Choices
You have a number of privacy rights and choices regarding your personal data. Depending on your jurisdiction, these rights may vary. We are committed to enabling these rights for users as applicable. Below we outline: (A) rights for individuals in the EU/UK under GDPR, (B) rights for California residents under CCPA/CPRA, and (C) general choices available to all users (like opting out of certain data uses or deleting your account).
A. Rights of EU/UK Users (GDPR)
If you are an individual in the European Union, European Economic Area, or United Kingdom, you have the following rights under the GDPR (and UK GDPR):
· Right to Access: You can request that we confirm whether we are processing your personal data, and if so, you have the right to request a copy of the personal data we hold about you, and to obtain supplementary information about our processing (much of which is provided in this Privacy Policy). This is commonly known as a “Data Subject Access Request.” We will provide you with a copy of your data in a structured, commonly used format, typically within one month as required by law. If your request is complex or numerous, we may extend this timeline by up to two further months (we will inform you if so).
· Right to Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to have it corrected or completed. You can also update certain information through your account settings (for example, you might be able to edit your profile information in the app directly). For any other corrections, contact us and we will rectify the data.
· Right to Erasure (Right to be Forgotten): You may request that we delete your personal data. This right is not absolute – GDPR outlines several grounds where you can request deletion, including: the data is no longer necessary for the purposes we collected it; you withdraw consent (if we relied on consent) and we have no other lawful basis; you object to processing based on legitimate interests and we have no overriding grounds to continue; we processed data unlawfully; or we have to erase data to comply with a legal obligation. We will honor valid deletion requests by erasing your data (and directing our processors to do so) unless an exception applies. Common exceptions include where we need to keep data to comply with a legal obligation or to establish/exercise/defend legal claims. We will inform you of any data we cannot delete and the reasons. Keep in mind that if you request deletion, this typically means deleting your account and all associated data – you will lose access to Cheeky-Fit and this action is generally irreversible.
· Right to Restrict Processing: In certain circumstances, you can ask us to restrict (pause) the processing of your data. This is an alternative to full deletion and might apply if: you contest the accuracy of data (we pause processing until it’s verified); the processing is unlawful but you prefer restriction over deletion; we no longer need the data but you need it for a legal claim; or you have objected to processing and we are verifying overriding grounds. When processing is restricted, we will still store your data but not use it further, except in limited scenarios such as with your consent or for legal claims, etc. We will inform you before lifting a restriction.
· Right to Data Portability: You have the right to receive certain personal data from us in a structured, commonly used, machine-readable format, and to transmit that data to another controller, where the processing was carried out by automated means and is based on your consent or the performance of a contract. In plain terms, this applies to data you provided to us (like your account information or content) and that we process electronically. Upon your request, we will provide you with a file of such data (for example, a CSV or JSON export of your basic account details and content). Where feasible, if you request, we may directly transmit the data to another service provider at your direction. Note that portability does not apply to data that is inferred by us or derived (like internal analytics or profiles we generate).
· Right to Object: You have the right to object to certain processing activities. You can object at any time to our processing of your personal data for direct marketing purposes – if you do so, we will stop using your data for marketing. This is an absolute right. You can also object to processing based on legitimate interests (or task in public interest) – in such cases, we will review your objection and will stop processing the data unless we can demonstrate compelling legitimate grounds that override your rights or if the processing is for establishment/exercise/defense of legal claims. Given that some of our processing for advertising and data monetization is based on legitimate interests, you have the right to object to our use of your data for those purposes. If you object, for example, to the use of your data for personalized ads, we will honor that objection by ceasing those activities for your data in the EU context (this might involve removing you from targeted advertising lists and/or limiting data flow to advertising partners). To object, you can contact us and specify which processing you object to.
· Right not to be subject to Automated Decision-Making: GDPR gives you the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you, unless it’s necessary for a contract, authorized by law, or based on your explicit consent. Cheeky-Fit does not engage in any such automated decisions with legal or significant impact (like credit approval or hiring decisions done by algorithm). While we do some profiling for advertising, it does not have a legal or similarly significant effect on you – it just influences the ads/content you see. However, we respect that you can object to profiling for marketing via the right to object (as noted above).
Exercising Your GDPR Rights: To exercise any of these EU/UK rights, please contact us at our designated contact (see Contact Us section). We may need to verify your identity before fulfilling your request (to ensure we don’t disclose or modify data to the wrong person). We will respond within one month of receiving a request. If necessary, we may extend the response time by an additional two months for complex requests, but we will inform you of this and explain why. There is no fee for making a request, but if your requests are manifestly unfounded or excessive (e.g., repetitive), we may either charge a reasonable fee or refuse to act (permitted under GDPR)[8][9] – but we will provide an explanation if that situation arises. You also have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe we have infringed your privacy rights. We encourage you to first reach out to us so we can address your concerns directly.
B. Rights of California Residents (CCPA/CPRA)
If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights (effective as of 2023) are designed to give you greater control over your personal information. They include:
· Right to Know: You have the right to request that we disclose what personal information we have collected about you, as well as details about our data practices. This is sometimes called an Access Request. Under the CCPA/CPRA, you may request that we provide you with: (1) the categories of personal information we have collected about you; (2) the specific pieces of personal information we have collected about you (a data portability request); (3) the categories of sources from which we collected the information; (4) the business or commercial purposes for collecting, selling, or sharing that information; (5) the categories of third parties with whom we have disclosed your personal information; and (6) if we sold or shared personal information, the categories of personal information and categories of third parties to whom the information was sold or shared[10][11]. You have the right to request this information for the 12-month period preceding your request (and for information collected on or after January 1, 2022, you can request beyond 12 months to the extent available, per CPRA). You may make a request up to twice in a 12-month period, free of charge[12]. When we receive a verifiable request to know, we will provide the responsive information in a portable and (if you request) readily usable format (often this means we will send you a report via email or secure download).
· Right to Delete: You have the right to request that we delete personal information we have collected from you. Upon receiving a verifiable deletion request, we will delete (and instruct our service providers to delete) your personal information from our records, unless an exception applies[13]. Deletion exceptions under CCPA/CPRA include, for example: if the information is needed to complete the transaction for which it was collected or to provide a good or service you requested; to detect security incidents, protect against malicious activity or prosecute those responsible; to debug/repair errors; to exercise free speech or ensure another’s exercise of free speech; to comply with a legal obligation; or for certain internal uses that are compatible with the context of collection (such as internal analytics). If we deny a deletion request in part or whole due to an exception, we will inform you of the reasons. Note that if you have an account, deleting your data typically means we will also need to deactivate your account (since we cannot maintain your account without processing your data). We will make that clear during the process.
· Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell your personal information to third parties, or to stop “sharing” your personal information for cross-context behavioral advertising[14]. “Selling” is defined broadly to include any disclosure of personal info to another business or third party for monetary or other valuable consideration[2]. “Sharing” (a concept introduced by CPRA) refers to disclosing personal info to a third party for cross-context behavioral advertising (targeted advertising) regardless of money changing hands. As described in the Sharing and Selling section, Cheeky-Fit does sell and share personal information (such as device IDs, usage profiles, etc.) with advertising and data partners. By law, we have to provide a mechanism for you to opt out of these activities. How to opt out: We have a “Do Not Sell or Share My Personal Information” link available on our website and within the app settings. By clicking that link or button, you will be guided through the process (which may involve confirming your identity or preferences) to register your preference that we not sell or share your data. You may also utilize an authorized agent to submit an opt-out request on your behalf (with appropriate proof of authorization). Additionally, if your browser or device is configured with a Global Privacy Control (GPC) signal, which is a mechanism that communicates an opt-out preference (often through a browser extension or setting), our website will honor that as a valid opt-out of sale/sharing request[15][16]. Note: GPC signals apply to web-based data collection; if you also use our mobile app, we recommend using the in-app opt-out or contacting us to ensure we capture your choice for the app data as well. Once you opt out, we will stop selling or sharing your personal info. If you later opt back in (for instance, if you initiate a transaction that requires sale of data, or if you toggle a preference), we will resume those practices until you opt out again. If you are under 16: We do not knowingly sell or share data of consumers we know to be under 16. We will never knowingly sell/share data of consumers under 16 without affirmative authorization (opt-in consent) as required by CCPA/CPRA.
· Right to Correct: As of January 1, 2023, California residents also have the right to request correction of inaccurate personal information we maintain about them[17]. If you believe any personal information we have is incorrect, you can submit a request for correction. Upon a verified request, we will use commercially reasonable efforts to correct the inaccurate information. In some cases, we may need additional context or documentation from you to verify the correct information (especially if we have conflicting information on record). If we cannot verify your identity or the accuracy of the new information, or if an exception applies, we may deny the request with explanation.
· Right to Limit Use of Sensitive Personal Information: CPRA gives consumers the right to limit our use or disclosure of “sensitive personal information” (SPI) if we use it for purposes beyond certain allowed purposes (such as providing the service). Sensitive personal info under California law includes things like precise geolocation, race/ethnicity, health info, biometric identifiers, etc[18]. In Cheeky-Fit’s case, the main sensitive info we might collect is precise geolocation (if you allow it) or possibly health-related data if you input it. We primarily use precise location to provide features to you (like mapping your run) and for limited analytics/ads. If you are a California user and you prefer that we limit the use of sensitive data to only what’s necessary to provide the service to you, you can submit a “Limit Use of My Sensitive Personal Information” request (we include this option alongside the Do Not Sell link, or you can contact us). When you exercise this right, if we are using sensitive data for additional purposes (like to build an advertising profile), we will stop doing so. For example, we would cease using your precise location for anything other than providing you with location-based features you request. Note: We do not use sensitive data for purposes like inferring characteristics or advertising if you opt to limit; any ads would be generalized. If we do not actually collect or use sensitive info beyond what’s necessary, we may reply that there’s no additional use to limit.
· Right of Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights[19][20]. This means we will not deny you our services, charge you different prices, or provide a different quality of service just because you exercised privacy rights. However, please note that opting out of sale/sharing or limiting certain uses may affect some features (for example, if you opt out of sale/sharing, you will still see ads but they will be less relevant, and some analytics or referral programs that rely on sharing data might be impacted). Any difference in service is a result of the changed data practices, not an punitive action against you. In certain cases, the CCPA allows offering financial incentives that involve different prices/rates for allowing data collection (e.g., a loyalty program). We do not currently offer any such programs. If we ever do, we will present terms and get opt-in consent from you, and you can revoke it at any time.
Exercising CCPA/CPRA Rights: To make a request to know, access, delete, correct, or opt-out, you (or your authorized representative) can use the following methods:
· Online (Recommended): Use the Privacy Settings or “Do Not Sell/Share” link in our app or on our website. For access/deletion/correction requests, we have a web form available at cheeky.fit/privacy-requests (URL hypothetical) where you can securely submit your request. Within the app, you may go to Settings > Privacy and find options to request your data or delete your account.
· Email: You may also email us at privacy@cheekyfit.com with your request details. Please include your name, the email associated with your Cheeky-Fit account (if any), and specify the request (e.g., “California Access Request” or “California Deletion Request”). If an authorized agent is emailing on your behalf, they must provide proof of their authorization (such as a signed permission from you or power of attorney) and we may still verify with you directly.
· Verification: For any request that is not an opt-out, we are required by law to verify that the person making the request is actually you (or your authorized agent). For account holders, verification is typically done by logging into the account or responding to a verification email. For non-account requests, we may ask for two or three pieces of personal information that we can match against our records (for example, last 4 digits of a phone number on file, or other profile info). We will use the information solely for verification. If we cannot verify your identity to a reasonable or high degree of certainty (depending on the data sensitivity), we will not be able to fulfill the request, and will notify you.
· Response Timing: We will confirm receipt of your request within 10 business days and provide information on how we will process it. We aim to respond substantively within 45 calendar days of receiving your request. If necessary, we may take a one-time extension of an additional 45 days (for a total of 90 days) but if so, we will inform you of the reason and length of the extension. For opt-out requests, we will comply as soon as feasibly possible (usually within a few days of receipt, and at most 15 business days as required by law).
· Scope of Data: Our response will cover the 12-month period preceding the verified request, unless you request data beyond 12 months and we are able to provide it (CPRA allows requests beyond 12 months in some cases). We will provide the information in a portable format (typically JSON or PDF). For deletion requests, we will either confirm deletion or explain what was deleted and what we retained (if something was retained under an exception). For correction, we will confirm when corrected or explain if we could not.
· Limitations: Certain information we collect may be exempt from the CCPA rights (for example, data subject to federal laws like HIPAA, if that applied, or data we handle as a service provider on behalf of others). Cheeky-Fit is a consumer app, so generally these exemptions won’t apply. But if any do, we will make that clear in our response.
If you have any issues or concerns with how we handled your request, you can contact us for further resolution. You also have the right to contact the California Privacy Protection Agency (CPPA) or the California Attorney General if you believe we have violated CCPA.
C. Other Choices for All Users
Regardless of where you live, we offer some universal choices to control your data:
· In-App Privacy Settings: We provide controls within Cheeky-Fit’s settings (Privacy section) where you can manage certain preferences. For example, you can toggle certain data sharing features on or off. We have an option to opt out of personalized ads within the app; enabling this will inform us to not use your data for targeting (we will then only serve generic ads). We also allow you to disable location collection after the fact (you can revoke location permission via your device settings, or use our in-app toggle if provided). If you granted us access to contacts or other integrations, you can disconnect those in the app settings at any time.
· Ad Preferences and Global Opt-Outs: Many advertising partners are part of industry self-regulation programs. You can opt out of targeted ads from participating companies via tools like the Digital Advertising Alliance (DAA) opt-out (optout.aboutads.info) or the Network Advertising Initiative (NAI) opt-out (optout.networkadvertising.org) for web-based tracking. For mobile apps, you can use the DAA’s AppChoices app to opt out of cross-app advertising from participating networks. These methods will send signals to limit data sharing with those ad networks. Additionally, both iOS and Android devices offer system-level settings: Apple iOS – if you enable the “Limit Ad Tracking” (on older iOS) or just deny tracking permission for our app via the App Tracking Transparency prompt, Apple will prevent us from accessing your IDFA and we will comply with that (resulting in no cross-app tracking on that device)[21]. Android – you can opt out of Ads Personalization in Google settings, which instructs apps not to use your advertising ID for building profiles or personalized ads. We respect and implement these system settings. Also, if you set up a Global Privacy Control (GPC) in your browser (for any web-based interactions with Cheeky-Fit, like our site), as mentioned, we treat it as an opt-out signal[14].
· Account Deactivation and Data Deletion: You can always choose to stop using Cheeky-Fit and delete the app. Simply uninstalling the app, however, does not automatically delete your account or data from our servers. If you wish to have your data removed from our active systems, you should use the in-app “Delete Account” feature (found in account settings) or contact us to request deletion (as detailed above for various regions). When you delete your account through the app, we treat that as a verified deletion request and will remove your personal data (except for any information we are permitted or required to retain as described in Data Retention below). We will also cease collecting any new data via the app once you’ve logged out and deleted it. Keep in mind that after deletion, we won’t be able to recover your account or any content you added.
· Communication Preferences: If you are receiving marketing emails or newsletters from us, you can opt out at any time by clicking the “unsubscribe” link at the bottom of those emails. You can also manage email preferences in your account settings if available. For push notifications on your device, you can disable them via the app’s settings or your device’s notification settings for Cheeky-Fit. Note that even if you opt out of marketing messages, we may still send you service-related communications (like important account or security notices).
· Cookies and Tracking on Website: If Cheeky-Fit has a web presence (like a marketing site or web portal), we will display a cookie banner or preference center allowing you to manage cookies. You can usually choose to accept only essential cookies and decline analytics/advertising cookies. Also, you can control cookies through your browser settings by deleting or blocking them. For our app, as mentioned, similar technologies can be opted out of through the device settings or in-app options.
· Do Not Track: “Do Not Track” (DNT) is a older browser setting that signals a preference not to be tracked across websites. Currently, there is no standard interpretation of DNT signals in the mobile app context, and we do not respond to DNT on our website beyond what GPC covers. Instead, we focus on the explicit privacy controls described above.
We are committed to making these controls accessible and user-friendly. If you have any difficulty finding or using a privacy setting, please reach out to our support or privacy contact for assistance.
Data Retention
We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice, this means:
· For active users: We will keep your information for as long as your account exists or as long as needed to provide you services. Your account data and content remain on our systems until you or we delete your account. There is no set expiration date – we assume you want us to retain your data to continue providing the service. This includes your profile information, settings, and any content or interactions (posts, messages, etc.) you have in the app. We also keep ongoing logs of your activities for purposes like analytics, although some logs may be rotated or summarized over time.
· If you deactivate or delete your account: When you request account deletion (or if we delete it due to inactivity or violation of terms), we will delete or anonymize your personal data in our production systems within approximately 30 days, unless otherwise required. However, certain data may persist in backup archives for up to 90 additional days or more. We maintain backups to ensure we can recover from disasters, and it is impractical to remove individual user data from these backups. Rest assured, backup data is protected and used only for restoration purposes. After the retention period, backups that include your data will be destroyed in the normal course of our backup lifecycle.
· Content you have shared: If you posted content or communicated with others on Cheeky-Fit, copies of that content might remain visible to others (for example, a comment you made on someone else’s post) even after you delete your account, similar to how a forum post might remain but under an anonymized name. We may dissociate your name from such content if you delete your account, but we might not purge the content if it’s integral to another user’s experience. However, we give users a way to delete content they have control over, and if something remains that you want removed, you can contact us.
· Legal and business retention: We may retain certain information for legal compliance or legitimate business purposes even after account deletion. For example, we might retain transaction records (if any financial transactions occurred) for accounting and tax purposes. We retain records of privacy requests and consents/opt-outs to demonstrate compliance with law. If we banned an account for malicious behavior, we might keep information necessary to identify that individual to prevent re-registration (legitimate interest in preventing fraud/abuse). Also, if there’s any litigation or legal claim, we’ll retain data pertinent to that as required. Typically, these retention needs are evaluated on a case-by-case basis and aligned with the statute of limitations or regulatory requirements.
· Aggregated or anonymized data: We may retain data that has been aggregated or anonymized such that it’s no longer associated with any identifiable user. For instance, overall usage statistics or market insights derived from user data may be kept indefinitely, as they no longer constitute personal information. We use this for historical analysis, business reporting, and product development.
· Email and communications: If you contacted us via support or email, we may retain those communications for a period (to track our relationship, any complaints, etc.). Typically support emails are kept for a couple of years at most, unless needed longer.
· Review Periods: We periodically review our stored data and our retention policies. We aim not to keep personal data longer than necessary. When data is no longer needed, we will ensure it is securely deleted or anonymized. For example, if you registered an account but then didn’t verify or use it, we might purge that unactivated account after a set time (say, 12 months). Or we might drop precise location logs after a certain timeframe and only keep generalized trends.
In summary, we try to align retention with the principle of storage limitation (GDPR) and practical business needs. If you have specific questions about how long a certain type of data is kept, you can contact us for more detail.
Data Security
We take the security of your personal information seriously and implement reasonable and appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of your data. Our security program includes:
· Encryption: We use encryption to protect data in transit and at rest. All communications between your app and our servers are encrypted using HTTPS/TLS protocols. This means that personal data (like login credentials, content, etc.) is transmitted securely over the internet. Sensitive data in our databases is encrypted at rest where feasible (for instance, passwords are stored hashed and salted, not in plain text). We also encrypt certain fields or backups containing personal info.
· Access Controls: We limit access to personal data to employees, contractors, and service providers who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations. Internal access to systems is protected via authentication, and we segment our network and databases to ensure that access is only via secure channels. We also employ measures like two-factor authentication for administrative access to our systems where possible.
· Monitoring and Testing: Our systems are monitored for security events and we maintain logs of access to detect any anomalies. We employ firewall protection and intrusion detection systems. We also conduct periodic security assessments and penetration testing (either internally or with external experts) to find and address vulnerabilities. Our software development lifecycle incorporates secure coding practices and code reviews for security issues.
· Third-Party Security: When we use third-party service providers (such as cloud hosting or analytics), we vet their security practices and ensure they commit to protecting our data. We also utilize features provided by those services (like database encryption or key management services) to enhance security.
· Training and Policies: We have internal policies to safeguard user data and we train our team on data protection best practices. Only authorized personnel have access to systems with user data, and they are trained on confidentiality and security protocols.
· Data Breach Response: Despite precautions, no system is immune to incidents. We have a breach response plan in place. In the event of a data breach that affects your personal information, we will promptly notify affected users and relevant authorities as required by law. We will also take steps to contain and remedy the breach, such as patching vulnerabilities, restoring integrity of data, and supporting users in mitigating any potential harm.
· Account Security: It’s important to note that you also play a role in keeping your data secure. Please maintain a strong, unique password for your Cheeky-Fit account and do not share it. We will never ask you for your password via unsolicited communication. If you suspect unauthorized access to your account, contact us immediately. We offer features like login alert notifications (if a new device logs in) – please pay attention to those and secure your account if something looks suspicious.
· No Guarantee: While we are committed to protecting your data, we cannot guarantee absolute security. No method of transmission over the internet or method of electronic storage is 100% secure. However, we follow industry standards and best practices to minimize risks. You acknowledge that there is some inherent risk in transmitting information via the internet, and we are not responsible for circumvention of any privacy settings or security measures on our platform by other users or third parties.
By using Cheeky-Fit, you entrust us with your data, and we strive to justify that trust by continuously improving our security measures. If you have questions about security or if you believe your Cheeky-Fit account or data might have been compromised, please contact us immediately using the information in the Contact Us section.
International Users
Cheeky-Fit is a global service. By using the app, you understand that your personal data may be processed in countries outside of your home country. Specifically, our servers are primarily in the United States, and our third-party partners may be located worldwide (for example, advertising or analytics partners could be in the EU, US, or Asia). This means your data might be subject to jurisdictions with different data protection laws. We have detailed in the GDPR section how we handle data transfers for EU users. For users in other regions (e.g., Canada, Australia, India, etc.), we similarly ensure that we comply with any local law requirements and provide appropriate protections.
If local laws grant you specific privacy rights (for instance, some other U.S. states like Virginia, Colorado, etc., have enacted privacy laws with rights similar to CCPA; or countries like Brazil (LGPD) and Canada (PIPEDA) have their own frameworks), we will honor legitimate requests under those laws as well. For example, if you’re in a U.S. state with an “opt-out of targeted advertising” right, our Do Not Sell/Share mechanism will cover that. If you’re in a country that requires a legal basis for processing similar to GDPR, you can refer to our GDPR section as to how we justify processing. Generally, we apply a universal standard of transparency and control, so even if your jurisdiction doesn’t mandate it, we try to provide the ability to access, delete, or opt out as described above.
Platform-Specific Disclosures (Apple App Store & Google Play)
Cheeky-Fit is distributed through the Apple App Store (for iOS devices) and Google Play Store (for Android devices). We adhere to the privacy requirements of these platforms, and this section highlights how we comply and what that means for you:
Apple App Store (iOS) Compliance:
· App Privacy “Nutrition Labels”: Apple requires every app to provide a summary of its privacy practices (the “App Privacy” section on the App Store product page). We have accurately filled out that information for Cheeky-Fit, disclosing the categories of data we collect (such as contact info, identifiers, usage data, location, etc.), and whether those are used for tracking or linked to you. This Privacy Policy provides the full details behind that summary. Apple’s guidelines mandate that the privacy policy must clearly identify data collected and its uses[22], and we have done so in sections above. The information we provided to Apple’s App Store is consistent with what you’ve read here. If you have viewed our App Store listing, you likely saw statements like “Data Used to Track You” and “Data Linked to You” for various categories – those reflect our use of third-party tracking (for ads/analytics) and linking data to your identity for functionality.
· App Tracking Transparency (ATT): Starting with iOS 14.5, Apple’s AppTrackingTransparency framework requires that we obtain your permission via a system prompt before tracking you across apps and websites owned by other companies for advertising purposes. “Tracking” in this context means, for example, linking your Cheeky-Fit data (or an ad identifier) with data from other apps/websites for targeted advertising or advertising measurement. Cheeky-Fit complies with this requirement: If we attempt to access your device’s IDFA (Identifier for Advertisers) or perform any tracking, you will see a prompt saying “[App] would like permission to track you across apps and websites owned by other companies”. You can choose “Allow” or “Ask App Not to Track”. We will abide by your choice. If you allow tracking, we will enable third-party advertising SDKs to collect your identifier and data for personalized ads, and these third parties may track you across other apps. If you deny tracking, we will not share your identifier or any information in a way that falls under Apple’s definition of tracking on that device[21]. You will still see ads, but they will be contextual or generic. Please note, even if you deny tracking, we may still collect data for our own analytics or to serve contextual ads – but we won’t connect it to third-party data for targeted ads. Apple may also enforce that we not track even via alternative means, and we respect that. In short, Cheeky-Fit does not circumvent the ATT prompt: we require opt-in consent via Apple’s APIs for any user-level tracking for advertising[23]. Apps that share user data without consent or not in compliance with privacy laws can be removed from the App Store[24], and we ensure our practices align with Apple’s policies.
· Permissions and Data Access: Apple guidelines also demand that apps request access only to data that’s needed for core functionality and to be transparent about those uses[25][26]. In Cheeky-Fit, we will prompt you for permissions such as Location, Contacts, Photos, Camera, Motion sensors, or other device features when those features are relevant. The iOS permission dialogs will have messages explaining why we need the access (we strive to make them clear, e.g., “Cheeky-Fit needs location to map your workouts”). You have the choice to grant or deny each permission. If you deny, we will either disable the related feature or offer a workaround if possible (for instance, not granting Contacts means you simply won’t be able to find friends by contacts, but you can manually invite them). We will respect your iOS privacy settings at all times – for example, if you deny Location, we won’t attempt to collect it in secret (and Apple would likely block it anyway). Apple’s review guidelines explicitly prohibit surreptitious data collection[27], so we do none of that. Also, we don’t condition using the app on you granting all permissions – you can use Cheeky-Fit with minimal permissions if you want, albeit with limited functionality.
· Third-Party SDK Compliance: We confirm that any third-party analytics or advertising SDKs in our iOS app are implemented in compliance with Apple’s requirements. For instance, Apple forbids the use of certain data (like information from other apps or contact lists) for building user profiles to sell[28]. We do not use any prohibited techniques (like scanning your device for other installed apps for analytics/ads purposes, which Apple disallows[29]). Our advertising SDKs (if any) only collect data you’ve permitted and that we’ve disclosed. We’ve also ensured that no HealthKit or sensitive data is shared with third parties in violation of Apple’s rules (if our app reads any Apple Health data, we use it solely for your benefit in the app, not for advertising – Apple requires explicit user consent for health data usage and prohibits selling HealthKit data[30], which we comply with).
· Privacy Policy Accessibility: Per Apple’s rules, we have made this Privacy Policy accessible both on our website and from within the app. In the iOS app, you can find a link to this policy in the Settings or About section, easily reachable for users[31]. If you’re reading this in the app, thank you for taking the time to do so.
· Data Security Commitment: Apple’s guidelines ask developers to declare that they secure user data[32]. We have detailed our security measures in the Data Security section above. We fulfill Apple’s requirement by implementing appropriate technical and organizational measures to safeguard user data collected through the app[32].
Google Play Store Compliance:
· Google Play Data Safety Section: Google Play requires developers to disclose their data collection, sharing, and security practices in the app listing’s “Data Safety” section. We have completed the Data Safety form in Google’s Play Console accurately, reflecting Cheeky-Fit’s practices regarding what data we collect, how we use it, whether we share it, and what security measures we take (such as encryption). This information is displayed on our app’s Google Play listing for you to review before installation[33][34]. The categories and purposes we disclosed align with what is written in this Privacy Policy. For example, we indicated that we collect location, personal info, and other data types, and that we share data for advertising purposes. We also indicated that we encrypt data in transit (which we do via HTTPS) and that users can request deletion of their data[35]. Our goal is full transparency on Google Play’s platform, which echoes this policy. If any discrepancy is found between our Data Safety form and this policy, please bring it to our attention so we can correct it – we understand we are responsible for the accuracy of those disclosures and compliance with Google’s policies[36][37].
· Privacy Policy Availability: Google Play mandates that apps post a privacy policy both on the store listing and accessible in-app[38]. We have provided a link to this Privacy Policy in our Play Store listing, and within the app’s settings menu[38]. This ensures you can always find detailed info about our data practices.
· Google Play User Data Policies: We comply with Google’s Developer Policy on user data. In particular, Google requires that apps are transparent about how they handle user data (collection, use, sharing) and that we limit our use of data to the purposes disclosed[1]. As you have seen, our policy is very explicit about our purposes. We do not use data in ways we haven’t described to you. Google also has specific prohibitions, for example on handling sensitive data like financial or ID numbers – Cheeky-Fit doesn’t handle those categories, but if we did, we would abide by those restrictions[39].
· Consent and Prominent Disclosure: Google’s policies require that for certain sensitive data access (like accessing device location in the background, or using the microphone/camera), the app must provide an in-app disclosure and obtain consent from the user, separate from general terms[40]. We fulfill this by giving clear prompts when enabling such features. For example, if we ever run location in the background, we would show a persistent notification or a clear explanation in-app aligning with Google’s guidelines, and of course the Android OS itself will ask for permission which we respect. We avoid bundling privacy disclosures with unrelated information – any prompt about data access will be standalone (not hidden in, say, a lengthy tutorial).
· Third-Party Code Compliance: Google expects developers to ensure that any third-party SDKs or code in the app also comply with its policies[39]. We have reviewed the SDKs in Cheeky-Fit (advertising, analytics, etc.) to ensure they don’t violate Google Play rules regarding personal and sensitive information. For example, Google forbids developers from selling personal and sensitive user data. While Cheeky-Fit does sell user data as described, we do so in a way that is disclosed and compliant with privacy laws – Google’s stance is mainly that you must disclose it and not violate any specific category restriction. We believe our implementation is compliant, but we remain vigilant: if any third-party SDK were to misbehave (like collecting data beyond what we agreed), we would take prompt action (update or remove it) to stay in compliance.
· ATT vs. Google: Unlike Apple, Google currently does not have a system-wide ATT prompt for apps. Instead, Google relies on the Data Safety disclosure and their own advertising ID rules. On Android, if you have opted out of Ads Personalization at the device level, Google signals that to us by providing a string of zeros as an Advertising ID. We honor that by not using that ID for ad targeting. Google’s policies also state that if a user opts out of personalized ads, we should not attempt to derive or track an identifier for them for advertising purposes (and we do not).
· Compliance with Laws: Google Play explicitly requires that apps comply with all applicable privacy laws and regulations in the regions they operate[41]. By following GDPR, CCPA, and others as described, we are also meeting this obligation. We remain aware of changes in legal requirements and will update our app and policies accordingly to maintain compliance on Google Play.
In summary, our presence on Apple’s App Store and Google Play means we meet their high standards for privacy transparency and user control. We have explicitly disclosed our data collection and sharing practices to both Apple and Google[1][22], and we follow required protocols like ATT on iOS and Data Safety on Android to give you, the user, clarity and choice. If you believe our app is not adhering to the promises made in the App Store or Play Store disclosures, please let us know – both users and the platforms themselves help hold developers accountable, and we welcome that accountability.
Children’s Privacy
Cheeky-Fit is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13, please do not use the app or submit any information about yourself. If we learn that we have inadvertently collected personal data from a child under 13, we will delete that information as quickly as possible. Parents or guardians who believe their child may have provided us personal information can contact us (see Contact Us below) to request deletion of that data.
For users between 13 and 18 (or the age of majority in your jurisdiction): If you are a minor but old enough to use the app (for example, 13+ in the US, or 16+ in the EU for consent in some cases), you should review this Privacy Policy with your parent or guardian to make sure you both understand it. We strongly encourage young users to exercise caution and not share any information in the app that could directly identify them or that is overly sensitive.
California minors: If you are a California resident under 18 and a registered user of Cheeky-Fit, California law (Business & Professions Code § 22581) permits you to request removal of content or information you have publicly posted. If you fit this description and wish to remove such content, please contact us with specifics of what you want removed. We will make reasonable good faith efforts to remove (or anonymize) the post from public view, or to the extent required by law. Keep in mind this does not ensure complete removal (for example, if someone else re-posted your content, or if it’s stored in backup, it may persist in some form).
Under 16 – Sale of Data: As noted, we do not knowingly sell personal information of consumers under 16 years of age. In the event we become aware that a user under 16 is using the app, we will refrain from selling or sharing their data unless we obtain appropriate consent (for ages 13-15, that would be the user’s opt-in; for under 13, that would be parental consent). We comply with the CPRA’s requirement to treat lack of opt-in from ages 13-15 as an opt-out (meaning default no sale)[42]. Practically, since we don’t allow under 13 at all, and we currently don’t have age gating for 13-15 beyond assuming users are older when signing up, if we ever identify a user as 13-15, we would prompt for an affirmative consent for data sale or stop processing their data beyond what’s needed for the service.
COPPA (Children’s Online Privacy Protection Act): We abide by COPPA which governs data collection from children under 13 in the U.S. We do not intentionally collect such data, and thus we don’t seek parental consent. Our app is not directed at kids. If in the future we decided to create a version of Cheeky-Fit for a younger audience, we would implement COPPA-compliant practices, but as of now we target a general audience mostly 18+ or at least 16+.
Parents and guardians: If you have any questions or concerns about your child’s use of our app or our data practices, please contact us. We will be happy to delete any information related to a minor that is stored in our systems if you make such a request and we verify the request is from a legitimate parent/guardian.
Changes to This Privacy Policy
We may update or modify this Privacy Policy from time to time to reflect changes in our data practices, technology, legal requirements, or for other operational reasons. When we make changes, we will post the updated policy here with a new “Last Updated” date at the top. If the changes are significant, we will provide a more prominent notice – for example, we might display an in-app notification or send you an email (if we have your email on file) informing you of the update. Significant changes could include, for instance, using your data for new purposes not previously identified, or making material changes to your rights.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Cheeky-Fit after any changes to this Privacy Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with any updates or modifications, you should stop using the app and can request us to delete your data.
For historical reference or regulatory compliance, we will maintain archives of previous versions of this policy and can provide them upon request (or link to them if we have a version control on our website).
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:
Cheeky-Fit, Inc. Attn: Privacy Team (Data Protection Officer) 1234 Fitness Ave, Suite 567 San Francisco, CA 94105, USA
Email: privacy@cheekyfit.com (For privacy-specific inquiries or rights requests. For general support, you might use support@cheekyfit.com, but privacy email will also be monitored for any privacy-related matters.)
We will respond to your inquiries as soon as reasonably possible, generally within 30 days. If you are contacting us to exercise a specific legal right (like a data access or deletion request), please make sure to mention the jurisdiction you are in (e.g., “I am an EU user exercising GDPR right of access”) so we can process it under the correct framework.
You also have the right to lodge a complaint or question with a regulatory authority. For EU users, this would be your local Data Protection Authority (a list can be found on the European Data Protection Board’s website). For UK users, it’s the Information Commissioner’s Office (ICO). For California users, you can contact the California Privacy Protection Agency or the state Attorney General’s office. We would appreciate the chance to address your concerns directly first, but you absolutely have these rights.
Thank you for taking the time to read our Privacy Policy. We tried to be as clear and comprehensive as possible, given the extensive data practices of Cheeky-Fit. Our goal is to give you both transparency and control. We understand that our app’s approach to data is broad, and we’ve designed this policy to meet legal requirements while plainly disclosing what we do. We remain committed to respecting your privacy rights and ensuring compliance with all applicable laws and platform policies as our service evolves.
[1] [35] [38] [39] [40] [41] Google to Require Apps to Display “Data Safety” Information by July 20, 2022 | Privacy World
https://www.privacyworld.blog/2022/05/google-to-require-apps-to-display-data-safety-information-by-july-20-2022/
[2] [3] [4] [7] [42] CPRA Do Not Sell or Share My Personal Information : Definition - Securiti
https://securiti.ai/blog/cpra-do-not-sell-definition/
[5] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] App Review Guidelines - Apple Developer
https://developer.apple.com/app-store/review/guidelines/
[6] [8] [9] Respect individuals’ rights | European Data Protection Board
https://www.edpb.europa.eu/sme-data-protection-guide/respect-individuals-rights_en
[10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General
https://oag.ca.gov/privacy/ccpa
[33] [34] [36] [37] Provide information for Google Play's Data safety section - Play Console Help
https://support.google.com/googleplay/android-developer/answer/10787469?hl=en
Cheeky-Fit Privacy Policy
Effective Date: January 31, 2026Last Updated: January 31, 2026
Introduction
Welcome to Cheeky-Fit, Inc.’s Privacy Policy for the cheeky.fit mobile application (“Cheeky-Fit” or “the app”). We believe in being transparent and honest about how we collect, use, share, and sell your personal information. Cheeky-Fit is a data-intensive app – by using our app, you acknowledge that we collect virtually all data available through the app and your device (including unique identifiers, precise location, behavioral usage data, and any user-generated content) and that we may monetize this data, including by selling it to third parties. We do not delay or gate this data collection behind additional prompts or consents beyond what the law or platform (Apple/Google) strictly require. This policy explains our practices in detail, including what data we collect, how we use it, with whom we share or sell it, how we protect it, and your rights and choices under various privacy laws. We aim to comply with global privacy standards, including the EU and UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and relevant Apple App Store and Google Play Store requirements.
By using Cheeky-Fit, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the app. We do not use misleading language or euphemisms – our goal is to clearly inform you of our data practices, even if they are extensive.
Information We Collect
We collect personal data and device information automatically and through your input from the moment you begin using Cheeky-Fit. This includes almost all data the app can access, such as:
· Identifiers and Account Information: If you create an account, we collect your name, email address, username, and password. We also collect unique device identifiers (such as your phone’s device ID, advertising identifiers like Apple’s IDFA or Android’s Advertising ID), IP address, phone number (if you provide it), and other identifiers. These identifiers allow us to recognize you and your device and are used for functionalities and tracking across services.
· Location Data: We collect your device’s location information. This may include precise GPS coordinates (if you grant location permission) and general location inferred from your IP address or device settings. Location data is used for app features that require location (e.g., fitness route tracking or location-based content) and for analytics and advertising. We will request OS-level permission where required to access precise GPS location (for example, via the standard mobile prompt). Once permission is granted, we may continually collect location in the background. If you decline to share GPS location, we may still derive a coarse location from your IP or other data.
· Usage and Behavioral Data: We automatically collect data about how you use Cheeky-Fit. This includes the features you access, the content you view or create, the buttons or links you tap, and other in-app activities and preferences. We log timestamps of your sessions, workouts or activities logged (if applicable), interaction patterns, and referral/traffic data (how you arrived at the app). We also gather device and network information such as your device type, OS version, app version, browser type (if accessing web content), language, and mobile network. This behavioral and technical data helps us analyze engagement, diagnose issues, and personalize your experience.
· User-Generated Content: Any content you create, upload, or post on Cheeky-Fit is collected and stored. This includes photos, videos, comments, profile pictures, biometric or fitness information you input (for example, if the app allows you to log workouts, calories, or other health-related metrics), and any other data you submit within the app. Please note: content you choose to make public or share with others in the app may be visible to other users, but even if not public, we have access to it on our servers. We treat direct messages or private content as private to the users involved, but they are not end-to-end encrypted and our systems will still process them.
· Contacts and Integration Data (if applicable): If you choose to import contacts or integrate with third-party services (for example, linking the app to your phone’s contacts to find friends, or connecting to a health kit or social media account), we will collect the information you allow from those sources. This could include contact names and phone numbers/email addresses, or profile information from the linked service. We will request your permission before accessing such data (e.g., a prompt to access your contacts). Once given, we may store and use that data for features (like friend-finding) and potentially for other purposes described in this policy (such as analytics or recommendations).
· Sensor and Fitness Data: Cheeky-Fit may access data from your device’s sensors or other apps to provide certain features. For example, we might use the accelerometer or pedometer in your phone to count steps, or read fitness data (heart rate, steps, workouts) from Apple HealthKit or Google Fit if you connect those. We only access these if you allow us to (you’ll see a prompt specific to those services). Any such data (e.g., step count, calories burned, etc.) will be collected and treated as personal data. Important: If we integrate with Apple HealthKit or Google Fit, note that those platforms impose additional rules (e.g., HealthKit data generally cannot be used for advertising or sold). We will adhere to those rules where applicable and will not use such data in prohibited ways.
· Cookies and Similar Technologies: Although Cheeky-Fit is a mobile app, we (and our third-party partners) may use tracking technologies similar to cookies or beacons within the app. For instance, SDKs and analytics libraries in the app may place or utilize identifiers on your device to recognize you. If you visit our website or a web-view within the app, cookies may be used in your browser. These technologies collect information such as device identifiers, browsing events, and advertisement interactions.
Note: Even if you do not explicitly give us certain information, we may infer or collect it through other data sources. For example, we may infer your general location from your IP address, or deduce interests from your usage behavior. We may also receive information about you from other sources: if you log in via a social network or third-party platform, that platform may send us certain information (according to their privacy settings and policies). We combine all these data with data we collect directly for the purposes described in this policy. In summary, Cheeky-Fit collects as much personal and device data as it can obtain, through all available channels, to support our features and business model.
How We Use Your Information
We use the collected information for the following purposes, which include providing and improving the service as well as monetizing the data:
· Providing and Improving the App: We use your data to operate Cheeky-Fit’s core functionality. This includes using your personal information to create and manage your account, display the content you post (e.g., showing your uploaded photos or workout stats to you or others as applicable), and to enable social or interactive features (like leaderboards or friend connections if offered). We also use data to debug, troubleshoot, and improve the app’s performance. For example, logs of crashes or errors are analyzed to fix bugs. Usage patterns help us understand which features are popular or where users encounter problems, so we can refine the user experience.
· Personalization: Your information is used to personalize your experience. This could mean customizing the content or recommendations you see in the app. For instance, we might use your location to show local fitness challenges or content in your area, or use your usage history to suggest new features or workouts you might like. Personalization also includes tailoring the advertising you see – we and our partners might use your profile, behavior, and demographics to decide which ads or sponsored content to show you, in order to make them more relevant.
· Analytics and Aggregation: We aggregate data and perform analytics to understand how our user base as a whole interacts with Cheeky-Fit. This helps us generate insights about usage trends and demographics. For example, we might analyze the average daily time spent in the app, or how engagement varies by region. These insights inform business decisions, product strategy, and marketing strategies. We may share aggregated, de-identified statistics publicly or with third parties (e.g., “X% of our users completed a workout this week”), but these stats will not identify you personally. Internally, however, we do maintain identifiable analytics for the other purposes in this policy.
· Communication: We may use your contact information (such as email or in-app notifications) to send you service-related and marketing communications. Service-related communications include verification emails, password reset messages, transactional notices, or important updates about the app (for example, changes to this Privacy Policy or alerts about security issues). Marketing communications include promotional emails or messages about new features, tips, or offers we or our partners provide. You can opt out of marketing emails by using the unsubscribe link in those emails or contacting us, but you will still receive essential service messages. If you agree to receive push notifications or in-app messages, we will send those to deliver updates, reminders (for example, a reminder to log a workout), or promotional content.
· Advertising and Monetization: This is a critical purpose of our data practices. We use your personal data to generate revenue by advertising and data sales. Specifically, we use your data to facilitate targeted advertising in the app, meaning third-party advertisers can show you ads tailored to your profile. We share certain data (detailed in the next section) with advertising networks and partners who use it to decide which ads to serve you. Additionally, we sell personal data to third parties (including data aggregators, marketers, and other businesses) for their own commercial uses. The data we monetize in this way may include identifiers (so you can be recognized across platforms), your contact information, demographic details, and information about your interests and activities in the app. These third parties may combine our data with information they have from other sources to profile you and target you with advertising or other content across different contexts. We do not provide any opt-in prompt before using your data for advertising or sale – by using the app, this use of data is enabled by default. (However, see “Your Rights and Choices” below for how you can opt out of certain data sharing or sale under applicable laws.)
· Business Operations and Security: We may use data for our legitimate business operations, such as maintaining our financial or business records, accounting, audits, and internal reporting. We also use data to maintain the security of our services and users – for example, we may monitor activity to detect and prevent fraud, abuse, illegal activities, or security breaches. If we detect fraudulent behavior or violations of our Terms of Service, we may use relevant data to investigate and take appropriate action (which could include moderating content or communicating with law enforcement if necessary). We also might use your data as needed to exercise or defend legal claims, to comply with court orders or legal obligations, or to respond to lawful requests from authorities.
· Compliance and Legal Obligations: Where we are subject to certain regulations or laws that require data processing, we will use your data to fulfill those requirements. For instance, privacy laws might require that we document consent or opt-outs – we will keep records as needed. If we are legally required to retain certain data (for tax, legal compliance, or dispute resolution), we will do so. Additionally, if we receive a legal request (subpoena, court order, etc.) that compels us to disclose user data, we will comply to the extent required and will use your data for that purpose (notifying you where permissible).
· Other Purposes (with Notice or Consent): If we intend to use your personal information for a purpose that is not already described above, we will update this Privacy Policy and, if required by law, notify you or obtain your consent. For example, if in the future Cheeky-Fit wants to use biometric identifiers or introduce a new data-heavy feature outside the current scope, we would explain the new data use at that time and get any necessary permission.
We strive to limit our uses to those that we have disclosed to you. In compliance with Google Play policy, we do not use personal data for any purpose that we haven’t clearly disclosed to you[1]. We also ensure that we only use data in ways that are consistent with the purposes we told you about[1]. In practice, this means we will not suddenly start using your data for unrelated purposes without updating this policy or obtaining necessary consent. However, please be aware that the scope of purposes above is broad – covering most conceivable uses from service delivery to monetization – and we do indeed leverage your data to the fullest extent described.
Sharing and Selling of Information
We do share your personal information with third parties, including by selling it for monetary or other valuable consideration. This section explains who these third parties are, what data they receive, and why. We do not hide the fact that your data is a business asset for us – sharing data with partners is integral to how Cheeky-Fit is funded and operates.
Categories of Third Parties and Data Sharing/Sales:
· Advertising Partners: We work with third-party ad networks, advertisers, and advertising technology companies to display ads in Cheeky-Fit and beyond. We may transmit identifiers (like your Advertising ID, device ID, or hashed email address), demographics (such as age range, gender if known), and contextual information (e.g., that you are using a fitness app, or your device’s general location) to these partners so they can target and serve ads to you. We also share information about your interactions with ads (for example, if you clicked an ad) with these partners for performance measurement. In many cases, this data sharing is considered a “sale” or “sharing” of personal information under laws like the CCPA/CPRA because it involves disclosing data to third parties for behavioral advertising or monetary benefit[2][3]. These advertising partners may use the data we provide to profile you and show you targeted ads in our app, on other apps, or on websites. They may also combine it with data collected from other apps and sites for broader ad targeting – this cross-context tracking on iOS will only occur if you have granted permission via Apple’s AppTrackingTransparency prompt (see “Platform-Specific Compliance” below). If you opt-out of tracking or personalized ads using platform settings (such as selecting “Ask App Not to Track” on iOS or opting out of Ads Personalization on Android), we will cease sharing your identifiers with third-party advertisers for targeted advertising on that device, as those are required signals we must honor. However, we may still serve you contextual ads (not tailored using personal data) and continue internal uses of your data.
· Analytics and Measurement Providers: We use third-party analytics tools (for example, Google Analytics for Firebase, or other SDKs) to understand app performance and user behavior. These tools often collect data directly through our app by means of their embedded code, and send it to their servers for analysis. The data can include your device identifiers, usage events, and other technical information. While we primarily use analytics data internally, these third-party providers process the data on our behalf. In some cases, an analytics provider may combine data from our app with data from others to improve their services or for benchmarking. We ensure any such provider is obligated to use data only for providing services to us (or as otherwise allowed by Google/Apple policies). We do not consider this a “sale” if the provider is a service provider or processor to us; however, if we allow them to use the data for their own purposes, that could be deemed a sale, and we will disclose it if so. For transparency, some analytics and tracking on Cheeky-Fit is done via third-party SDKs that may collect your data for their own use – for example, an SDK might use your data to improve its services or for aggregated market research. We list these in our App Store / Play Store disclosures and will treat those as third-party data sharing in this policy.
· Data Brokers and Partners: Aside from advertising networks, we may also sell or license data about our users to other businesses or data brokers who are interested in consumer data. This may include companies that aggregate consumer information to build marketing lists, credit risk profiles, or other consumer insights. The data we might sell could include your personal identifiers (like a unique user ID, device ID, or hashed contact information) and associated data like your app usage patterns, interests as inferred by us, and demographic or location information. We do not sell highly sensitive identifiers like passwords or financial info (which we don’t collect) or sensitive personal data like health conditions; our focus is on data that is valuable for advertising/marketing or analytical purposes. If you are a California resident, you have the right to opt out of this kind of sale of your personal information (see “Your Rights and Choices” below on how to exercise that). Unless you opt out (or unless you were under 16 years old and did not opt in – see “Children’s Privacy”), your data may be included in these sales by default, meaning we could be sharing information about your app activities with third parties in exchange for compensation without further notifying you at the point of each disclosure[4]. We disclose this here in our policy as required, and by continuing to use the app, you acknowledge that these sales may occur.
· Affiliated Companies: If Cheeky-Fit, Inc. is part of a corporate group (e.g., parent company, subsidiaries, or affiliates), we may share your information within that family of companies. Such sharing might occur for internal administrative purposes, for joint services, or because a related entity provides technology or data processing for the app. For example, if our subsidiary or an affiliated company helps in analytics or advertising, we’ll share data with them. Any affiliate receiving your data will be bound to treat it under the same privacy commitments we make in this policy. If in the future Cheeky-Fit, Inc. undergoes a merger, acquisition, investment, or asset sale, user data (including your personal information) may be disclosed to the parties involved (such as prospective purchasers and their advisors) as part of due diligence or transferred as part of the transaction. We will ensure any such parties are under obligations to keep the data confidential and use it only for evaluating the transaction. If a change of ownership occurs, we will provide notice to users (for example, via app notification or email) and the new owner would be bound to this privacy policy or one with similar protections.
· Service Providers: We share personal information with service providers or processors that perform functions on our behalf. These include cloud hosting providers (that store our databases and content), payment processors (if any financial transactions occur), customer support software providers, marketing email platforms, and other IT or security service providers. These companies act under contracts that limit their use of your data to providing the service to us and require them to safeguard it appropriately. We do not consider these “sales” of data, because we do not give it to them for their independent use. For example, if we use a cloud service like Amazon Web Services or Google Cloud, your data is stored on their servers but they are not allowed to access or use it for other purposes except as needed to keep it available to the app.
· Law Enforcement and Legal Requirements: We may disclose personal information to third parties (such as attorneys, auditors, law enforcement agencies, or regulators) if we believe in good faith that such disclosure is necessary to comply with a legal obligation or valid legal process (subpoena, court order, etc.); to respond to an emergency that we believe in good faith requires us to disclose data to prevent harm; or to protect our rights, users, or the public. For example, if law enforcement provides a lawful order to provide data related to a user’s account, we will comply and provide the requested information, after verifying the legitimacy of the request. We will attempt to notify you of such requests when permissible by law. We do not sell data in these scenarios; these are disclosures for legal compliance or safety purposes.
No Hidden Third Parties: We want to emphasize that whenever we share your data, it’s either with your direct interaction (like when using a feature that posts info publicly or integrates with another service) or with parties we’ve described above. We do not share information with employers, insurance companies, or other unexpected parties without consent, unless it falls under the categories above (for instance, if an insurance company is a business partner who buys data, that would be covered under data sales). We also do not currently share personal data with social networks or other apps unless you choose to link or share (e.g., if you share your Cheeky-Fit content to a social media platform, that action will send data to that platform, governed by their policies).
Third-Party Data Protections: When we share data with any third party, we contractually require (or otherwise ensure through terms and conditions) that they handle the data securely and consistent with applicable law. For example, Apple’s App Store guidelines require us to ensure any third party receiving user data provides at least the same level of data protection as our own privacy policy promises[5]. We take those requirements seriously. However, once data is transferred to a third party that is not acting solely as our service provider, that data becomes subject to the third party’s privacy practices. While we contractually or legally bind partners to certain standards, we cannot fully control what they do. We encourage you to review the privacy policies of any third-party services or partners that may collect or receive your data through our app. Notable third-party recipients in our context include advertising networks (who will have their own policies on data usage and opt-outs, such as Google’s or Facebook’s policies for ads).
Disclosure in the Past 12 Months (for CCPA/CPRA): In the past 12 months, Cheeky-Fit has collected and disclosed for business or commercial purposes all of the categories of personal information described in Information We Collect. Specifically, we have “sold” or “shared” (as those terms are defined by California law) identifiers, internet or app activity information, and geolocation data to third-party advertisers and data partners for advertising and marketing purposes. We have not sold any sensitive personal information like health data or account passwords (we don’t collect those). We do not knowingly sell personal information of consumers under 16 years of age without affirmative authorization (see Children’s Privacy below). If you are a California resident, you have the right to direct us to stop selling or sharing your personal information – refer to Your Rights and Choices below for how to exercise that right (via a “Do Not Sell or Share” request).
Legal Bases for Processing (EU/UK GDPR)
If you are located in the European Union, European Economic Area (EEA), or United Kingdom, we must comply with the EU GDPR or UK GDPR in how we process your personal data. These laws require that we have a “lawful basis” for processing your information. We explain those legal bases here, as well as some specific GDPR considerations:
· Consent: In some cases, we rely on your consent to process personal data. For example, if we send you marketing communications (such as promotional emails or push notifications that are not strictly service-related), we do so on the basis of your consent where required by law. Similarly, if we collect precise location or health data in the EU context, we may ask for your consent through the OS prompt or in-app before doing so. Where we use cookies or similar tracking technologies on our website or in the app that are not strictly necessary (e.g. for analytics or advertising), we will obtain consent via a consent banner or settings, as required by ePrivacy laws. You have the right to withdraw any consent you provide at any time (for example, you can opt out of marketing or disable location access later); withdrawing consent will not affect the lawfulness of processing that happened before the withdrawal.
· Performance of a Contract: When you sign up for and use Cheeky-Fit, you are entering into an agreement (the Terms of Service) with us to provide the app’s services. We process certain data as necessary to perform that contract – for example, using your login credentials to authenticate you, using your submitted content to display it back to you or to others as intended, or processing payment information if there are paid features (currently, our app is free with ads, so this may not apply yet). Essentially, any processing of data without which we could not provide the core features of Cheeky-Fit to you may fall under “necessary for performance of contract.” If you choose not to provide such necessary data, we may not be able to offer you the service or certain features.
· Legitimate Interests: This is likely our most relevant legal basis for many processing activities under GDPR. We process your data for purposes that are not strictly required for the service, but that are important for our business, under the justification of legitimate interests. This includes processing for improving our product, securing our platform, and monetizing our services through advertising and data sharing. We have a legitimate interest in analyzing and monetizing user data to fund our operations, and we believe this can be done in a balanced manner that does not override your rights and freedoms. We have conducted (and continue to revisit) assessments to weigh our interests against your privacy. For example, for personalized advertising in the EU, we understand this is an area where consent is often required under ePrivacy (for use of tracking technologies). We will respect applicable local requirements (like obtaining consent for cookies or mobile ad IDs if mandated). However, aside from those specific cases, we might rely on legitimate interests to create user profiles and share data with third parties for advertising. We only do so to the extent permitted by law and industry standards. Importantly, you have the right to object to any processing of your data that we conduct on the basis of our legitimate interests (see Your Rights and Choices below). If you exercise your right to object, we will review the request and cease or adjust the processing in question unless we have compelling legitimate grounds to continue (or if it’s needed for legal claims). We believe that in an era of data-driven services, our approach aligns with the opt-out model under some laws, but we are aware that GDPR favors an opt-in model[3]. We strive to bridge that gap by providing transparency and control (opt-out rights) for our EU/UK users even when we rely on legitimate interests.
· Legal Obligation: We may process and retain certain data to comply with our legal obligations under EU, UK, or member state laws. For example, if tax law requires us to keep transaction records, or if consumer protection laws mandate we keep evidence of consent or privacy compliance, we will process data for those purposes. Likewise, if a law enforcement authority lawfully requires data, processing that data (like retrieving and handing over certain information) is based on legal obligation.
· Vital Interests: This basis is unlikely to apply in the context of Cheeky-Fit, as it typically involves life-and-death situations. We mention it for completeness: if ever processing your data were necessary to protect someone’s life or prevent serious harm and you are incapable of consenting, we could invoke vital interests. (For example, if we become aware through your data of an imminent threat to your life or another’s, we might share data with authorities to prevent harm. This is a rare scenario.)
· Public Interest: We do not perform tasks in the public interest or exercise official authority, so this basis is not applicable to our processing.
EU/UK Data Subject Rights: Under GDPR, you have robust rights regarding your personal data, which we fully respect and will facilitate. These include the right to be informed (through this policy and any required notices), right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object, and rights related to automated decision-making (we do not engage in any solely automated decisions with legal or similarly significant effects on you, without human involvement)[6]. We provide more details on these rights and how to exercise them in the Your Rights and Choices section below.
International Transfers: If you are in the EU/EEA or UK, note that your personal data will be transferred to and processed in countries outside of your own, specifically in the United States (where our company is based) and potentially other jurisdictions where our partners or service providers operate. The data protection laws in these countries may not be as strict as those in your region. Whenever we transfer data out of the EEA/UK, we ensure appropriate safeguards are in place to protect it. Typically, this means we rely on European Commission-approved Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement/Addendum, which contractually oblige the recipient to protect your data to GDPR standards. We may also rely on an adequacy decision by the European Commission (if the destination country is deemed adequate) or other permitted derogations under GDPR in certain circumstances. You can request a copy of the relevant transfer safeguards by contacting us. By using our service, you understand that your data will be sent to the U.S. and other countries as needed for the purposes described. We continue to monitor legal developments around data transfers (e.g., Schrems II decision and subsequent guidance) to ensure compliance.
Opt-in vs. Opt-out Model: It is important to note that GDPR and CPRA have differing approaches to consent and data processing. GDPR generally requires an opt-in (consent-based) model for many types of data processing, meaning we should collect personal data only with your agreement in advance[3]. CPRA (California law) uses an opt-out model, allowing data collection by default as long as users are informed and given a way to opt out[7]. Cheeky-Fit tries to navigate these differences by complying with region-specific rules (for instance, presenting consent dialogs in the EU where required, versus providing opt-out mechanisms in California). Where no specific rule forces an opt-in, we tend to collect data by default but always give you notice (via this policy and possibly in-app notices) and an opportunity to opt out of certain uses. We want to be transparent that outside of jurisdictions that mandate prior consent, our default is to collect and use data as described once you start using the app, relying on mechanisms like CPRA’s notice and opt-out framework[4]. If you have questions or concerns about our legal bases or how we apply them, please contact us (see Contact Us).
Your Rights and Choices
You have a number of privacy rights and choices regarding your personal data. Depending on your jurisdiction, these rights may vary. We are committed to enabling these rights for users as applicable. Below we outline: (A) rights for individuals in the EU/UK under GDPR, (B) rights for California residents under CCPA/CPRA, and (C) general choices available to all users (like opting out of certain data uses or deleting your account).
A. Rights of EU/UK Users (GDPR)
If you are an individual in the European Union, European Economic Area, or United Kingdom, you have the following rights under the GDPR (and UK GDPR):
· Right to Access: You can request that we confirm whether we are processing your personal data, and if so, you have the right to request a copy of the personal data we hold about you, and to obtain supplementary information about our processing (much of which is provided in this Privacy Policy). This is commonly known as a “Data Subject Access Request.” We will provide you with a copy of your data in a structured, commonly used format, typically within one month as required by law. If your request is complex or numerous, we may extend this timeline by up to two further months (we will inform you if so).
· Right to Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to have it corrected or completed. You can also update certain information through your account settings (for example, you might be able to edit your profile information in the app directly). For any other corrections, contact us and we will rectify the data.
· Right to Erasure (Right to be Forgotten): You may request that we delete your personal data. This right is not absolute – GDPR outlines several grounds where you can request deletion, including: the data is no longer necessary for the purposes we collected it; you withdraw consent (if we relied on consent) and we have no other lawful basis; you object to processing based on legitimate interests and we have no overriding grounds to continue; we processed data unlawfully; or we have to erase data to comply with a legal obligation. We will honor valid deletion requests by erasing your data (and directing our processors to do so) unless an exception applies. Common exceptions include where we need to keep data to comply with a legal obligation or to establish/exercise/defend legal claims. We will inform you of any data we cannot delete and the reasons. Keep in mind that if you request deletion, this typically means deleting your account and all associated data – you will lose access to Cheeky-Fit and this action is generally irreversible.
· Right to Restrict Processing: In certain circumstances, you can ask us to restrict (pause) the processing of your data. This is an alternative to full deletion and might apply if: you contest the accuracy of data (we pause processing until it’s verified); the processing is unlawful but you prefer restriction over deletion; we no longer need the data but you need it for a legal claim; or you have objected to processing and we are verifying overriding grounds. When processing is restricted, we will still store your data but not use it further, except in limited scenarios such as with your consent or for legal claims, etc. We will inform you before lifting a restriction.
· Right to Data Portability: You have the right to receive certain personal data from us in a structured, commonly used, machine-readable format, and to transmit that data to another controller, where the processing was carried out by automated means and is based on your consent or the performance of a contract. In plain terms, this applies to data you provided to us (like your account information or content) and that we process electronically. Upon your request, we will provide you with a file of such data (for example, a CSV or JSON export of your basic account details and content). Where feasible, if you request, we may directly transmit the data to another service provider at your direction. Note that portability does not apply to data that is inferred by us or derived (like internal analytics or profiles we generate).
· Right to Object: You have the right to object to certain processing activities. You can object at any time to our processing of your personal data for direct marketing purposes – if you do so, we will stop using your data for marketing. This is an absolute right. You can also object to processing based on legitimate interests (or task in public interest) – in such cases, we will review your objection and will stop processing the data unless we can demonstrate compelling legitimate grounds that override your rights or if the processing is for establishment/exercise/defense of legal claims. Given that some of our processing for advertising and data monetization is based on legitimate interests, you have the right to object to our use of your data for those purposes. If you object, for example, to the use of your data for personalized ads, we will honor that objection by ceasing those activities for your data in the EU context (this might involve removing you from targeted advertising lists and/or limiting data flow to advertising partners). To object, you can contact us and specify which processing you object to.
· Right not to be subject to Automated Decision-Making: GDPR gives you the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or similarly significant effects on you, unless it’s necessary for a contract, authorized by law, or based on your explicit consent. Cheeky-Fit does not engage in any such automated decisions with legal or significant impact (like credit approval or hiring decisions done by algorithm). While we do some profiling for advertising, it does not have a legal or similarly significant effect on you – it just influences the ads/content you see. However, we respect that you can object to profiling for marketing via the right to object (as noted above).
Exercising Your GDPR Rights: To exercise any of these EU/UK rights, please contact us at our designated contact (see Contact Us section). We may need to verify your identity before fulfilling your request (to ensure we don’t disclose or modify data to the wrong person). We will respond within one month of receiving a request. If necessary, we may extend the response time by an additional two months for complex requests, but we will inform you of this and explain why. There is no fee for making a request, but if your requests are manifestly unfounded or excessive (e.g., repetitive), we may either charge a reasonable fee or refuse to act (permitted under GDPR)[8][9] – but we will provide an explanation if that situation arises. You also have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe we have infringed your privacy rights. We encourage you to first reach out to us so we can address your concerns directly.
B. Rights of California Residents (CCPA/CPRA)
If you are a resident of California, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights (effective as of 2023) are designed to give you greater control over your personal information. They include:
· Right to Know: You have the right to request that we disclose what personal information we have collected about you, as well as details about our data practices. This is sometimes called an Access Request. Under the CCPA/CPRA, you may request that we provide you with: (1) the categories of personal information we have collected about you; (2) the specific pieces of personal information we have collected about you (a data portability request); (3) the categories of sources from which we collected the information; (4) the business or commercial purposes for collecting, selling, or sharing that information; (5) the categories of third parties with whom we have disclosed your personal information; and (6) if we sold or shared personal information, the categories of personal information and categories of third parties to whom the information was sold or shared[10][11]. You have the right to request this information for the 12-month period preceding your request (and for information collected on or after January 1, 2022, you can request beyond 12 months to the extent available, per CPRA). You may make a request up to twice in a 12-month period, free of charge[12]. When we receive a verifiable request to know, we will provide the responsive information in a portable and (if you request) readily usable format (often this means we will send you a report via email or secure download).
· Right to Delete: You have the right to request that we delete personal information we have collected from you. Upon receiving a verifiable deletion request, we will delete (and instruct our service providers to delete) your personal information from our records, unless an exception applies[13]. Deletion exceptions under CCPA/CPRA include, for example: if the information is needed to complete the transaction for which it was collected or to provide a good or service you requested; to detect security incidents, protect against malicious activity or prosecute those responsible; to debug/repair errors; to exercise free speech or ensure another’s exercise of free speech; to comply with a legal obligation; or for certain internal uses that are compatible with the context of collection (such as internal analytics). If we deny a deletion request in part or whole due to an exception, we will inform you of the reasons. Note that if you have an account, deleting your data typically means we will also need to deactivate your account (since we cannot maintain your account without processing your data). We will make that clear during the process.
· Right to Opt-Out of Sale or Sharing: You have the right to direct us not to sell your personal information to third parties, or to stop “sharing” your personal information for cross-context behavioral advertising[14]. “Selling” is defined broadly to include any disclosure of personal info to another business or third party for monetary or other valuable consideration[2]. “Sharing” (a concept introduced by CPRA) refers to disclosing personal info to a third party for cross-context behavioral advertising (targeted advertising) regardless of money changing hands. As described in the Sharing and Selling section, Cheeky-Fit does sell and share personal information (such as device IDs, usage profiles, etc.) with advertising and data partners. By law, we have to provide a mechanism for you to opt out of these activities. How to opt out: We have a “Do Not Sell or Share My Personal Information” link available on our website and within the app settings. By clicking that link or button, you will be guided through the process (which may involve confirming your identity or preferences) to register your preference that we not sell or share your data. You may also utilize an authorized agent to submit an opt-out request on your behalf (with appropriate proof of authorization). Additionally, if your browser or device is configured with a Global Privacy Control (GPC) signal, which is a mechanism that communicates an opt-out preference (often through a browser extension or setting), our website will honor that as a valid opt-out of sale/sharing request[15][16]. Note: GPC signals apply to web-based data collection; if you also use our mobile app, we recommend using the in-app opt-out or contacting us to ensure we capture your choice for the app data as well. Once you opt out, we will stop selling or sharing your personal info. If you later opt back in (for instance, if you initiate a transaction that requires sale of data, or if you toggle a preference), we will resume those practices until you opt out again. If you are under 16: We do not knowingly sell or share data of consumers we know to be under 16. We will never knowingly sell/share data of consumers under 16 without affirmative authorization (opt-in consent) as required by CCPA/CPRA.
· Right to Correct: As of January 1, 2023, California residents also have the right to request correction of inaccurate personal information we maintain about them[17]. If you believe any personal information we have is incorrect, you can submit a request for correction. Upon a verified request, we will use commercially reasonable efforts to correct the inaccurate information. In some cases, we may need additional context or documentation from you to verify the correct information (especially if we have conflicting information on record). If we cannot verify your identity or the accuracy of the new information, or if an exception applies, we may deny the request with explanation.
· Right to Limit Use of Sensitive Personal Information: CPRA gives consumers the right to limit our use or disclosure of “sensitive personal information” (SPI) if we use it for purposes beyond certain allowed purposes (such as providing the service). Sensitive personal info under California law includes things like precise geolocation, race/ethnicity, health info, biometric identifiers, etc[18]. In Cheeky-Fit’s case, the main sensitive info we might collect is precise geolocation (if you allow it) or possibly health-related data if you input it. We primarily use precise location to provide features to you (like mapping your run) and for limited analytics/ads. If you are a California user and you prefer that we limit the use of sensitive data to only what’s necessary to provide the service to you, you can submit a “Limit Use of My Sensitive Personal Information” request (we include this option alongside the Do Not Sell link, or you can contact us). When you exercise this right, if we are using sensitive data for additional purposes (like to build an advertising profile), we will stop doing so. For example, we would cease using your precise location for anything other than providing you with location-based features you request. Note: We do not use sensitive data for purposes like inferring characteristics or advertising if you opt to limit; any ads would be generalized. If we do not actually collect or use sensitive info beyond what’s necessary, we may reply that there’s no additional use to limit.
· Right of Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights[19][20]. This means we will not deny you our services, charge you different prices, or provide a different quality of service just because you exercised privacy rights. However, please note that opting out of sale/sharing or limiting certain uses may affect some features (for example, if you opt out of sale/sharing, you will still see ads but they will be less relevant, and some analytics or referral programs that rely on sharing data might be impacted). Any difference in service is a result of the changed data practices, not an punitive action against you. In certain cases, the CCPA allows offering financial incentives that involve different prices/rates for allowing data collection (e.g., a loyalty program). We do not currently offer any such programs. If we ever do, we will present terms and get opt-in consent from you, and you can revoke it at any time.
Exercising CCPA/CPRA Rights: To make a request to know, access, delete, correct, or opt-out, you (or your authorized representative) can use the following methods:
· Online (Recommended): Use the Privacy Settings or “Do Not Sell/Share” link in our app or on our website. For access/deletion/correction requests, we have a web form available at cheeky.fit/privacy-requests (URL hypothetical) where you can securely submit your request. Within the app, you may go to Settings > Privacy and find options to request your data or delete your account.
· Email: You may also email us at privacy@cheekyfit.com with your request details. Please include your name, the email associated with your Cheeky-Fit account (if any), and specify the request (e.g., “California Access Request” or “California Deletion Request”). If an authorized agent is emailing on your behalf, they must provide proof of their authorization (such as a signed permission from you or power of attorney) and we may still verify with you directly.
· Verification: For any request that is not an opt-out, we are required by law to verify that the person making the request is actually you (or your authorized agent). For account holders, verification is typically done by logging into the account or responding to a verification email. For non-account requests, we may ask for two or three pieces of personal information that we can match against our records (for example, last 4 digits of a phone number on file, or other profile info). We will use the information solely for verification. If we cannot verify your identity to a reasonable or high degree of certainty (depending on the data sensitivity), we will not be able to fulfill the request, and will notify you.
· Response Timing: We will confirm receipt of your request within 10 business days and provide information on how we will process it. We aim to respond substantively within 45 calendar days of receiving your request. If necessary, we may take a one-time extension of an additional 45 days (for a total of 90 days) but if so, we will inform you of the reason and length of the extension. For opt-out requests, we will comply as soon as feasibly possible (usually within a few days of receipt, and at most 15 business days as required by law).
· Scope of Data: Our response will cover the 12-month period preceding the verified request, unless you request data beyond 12 months and we are able to provide it (CPRA allows requests beyond 12 months in some cases). We will provide the information in a portable format (typically JSON or PDF). For deletion requests, we will either confirm deletion or explain what was deleted and what we retained (if something was retained under an exception). For correction, we will confirm when corrected or explain if we could not.
· Limitations: Certain information we collect may be exempt from the CCPA rights (for example, data subject to federal laws like HIPAA, if that applied, or data we handle as a service provider on behalf of others). Cheeky-Fit is a consumer app, so generally these exemptions won’t apply. But if any do, we will make that clear in our response.
If you have any issues or concerns with how we handled your request, you can contact us for further resolution. You also have the right to contact the California Privacy Protection Agency (CPPA) or the California Attorney General if you believe we have violated CCPA.
C. Other Choices for All Users
Regardless of where you live, we offer some universal choices to control your data:
· In-App Privacy Settings: We provide controls within Cheeky-Fit’s settings (Privacy section) where you can manage certain preferences. For example, you can toggle certain data sharing features on or off. We have an option to opt out of personalized ads within the app; enabling this will inform us to not use your data for targeting (we will then only serve generic ads). We also allow you to disable location collection after the fact (you can revoke location permission via your device settings, or use our in-app toggle if provided). If you granted us access to contacts or other integrations, you can disconnect those in the app settings at any time.
· Ad Preferences and Global Opt-Outs: Many advertising partners are part of industry self-regulation programs. You can opt out of targeted ads from participating companies via tools like the Digital Advertising Alliance (DAA) opt-out (optout.aboutads.info) or the Network Advertising Initiative (NAI) opt-out (optout.networkadvertising.org) for web-based tracking. For mobile apps, you can use the DAA’s AppChoices app to opt out of cross-app advertising from participating networks. These methods will send signals to limit data sharing with those ad networks. Additionally, both iOS and Android devices offer system-level settings: Apple iOS – if you enable the “Limit Ad Tracking” (on older iOS) or just deny tracking permission for our app via the App Tracking Transparency prompt, Apple will prevent us from accessing your IDFA and we will comply with that (resulting in no cross-app tracking on that device)[21]. Android – you can opt out of Ads Personalization in Google settings, which instructs apps not to use your advertising ID for building profiles or personalized ads. We respect and implement these system settings. Also, if you set up a Global Privacy Control (GPC) in your browser (for any web-based interactions with Cheeky-Fit, like our site), as mentioned, we treat it as an opt-out signal[14].
· Account Deactivation and Data Deletion: You can always choose to stop using Cheeky-Fit and delete the app. Simply uninstalling the app, however, does not automatically delete your account or data from our servers. If you wish to have your data removed from our active systems, you should use the in-app “Delete Account” feature (found in account settings) or contact us to request deletion (as detailed above for various regions). When you delete your account through the app, we treat that as a verified deletion request and will remove your personal data (except for any information we are permitted or required to retain as described in Data Retention below). We will also cease collecting any new data via the app once you’ve logged out and deleted it. Keep in mind that after deletion, we won’t be able to recover your account or any content you added.
· Communication Preferences: If you are receiving marketing emails or newsletters from us, you can opt out at any time by clicking the “unsubscribe” link at the bottom of those emails. You can also manage email preferences in your account settings if available. For push notifications on your device, you can disable them via the app’s settings or your device’s notification settings for Cheeky-Fit. Note that even if you opt out of marketing messages, we may still send you service-related communications (like important account or security notices).
· Cookies and Tracking on Website: If Cheeky-Fit has a web presence (like a marketing site or web portal), we will display a cookie banner or preference center allowing you to manage cookies. You can usually choose to accept only essential cookies and decline analytics/advertising cookies. Also, you can control cookies through your browser settings by deleting or blocking them. For our app, as mentioned, similar technologies can be opted out of through the device settings or in-app options.
· Do Not Track: “Do Not Track” (DNT) is a older browser setting that signals a preference not to be tracked across websites. Currently, there is no standard interpretation of DNT signals in the mobile app context, and we do not respond to DNT on our website beyond what GPC covers. Instead, we focus on the explicit privacy controls described above.
We are committed to making these controls accessible and user-friendly. If you have any difficulty finding or using a privacy setting, please reach out to our support or privacy contact for assistance.
Data Retention
We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice, this means:
· For active users: We will keep your information for as long as your account exists or as long as needed to provide you services. Your account data and content remain on our systems until you or we delete your account. There is no set expiration date – we assume you want us to retain your data to continue providing the service. This includes your profile information, settings, and any content or interactions (posts, messages, etc.) you have in the app. We also keep ongoing logs of your activities for purposes like analytics, although some logs may be rotated or summarized over time.
· If you deactivate or delete your account: When you request account deletion (or if we delete it due to inactivity or violation of terms), we will delete or anonymize your personal data in our production systems within approximately 30 days, unless otherwise required. However, certain data may persist in backup archives for up to 90 additional days or more. We maintain backups to ensure we can recover from disasters, and it is impractical to remove individual user data from these backups. Rest assured, backup data is protected and used only for restoration purposes. After the retention period, backups that include your data will be destroyed in the normal course of our backup lifecycle.
· Content you have shared: If you posted content or communicated with others on Cheeky-Fit, copies of that content might remain visible to others (for example, a comment you made on someone else’s post) even after you delete your account, similar to how a forum post might remain but under an anonymized name. We may dissociate your name from such content if you delete your account, but we might not purge the content if it’s integral to another user’s experience. However, we give users a way to delete content they have control over, and if something remains that you want removed, you can contact us.
· Legal and business retention: We may retain certain information for legal compliance or legitimate business purposes even after account deletion. For example, we might retain transaction records (if any financial transactions occurred) for accounting and tax purposes. We retain records of privacy requests and consents/opt-outs to demonstrate compliance with law. If we banned an account for malicious behavior, we might keep information necessary to identify that individual to prevent re-registration (legitimate interest in preventing fraud/abuse). Also, if there’s any litigation or legal claim, we’ll retain data pertinent to that as required. Typically, these retention needs are evaluated on a case-by-case basis and aligned with the statute of limitations or regulatory requirements.
· Aggregated or anonymized data: We may retain data that has been aggregated or anonymized such that it’s no longer associated with any identifiable user. For instance, overall usage statistics or market insights derived from user data may be kept indefinitely, as they no longer constitute personal information. We use this for historical analysis, business reporting, and product development.
· Email and communications: If you contacted us via support or email, we may retain those communications for a period (to track our relationship, any complaints, etc.). Typically support emails are kept for a couple of years at most, unless needed longer.
· Review Periods: We periodically review our stored data and our retention policies. We aim not to keep personal data longer than necessary. When data is no longer needed, we will ensure it is securely deleted or anonymized. For example, if you registered an account but then didn’t verify or use it, we might purge that unactivated account after a set time (say, 12 months). Or we might drop precise location logs after a certain timeframe and only keep generalized trends.
In summary, we try to align retention with the principle of storage limitation (GDPR) and practical business needs. If you have specific questions about how long a certain type of data is kept, you can contact us for more detail.
Data Security
We take the security of your personal information seriously and implement reasonable and appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of your data. Our security program includes:
· Encryption: We use encryption to protect data in transit and at rest. All communications between your app and our servers are encrypted using HTTPS/TLS protocols. This means that personal data (like login credentials, content, etc.) is transmitted securely over the internet. Sensitive data in our databases is encrypted at rest where feasible (for instance, passwords are stored hashed and salted, not in plain text). We also encrypt certain fields or backups containing personal info.
· Access Controls: We limit access to personal data to employees, contractors, and service providers who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations. Internal access to systems is protected via authentication, and we segment our network and databases to ensure that access is only via secure channels. We also employ measures like two-factor authentication for administrative access to our systems where possible.
· Monitoring and Testing: Our systems are monitored for security events and we maintain logs of access to detect any anomalies. We employ firewall protection and intrusion detection systems. We also conduct periodic security assessments and penetration testing (either internally or with external experts) to find and address vulnerabilities. Our software development lifecycle incorporates secure coding practices and code reviews for security issues.
· Third-Party Security: When we use third-party service providers (such as cloud hosting or analytics), we vet their security practices and ensure they commit to protecting our data. We also utilize features provided by those services (like database encryption or key management services) to enhance security.
· Training and Policies: We have internal policies to safeguard user data and we train our team on data protection best practices. Only authorized personnel have access to systems with user data, and they are trained on confidentiality and security protocols.
· Data Breach Response: Despite precautions, no system is immune to incidents. We have a breach response plan in place. In the event of a data breach that affects your personal information, we will promptly notify affected users and relevant authorities as required by law. We will also take steps to contain and remedy the breach, such as patching vulnerabilities, restoring integrity of data, and supporting users in mitigating any potential harm.
· Account Security: It’s important to note that you also play a role in keeping your data secure. Please maintain a strong, unique password for your Cheeky-Fit account and do not share it. We will never ask you for your password via unsolicited communication. If you suspect unauthorized access to your account, contact us immediately. We offer features like login alert notifications (if a new device logs in) – please pay attention to those and secure your account if something looks suspicious.
· No Guarantee: While we are committed to protecting your data, we cannot guarantee absolute security. No method of transmission over the internet or method of electronic storage is 100% secure. However, we follow industry standards and best practices to minimize risks. You acknowledge that there is some inherent risk in transmitting information via the internet, and we are not responsible for circumvention of any privacy settings or security measures on our platform by other users or third parties.
By using Cheeky-Fit, you entrust us with your data, and we strive to justify that trust by continuously improving our security measures. If you have questions about security or if you believe your Cheeky-Fit account or data might have been compromised, please contact us immediately using the information in the Contact Us section.
International Users
Cheeky-Fit is a global service. By using the app, you understand that your personal data may be processed in countries outside of your home country. Specifically, our servers are primarily in the United States, and our third-party partners may be located worldwide (for example, advertising or analytics partners could be in the EU, US, or Asia). This means your data might be subject to jurisdictions with different data protection laws. We have detailed in the GDPR section how we handle data transfers for EU users. For users in other regions (e.g., Canada, Australia, India, etc.), we similarly ensure that we comply with any local law requirements and provide appropriate protections.
If local laws grant you specific privacy rights (for instance, some other U.S. states like Virginia, Colorado, etc., have enacted privacy laws with rights similar to CCPA; or countries like Brazil (LGPD) and Canada (PIPEDA) have their own frameworks), we will honor legitimate requests under those laws as well. For example, if you’re in a U.S. state with an “opt-out of targeted advertising” right, our Do Not Sell/Share mechanism will cover that. If you’re in a country that requires a legal basis for processing similar to GDPR, you can refer to our GDPR section as to how we justify processing. Generally, we apply a universal standard of transparency and control, so even if your jurisdiction doesn’t mandate it, we try to provide the ability to access, delete, or opt out as described above.
Platform-Specific Disclosures (Apple App Store & Google Play)
Cheeky-Fit is distributed through the Apple App Store (for iOS devices) and Google Play Store (for Android devices). We adhere to the privacy requirements of these platforms, and this section highlights how we comply and what that means for you:
Apple App Store (iOS) Compliance:
· App Privacy “Nutrition Labels”: Apple requires every app to provide a summary of its privacy practices (the “App Privacy” section on the App Store product page). We have accurately filled out that information for Cheeky-Fit, disclosing the categories of data we collect (such as contact info, identifiers, usage data, location, etc.), and whether those are used for tracking or linked to you. This Privacy Policy provides the full details behind that summary. Apple’s guidelines mandate that the privacy policy must clearly identify data collected and its uses[22], and we have done so in sections above. The information we provided to Apple’s App Store is consistent with what you’ve read here. If you have viewed our App Store listing, you likely saw statements like “Data Used to Track You” and “Data Linked to You” for various categories – those reflect our use of third-party tracking (for ads/analytics) and linking data to your identity for functionality.
· App Tracking Transparency (ATT): Starting with iOS 14.5, Apple’s AppTrackingTransparency framework requires that we obtain your permission via a system prompt before tracking you across apps and websites owned by other companies for advertising purposes. “Tracking” in this context means, for example, linking your Cheeky-Fit data (or an ad identifier) with data from other apps/websites for targeted advertising or advertising measurement. Cheeky-Fit complies with this requirement: If we attempt to access your device’s IDFA (Identifier for Advertisers) or perform any tracking, you will see a prompt saying “[App] would like permission to track you across apps and websites owned by other companies”. You can choose “Allow” or “Ask App Not to Track”. We will abide by your choice. If you allow tracking, we will enable third-party advertising SDKs to collect your identifier and data for personalized ads, and these third parties may track you across other apps. If you deny tracking, we will not share your identifier or any information in a way that falls under Apple’s definition of tracking on that device[21]. You will still see ads, but they will be contextual or generic. Please note, even if you deny tracking, we may still collect data for our own analytics or to serve contextual ads – but we won’t connect it to third-party data for targeted ads. Apple may also enforce that we not track even via alternative means, and we respect that. In short, Cheeky-Fit does not circumvent the ATT prompt: we require opt-in consent via Apple’s APIs for any user-level tracking for advertising[23]. Apps that share user data without consent or not in compliance with privacy laws can be removed from the App Store[24], and we ensure our practices align with Apple’s policies.
· Permissions and Data Access: Apple guidelines also demand that apps request access only to data that’s needed for core functionality and to be transparent about those uses[25][26]. In Cheeky-Fit, we will prompt you for permissions such as Location, Contacts, Photos, Camera, Motion sensors, or other device features when those features are relevant. The iOS permission dialogs will have messages explaining why we need the access (we strive to make them clear, e.g., “Cheeky-Fit needs location to map your workouts”). You have the choice to grant or deny each permission. If you deny, we will either disable the related feature or offer a workaround if possible (for instance, not granting Contacts means you simply won’t be able to find friends by contacts, but you can manually invite them). We will respect your iOS privacy settings at all times – for example, if you deny Location, we won’t attempt to collect it in secret (and Apple would likely block it anyway). Apple’s review guidelines explicitly prohibit surreptitious data collection[27], so we do none of that. Also, we don’t condition using the app on you granting all permissions – you can use Cheeky-Fit with minimal permissions if you want, albeit with limited functionality.
· Third-Party SDK Compliance: We confirm that any third-party analytics or advertising SDKs in our iOS app are implemented in compliance with Apple’s requirements. For instance, Apple forbids the use of certain data (like information from other apps or contact lists) for building user profiles to sell[28]. We do not use any prohibited techniques (like scanning your device for other installed apps for analytics/ads purposes, which Apple disallows[29]). Our advertising SDKs (if any) only collect data you’ve permitted and that we’ve disclosed. We’ve also ensured that no HealthKit or sensitive data is shared with third parties in violation of Apple’s rules (if our app reads any Apple Health data, we use it solely for your benefit in the app, not for advertising – Apple requires explicit user consent for health data usage and prohibits selling HealthKit data[30], which we comply with).
· Privacy Policy Accessibility: Per Apple’s rules, we have made this Privacy Policy accessible both on our website and from within the app. In the iOS app, you can find a link to this policy in the Settings or About section, easily reachable for users[31]. If you’re reading this in the app, thank you for taking the time to do so.
· Data Security Commitment: Apple’s guidelines ask developers to declare that they secure user data[32]. We have detailed our security measures in the Data Security section above. We fulfill Apple’s requirement by implementing appropriate technical and organizational measures to safeguard user data collected through the app[32].
Google Play Store Compliance:
· Google Play Data Safety Section: Google Play requires developers to disclose their data collection, sharing, and security practices in the app listing’s “Data Safety” section. We have completed the Data Safety form in Google’s Play Console accurately, reflecting Cheeky-Fit’s practices regarding what data we collect, how we use it, whether we share it, and what security measures we take (such as encryption). This information is displayed on our app’s Google Play listing for you to review before installation[33][34]. The categories and purposes we disclosed align with what is written in this Privacy Policy. For example, we indicated that we collect location, personal info, and other data types, and that we share data for advertising purposes. We also indicated that we encrypt data in transit (which we do via HTTPS) and that users can request deletion of their data[35]. Our goal is full transparency on Google Play’s platform, which echoes this policy. If any discrepancy is found between our Data Safety form and this policy, please bring it to our attention so we can correct it – we understand we are responsible for the accuracy of those disclosures and compliance with Google’s policies[36][37].
· Privacy Policy Availability: Google Play mandates that apps post a privacy policy both on the store listing and accessible in-app[38]. We have provided a link to this Privacy Policy in our Play Store listing, and within the app’s settings menu[38]. This ensures you can always find detailed info about our data practices.
· Google Play User Data Policies: We comply with Google’s Developer Policy on user data. In particular, Google requires that apps are transparent about how they handle user data (collection, use, sharing) and that we limit our use of data to the purposes disclosed[1]. As you have seen, our policy is very explicit about our purposes. We do not use data in ways we haven’t described to you. Google also has specific prohibitions, for example on handling sensitive data like financial or ID numbers – Cheeky-Fit doesn’t handle those categories, but if we did, we would abide by those restrictions[39].
· Consent and Prominent Disclosure: Google’s policies require that for certain sensitive data access (like accessing device location in the background, or using the microphone/camera), the app must provide an in-app disclosure and obtain consent from the user, separate from general terms[40]. We fulfill this by giving clear prompts when enabling such features. For example, if we ever run location in the background, we would show a persistent notification or a clear explanation in-app aligning with Google’s guidelines, and of course the Android OS itself will ask for permission which we respect. We avoid bundling privacy disclosures with unrelated information – any prompt about data access will be standalone (not hidden in, say, a lengthy tutorial).
· Third-Party Code Compliance: Google expects developers to ensure that any third-party SDKs or code in the app also comply with its policies[39]. We have reviewed the SDKs in Cheeky-Fit (advertising, analytics, etc.) to ensure they don’t violate Google Play rules regarding personal and sensitive information. For example, Google forbids developers from selling personal and sensitive user data. While Cheeky-Fit does sell user data as described, we do so in a way that is disclosed and compliant with privacy laws – Google’s stance is mainly that you must disclose it and not violate any specific category restriction. We believe our implementation is compliant, but we remain vigilant: if any third-party SDK were to misbehave (like collecting data beyond what we agreed), we would take prompt action (update or remove it) to stay in compliance.
· ATT vs. Google: Unlike Apple, Google currently does not have a system-wide ATT prompt for apps. Instead, Google relies on the Data Safety disclosure and their own advertising ID rules. On Android, if you have opted out of Ads Personalization at the device level, Google signals that to us by providing a string of zeros as an Advertising ID. We honor that by not using that ID for ad targeting. Google’s policies also state that if a user opts out of personalized ads, we should not attempt to derive or track an identifier for them for advertising purposes (and we do not).
· Compliance with Laws: Google Play explicitly requires that apps comply with all applicable privacy laws and regulations in the regions they operate[41]. By following GDPR, CCPA, and others as described, we are also meeting this obligation. We remain aware of changes in legal requirements and will update our app and policies accordingly to maintain compliance on Google Play.
In summary, our presence on Apple’s App Store and Google Play means we meet their high standards for privacy transparency and user control. We have explicitly disclosed our data collection and sharing practices to both Apple and Google[1][22], and we follow required protocols like ATT on iOS and Data Safety on Android to give you, the user, clarity and choice. If you believe our app is not adhering to the promises made in the App Store or Play Store disclosures, please let us know – both users and the platforms themselves help hold developers accountable, and we welcome that accountability.
Children’s Privacy
Cheeky-Fit is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13, please do not use the app or submit any information about yourself. If we learn that we have inadvertently collected personal data from a child under 13, we will delete that information as quickly as possible. Parents or guardians who believe their child may have provided us personal information can contact us (see Contact Us below) to request deletion of that data.
For users between 13 and 18 (or the age of majority in your jurisdiction): If you are a minor but old enough to use the app (for example, 13+ in the US, or 16+ in the EU for consent in some cases), you should review this Privacy Policy with your parent or guardian to make sure you both understand it. We strongly encourage young users to exercise caution and not share any information in the app that could directly identify them or that is overly sensitive.
California minors: If you are a California resident under 18 and a registered user of Cheeky-Fit, California law (Business & Professions Code § 22581) permits you to request removal of content or information you have publicly posted. If you fit this description and wish to remove such content, please contact us with specifics of what you want removed. We will make reasonable good faith efforts to remove (or anonymize) the post from public view, or to the extent required by law. Keep in mind this does not ensure complete removal (for example, if someone else re-posted your content, or if it’s stored in backup, it may persist in some form).
Under 16 – Sale of Data: As noted, we do not knowingly sell personal information of consumers under 16 years of age. In the event we become aware that a user under 16 is using the app, we will refrain from selling or sharing their data unless we obtain appropriate consent (for ages 13-15, that would be the user’s opt-in; for under 13, that would be parental consent). We comply with the CPRA’s requirement to treat lack of opt-in from ages 13-15 as an opt-out (meaning default no sale)[42]. Practically, since we don’t allow under 13 at all, and we currently don’t have age gating for 13-15 beyond assuming users are older when signing up, if we ever identify a user as 13-15, we would prompt for an affirmative consent for data sale or stop processing their data beyond what’s needed for the service.
COPPA (Children’s Online Privacy Protection Act): We abide by COPPA which governs data collection from children under 13 in the U.S. We do not intentionally collect such data, and thus we don’t seek parental consent. Our app is not directed at kids. If in the future we decided to create a version of Cheeky-Fit for a younger audience, we would implement COPPA-compliant practices, but as of now we target a general audience mostly 18+ or at least 16+.
Parents and guardians: If you have any questions or concerns about your child’s use of our app or our data practices, please contact us. We will be happy to delete any information related to a minor that is stored in our systems if you make such a request and we verify the request is from a legitimate parent/guardian.
Changes to This Privacy Policy
We may update or modify this Privacy Policy from time to time to reflect changes in our data practices, technology, legal requirements, or for other operational reasons. When we make changes, we will post the updated policy here with a new “Last Updated” date at the top. If the changes are significant, we will provide a more prominent notice – for example, we might display an in-app notification or send you an email (if we have your email on file) informing you of the update. Significant changes could include, for instance, using your data for new purposes not previously identified, or making material changes to your rights.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Cheeky-Fit after any changes to this Privacy Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with any updates or modifications, you should stop using the app and can request us to delete your data.
For historical reference or regulatory compliance, we will maintain archives of previous versions of this policy and can provide them upon request (or link to them if we have a version control on our website).
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:
Cheeky-Fit, Inc. Attn: Privacy Team (Data Protection Officer) 1234 Fitness Ave, Suite 567 San Francisco, CA 94105, USA
Email: privacy@cheekyfit.com (For privacy-specific inquiries or rights requests. For general support, you might use support@cheekyfit.com, but privacy email will also be monitored for any privacy-related matters.)
We will respond to your inquiries as soon as reasonably possible, generally within 30 days. If you are contacting us to exercise a specific legal right (like a data access or deletion request), please make sure to mention the jurisdiction you are in (e.g., “I am an EU user exercising GDPR right of access”) so we can process it under the correct framework.
You also have the right to lodge a complaint or question with a regulatory authority. For EU users, this would be your local Data Protection Authority (a list can be found on the European Data Protection Board’s website). For UK users, it’s the Information Commissioner’s Office (ICO). For California users, you can contact the California Privacy Protection Agency or the state Attorney General’s office. We would appreciate the chance to address your concerns directly first, but you absolutely have these rights.
Thank you for taking the time to read our Privacy Policy. We tried to be as clear and comprehensive as possible, given the extensive data practices of Cheeky-Fit. Our goal is to give you both transparency and control. We understand that our app’s approach to data is broad, and we’ve designed this policy to meet legal requirements while plainly disclosing what we do. We remain committed to respecting your privacy rights and ensuring compliance with all applicable laws and platform policies as our service evolves.
[1] [35] [38] [39] [40] [41] Google to Require Apps to Display “Data Safety” Information by July 20, 2022 | Privacy World
https://www.privacyworld.blog/2022/05/google-to-require-apps-to-display-data-safety-information-by-july-20-2022/
[2] [3] [4] [7] [42] CPRA Do Not Sell or Share My Personal Information : Definition - Securiti
https://securiti.ai/blog/cpra-do-not-sell-definition/
[5] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] App Review Guidelines - Apple Developer
https://developer.apple.com/app-store/review/guidelines/
[6] [8] [9] Respect individuals’ rights | European Data Protection Board
https://www.edpb.europa.eu/sme-data-protection-guide/respect-individuals-rights_en
[10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] California Consumer Privacy Act (CCPA) | State of California - Department of Justice - Office of the Attorney General
https://oag.ca.gov/privacy/ccpa
[33] [34] [36] [37] Provide information for Google Play's Data safety section - Play Console Help
https://support.google.com/googleplay/android-developer/answer/10787469?hl=en
