Privacy Policy

1. Introduction

Shocktopus Limited ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile applications ("Apps") on iOS and Android platforms.

We are a company registered in the United Kingdom and comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide to Us

We may collect information that you voluntarily provide when using our Apps, including:

• Account registration details (name, email address, username)
• Profile information
• User-generated content
• Communications with us
• Payment information (processed through third-party payment processors)
• Health data such as sleep, steps, and heart rate (used to update leaderboards automatically)
• Activity data to track excercises

2.2 Information Collected Automatically

When you use our Apps, we may automatically collect:

• Device information (device type, operating system, unique device identifiers)
• Usage data (features used, time spent, interactions)
• Log data (IP address, access times, app crashes)
• Location data (with your permission)
• Advertising identifiers (IDFA on iOS, AAID on Android)
• Health data where applicable on iOS and Android, from either the device or via a connected fitness tracker

2.3 Information from Third Parties

We may receive information from:

• Social media platforms (if you connect your account)
• Analytics providers
• Advertising partners
• Payment processors

3. How We Use Your Information

We use your information for the following purposes:

• To provide and maintain our Apps – enabling core functionality and features. Passed Self uses health data to track your performance against yourself. No further processing of health data is undertaken
• To improve our Apps – analysing usage patterns and enhancing user experience
• To communicate with you – sending notifications, updates, and support responses
• To personalise your experience – tailoring content and recommendations
• To process transactions – handling in-app purchases and subscriptions
• To ensure security – detecting fraud and preventing abuse
• To comply with legal obligations – meeting regulatory requirements
• To deliver advertising – showing relevant advertisements (with your consent where required)

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Consent – for marketing communications, certain cookies, and advertising
• Contract performance – to provide our Apps and services you've requested
• Legitimate interests – to improve our Apps, prevent fraud, and conduct analytics
• Legal obligation – to comply with applicable laws and regulations

5. Data Sharing and Disclosure

We may share your information with:

5.1 Service Providers

Third-party companies that assist us with:

• Cloud hosting and storage
• Analytics and app performance monitoring
• Customer support services
• Payment processing

5.2 Advertising Partners

With your consent, we may share advertising identifiers with advertising networks to deliver personalised advertisements. You can opt out of personalised advertising through your device settings.

5.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes
• Enforce our terms and conditions
• Protect our rights, property, or safety
• Prevent fraud or security threats

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

6. International Data Transfers

Your information may be transferred to and processed in countries outside the United Kingdom. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the UK authorities
• Adequacy decisions recognising equivalent data protection standards
• Other legally approved transfer mechanisms

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specific retention periods include:

• Account data: retained whilst your account is active, plus up to 12 months after deletion
• Transaction records: retained for 7 years for accounting and tax purposes
• Marketing data: retained until you withdraw consent or we no longer have a legitimate interest

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of access – request copies of your personal data
• Right to rectification – request correction of inaccurate data
• Right to erasure – request deletion of your data in certain circumstances
• Right to restrict processing – request limitation of processing in certain situations
• Right to data portability – receive your data in a structured, machine-readable format
• Right to object – object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making – not be subject to decisions based solely on automated processing

To exercise these rights, please contact us at karl.daw@shocktopus.co.uk. We will respond within one month of your request.

9. Children's Privacy

Our Apps are not intended for children under the age of 13 (or under 16 in some jurisdictions). We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will delete it.

10. iOS and Android Specific Provisions

10.1 iOS (Apple)

• We comply with Apple's App Store Review Guidelines and Apple's Developer Programme Licence Agreement
• We request permissions through iOS permission dialogues before accessing sensitive data (location, photos, camera, etc.)
• You can manage permissions through Settings > Privacy on your iOS device
• For personalised advertising, you can use "Limit Ad Tracking" in your device settings
• We use Apple's App Tracking Transparency framework where required

10.2 Android (Google)

• We comply with Google Play's Developer Programme Policies
• We request permissions through Android's runtime permission system
• You can manage permissions through Settings > Apps on your Android device
• You can opt out of personalised advertising through Settings > Google > Ads
• We comply with Google Play's Families Policy if our App is directed at children

11. Cookies and Tracking Technologies

Our Apps may use cookies, pixels, SDKs, and similar technologies to:

• Remember your preferences
• Analyse app performance
• Deliver personalised content and advertising

You can manage tracking preferences through your device settings. Please note that disabling certain technologies may limit app functionality.

12. Third-Party Services

Our Apps may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Secure data storage facilities

However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting a notice in our Apps
• Sending an email notification
• Updating the "Last Updated" date at the top of this policy

Your continued use of our Apps after changes become effective constitutes acceptance of the revised policy.

15. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

16. Supervisory Authority

You have the right to lodge a complaint with the UK's supervisory authority: