top of page

Політика конфіденційності

Політика конфіденційності - це заява, яка розкриває деякі або всі способи, якими веб-сайт збирає, використовує, розкриває та керує даними своїх відвідувачів і клієнтів. Це відповідає вимогам законодавства щодо захисту конфіденційності відвідувачів або клієнтів.

Країни мають власні закони з різними вимогами до юрисдикції щодо використання політики конфіденційності. Переконайтеся, що ви дотримуєтесь законодавства, що стосується вашої діяльності та місця розташування. 

1. Definitions

1.1 "Data Controller": Refers to Flawfood LLC, a limited liability company registered under the laws of Ukraine, with headquarters at Ukraine, 54028, Mykolayiv Oblast, Mykolayiv, Kosmonavtiv Street, Building 77a, Apartment 87.
1.2 "Data Processor": Refers to Denys Kanin, an individual residing at Ukraine, 54028, Mykolayiv Oblast, Mykolayiv, Kosmonavtiv Street, Building 77a, Apartment 87.
1.3 "Flawfood app": Refers to the wellness tracking application provided by Flawfood LLC.
1.4 "Personal Data": Refers to any information relating to an identified or identifiable natural person ("data subject") as described in the documentation provided by Flawfood LLC.

2. Responsibilities of Data Processor

2.1 Data Processor shall process Personal Data as instructed by Data Controller, solely for the purpose of providing the Flawfood app and related services.
2.2 Data Processor shall ensure that access to Personal Data is restricted to authorized personnel who are bound by confidentiality obligations.
2.3 Data Processor shall implement appropriate technical and organizational measures to ensure the security and confidentiality of Personal Data, as described in the "Technical and Organizational Measures" section of the DPA.

3. Data Processing

3.1 Data Processor shall process Personal Data, including but not limited to:

  • Level of day-to-day activity

  • Age

  • Gender

  • Weight

  • Height

  • Logged Meals

  • Logged Hunger Score

  • Logged Fullness Score

  • Logged Mood Score

  • Note

  • Logged Breathing Exercise

  • Streak of activity within the app

  • Events

3.2 The processing of Personal Data is carried out for the purposes of providing wellness tracking services, improving user experience, and enhancing app functionality.

4. Transfer of Personal Data to Third Parties

4.1 Data Processor may transfer Personal Data to third-party service providers to enhance user experience, improve app functionality, and ensure smooth operation.
4.2 Third-party service providers engaged for these purposes include, but are not limited to:

  • Cloud Service Providers: Cloud infrastructure services such as Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) might be utilized for secure data storage and processing. Data stored within these environments is subject to encryption and access controls.

  • Payment Processors: Third-party payment gateways like Stripe, PayPal, Apple Pay, or Google Pay could handle payment transactions securely, ensuring the protection of financial data and compliance with payment industry standards.

  • Analytics Providers: Services such as Google Analytics, Google Firebase, AppsFlyer, Amplitude, and Mixpanel might be employed to gather insights into app usage patterns and user interactions. While data is often anonymized and aggregated, measures are in place to ensure compliance with data protection regulations.

  • Customer Support Tools: Tools like Zendesk, Intercom, or Drift could be used to provide personalized customer support. Limited user-related information might be shared with these tools to enhance support experiences.

  • Database and Hosting Services: Platforms like Firebase, MongoDB could assist with database management and app hosting, with data protection measures implemented to prevent unauthorized access.

  • Content Delivery Networks (CDNs): CDNs might optimize the delivery of app content, enhancing user experience by reducing load times and improving performance, such as Cloudflare or Amazon CloudFront.

  • Marketing and Advertising Partners: Third parties involved in marketing and advertising activities might receive anonymized or aggregated data for campaign targeting and analysis.

  • Email Service Providers: Partners handling email communications might receive user email addresses to facilitate communication.

4.3 Data Processor ensures that these third-party service providers are carefully selected and engaged under strict data protection agreements to maintain the confidentiality, integrity, and security of the Personal Data.
4.4 Safeguards Data Processor, in collaboration with Data Controller, implements various safeguards to protect Personal Data transferred to third parties, including but not limited to:

  • Data Processing Agreements (DPAs): DPAs outline the responsibilities and obligations of third-party service providers regarding data protection, ensuring alignment with regulations.

  • Encryption: Data transferred to third parties is encrypted using standard encryption protocols during transmission and storage.

  • Anonymization and Aggregation: Data shared with third parties is anonymized or aggregated, where applicable, to prevent user identification.

  • Contractual Obligations: Contracts specify data protection requirements, confidentiality, and breach notification obligations.

5. Data Retention

5.1 Data Processor will retain Personal Data for the period necessary to comply with legal obligations and resolve disputes, up to 365 days post the last session.

6. Technical and Organizational Measures

6.1 Flawfood has implemented comprehensive technical and organizational measures to ensure the security, integrity, and confidentiality of Personal Data processed under this Agreement.
6.2 Encryption:

  • All Personal Data in transit and at rest is encrypted using industry-standard encryption protocols to prevent unauthorized access. This includes encryption during transmission and encryption of stored data.

6.3 Access Controls:

  • Strict access controls and authentication mechanisms are enforced to ensure that only authorized personnel can access sensitive Personal Data.

  • Multi-factor authentication (MFA) is employed to enhance user authentication, reducing the risk of unauthorized access.

6.4 Regular Security Audits:

  • Periodic security audits and vulnerability assessments are conducted to identify and address potential security vulnerabilities.

6.5 Firewalls:

  • Firewalls are utilized to protect the network infrastructure and prevent unauthorized access to systems.

6.6 Intrusion Detection and Prevention:

  • Intrusion detection and prevention systems (IDPS) are implemented to monitor network traffic and system behavior for detecting and preventing suspicious activities.

6.7 Data Minimization:

  • Only necessary and relevant data is collected and processed, minimizing the potential impact of data breaches.

6.8 Data Integrity:

  • Measures are in place to ensure the integrity of data, preventing unauthorized modifications or tampering.

6.9 Employee Training:

  • Ongoing employee training and awareness programs are conducted to educate staff about data security best practices.

6.10 Incident Response Plan:

  • Comprehensive incident response plans are in place to effectively address and mitigate security incidents or data breaches.

6.11 Data Backups:

  • Regular data backups are performed to ensure data availability in case of data loss or system failures.

6.12 Patch Management:

  • Timely application of security patches and updates for software and systems is maintained to address known vulnerabilities.

6.13 Secure Development Practices:

  • Secure coding practices are followed during application development to prevent common security vulnerabilities.

6.14 Data Retention Policies:

  • Clear data retention policies are established to ensure that data is retained only for as long as necessary and securely disposed of when no longer needed.

6.15 Supplier Security Assessment:

  • Third-party suppliers, including cloud service providers, are assessed for their data security practices and compliance with relevant regulations.

6.16 Privacy by Design:

  • Data protection principles are integrated into the design and architecture of systems and services.

6.17 Audit Trails:

  • Detailed audit trails are maintained to track user activities and changes made to the system.

6.18 Disaster Recovery Plan:

  • Comprehensive disaster recovery plans are in place to ensure business continuity in the event of major disruptions.

6.19 Security Incident Reporting:

  • Clear procedures are established for reporting security incidents promptly and initiating necessary actions.

These measures collectively contribute to the robust data security framework in place, ensuring the protection of user data and compliance with relevant regulations to ensure the confidentiality, integrity, and availability of Personal Data.

7. Data Subject Rights

7.1 Data subjects have the right to access, rectify, delete, and object to the processing of their Personal Data.
7.2 Data Processor shall promptly assist Data Controller in responding to data subject requests, as required by applicable data protection regulations.

8. Data Breaches and Incident Response

8.1 In the event of a data breach, Data Processor shall follow a breach notification procedure.
8.2 Data Processor shall cooperate with Data Controller to investigate and mitigate the breach and provide necessary information for compliance with data protection laws.

9. Audits and Assessments

9.1 Data Processor shall cooperate with audits, inspections, or assessments conducted by Data Controller or authorized third parties.

10. Dispute Resolution

10.1 Any disputes arising out of or in connection with this DPA shall be resolved through negotiations between the parties in good faith.
10.2 If disputes cannot be resolved through negotiations, the parties agree to submit to the exclusive jurisdiction through binding arbitration in Ukraine.

11. Termination of DPA

11.1 Either party may terminate this DPA by providing 60-days written notice to the other party.
11.2 Upon termination, Data Processor shall return or delete all Personal Data, unless retention is required by law.

12. Changes to DPA

12.1 Changes to this DPA will be communicated proactively via email or in-app notifications.

13. Governing Law and Jurisdiction

13.1 Ukrainian laws govern this DPA.

14. Additional Clauses or Provisions

14.1 Specific clauses related to data protection responsibilities, assistance to Data Controller, audits, and liabilities are incorporated into this DPA.

15. Data Protection Responsibilities

15.1 Data Processor will process Personal Data on behalf of Data Controller and will implement appropriate technical and organizational measures to ensure data security.
15.2 Data Processor will assist Data Controller in meeting its GDPR obligations, including data subject rights requests and data protection impact assessments.

16. Security of Data Transfers

16.1 Data Processor will ensure that any transfer of Personal Data to a third country is subject to appropriate safeguards.
16.2 Data Processor will comply with international data transfer requirements imposed by applicable data protection laws.

17. Handling Requests from Data Subjects

17.1 Data Processor will handle data subject requests in a timely manner and promptly notify Data Controller of any requests received.

18. Changes in Applicable Laws or Regulations

18.1 The parties will work together to ensure that this DPA remains compliant with changes in data protection laws and regulations.

Data Controller: Flawfood LLC
Data Processor: Denys Kanin
Date: 01/08/2025

bottom of page