Privacy Policy

Last updated: March 24, 2025

1. Introduction

At Mofilo ("we", "our", or "us"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy will inform you about how we look after your personal data when you visit our website (mofilo.app) and use our fitness tracking application (collectively, the "Services") and tell you about your privacy rights and how the law protects you.

We want to be clear: We will never sell your personal data to third parties for any purpose. Your trust is our priority, and we are committed to using your data only in ways that benefit you and improve our Services.

Agreement to Terms: By using our Services, you expressly consent to the data practices described in this policy. If you do not agree with this Privacy Policy, your only remedy is to discontinue using our Services and delete your account. Your continued use of the Services constitutes your acceptance of this Privacy Policy and any amendments to it.

2. Information We Collect

2.1 Personal Data

While using our Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. This may include, but is not limited to:

  • Name
  • Email address
  • Phone number
  • Physical fitness data
  • Nutrition and dietary information
  • Height, weight, and body measurements
  • Workout history and performance data
  • Usage data and analytics
  • Authentication information when using sign-in with Apple or Google
  • Unique device identifiers for advertising (Google Advertiser ID or IDFA)

2.2 Usage Data

We may also collect information about how the Services are accessed and used. This Usage Data may include information such as:

  • Your computer's Internet Protocol address (e.g., IP address)
  • Browser type and version
  • Device information and operating system
  • Geography/region
  • Pages of our Services that you visit
  • The time and date of your visit
  • Time spent on those pages
  • Application opens and updates
  • Number of sessions and session duration
  • In-app purchases
  • Universally unique identifier (UUID)
  • Other diagnostic data

3. Third-Party Services and Data Processing

Our Services integrate with various third-party services to enhance functionality. By using our Services, you acknowledge and consent to the data sharing necessary for these integrations:

  • Analytics: We use Google Analytics for Firebase to analyze app usage, which processes data including app opens, device information, geography, in-app purchases, session data, and unique device identifiers.
  • Authentication: We use Auth0, Sign in with Apple, and Google Sign-In for authentication purposes. These services process email addresses, names, and other account information.
  • Health Data Integration: We access health data through Apple Health (HealthKit) and Google Health Connect, subject to your device permissions.
  • Hosting and Infrastructure: We use Amazon Web Services (AWS) and other cloud infrastructure for hosting our Services.
  • Monitoring: We use services like Sentry to monitor application performance and identify issues.
  • Platform Services: Our app is distributed through the Apple App Store and Google Play Store, which collect usage data according to their terms.
  • User Database Management: We use services like Intercom to manage user communications.

Each of these third-party services has its own privacy policy governing how they process your data. We encourage you to review their respective privacy policies for more information.

4. How We Use Your Information

We use the collected data for various purposes:

  • To provide and maintain our Services
  • To notify you about changes to our Services
  • To allow you to participate in interactive features of our Services when you choose to do so
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Services
  • To monitor the usage of our Services
  • To detect, prevent and address technical issues
  • To personalize your experience and deliver content and product features relevant to your interests

What we will never do with your data:

  • Sell your personal information to third parties
  • Share your data with third parties for marketing purposes without your explicit consent
  • Use your data in ways you haven't consented to or wouldn't reasonably expect
  • Keep your data for longer than necessary for the purposes outlined in this policy

5. Data Storage

Your data is stored using the following third-party services:

  • Google Cloud and Firestore by Google: Used for storing user data and application information
  • AWS by Amazon: Used for various cloud infrastructure needs
  • Local device storage: Some data may be stored locally on your device

We use these third-party providers to store and process your data. These third-party services have their own terms of service and privacy policies that govern their data handling practices.

By using our Services, you acknowledge the inherent risks associated with storing and transmitting data digitally. Your continued use of the Services indicates your acceptance of these risks.

6. Data Retention and Deletion

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.

Account Deletion and Data Removal: You may request deletion of your account and associated personal data through the following methods:

  • Using the account deletion function in your profile settings (where available)
  • Logging into the mobile application and selecting the delete account option
  • Contacting us directly at support@mofilo.app with a specific request to delete your data
  • For mobile app users, you can also clear locally stored data through app settings

About Data Deletion: When you request deletion of your data, we will take commercially reasonable steps to remove your personal information from our active systems. However, complete and immediate deletion from all systems may not be possible due to technical constraints, including:

  • Backup and disaster recovery systems which may retain data for limited periods
  • Cached or archived copies that may exist temporarily
  • Data that may remain in systems controlled by third-party providers (like Google Cloud or Firebase) according to their data retention policies
  • Some information that may remain in logs or other system records

Additionally, we may be required to retain certain information to:

  • Comply with legal obligations, such as financial or tax regulations
  • Resolve disputes or enforce our agreements
  • Protect against fraudulent or illegal activity
  • Retain de-identified or aggregated data which can no longer identify you personally

We will process deletion requests within a reasonable timeframe, typically within 30 days, though the complete removal from all systems, including backups, may take up to 90 days.

Termination of Services: If you disagree with any part of this Privacy Policy or any changes to it, your sole remedy is to delete your account and discontinue all use of our Services. Continued use of our Services constitutes your acceptance of the Privacy Policy as it may be amended from time to time.

7. Opting Out of Interest-Based Advertising

You may have options to limit how we and our partners use information for advertising:

  • You can opt out of interest-based advertising through settings on your mobile device (such as "Limit Ad Tracking" on iOS or "Opt out of Ads Personalization" on Android)
  • You can use the Digital Advertising Alliance's AppChoices tool to opt out of interest-based advertising in mobile apps
  • You can follow instructions provided by initiatives such as the Network Advertising Initiative (US), the Digital Advertising Alliance (US), DAAC (Canada), DDAI (Japan) or similar initiatives
  • You can use privacy-focused browser extensions that signal your opt-out preferences, such as the Global Privacy Control ("GPC")

Please note that opting out of interest-based advertising doesn't mean you won't receive advertising - it means you'll see less relevant advertising based on your browsing activity.

8. Health and Fitness Data

Our Services may collect or process information related to health, fitness, and wellness, such as workout data, physical measurements, and nutrition information. Please understand that:

  • The collection of health and fitness data is voluntary and subject to your explicit consent.
  • We are NOT a healthcare provider or medical device, and our Services are not intended to diagnose, treat, cure, or prevent any disease or health condition.
  • The health and fitness data collected through our Services is NOT protected health information under HIPAA (Health Insurance Portability and Accountability Act) or similar healthcare privacy laws.
  • You should not rely on our Services for medical advice or decisions. Always consult with a qualified healthcare professional for medical advice, diagnosis, or treatment.
  • We access health data through Apple Health (HealthKit) and Google Health Connect. These services have their own terms and policies, which we recommend you review.
  • You are solely responsible for any decisions you make based on the health and fitness information provided through our Services.
  • We may use health and fitness data in an anonymized or aggregated format for research, analytics, and service improvement purposes.

Consent for Health Data Processing: By using our Services and providing health and fitness information, you expressly consent to our collection, use, storage, and processing of this data as described in this Privacy Policy. You acknowledge that we may transfer and process this data globally, including in countries with different data protection standards than your country of residence.

9. Cookies and Tracking

We use cookies and similar tracking technologies to track the activity on our Services and we hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

We use the following types of cookies:

  • Essential Cookies: These are cookies that are required for the operation of our Services.
  • Functionality Cookies: These are used to recognize you when you return to our Services.
  • Analytical/Performance Cookies: These allow us to recognize and count the number of visitors and to see how visitors move around our Services when they are using it.

You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

10. Data Sharing and Third Parties

We may share your personal information in the following situations:

  • With Service Providers: We may share your information with third-party service providers who perform services on our behalf, such as data storage, hosting, and technical support. These providers are contractually obligated to protect your data and can only use it as directed by us.
  • For Business Transfers: If Mofilo is involved in a merger, acquisition, or sale of all or a portion of its assets, your information might be transferred. We will notify you via email and/or a prominent notice on our Services of any change in ownership or uses of your personal information.
  • For Legal Compliance: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
  • To Protect Rights: We may disclose your information to protect the security, rights, or property of Mofilo, our users, or others, including to protect against potential fraud.
  • With Your Consent: We may disclose your personal information for any purpose with your explicit consent.

What we will NEVER do: We will never sell, rent, or lease your personal data to third parties for their marketing purposes or for any other commercial use.

11. Your Data Protection Rights

Depending on your location, you may have certain rights regarding your personal information, such as:

  • The right to access: You have the right to request copies of your personal data.
  • The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we will respond within 30 days. If you would like to exercise any of these rights, please contact us at support@mofilo.app.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, additional rights and protections may apply under the General Data Protection Regulation (GDPR) or similar laws. Please see our Terms and Conditions for more information about international privacy laws and GDPR compliance.

12. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there. Your submission of such information represents your agreement to that transfer.

For transfers to regions without adequate data protection laws, we implement appropriate safeguards such as standard contractual clauses approved by relevant authorities. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

13. Children's Privacy

Our Services are not intended for use by children under the age of 18. We do not knowingly collect personally identifiable information from children under 18.

User Responsibility: Users are responsible for ensuring they meet the minimum age requirements to use our Services. If an individual under the age of 18 accesses or uses our Services, it is the responsibility of that individual and their parents or legal guardians to discontinue such use immediately. We may not be able to determine if a user is underage, and we have no liability if a user misrepresents their age or fails to comply with these age restrictions.

Parental Responsibility: Parents and legal guardians are solely responsible for monitoring their children's access to and use of any internet services, including Mofilo. If you are a parent or guardian and you are aware that your child has provided us with personal data or is using our Services, it is your responsibility to:

  • Contact us immediately at support@mofilo.app
  • Ensure your child discontinues use of our Services
  • Request deletion of any personal data that may have been collected

If we become aware that we have inadvertently collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers. However, we cannot be held responsible for the actions of minors who have gained unauthorized access to our Services, whether through misrepresentation of their age or through the failure of parents or guardians to adequately supervise their online activities.

By using our Services, you represent and warrant that you are at least 18 years of age, or that you are using our Services with the supervision and consent of a parent or guardian who agrees to be bound by these terms.

14. California Privacy Rights

California residents may have additional rights regarding their personal information under laws such as the California Consumer Privacy Act (CCPA) or the California Privacy Rights Act (CPRA). These may include:

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information held by businesses
  • The right to opt-out of the sale of personal information (Please note: While we do not sell your personal information, this opt-out right is available to California residents as required by law)
  • The right to non-discrimination for exercising consumer privacy rights

These opt-out rights from data sales apply specifically to California residents under California law. To exercise these rights, please contact us using the contact information provided below.

15. Additional Information for Users in the United States

This section provides additional information for users in the United States, particularly those residing in states with specific privacy legislation, including California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Nevada, Delaware, Iowa, New Hampshire, New Jersey, Nebraska, and Montana.

15.1 Categories of Personal Information Collected

We collect the following categories of Personal Information:

  • Identifiers: Such as email address, name, and unique device identifiers
  • Internet or electronic network activity: Including browsing history, search history, and information regarding interaction with our app
  • Audio, electronic, visual, or similar information: Such as profile pictures
  • Commercial information: Including in-app purchases and subscriptions
  • Geolocation data: General geographic location data
  • Biometric information: Health and fitness data from Apple Health and Google Health Connect

15.2 Sources of Personal Information

We collect the above categories of Personal Information directly from you when you use our Services, indirectly when you navigate through our app, and from third parties that work with us in connection with our Services.

15.3 Your Privacy Rights Under US State Laws

Depending on your state of residence, you may have some or all of the following rights:

  • Right to know/access: You have the right to request confirmation of whether we process your Personal Information and to access such information.
  • Right to correct: You have the right to request correction of inaccurate Personal Information.
  • Right to delete: You have the right to request deletion of your Personal Information, subject to certain exceptions.
  • Right to data portability: You have the right to obtain a copy of your Personal Information in a portable format.
  • Right to opt out of sales: You have the right to opt out of the sale of your Personal Information, although we do not sell Personal Information as defined by applicable laws.
  • Right to opt out of targeted advertising: For users in certain states, you have the right to opt out of the processing of your Personal Information for targeted advertising purposes.
  • Right to limit use of Sensitive Personal Information: For users in certain states, you have the right to limit the use or disclosure of your Sensitive Personal Information.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.

15.4 How to Exercise Your Privacy Rights

To exercise the rights described above, please contact us via the contact details provided in this document. For us to respond to your request, we must verify your identity. You are not required to create an account with us to submit your request.

If you want to submit requests to opt out of sale, sharing, or targeted advertising via a user-enabled global privacy control, such as the Global Privacy Control ("GPC"), we will abide by such request in a frictionless manner where required by law.

We will respond to your request without undue delay and in accordance with applicable law. Should we need more time, we will explain the reasons why and how much more time we need.

16. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

For significant changes, we will make reasonable efforts to provide notification through our Services or via email prior to the changes becoming effective. However, we recommend reviewing this Privacy Policy periodically for any changes.

Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of our Services after we post any modifications to the Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide by and be bound by the modified Privacy Policy.

17. Limitation of Liability

To the maximum extent permitted by applicable law, Mofilo and its officers, employees, agents, partners, and licensors will not be liable for:

  • Any direct, indirect, incidental, special, consequential, or exemplary damages, including but not limited to damages for loss of profits, goodwill, use, data or other intangible losses, resulting from your use of our Services or inability to use our Services;
  • Any unauthorized access to, use of, alteration of, or deletion, destruction, damage, loss or failure to store any of your data;
  • Any bugs, viruses, trojan horses, or the like that may be transmitted to or through our Services by any third party;
  • Any inaccuracies or omissions in health-related content, measurements, or analytics;
  • The actions or inactions of third-party service providers, including data storage and processing services;
  • Any data incidents of any kind;
  • Any failure of the Services to meet specific expectations or outcomes related to fitness, health, or nutrition goals;
  • Any claim, damage, or injury resulting from your reliance on the information provided through our Services;
  • Any delay or failure to perform resulting from circumstances beyond our reasonable control.

No Warranties: Our Services and all content are provided on an "as is" and "as available" basis, without warranties of any kind, either express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.

Assumption of Risk: You acknowledge and agree that the use of our Services involves inherent risks. You voluntarily assume all risks when using our Services.

Severability: If any provision of this limitation of liability is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this limitation of liability will otherwise remain in full force and effect.

Exclusivity of Remedy: Your sole remedy for dissatisfaction with the Services is to stop using the Services. The maximum aggregate liability of Mofilo for all claims under these terms, including for any implied warranties, is limited to the amount you paid us to use the Services (or, if we choose, to supply the Services again).

18. Contact Us

If you have any questions about this Privacy Policy, concerns about how we process your personal data, or requests related to your data protection rights, please contact us at:

support@mofilo.app