Wombat Apps LLC is headquartered in Washington State in the United States. If you are a resident of the European Union (“EU”), Wombat Apps LLC is the controller of your personal data for the purposes of EU data protection laws.
We collect only the information relevant to providing you with a service, and use your information only to ensure the fulfillment of this service. You are free to refuse our request for your information, with the understanding that we may be unable to provide you with some of your desired services without this information. When you use Carb Manager, we collect the following types of information.
We collect some personal information, which can be used to identify you as a person, to provide you with the Carb Manager Service. This information may include, but is not limited to, your email address, user name, and billing zip code.
In addition to the above personal information, in order to improve your experience and enable additional features of Carb Manager, you may choose to provide us with user information. The information includes, but is not limited to: birth year, gender, and activity level. You may also choose to provide additional user information, such as a profile photograph, goals, foods, exercises, and notes. Other types of user information include communication with our customer support agents via the support center; messages posted to our discussion board; and information shared directly with other users who are added as friends.
We may collect certain health information subject to GDPR protections of sensitive information in the course of providing you a Service. Prior to collecting that information, we will obtain your explicit consent to allow processing. You may withdraw your consent at any time in the application settings or by deleting your data and ceasing to input new data. If you post health information to our groups or forums, you are doing so with the understanding that this information will be made public, which is then our legal basis for processing that information.
If you purchase a subscription on our website, we collect payment card information in order to process the transaction, including your payment card number, expiration date, billing zip code, and CVV number. This payment information, excluding the CVV number, is stored in an encrypted format by our third-party payment processor, Stripe (www.stripe.com), a PCI Level 1 Service Provider.
Like many websites and applications, we collection general usage data in order to analyze trends and monitor performance. This information includes, but is not limited to, browser type and operating system, pages that you visited, time spent on the Service, IP address, crash reports, cookie information and pages that referred you to us.
We use "cookies" to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit so we can understand how you use our site and serve you content based on preferences you have specified.
If you consent to share your fitness & health device information from a third party platform, we will receive information that you have authorized to share on each synchronization with that platform. This information may include exercise minutes, calories expended, steps taken in a day, weight, and other metrics. To the extent that this information is subject to GDPR protections of sensitive health data, we will obtain explicit consent prior to collecting these data, in a manner consistent with our policy on health information.
For personal data subject to GDPR protections, we rely on several legal bases to process the data. These include:
We do not share your personal information except in these limited circumstances:
For example, if you add a friend on Carb Manager, we will then share personal information with that friend. We will share information with third-party fitness and health platforms only if you consent to this sharing. If you post personal information to a community forum, that information will then be shared publicly.
We may transfer information to service providers and other partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, data analysis, research, and surveys.
For the purposes of external processing, health information subject to GDPR protections is only shared with one vendor, Google, Inc., whose cloud-based server platform is used to store and process the information collected, consistent with our Data Processing and Security Terms agreement. This information is encrypted in transit and at rest. For an overview of the privacy and security measures employed by Google, Inc, please see this link.
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Service or the physical safety of any person.
Under no circumstances will Carb Manager sell personal information, including health information, to any third party.
We provide tools to access, modify, and delete your data as an integral part of our Service and in the application settings, available regardless of where you live. If you live in the European Economic Area, United Kingdom, or Switzerland, you have certain additional legal rights pertaining to your data.
Much of your data is available by using the various features of the Service, such as the food and exercise logs. If you would like to download a machine readable copy of your data, please visit the Advanced Settings section.
You can also rectify, restrict, limit or delete much of your information by logging into your account. If you are unable to do this, please contact us email@example.com. We will generally respond to your request within 7 business days.
Where we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.
Where you have previously provided your consent, such as to permit us to process health-related data about you, you have the right to withdraw your consent to the processing of your information at any time. For example, you can withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.
Information about you that is no longer necessary and relevant to provide our Services may be de-identified and aggregated with other non-personal data to provide insights, such as statistics of the use of the Services. This information will be de-associated with your name and other identifiers.
Carb Manager is operated from the United States, with servers located in the United States. If you are located outside of the United States and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the United States, as it is necessary to provide the Services and perform the Terms of Service. United States privacy laws may not be as protective as those in your jurisdiction.
Carb Manager will not use or disclose to third parties user data gathered from the Apple, Inc. HealthKit framework or HealthKit API for advertising or other use-based data mining purposes other than improving health, or for the purpose of health research. In no event will any information be collected from HealthKit users for use by third parties in compliance with this section without obtaining user consent.
We take security seriously, and do what we can within commercially acceptable means to protect your personal information from loss or theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure, and cannot guarantee the absolute security of your data.
Carb Manager does not knowingly collect any personal information from children. If you are under 18, you are not permitted to use Carb Manager. Consistent with the Children's Online Privacy Protection Act (“COPPA”), Carb Manager is not intended for use by anyone under the age of 18 (COPPA's minimum protections are for minors 13 years of age or under).
If you are a parent with concerns about children's privacy issues in conjunction with the use of this Web Site, please contact us at firstname.lastname@example.org.
California Civil Code Section § 1798.83 permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. However, we do not disclose personal information to third parties for their direct marketing purposes.
Wombat Apps LLC
c/o Privacy Officer
8201 164th Ave NE, Suite 200
Redmond, WA 98052
Effective: May 24, 2018