Privacy Policy

At Carb Manager, we understand the importance of privacy, and it is our policy to respect your privacy in all interactions. This Privacy Policy describes how Wombat Apps LLC and its product Carb Manager (taken together, "Carb Manager”, “Service”, “we”, “us”, “our”, “ours”) collects, uses, and discloses information, and your choices with respect to that information.

Wombat Apps LLC is headquartered in Washington State in the United States. If you are a resident of the European Union (“EU”), Wombat Apps LLC is the controller of your personal data for the purposes of EU data protection laws.

This Privacy Policy applies to the Carb Manager mobile applications, the web site at carbmanager.com, and any other interaction you may have with Carb Manager. This Privacy Policy does not apply to to any third party applications or software that integrate with Carb Manager.

The Information We Collect and Receive

We collect only the information relevant to providing you with a service, and use your information only to ensure the fulfillment of this service. You are free to refuse our request for your information, with the understanding that we may be unable to provide you with some of your desired services without this information. When you use Carb Manager, we collect the following types of information.

Personal Information

We collect some personal information, which can be used to identify you as a person, to provide you with the Carb Manager Service. This information may include, but is not limited to, your email address, user name, and billing zip code.

User Information

In addition to the above personal information, in order to improve your experience and enable additional features of Carb Manager, you may choose to provide us with user information. The information includes, but is not limited to: birth year, gender, and activity level. You may also choose to provide additional user information, such as a profile photograph, goals, foods, exercises, and notes. Other types of user information include communication with our customer support agents via the support center; messages posted to our discussion board; and information shared directly with other users who are added as friends.

Health Information

We may collect certain health information subject to GDPR protections of sensitive information in the course of providing you a Service. Prior to collecting that information, we will obtain your explicit consent to allow processing. You may withdraw your consent at any time in the application settings or by deleting your data and ceasing to input new data. If you post health information to our groups or forums, you are doing so with the understanding that this information will be made public, which is then our legal basis for processing that information.

Payment Card Information

If you purchase a subscription on our website, we collect payment card information in order to process the transaction, including your payment card number, expiration date, billing zip code, and CVV number. This payment information, excluding the CVV number, is stored in an encrypted format by our third-party payment processor, Stripe (www.stripe.com), a PCI Level 1 Service Provider.

Usage Information

Like many websites and applications, we collection general usage data in order to analyze trends and monitor performance. This information includes, but is not limited to, browser type and operating system, pages that you visited, time spent on the Service, IP address, crash reports, cookie information and pages that referred you to us.

Cookies

We use "cookies" to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit so we can understand how you use our site and serve you content based on preferences you have specified.

Third-Party Fitness & Health Device Information

If you consent to share your fitness & health device information from a third party platform, we will receive information that you have authorized to share on each synchronization with that platform. This information may include exercise minutes, calories expended, steps taken in a day, weight, and other metrics. To the extent that this information is subject to GDPR protections of sensitive health data, we will obtain explicit consent prior to collecting these data, in a manner consistent with our policy on health information.

How We Use This Information
  • To provide, update, maintain and protect our Service
  • To improve our Service, including researching and developing new features and products
  • To personalize the Service to better meet your needs
  • To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your information to respond.
  • To send emails and other communications regarding our Service, including technical and administrative messages. You can opt-out of marketing emails at any time.
  • To analyze performance and trends of our Service
  • For billing, account management and other administrative matters
  • To investigate and help prevent security issues and abuse

Carb Manager may use non-personal information for any business purpose consistent with this Privacy Policy, provided that that information is aggregated and/or modified so as not to enable the identification of any user.

For personal data subject to GDPR protections, we rely on several legal bases to process the data. These include:

  • Consent: For certain types of data, such as health information subject to GDPR protections for sensitive personal data, we will request consent prior to collecting and processing those data. Consent may be withdrawn at any time using your account settings and other tools.
  • Performance of a contract: When processing of data is necessary to perform a contract with you, like the Terms of Service, we apply this as our legal basis for processing.
  • Legitimate business interests: When we have a legitimate business interest in processing certain data, such as to improve, personalize, and develop the Service, market new features, and promote safety and security, that is our legal basis for processing.
How We Share And Disclose Information

We do not share your personal information except in these limited circumstances:

When You Instruct Us To Share

For example, if you add a friend on Carb Manager, we will then share personal information with that friend. We will share information with third-party fitness and health platforms only if you consent to this sharing. If you post personal information to a community forum, that information will then be shared publicly.

For External Processing

We may transfer information to service providers and other partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services globally, including for customer support, information technology, payments, sales, data analysis, research, and surveys.

For the purposes of external processing, health information subject to GDPR protections is only shared with one vendor, Google, Inc., whose cloud-based server platform is used to store and process the information collected, consistent with our Data Processing and Security Terms agreement. This information is encrypted in transit and at rest. For an overview of the privacy and security measures employed by Google, Inc, please see this link.

For Legal Reasons Or To Prevent Harm

We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the Service or the physical safety of any person.

As Part Of A Business Transfer

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include user information among our assets transferred to or acquired by a third party. You acknowledge that such transfers may occur, and that any parties who acquire us may continue to use your personal information according to this Privacy Policy.

Under no circumstances will Carb Manager sell personal information, including health information, to any third party.

Carb Manager may share non-personal information with third parties consistent with this Privacy Policy, provided that that information is aggregated and/or modified so as not to enable the identification of any user.

Your Rights To Control Your Data

We provide tools to access, modify, and delete your data as an integral part of our Service and in the application settings, available regardless of where you live. If you live in the European Economic Area, United Kingdom, or Switzerland, you have certain additional legal rights pertaining to your data.

Accessing and Porting

Much of your data is available by using the various features of the Service, such as the food and exercise logs. If you would like to download a machine readable copy of your data, please visit the Advanced Settings section.

Rectify, Restrict, Limit, Delete

You can also rectify, restrict, limit or delete much of your information by logging into your account. If you are unable to do this, please contact us privacy@wombatapps.com. We will generally respond to your request within 7 business days.

Object

Where we process your information based on our legitimate interests explained above, or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.

Revoke consent

Where you have previously provided your consent, such as to permit us to process health-related data about you, you have the right to withdraw your consent to the processing of your information at any time. For example, you can withdraw your consent by updating your settings. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.

Complain

Should you wish to raise a concern about our use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority.

Data Retention Policy

We retain information as long as it is necessary to provide the Service to you and others, subject to any legal obligations to further retain such information. Information associated with your account will generally be kept until it is no longer necessary to provide the Services or until you ask us to delete it or your account is deleted. For example, where you withdraw your consent to processing your health-related information, we will delete all health-related information you uploaded. Following your deletion of your account, it may take up to 30 days to fully delete your personal information and system logs from our systems. Additionally, we may retain information from deleted accounts to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the Terms of Service and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy.

Information about you that is no longer necessary and relevant to provide our Services may be de-identified and aggregated with other non-personal data to provide insights, such as statistics of the use of the Services. This information will be de-associated with your name and other identifiers.

Data Transfers

Carb Manager is operated from the United States, with servers located in the United States. If you are located outside of the United States and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the United States, as it is necessary to provide the Services and perform the Terms of Service. United States privacy laws may not be as protective as those in your jurisdiction.

Apple HealthKit Notice

Carb Manager will not use or disclose to third parties user data gathered from the Apple, Inc. HealthKit framework or HealthKit API for advertising or other use-based data mining purposes other than improving health, or for the purpose of health research. In no event will any information be collected from HealthKit users for use by third parties in compliance with this section without obtaining user consent.

Information Security

We take security seriously, and do what we can within commercially acceptable means to protect your personal information from loss or theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure, and cannot guarantee the absolute security of your data.

Protection of Children's Privacy

Carb Manager does not knowingly collect any personal information from children. If you are under 18, you are not permitted to use Carb Manager. Consistent with the Children's Online Privacy Protection Act (“COPPA”), Carb Manager is not intended for use by anyone under the age of 18 (COPPA's minimum protections are for minors 13 years of age or under). 

If you are a parent with concerns about children's privacy issues in conjunction with the use of this Web Site, please contact us at privacy@wombatapps.com.

Links to Other Sites

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot assume responsibility for their treatment of your personal information. This privacy policy only covers our website and privacy practices.

Your California Privacy Rights

California Civil Code Section § 1798.83 permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.  However, we do not disclose personal information to third parties for their direct marketing purposes. 

Changes to our Privacy Policy

At our discretion, we may change our privacy policy from time to time. We will provide a prominent notice for any material changes to this Privacy Policy.

Please contact us at any time at privacy@wombatapps.com or at our mailing address below if you have any questions about this Privacy Policy.

Wombat Apps LLC
c/o Privacy Officer
8201 164th Ave NE, Suite 200
Redmond, WA 98052

Effective: May 24, 2018