Privacy Policy

Introduction

This Privacy Policy explains how App Werkstatt Taudt, operated by Aaron Taudt ("Haily" or "we" or "us") follows privacy laws such as the General Data Protection Regulation ("GDPR") and any other laws that protect your personal data. It also describes how Haily collects, stores, uses, and shares personal data from you through the Haily mobile application (the "App"), including all subdomains, products and services (together, the "Services").

App Werkstatt Taudt is a sole proprietorship (Einzelunternehmen) registered in Germany and the registered data controller of the Services.

We may update this Privacy Policy and any addendums from time to time. We review them at least once a year and make updates if needed to ensure they remain accurate. If there are material changes to this policy that we need to tell you about, we will let you know by email or through the App.

The latest updates to this policy are available in the App.

Personal data we collect from you

We collect personal data about you when you use the Services. This can come directly from you or from other sources and third parties.

Personal data you provide to us directly:

General information: When you sign up for our Services, we collect personal data like your name, email, password (via authentication provider), and time zone. Based on how you use the Services, we may also infer your sex or gender.

Health and wellbeing data: When using our Services, you may enter personal data (including 'special category data' as defined in the GDPR) about yourself through natural language entries (voice or text). Our App enables effortless data entry through dialogue-based tracking, allowing you to log various health and lifestyle aspects in your own words.

The categories of information you may track include, but are not limited to:

• Food and nutrition: Details about meals, ingredients, and dietary intake
• Supplements: Information about vitamins, minerals, protein powders, and other supplements you take
• Physical and cognitive activities: Not only traditional exercise like running and weight lifting, but also activities such as playing chess, reading, or playing games, capturing their impact on your personal health
• Sleep: Sleep patterns, duration, and quality
• Bodily sensations: Physical feelings and symptoms you experience
• Emotions: Your emotional state and mood
• Menstrual cycle data: Cycle-related information (where applicable)
• Other wellbeing-related information: Any other health and lifestyle aspects you choose to track

Diary entries and tracks: You create natural language entries (voice or text) that capture your daily activities, meals, sleep, and how you feel. These entries are processed using AI technologies to extract structured information and provide insights.

Images: You may associate images with your entries, such as food photos for nutritional analysis. These images help enhance the accuracy of our nutritional insights and recommendations.

User configuration: You may provide physical characteristics (weight, height), demographic information (year of birth, gender), dietary preferences and restrictions, allergies, cycle configuration (if applicable), activity level, and other personalization settings that help us tailor the Services to your needs.

Third-party health services (including wearables): With your permission, we can connect to third-party services like Apple Health and Google Fit. This allows us to automatically import your health and activity data into the app, so you don't have to log it yourself. The imported data may include fitness activities, sleep patterns, body measurements (weight, height, BMI), heart rate, steps taken, distance traveled, calories burned, body temperature, and other activity and health details.

This information helps provide insights into your activities and improves our ability to provide personalized recommendations. We process this data to enhance the App's features and functionality.

Importing data is subject to the privacy policies and terms of Apple Health and Google Fit. If you use a wearable device to connect to Haily, please review its terms and privacy policies as well. Your device provider may collect usage data for its own purposes, such as improving its services.

Personal data we collect automatically:

When you use the Services, we may automatically collect certain information:

Device information: device model; information about the operating system and its version; unique device identifiers; enabled device accessibility features (e.g., display features, hearing features, and physical and motor features); mobile operator and network information; device storage information or version of your device system.

Location information: IP address for an approximate location; country; time zone or information about your mobile service provider. We do not collect your exact location. We only use location details for the reasons listed below.

Data about your use of the Services, including: frequency of use; areas and features of the Services that you access or use; payment transaction information (excluding full payment card details) or engagement with features.

To collect this and other information, we may use cookies and other similar technologies. See more in our Cookie Policy (if applicable).

Data from external sources: We may receive your personal data from third parties. For example, they may provide additional information to enhance your existing data, personalise your experience, and support analytics and statistics.

How we use your personal data

Depending on which features of the Services you use, we will process your personal data based on one or more of the following legal bases (we have included some examples):

Your consent: you can give us permission to process your health data to provide the Services, including AI-powered analysis and personalized recommendations.

To fulfill our contractual obligations to you in order to provide the Services to you: we may process your personal data to fulfill our contractual obligation to you for activities such as management of your Haily account, service delivery, subscription management, and other administrative purposes.

Legitimate interest: we may process your personal data based on our legitimate interests in order to manage our Services better. For example, we may use your personal data in order to:

• identify and fix bugs;
• determine genuine user interaction with the Services (rather than bots);
• monitor the App and analyze its performance and reliability;
• inform you of matters concerning your subscriptions;
• conduct vulnerability scanning to protect the security of the Services;
• review aggregated App usage trends;
• provide customer support and service quality improvements;
• conduct security monitoring and incident investigation.

Further examples of our legitimate interests are outlined in the table below. When relying on this legal basis, we first determine that we have a legitimate interest in conducting and managing our business. We then consider and balance potential impacts to you and your rights, to ensure that our interests do not override them.

Legal obligation: We may be obligated to process some of your personal data to comply with applicable laws and regulations.

Principles of processing

Data minimisation and purpose limitation: we only process personal data for the specific purposes for which it was collected or authorised by you.

No sale of personal data: we do not sell or rent your personal data for money. We will only share your personal data as outlined in this Privacy Policy. This includes sharing your personal data with our service providers who help us operate our Services. We will not use information from Apple Health or Google Fit for advertising or sell it to advertising platforms, data brokers or resellers.

AI and Machine Learning Processing

Haily uses advanced AI technologies, including Large Language Models (LLMs), to process your natural language entries and provide personalized insights. This section explains how we handle AI processing of your data.

Use of AI Technologies: We work with leading AI service providers to process your natural language entries. These AI technologies enable us to:

• Parse and understand your voice and text entries
• Extract structured information from your diary entries and tracks
• Identify patterns and correlations across health dimensions
• Generate personalized health and wellbeing recommendations

How Data is Sent to AI Providers: When you create diary entries or tracks using natural language, this data is sent to our AI service providers for processing. We maintain strict controls over how AI providers handle your information through:

• Data processing agreements that require AI providers to protect your data
• Appropriate technical and organizational safeguards
• Limitations on how AI providers can use your data
• Compliance with applicable data protection laws

AI-Generated Insights: The AI technologies we use analyze your health data to identify patterns, correlations, and insights that help provide personalized recommendations. These insights are generated based on your unique health patterns and are designed to help you understand what makes you feel better.

User Control: You have control over AI processing of your data. You can:

• Choose not to use natural language entry features (though this may limit some functionality)
• Request information about which AI providers we work with
• Withdraw consent for AI processing at any time by contacting us

Important Note: Your health data is processed to provide personalized insights, but we maintain strict controls over how AI providers handle your information. We do not allow AI providers to use your health data for training their models or for any purpose other than providing the Services to you, unless you have explicitly consented to such use.

Third party data processing

We will not share your personal data with third parties except as specified within this Privacy Policy.

Processing to make the App run

Sometimes, we work with other companies to process your personal data on our behalf. We call these companies or service providers "processors."

Processors are companies that help us operate our Services. We are responsible for any actions of these processors ensuring they follow the law and our instructions by entering into data processing agreements with them.

Here are some of the main processors we rely on:

• Authentication and database hosting providers: We use service providers to manage user authentication and securely store your data in databases with access controls, including Row Level Security policies.
• AI service providers: We work with leading AI service providers for natural language understanding and analysis of your diary entries. These providers process your data under strict data processing agreements.
• Cloud storage providers: We use cloud storage providers for data and image storage, ensuring your information is securely stored and accessible.
• Error tracking and monitoring services: We use services to monitor app performance, identify bugs, and ensure the reliability of our Services.
• Health data platforms: Apple Health and Google Fit for health data integration, subject to their respective privacy policies.

For details about the processors we use in connection with cookies, please see our Cookie Policy (if applicable).

Marketing/Analytics:

Haily's approach to analytics and marketing is designed to respect your privacy. Any analytics services we use are clearly disclosed, and we provide opt-out options where available. We do not share your health data with third parties for marketing purposes.

Aggregated information

We may aggregate, anonymise or de-identify your personal data so that it cannot be used to identify you. This personal data might be shared with third parties, like research institutions or used for statistical purposes. For example, we may share general age and demographic information, along with aggregated statistics about activities or health patterns to identify trends across users and support scientific research. This helps us create articles, blog posts and scientific publications that advance research on health and wellbeing.

If we want to include you in specific research studies, we will ask for your consent. You can withdraw your consent at any time by emailing us at privacy@hailyhealth.de.

Data sharing

We may also preserve or share some of your personal data in the following limited circumstances:

• in response to subpoenas, court orders, or legal processes, as required by applicable law (including to meet national security or law enforcement needs);
• when necessary to maintain the security and integrity of the Services or to protect any member's security, consistent with applicable laws. In such cases, we may also delete some of your personal data (e.g., by resetting your password to prevent unauthorised access);
• to assert legal rights or defend against legal claims;
• when disclosure is authorised or requested by the member who has provided the personal data;
• in the event of a business acquisition, transfer or reorganisation; and
• depending on the situation, we may rely on legitimate interest or legal obligations as the basis for these processing activities.

Research: We may share anonymized or aggregated data with research partners for scientific purposes, but only with your explicit consent and in a form that cannot identify you.

Business transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

Security of your personal data

General security measures

We take various technical and organisational steps to protect your personal data from loss, theft, misuse, and unauthorised access, disclosure, alteration, and destruction. These measures are designed based on the nature of the personal data we handle and the risks associated with special categories of personal data we collect. This includes:

• Encryption: your personal data is encrypted both in transit and at rest;
• Vulnerability scanning: we conduct regular scans and penetration testing;
• Data integrity protection: we have measures in place to protect the integrity of your data;
• Organisational and legal measures: for example, our employees have different levels of access to your personal data, limited to what is necessary for operating the Services. We hold our employees strictly accountable for any disclosure, unauthorised access, alteration, destruction or misuse of your personal data; and
• Privacy assessments: we conduct regular data protection impact assessments to ensure that the Services comply with privacy principles.

Database security: We implement Row Level Security (RLS) policies to ensure that users can only access their own data, providing an additional layer of protection for your personal information.

Please keep your password secure and don't share it with others. Consider adding a passcode or enabling biometric authentication for an extra layer of protection.

While we strive to protect your information, we cannot guarantee absolute security, nor can we ensure that your personal data won't be intercepted during transmission to us.

Security breaches

If there is a security breach and where required by law, we will either post a notice or try to contact you by email. We will take reasonable steps to fix the issue according to applicable laws and this Privacy Policy. For potential personal data breaches, we may take additional actions, such as logging you out from all the devices, resetting your password and other necessary steps to address the situation.

If you want to report a security incident related to the Services, please email us at privacy@hailyhealth.de.

Your privacy rights

Regardless of where you live, we're committed to providing you the same privacy rights afforded under the GDPR, which is generally regarded as the highest standard for data protection globally.

What are your rights?

You have rights in relation to your personal data. Only you or someone authorised to act on your behalf can make a request about your personal data. If you authorise someone to act on your behalf, we may need to verify their authorisation.

How to exercise your privacy rights

To exercise your privacy rights, you can email us at support@hailyhealth.de or privacy@hailyhealth.de.

You can request to delete your account or make certain changes directly in the App's settings.

We will handle your request within one month of receiving it. In some cases, such as for complete deletion of your personal data stored in our backup systems, it may take 90 days. If we need more time to action your request, we will let you know and explain the reason for the delay. Please be aware that once the deletion process begins, it can't be undone. This is because your personal identifiers are immediately unlinked from your App information, which means we can no longer identify you, even if some data temporarily remains in our backup systems.

Your consent is required for us to use your health data. You can withdraw this consent at any time by either contacting us or deleting your account through the App.

What else should you know?

If your request is unclear, we might reach out to you for clarification. We may also refuse or charge a reasonable fee for requests that are clearly unfounded and/or excessive.

To process your request, we'll need to verify your identity. Usually, this involves confirming that the request is coming from the email you used to register. If you haven't registered, we may ask you for additional verification to ensure we respond appropriately.

Depending on local laws, you may have the right to lodge a complaint with your local data protection authority about any of our activities. If you have any concerns about our privacy practices, please let us know by emailing our support team at support@hailyhealth.de or by emailing our data protection officer at privacy@hailyhealth.de.

Retention of your personal data

We will keep your personal data for as long as necessary to provide you with the Services or fulfill the purposes for which it was collected (except as noted below).

Impact of account deactivation/requests to erase personal data: You can deactivate your account at any time by following instructions in the 'How to exercise your privacy rights' section. We will process your request within one month. In some cases, it will take up to 90 days to completely erase your personal data from our backup systems. If you choose to deactivate your account, Haily will delete your personal data, and it will not be recoverable should you later create another account.

Deleting the App or inactivity: If you delete the App from your device or your account becomes inactive, we will retain your personal data for three years in case you decide to reactivate the Services or reinstall the App. After three years of inactivity, your personal data will be deleted. Haily will apply this standard retention policy. However, you can still request earlier deletion by contacting us at any time.

Limitations: Even after your account is deleted, we may need to retain certain personal data and other information. This is required or permitted by applicable law, like the GDPR, and may include situations like:

• complying with legal obligations;
• managing and handling legal claims; and
• archiving for public interest, scientific or historical research, or statistical purposes.

How do we delete your data?

We use industry-standard methods to securely and permanently delete your personal data from our systems, making it impossible to recover. This process may include sending automated notifications to our processors who process your personal data on our behalf.

Children's privacy

Age limitation: our Services are not for children, and we do not knowingly collect personal data from anyone under 16. You must be at least 16 years old to use the App and access Haily's content. If you know of someone under 16 using the Services, please email us at support@hailyhealth.de. See our Terms of Service for more information.

International data transfers

Haily is based in Germany. The personal data we collect may be transferred to and processed in countries other than your own, including the United States and other countries where our service providers operate. These transfers are usually cloud-based and occur when you use our Services. Please note, the laws in these countries may not offer the same protections as those in your country.

Transfers of personal data outside of the EEA

Personal data in the EEA is protected by the GDPR. When we transfer personal data outside of the EEA, we apply appropriate safeguards to ensure your personal data is protected. For example, we use data transfer agreements that include the European Commission's Standard Contractual Clauses and conduct transfer risk assessments.

For further information, please email us at privacy@hailyhealth.de.

Data Privacy Framework ("DPF") Participation

If applicable, we may participate in data transfer frameworks that provide additional protections for your personal data when transferred internationally.

United States

If you live in the United States, we comply with applicable U.S. state privacy laws. Please contact us at privacy@hailyhealth.de if you have questions about your rights under U.S. privacy laws.

App permissions

Our app may request the following permissions to provide you with the best possible experience:

• Camera: For taking photos to associate with your entries, such as food photos for nutritional analysis. This permission is optional and you can use the app without granting camera access.
• Health data: Access to health data platforms such as Apple Health and Google Fit (with your permission). This allows us to automatically import your health and activity data to provide more comprehensive insights. You can manage these connections in your device settings at any time.
• Notifications: For reminders, updates, and personalized insights. You can manage notification preferences in your device settings.
• Storage: For local app data and caching to improve app performance. This helps the app run smoothly and store data temporarily on your device.

Note: You can manage these permissions in your device settings at any time. Granting or revoking permissions may affect certain features of the app, but you can always use the core functionality of Haily regardless of your permission settings.

Communication with you

We might contact you via email, pop-ups or push notifications to share updates with you about Services, offers, promotions, rewards and events. These messages will be based on the Services you have chosen from Haily and the features you interact with.

Opt-out options: You can unsubscribe from marketing emails by clicking the "Unsubscribe" link in the email. Opting out of these marketing emails or notifications will not stop essential Service-related emails. To stop receiving push notifications, adjust your settings on your device. In some cases, we might ask for additional consent for certain communications.

Please note we may contact you through third-party platforms (like social media) with information about our Services, offers, promotions, rewards and events.

Essential communications: We may send you important service-related communications that you cannot opt out of, such as security alerts, account verification messages, and critical service updates.

Presence on social networks

We may use social media to promote Haily and interact with our customers. When you engage with us on these platforms, we process information about you, like your username, profile picture and any comments or posts related to Haily. This information is used solely for engagement purposes.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We review it at least once a year and make updates if needed to ensure it remains accurate. If there are material changes to this policy that we need to tell you about, we will let you know by email or through the App.

The latest updates to this policy are available in the App. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

Material changes: If we make material changes to this Privacy Policy, we will:

• Post a notice in the App
• Send an email notification to registered users
• Update the "Effective as of" date at the top of this policy
• Provide a summary of key changes where appropriate

Contact us

If you have any questions or concerns about your privacy, you may contact us or our data protection officer by writing to us at:

You can also reach us by email at:

• support@hailyhealth.de (for general inquiries and support)
• privacy@hailyhealth.de (for privacy-related inquiries and data protection officer contact)

If needed, you may also contact your local data protection authority. A list of local data protection authorities is available here.