Privacy Policy for CareBox Pack

1. Introduction

Welcome to CareBox - Pack (the "App"), a mobile application provided by Digi-Space Ltd ("Company," "We," "Us," "Our"). We are committed to protecting your privacy and handling your personal data in an open and transparent manner.

This Privacy Policy explains how we collect, use, process, share, and protect your personal information when you use our App. It also describes your data protection rights, including a right to object to some of the processing which We carry out.

By downloading, accessing, or using the App, you agree to the terms of this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App.

2. Definitions

• App: The CareBox - Pack mobile application.
• Personal Data: Any information relating to an identified or identifiable natural person.
• Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
• User/You: The individual accessing or using our App.
• Data Controller: For the purpose of the GDPR, UK DPA, and other applicable data protection laws, Digi-Space Ltd is the Data Controller of your Personal Data.
• Service Providers: Third-party companies or individuals employed by Us to facilitate the App, provide the App on Our behalf, or assist Us in analyzing how the App is used.

3. Data We Collect

We collect various types of information in connection with the services We provide, including:

A. Information You Provide Directly:

• Subscription Information: To manage your subscription through the App Store or Google Play Store, We collect data such as your chosen plan, status (e.g., TRIAL, ACTIVE), platformSubscriptionId (e.g., Google/Apple subscription ID), startDate, endDate, trialStartDate, trialEndDate, isTrialUsed, and whether your subscription willRenew. We also store metadata related to your subscription which may include platform-specific data from the respective app stores.

B. Information Collected Automatically (Usage Data):

• Activity Information: We collect basic usage data to improve our service and ensure proper functionality.
• Timestamps: We collect createdAt and updatedAt timestamps for subscription records to manage and track these entities.

C. Website Cookies and Analytics:

• Necessary Cookies: These cookies are essential for our website to function properly and cannot be disabled. They include:
  • carebox-cookie-consent - Stores your cookie preferences
  • Security tokens for form protection (CSRF protection)
  • Session management cookies (if user accounts are implemented)
  • Load balancing cookies for website performance
• Analytics Cookies (Optional - Requires Your Consent): We use Google Analytics to understand how visitors interact with our website. These cookies collect anonymous information including:
  • Pages visited and time spent on each page
  • Traffic sources (how you found our website)
  • Device and browser information
  • General geographic location (country/region level)
  • User interactions and website navigation patterns

  Google Analytics Cookies Include: _ga, _ga_*, _gid, _gat

D. Voice and Speech Data:

• Speech-to-Text Processing: When you use voice input features in the App, your speech is processed using your device's native speech recognition service. This processing typically occurs locally on your device (on-device recognition) and does not transmit voice data to external servers. The transcribed text remains within the App and is not shared with third parties unless explicitly stated otherwise in this policy.

4. How We Use Your Data

We use your Personal Data for the following purposes:

• To Provide and Maintain Our Service:
  • To provide the core functionalities of the App.
  • To ensure proper operation and functionality.
  • To maintain and improve our website experience.
• To Manage Subscriptions:
  • To process your subscription through the App Store or Google Play Store, including renewals and cancellations.
  • To manage trial periods and track isTrialUsed.
• Website Analytics and Improvement (With Your Consent):
  • To understand how visitors interact with our website and identify popular content.
  • To analyze website traffic patterns and user behavior to improve our services.
  • To measure the effectiveness of our website content and marketing efforts.
  • To optimize website performance and user experience across different devices and browsers.

  Note: Website analytics data is only collected after you provide explicit consent through our cookie banner. This data is processed by Google Analytics and helps us understand anonymous usage patterns without collecting personally identifiable information.

• To Communicate With You:
  • To send you important service-related announcements and updates.
  • To respond to your inquiries and provide customer support via support@digi-spaceltd.com.
• To Improve and Personalize the App:
  • To understand how users interact with the App, identify usage trends, and gather analytics to improve its features and user experience.
• To Process Voice Input:
  • To convert your speech to text when you use voice input features, enabling hands-free data entry and improved user experience.
• Cookie Management:
  • To remember your cookie preferences and provide you with control over your data.
  • To ensure website security and prevent unauthorized access.
  • To maintain website functionality and user session management.
• To Comply with Legal Obligations:
  • To comply with applicable laws, regulations, court orders, or other legal processes.
• To Enforce Our Terms and Protect Our Rights:
  • To enforce Our Terms of Service and other policies.
  • To protect Our rights, property, or safety, and that of Our users or others.

5. Legal Basis for Processing (GDPR & UK DPA)

Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which We collect it.

• Performance of a Contract: We process your Personal Data to provide and maintain the App and manage your subscriptions, as these are necessary for the performance of Our contract with you (as set out in Our Terms of Service).
• Consent: We will rely on your consent for certain processing activities. Where We rely on consent, you have the right to withdraw it at any time.
• Legal Obligation: We may process your Personal Data where it is necessary for compliance with a legal obligation to which We are subject.
• Legitimate Interests: We may process your Personal Data for Our legitimate interests, such as for improving Our App, analytics, and security, provided that such interests are not overridden by your data protection interests or fundamental rights and freedoms.

6. Data Sharing and Disclosure

We do not sell your Personal Data. We may share your Personal Data in the following circumstances:

• Service Providers: We share Personal Data with third-party service providers who perform services on Our behalf. These include:
  • Payment Processors: Your subscription payments are processed directly through the App Store or Google Play Store.
  • Analytics Providers: With your consent, we use Google Analytics to understand website usage patterns. Google Analytics processes anonymized data about your website interactions, including pages visited, time spent, and general geographic information. This data helps us improve our website and services. You can withdraw consent at any time through our cookie settings.
  • Cloud Hosting Providers: Our App and its data may be hosted on servers provided by third-party hosting services.

  These service providers are contractually obligated to protect your data and are restricted from using your Personal Data for any other purpose.

  Google Analytics: When you consent to analytics cookies, Google Analytics may collect and process data according to Google's Privacy Policy. Google uses this data to provide us with insights about website usage. You can learn more about how Google processes data at policies.google.com/privacy.

• Legal Requirements: We may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
• Business Transfers: If We are involved in a merger, acquisition, asset sale, or other business reorganization, your Personal Data may be transferred as part of that transaction. We will notify you before your Personal Data is transferred and becomes subject to a different privacy policy.
• Protection of Rights: We may disclose Personal Data where We believe it necessary to respond to claims asserted against Us, to comply with legal process, to enforce or administer Our agreements and terms, for fraud prevention, risk assessment, investigation, and to protect the rights, property or safety of Digi-Space Ltd, its users, or others.
• With Your Consent: We may disclose your Personal Data for any other purpose with your explicit consent.

7. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. This includes:

• As long as needed to provide you with the App's services.
• To comply with Our legal obligations (e.g., tax, accounting, or other legal requirements).
• To resolve disputes and enforce Our legal agreements and policies.
• For subscription data, We retain it for the duration of the subscription and for a reasonable period thereafter for record-keeping and to handle any post-termination queries or obligations.

Usage Data is generally retained for a shorter period, except when this data is used to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods. When Personal Data is no longer needed, We will securely delete or anonymize it.

8. Data Security

We implement appropriate technical and organizational security measures designed to protect the security of any Personal Data We process. These measures aim to prevent unauthorized access, disclosure, alteration, or destruction of your information.

Voice Data Security: Voice input processing utilizes your device's native speech recognition capabilities, which typically process speech locally on your device without transmitting voice data to external servers. This provides enhanced privacy protection for your voice data.

However, please also remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect your Personal Data, We cannot guarantee its absolute security.

9. International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located in the United Kingdom (UK) or European Economic Area (EEA), this may mean your Personal Data is transferred outside these regions. Where We transfer your Personal Data to countries outside the UK/EEA, We will ensure that appropriate safeguards are in place to protect your Personal Data to the standard required by UK and EU law, such as by relying on an adequacy decision by the relevant authorities or by using Standard Contractual Clauses (SCCs) approved for use in the UK/EEA.

10. Your Data Protection Rights

Depending on your location and applicable data protection laws, you may have the following rights regarding your Personal Data:

Rights under GDPR and UK DPA (for UK and EEA Residents):

• Right to Access: You have the right to request copies of your Personal Data.
• Right to Rectification: You have the right to request that We correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request that We erase your Personal Data, under certain conditions.
• Right to Restrict Processing: You have the right to request that We restrict the processing of your Personal Data, under certain conditions.
• Right to Object to Processing: You have the right to object to Our processing of your Personal Data, under certain conditions, particularly where We are relying on legitimate interests as Our legal basis.
• Right to Data Portability: You have the right to request that We transfer the data that We have collected to another organization, or directly to you, under certain conditions, in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: If We are processing your Personal Data based on your consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing We conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. For UK residents, this is the Information Commissioner's Office (ICO). For EEA residents, this is your local data protection authority.

Rights under CCPA and CPRA (for California Residents):

The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides California residents with specific rights regarding their personal information. This section describes your CCPA/CPRA rights and explains how to exercise them.

• Right to Know: You have the right to request that We disclose certain information to you about Our collection and use of your personal information over the past 12 months. This includes:
  • The categories of personal information We collected about you.
  • The categories of sources for the personal information We collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of third parties with whom We share that personal information.
  • The specific pieces of personal information We collected about you.
• Right to Delete: You have the right to request that We delete any of your personal information that We collected from you and retained, subject to certain exceptions.
• Right to Correct Inaccurate Information: You have the right to request We correct any inaccurate personal information that We maintain about you.
• Right to Opt-Out of Sale or Sharing: We do not "sell" your personal information in the traditional sense (i.e., for monetary gain). However, the CCPA/CPRA definition of "sale" and "sharing" (for cross-context behavioral advertising) is broad. If our use of certain third-party services (like analytics providers) is deemed a "sale" or "sharing" under CCPA/CPRA, you have the right to opt-out of such activities. You can exercise this right by contacting us as detailed below.
• Right to Limit Use and Disclosure of Sensitive Personal Information (SPI): You have the right to direct businesses to only use your SPI (if We collect any that qualifies under CPRA's definition) for limited purposes, such as providing you with the services you requested. We currently do not believe We collect SPI as defined by CPRA that would trigger this specific limitation right beyond the general protections provided.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of Personal Information Collected (CCPA/CPRA):

In the preceding 12 months, We have collected the following categories of personal information, as defined by the CCPA/CPRA:

• Commercial Information: such as records of subscriptions purchased (plan, startDate, endDate, trial information) through the App Store or Google Play Store.
• Internet or Other Electronic Network Activity Information: such as interaction with our App and basic usage data.

"Do Not Track" Signals: Some web browsers may transmit "Do Not Track" signals. Currently, there is no industry standard for how to respond to these signals, so We do not currently take action in response to them.

11. Managing Your Cookie Preferences

How to Manage Cookies:

• Cookie Settings Gear: Look for the gear icon (⚙️) in the bottom-left corner of our website to access your cookie preferences at any time.
• Initial Banner: When you first visit our website, you'll see a cookie banner where you can choose to "Accept All," "Necessary Only," or "Customize" your preferences.
• Granular Control: In the detailed view, you can toggle analytics cookies on or off while necessary cookies remain active for website functionality.

Cookie Categories:

Browser Settings:

You can also manage cookies through your browser settings. However, disabling necessary cookies may affect website functionality. Here are links to cookie management in popular browsers:

• Google Chrome
• Firefox
• Safari
• Microsoft Edge

12. Children's Privacy

Our App is not intended for use by children under the age of 13 (or a higher age threshold if applicable in your jurisdiction, e.g., 16 in some EU countries for GDPR consent). We do not knowingly collect Personal Data from children. If you are a parent or guardian and you are aware that your child has provided Us with Personal Data, please contact Us at support@digi-spaceltd.com. If We become aware that We have collected Personal Data from children without verification of parental consent, We take steps to remove that information from Our servers.

13. Third-Party Links and Services

Our App may contain links to other websites or services that are not operated by Us. If you click on a third-party link, you will be directed to that third party's site or service. We strongly advise you to review the privacy policy of every site or service you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

14. Changes to This Privacy Policy

We may update Our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the App and updating the "Last Updated" date at the top of this Privacy Policy. We may also notify you through a prominent notice on Our Service, prior to the change becoming effective.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or Our data practices, please contact Us: