Privacy Policy for CareBox - Pack

1. Introduction

Welcome to CareBox - Pack (the "App"), a mobile application provided by Digi-Space Ltd ("Company," "We," "Us," "Our"). We are committed to protecting your privacy and handling your personal data in an open and transparent manner.

This Privacy Policy explains how we collect, use, process, share, and protect your personal information when you use our App. It also describes your data protection rights, including a right to object to some of the processing which We carry out.

By downloading, accessing, or using the App, you agree to the terms of this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the App.

2. Definitions

• App: The CareBox - Pack mobile application.
• Personal Data: Any information relating to an identified or identifiable natural person.
• Usage Data: Data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
• User/You: The individual accessing or using our App.
• Data Controller: For the purpose of the GDPR, UK DPA, and other applicable data protection laws, Digi-Space Ltd is the Data Controller of your Personal Data.
• Service Providers: Third-party companies or individuals employed by Us to facilitate the App, provide the App on Our behalf, or assist Us in analyzing how the App is used.

3. Data We Collect

We collect various types of information in connection with the services We provide, including:

A. Information You Provide Directly:

• Account Information: When you create an account, We may collect your userId (a unique identifier from our authentication provider, Clerk), email address, and chosen username.
• Subscription Information: To manage your subscription, We collect data such as your chosen plan, status (e.g., TRIAL, ACTIVE), paymentSource (e.g., Web), platformSubscriptionId (e.g., Google/Apple subscription ID), originalTransactionId, startDate, endDate, trialStartDate, trialEndDate, isTrialUsed, paymentMethodId, lastBillingDate, nextBillingDate, canceledAt, cancelReason, and whether your subscription willRenew. We also store metadata related to your subscription which may include platform-specific data.
• Profile and Usage Preferences: We may store your maxDevices allowed.

B. Information Collected Automatically (Usage Data):

• Device Information: We collect information about the device(s) you use to access the App, including deviceName, deviceId (unique device identifier), os (operating system), model, and fcmToken (Firebase Cloud Messaging token for push notifications).
• Activity Information: We track your lastActive time and whether your device is currently isActive with the App.
• Timestamps: We collect createdAt and updatedAt timestamps for various records such as user accounts, devices, and subscriptions to manage and track these entities.

4. How We Use Your Data

We use your Personal Data for the following purposes:

• To Provide and Maintain Our Service:
  • To create and manage your user account.
  • To authenticate you and ensure the security of your account.
  • To provide the core functionalities of the App.
  • To manage the number of maxDevices associated with your account.
• To Manage Subscriptions and Payments:
  • To process your subscription, including payments, renewals, and cancellations.
  • To manage trial periods and track isTrialUsed.
• To Communicate With You:
  • To send you important service-related announcements, updates, security alerts, and support messages.
  • To respond to your inquiries and provide customer support via support@digi-spaceltd.com.
• For Push Notifications:
  • To send you push notifications via the fcmToken if you have opted-in to receive them. These may include reminders, updates, or promotional messages related to the App. You can manage your push notification preferences in your device settings or App settings.
• To Improve and Personalize the App:
  • To understand how users interact with the App, identify usage trends, and gather analytics to improve its features and user experience.
  • To monitor device activity (lastActive, isActive) for service optimization.
• To Comply with Legal Obligations:
  • To comply with applicable laws, regulations, court orders, or other legal processes.
• To Enforce Our Terms and Protect Our Rights:
  • To enforce Our Terms of Service and other policies.
  • To protect Our rights, property, or safety, and that of Our users or others.

5. Legal Basis for Processing (GDPR & UK DPA)

Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which We collect it.

• Performance of a Contract: We process your Personal Data to provide and maintain the App, manage your account and subscriptions, as these are necessary for the performance of Our contract with you (as set out in Our Terms of Service).
• Consent: We will rely on your consent for certain processing activities, such as sending promotional push notifications or emails (if applicable). Where We rely on consent, you have the right to withdraw it at any time.
• Legal Obligation: We may process your Personal Data where it is necessary for compliance with a legal obligation to which We are subject.
• Legitimate Interests: We may process your Personal Data for Our legitimate interests, such as for improving Our App, analytics, fraud prevention, and security, provided that such interests are not overridden by your data protection interests or fundamental rights and freedoms.

6. Data Sharing and Disclosure

We do not sell your Personal Data. We may share your Personal Data in the following circumstances:

• Service Providers: We share Personal Data with third-party service providers who perform services on Our behalf. These include:
  • Authentication Services: We use Clerk for user authentication. Your userId, email, and username may be processed by Clerk.
  • Push Notification Services: We use Firebase Cloud Messaging (FCM) to send push notifications. Your fcmToken is shared with FCM.
  • Payment Processors: To process subscription payments, We may share necessary subscription and payment information (e.g., paymentMethodId, transaction details) with payment processing partners. (We will ensure these partners are compliant with relevant security standards like PCI-DSS).
  • Analytics Providers: We may use third-party analytics tools to help Us understand App usage.
  • Cloud Hosting Providers: Our App and its data may be hosted on servers provided by third-party hosting services.

  These service providers are contractually obligated to protect your data and are restricted from using your Personal Data for any other purpose.

• Legal Requirements: We may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
• Business Transfers: If We are involved in a merger, acquisition, asset sale, or other business reorganization, your Personal Data may be transferred as part of that transaction. We will notify you before your Personal Data is transferred and becomes subject to a different privacy policy.
• Protection of Rights: We may disclose Personal Data where We believe it necessary to respond to claims asserted against Us, to comply with legal process, to enforce or administer Our agreements and terms, for fraud prevention, risk assessment, investigation, and to protect the rights, property or safety of Digi-Space Ltd, its users, or others.
• With Your Consent: We may disclose your Personal Data for any other purpose with your explicit consent.

7. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. This includes:

• As long as your account is active or as needed to provide you with the App's services.
• To comply with Our legal obligations (e.g., tax, accounting, or other legal requirements).
• To resolve disputes and enforce Our legal agreements and policies.
• For subscription data, We retain it for the duration of the subscription and for a reasonable period thereafter for record-keeping and to handle any post-termination queries or obligations.

Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods. When Personal Data is no longer needed, We will securely delete or anonymize it.

8. Data Security

We implement appropriate technical and organizational security measures designed to protect the security of any Personal Data We process. These measures aim to prevent unauthorized access, disclosure, alteration, or destruction of your information. However, please also remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect your Personal Data, We cannot guarantee its absolute security.

9. International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located in the United Kingdom (UK) or European Economic Area (EEA), this may mean your Personal Data is transferred outside these regions. Where We transfer your Personal Data to countries outside the UK/EEA, We will ensure that appropriate safeguards are in place to protect your Personal Data to the standard required by UK and EU law, such as by relying on an adequacy decision by the relevant authorities or by using Standard Contractual Clauses (SCCs) approved for use in the UK/EEA.

10. Your Data Protection Rights

Depending on your location and applicable data protection laws, you may have the following rights regarding your Personal Data:

Rights under GDPR and UK DPA (for UK and EEA Residents):

• Right to Access: You have the right to request copies of your Personal Data.
• Right to Rectification: You have the right to request that We correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request that We erase your Personal Data, under certain conditions.
• Right to Restrict Processing: You have the right to request that We restrict the processing of your Personal Data, under certain conditions.
• Right to Object to Processing: You have the right to object to Our processing of your Personal Data, under certain conditions, particularly where We are relying on legitimate interests as Our legal basis.
• Right to Data Portability: You have the right to request that We transfer the data that We have collected to another organization, or directly to you, under certain conditions, in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: If We are processing your Personal Data based on your consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing We conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority. For UK residents, this is the Information Commissioner's Office (ICO). For EEA residents, this is your local data protection authority.

Rights under CCPA and CPRA (for California Residents):

The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides California residents with specific rights regarding their personal information. This section describes your CCPA/CPRA rights and explains how to exercise them.

• Right to Know: You have the right to request that We disclose certain information to you about Our collection and use of your personal information over the past 12 months. This includes:
  • The categories of personal information We collected about you.
  • The categories of sources for the personal information We collected about you.
  • Our business or commercial purpose for collecting or (if applicable) selling that personal information.
  • The categories of third parties with whom We share that personal information.
  • The specific pieces of personal information We collected about you.
• Right to Delete: You have the right to request that We delete any of your personal information that We collected from you and retained, subject to certain exceptions.
• Right to Correct Inaccurate Information: You have the right to request We correct any inaccurate personal information that We maintain about you.
• Right to Opt-Out of Sale or Sharing: We do not "sell" your personal information in the traditional sense (i.e., for monetary gain). However, the CCPA/CPRA definition of "sale" and "sharing" (for cross-context behavioral advertising) is broad. If our use of certain third-party services (like analytics or advertising partners) is deemed a "sale" or "sharing" under CCPA/CPRA, you have the right to opt-out of such activities. You can exercise this right by contacting us as detailed below.
• Right to Limit Use and Disclosure of Sensitive Personal Information (SPI): You have the right to direct businesses to only use your SPI (if We collect any that qualifies under CPRA's definition) for limited purposes, such as providing you with the services you requested. We currently do not believe We collect SPI as defined by CPRA that would trigger this specific limitation right beyond the general protections provided.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Categories of Personal Information Collected (CCPA/CPRA):

In the preceding 12 months, We have collected the following categories of personal information, as defined by the CCPA/CPRA:

• Identifiers: such as userId, email, username, deviceId, IP address (collected automatically).
• Customer Records Information (Cal. Civ. Code § 1798.80(e)): such as deviceName, os, model, subscription plan details, payment information (via processors).
• Commercial Information: such as records of subscriptions purchased (plan, startDate, endDate, trial information).
• Internet or Other Electronic Network Activity Information: such as lastActive time, fcmToken, interaction with our App.

"Do Not Track" Signals: Some web browsers may transmit "Do Not Track" signals. Currently, there is no industry standard for how to respond to these signals, so We do not currently take action in response to them.

11. Children's Privacy

Our App is not intended for use by children under the age of 13 (or a higher age threshold if applicable in your jurisdiction, e.g., 16 in some EU countries for GDPR consent). We do not knowingly collect Personal Data from children. If you are a parent or guardian and you are aware that your child has provided Us with Personal Data, please contact Us at support@digi-spaceltd.com. If We become aware that We have collected Personal Data from children without verification of parental consent, We take steps to remove that information from Our servers.

12. Third-Party Links and Services

Our App may contain links to other websites or services that are not operated by Us. If you click on a third-party link, you will be directed to that third party's site or service. We strongly advise you to review the privacy policy of every site or service you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Changes to This Privacy Policy

We may update Our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the App and updating the "Last Updated" date at the top of this Privacy Policy. We may also notify you via email or through a prominent notice on Our Service, prior to the change becoming effective.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or Our data practices, please contact Us: