Privacy Policy

Last updated: March 24, 2025

CarpalCare ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application globally.

We comply with applicable data protection laws worldwide, including but not limited to the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Canadian PIPEDA, Brazilian LGPD, UK GDPR, and other regional privacy laws. This policy uses GDPR as its baseline standard, with additional rights for specific regions where applicable.

Data Controller Information

CarpalCare is the data controller responsible for your personal data. You can contact us at:

Email: [email protected]

Information We Collect

We collect and process the following categories of information:

  • Usage Data: Information about how you use the app, including viewed exercises, feature usage, and interaction patterns (Legal basis: Legitimate interests for app improvement)
  • Device Information: Device type, OS version, unique device identifiers, and app version (Legal basis: Legitimate interests for technical support)
  • Cached Data: Exercise videos temporarily stored on your device for faster loading on subsequent views (Legal basis: Performance of contract)
  • User Preferences: Settings like favorites, video download preferences, and app configuration (Legal basis: Performance of contract)
  • Analytics Data: Anonymous analytics and crash reports via Firebase (Legal basis: Legitimate interests for service improvement)

Important: We do not collect personally identifiable information such as names, email addresses, or health records. All exercise data remains stored locally on your device.

Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on the following legal grounds:

  • Performance of Contract: To provide app functionality and features you request
  • Consent: For analytics data collection, obtained when you agree to proceed with app usage after the initial notice
  • Legitimate Interests: To fix critical bugs and ensure app security and stability
  • Legal Obligations: To comply with applicable laws and regulations

How We Use Your Information

  • To provide and maintain app functionality
  • To analyze app performance and usage trends
  • To identify and fix technical issues or crashes
  • To improve user experience and develop new features
  • To comply with legal obligations

Data Retention

We retain data for different periods depending on the type:

  • Local device data: Retained until you delete it through app settings or uninstall the app
  • Analytics data: Aggregated analytics data retained for up to 14 months
  • Crash reports: Retained for 90 days

International Data Transfers

We operate globally and use Firebase Analytics and Crashlytics (Google services), which may transfer data internationally. Your anonymous data may be processed in countries outside your residence, including the United States and European Union.

We ensure appropriate safeguards for international transfers:

  • Google's adherence to Standard Contractual Clauses approved by the European Commission
  • Appropriate technical and organizational security measures
  • Compliance with local data transfer requirements where applicable

Note: Some countries (such as China and Russia) have data localization requirements. If you are in these jurisdictions, please be aware that using our app involves international data transfers.

Third-Party Services

We use the following third-party services:

  • Firebase Analytics & Crashlytics (Google): For anonymous usage analytics and crash reporting
    Google Privacy Policy

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

Your Privacy Rights

Important Notice: CarpalCare does not collect personally identifiable information. We only collect anonymous analytics data that cannot be linked to individual users. This means we cannot identify specific users in our data to fulfill certain privacy rights requests.

While privacy laws grant you certain rights, our ability to act on these rights is limited by the anonymous nature of our data collection:

For EU/EEA Residents (GDPR Rights)

  • Right of Access: Since we don't collect personally identifiable data, we cannot provide personal data linked to you. You can view all data stored on your device through the app.
  • Right to Rectification: Local data on your device can be modified through app settings. We cannot correct anonymous analytics data.
  • Right to Erasure: You can delete all local data through app settings or by uninstalling. We cannot delete specific anonymous analytics data.
  • Right to Restriction: You can restrict processing by disabling analytics in your device settings.
  • Right to Data Portability: All your personal exercise data is already stored locally on your device and accessible to you.
  • Right to Object: Since analytics is required for app usage, you can object by choosing not to use the app.
  • Right to Withdraw Consent: You can withdraw consent by uninstalling the app. Analytics collection is required for app functionality.
  • Right to Lodge a Complaint: You may file a complaint with your local data protection authority if you believe we are not complying with GDPR.

For California Residents (CCPA/CPRA Rights)

  • Right to Know: We can explain what categories of data we collect (as listed in this policy), but cannot provide specific data about you since we don't collect personally identifiable information.
  • Right to Delete: You can delete local data via app settings. We cannot delete specific anonymous analytics data as it's not linked to you.
  • Right to Opt-Out: Analytics collection is required for app usage. If you do not wish to share anonymous analytics, please do not use the app.
  • Right to Non-Discrimination: We provide equal service to all users regardless of privacy choices.
  • Right to Correct: You can modify local data through the app. We cannot correct anonymous analytics data.
  • Right to Limit Use: We don't collect sensitive personal information.

California "Do Not Sell" Notice: CarpalCare does not sell, rent, or share your personal information with third parties for monetary or other valuable consideration.

Additional Regional Rights

For Canadian Residents:

  • Under PIPEDA, you have rights similar to GDPR including access, correction, and complaint rights
  • You may file complaints with the Privacy Commissioner of Canada

For Brazilian Residents:

  • Under LGPD, you have rights similar to GDPR including access, correction, deletion, and portability
  • You may contact ANPD (Brazilian Data Protection Authority)

For UK Residents:

  • You have the same rights as EU residents under UK GDPR
  • You may contact the Information Commissioner's Office (ICO)

For Asia-Pacific Residents:

  • Australia: Rights under the Privacy Act and APPs
  • Japan: Rights under APPI including disclosure and correction
  • Singapore: Rights under PDPA including access and correction
  • South Korea: Rights under PIPA including access, correction, and deletion

For All Other Regions:

We respect privacy rights under your local laws. Contact us to exercise any rights available in your jurisdiction. We will respond according to your local legal requirements.

How to Exercise Your Rights

Due to our privacy-focused design using only anonymous data, here's how you can exercise your rights:

  • Access your data: All personal data is stored locally on your device and accessible through the app
  • Delete your data: Use the privacy settings in the app to clear all local data, or uninstall the app
  • Stop analytics collection: The only way to stop analytics is to uninstall the app, as analytics are required for app functionality
  • General inquiries: Email [email protected] for questions about our data practices

If you contact us with a privacy request, we will:

  • Explain what data we collect and how we use it
  • Guide you on how to manage your local data
  • Confirm that analytics data is anonymous and cannot be linked to you
  • Respond within 30 days (or 45 days for complex requests)

Note: We cannot provide, modify, or delete specific user data from our analytics because it is anonymous and not linked to individual users. Analytics collection is required for app usage - if you do not consent to anonymous analytics, please do not use the app.

Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit
  • Regular security assessments
  • Limited access to analytics data
  • Local storage of personal exercise data on your device only

Children's Privacy

Age restrictions vary by region:

  • United States: Not intended for children under 13
  • EU/UK: Not intended for children under 16
  • South Korea: Not intended for children under 14
  • All other regions: Not intended for children under the age of consent in your jurisdiction

We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately so we can delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date and through the app. Your continued use after changes constitutes acceptance of the updated policy.

Contact Us

For any questions about this Privacy Policy or to exercise your rights:

Email: [email protected]

Data Protection Authorities by Region:

  • EU: Your local data protection authority
  • UK: Information Commissioner's Office (ICO)
  • Canada: Privacy Commissioner of Canada
  • Brazil: ANPD (Autoridade Nacional de Proteção de Dados)
  • California: California Privacy Protection Agency

By using CarpalCare, you acknowledge that you have read and understood this Privacy Policy.

Back to Home