Privacy policy
Last updated: December 23, 2024
This Privacy Policy describes how allie | The go-to app for hormonal contraception (the "Site", "we", "us", or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from allieapp.com (the "Site") or otherwise communicate with us regarding the Site (collectively, the "Services"). For purposes of this Privacy Policy, "you" and "your" means you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Policy.
Please read this Privacy Policy carefully.
Introduction
This Privacy Policy explains how CUEPOTD LTD trading as ‘allie’ and its affiliated entities (“allie” or “we” or “us”) complies with the provisions of the General Data Protection Regulation (“GDPR”), the UK GDPR and any other applicable data protection laws and regulations. This Privacy Policy explains how allie collects, stores, uses, transfers, and shares personal data from our users (“you”) in connection with the allie mobile application, allie application (the “App”),* and the allieapp.com website, including all subdomains, products and services related to it (the “Website”) (all collectively, the “Services”).
We may change this Privacy Policy from time to time. If the changes are material, we will notify you by email or through the App. If permitted by law, your continued use of the Services after this policy has been updated indicates your acceptance of changes made. In some cases, you will be given a choice to accept changes to this policy. If you do not accept the terms of the updated Privacy Policy, please do not use the Services.
The latest updates to this policy are available on our Website and in the App.
Personal data we collect from you
We collect personal data about you when you interact with the Services. This can be directly from you or from other sources and third parties.
Personal data you provide to us directly:
General information: When you sign up to use the Services, we may collect personal data such as your name, email address, year and month of birth, password, place of residence and location information including time zone and language. We may be able to infer your sex and/or gender by your use of the Services.
You may also choose to input information such as your first name or the name you would like us to call you. This is led by you and it will not affect your use of the Services should you choose not to enter this information.
Well-being: When you use the Services, you can choose to input personal data about yourself, such as your weight; height; body mass index (BMI); body temperature; menstrual cycle dates; pregnancy and details relating to your pregnancy ; other symptoms and stages that are related to your menstrual cycle; perimenopause and menopause symptoms; medical and family health history; general well-being, health and lifestyle choices; symptoms, which may include information relating to your sex life; or other information, like your physical and mental well-being, water intake and sleep duration.
Third-party services (including wearables): With your consent, you may also allow us to connect to third-party services, such as NHS Digital, Apple HealthKit and Google Health Connect or smart wearables, Qura ring or Whoop devices. This enables us to import information about your health and activities into the App without the need for you to log it yourself. This imported data may include fitness activities, weight, height, BMI, calories burned, heart rate, number of steps/distance traveled, body temperature, sleep and other activity data. This data provides you with general insights into your activities and helps us to make better predictions regarding your cycle. We will process this data in order to provide you with App functionality and features. Importing this data is subject to the third party privacy policies and terms. Please also check the applicable terms and privacy policies of the wearable devices that you may use to connect to allie. Your wearable provider may collect usage data relating to your connection for its own business purposes, including to improve its services.
Personal data we collect automatically:
When you access or use the Services, we may automatically collect the following information:
Device information: device model; information about the operating system and its version; unique device identifiers; enabled device accessibility features (e.g., display features, hearing features, and physical and motor features); mobile operator and network information; device storage information or version of your device system.
Location information: IP address for an approximate location (not precise location); time zone or information about your mobile service provider.
Data about your use of the Services, including: frequency of use; areas and features of the Services that you access or use; payment transaction information (excluding full payment card details) or engagement with particular features.
To collect this and other information, we may use cookies and other similar technologies. See more in our Cookie Policy.
Data from external sources: we may receive personal data about you from third parties. For example, we may obtain information from third parties to enhance or supplement your existing information, including to customize your experience and for statistical purposes and analytics.
How we use your personal data
Depending on which features of the Services you use, we will process your personal data based on one or more of the following legal bases (we have included some examples):
- Your consent: you can give us permission to process your health data to provide the Services.
- To fulfill our contractual obligations to you in order to provide the Services to you: we may process your personal data to fulfill our contractual obligation to you for activities such as management of your allie account and other administrative purposes.
- Legitimate interest: we may process your personal data based on our legitimate interests in order to manage our Services better. For example, we may use your personal data in order to:
- identify and fix bugs;
- determine genuine user interaction with the Services (rather than bots);
- monitor the App and analyze its performance and reliability;
- inform you of matters concerning your subscriptions;
- conduct vulnerability scanning to protect the security of the Services; and
- review aggregated App usage trends.
Further examples of our legitimate interests are outlined in the table below. When relying on this legal basis, we first determine that we have a legitimate interest in conducting and managing our business. We then consider and balance potential impacts to you and your rights, to ensure that our interests do not override them.
- Legal obligation: We may be obligated to process some of your personal data to comply with applicable laws and regulations.
Below, we describe the purposes for which we process your personal data and our lawful bases for doing so, including some basic examples:
|
To support the existing functions of the App, including tailored content, insights and materials you see when you use the App based on: the data you provide within the App; the Services you have selected for use (e.g. your selected mode) and the App features you engage with; information obtained from connected third-party services; and certain information provided in onboarding questionnaires. |
Consent |
We use your cycle data to predict your future cycles or ovulation, analyze your data to provide you with new features and Services, and provide certain suggested articles or materials (e.g., symptom pages) to read. |
|
For the customization of product and service offerings and making our recommendations to you, for example through emails or push notifications, including for third-party products and offerings (excluding data from third parties). |
Consent |
We may offer you a discounts |
|
To process transactions and send you related information, including confirmations and reminders for account management and other administrative purposes. |
Contract |
Using your device data, we may send you a reminder (e.g., via push notifications) if your subscription has expired or is due to expire, or we may send you an email containing your invoice, if applicable. |
|
To respond to your comments, questions, requests and to provide customer service. |
Legitimate interest |
We may process your name and email to reply to your support request or to contact you about a specific query or question you have raised. |
|
To review App content, feedback and complaints raised to ensure clinical safety and medical accuracy of the App. |
Legitimate interest |
We may process your name and email to review support requests that require review by our medical team. |
|
To send you: technical notices and updates; security alerts (and investigate incidents); support and administrative messages; and customer satisfaction surveys. |
Legitimate interest |
To request that you update your App to ensure you have access to the latest features. |
|
To integrate data between the Website and App in connection with onboarding users. Please note that information provided during your Website onboarding journey, and before you create an account, will not be stored by allie until your account is created. |
Legitimate interest |
When you sign up for the Services on the Website, we use a third party, for example AppsFlyer, to help us identify you as an existing user when you use the App. |
|
To monitor and analyse trends, usage and activities in connection with our App. |
Legitimate interest |
We may analyse your browsing activity in the App to ensure the App functions as it should in response to your interactions, fix issues and improve your future experience. |
|
Promotional communications regarding our Services. |
Consent |
If you give your consent and we use your personal data, we can post your review or comment on our Website. |
Principles of processing
Data minimization and purpose limitation: We will not process personal data in a way that is incompatible with the purposes for which it has been collected or authorised by you or collect any personal data that is not needed for the mentioned purposes.
No sale of personal data: We will not sell or rent your personal data for monetary gain without your content. We will not disclose your personal data except as otherwise described in this Privacy Policy. We will share your personal data with our service providers who support our Services as described in this Privacy Policy.
Your privacy rights
It does not matter what country, state, or region you come from; we are committed to providing you with individual privacy rights in accordance with the GDPR in relation to your personal data.
What are these rights?
Only you or a person legally authorized to act on your behalf may make a verifiable request related to your personal data.
Correction of your personal data
If you believe that your personal data is inaccurate, you have the right to contact us and ask us to correct such personal data.
Restriction of processing
You have the right to request that the processing of your personal data be restricted in some circumstances. For example, you have the right to request the restriction of your personal data if you contest the accuracy of your personal data and we need some time to verify such accuracy.
Access to your personal data
You have the right to request information about what personal data we process about you, to access all your personal data and to receive a copy of it, including in a structured and portable form (.json). For iOS allie Premium users, the App also enables you to download a report containing some of your personal data from within the App.
Right to data portability
You have the right to request your personal data in a portable form which enables you to, for instance, reuse your data for your individual purposes or different services. In other words, it may allow you to move, copy or transfer personal data from allie in a safe and secure way.
Erasure of your personal data
You have the right to request that we erase your personal data at any time. Please be aware that erasing some personal data may affect your experience using certain features of the Services that rely on historical data.
Objection to the processing of your personal data
You have the right to object to the processing of your personal data, for example, if we process it for direct marketing purposes.
How to exercise your privacy rights
Please email us at jo@allieapp.com to exercise your privacy rights.
If you would like to exercise your right to request erasure of your account, you can visit the settings in your App.
We will address your request within one-month after receipt. It can take us up to 90 days in some cases, for example, for full erasure of your personal data stored in our backup systems. We will let you know if we need more time and explain the reasons for the delay.
We rely on your consent to process your health data to access the Services. You can withdraw this consent by contacting us or deleting your account in the App.
What else?
Please keep in mind that if we receive a vague request, we may contact you to better understand the request. We may also refuse to comply with or charge a reasonable fee for a request that is manifestly unfounded and/or excessive (repetitive) requests.
We will require you to prove your identity. Normally, we will verify that the request is coming from the same email that you provided when registering. If you have not registered your account, we may ask you to undergo additional verification checks to ensure we can appropriately respond to you.
Subject to applicable laws, you may have the right to lodge a complaint with your local data protection authority about any of our activities. If you have any concerns about our privacy practices, please let us know by emailing our team jo@allieapp.com
Third parties processing your personal data
We will not share your personal data with third parties except as specified within this Privacy Policy.
Promoting our Services
With your consent, we may share some of your non-health personal data with a third party like AppsFlyer to promote the Services.
AppsFlyer is a mobile marketing platform that handles your personal data in accordance with our instructions. But using platforms and third parties like these to promote the Services, we are able to reach you and people like you on various platforms and spread the word about allie. If we need to share your personal data with other platforms for this purpose, except as we have explained in this Privacy Policy, we will ask for your consent.
For information relating to processors, we engage to utilise cookies, please refer to our Cookie Policy.
Aggregated information
We may aggregate, anonymise, or de-identify your personal data so that it cannot reasonably be used to identify you. We may share such data with third parties such as academic research institutions or use the data for statistical purposes. For example, we may share or use general age and demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users in articles, blog posts, and scientific publications. Sharing such data may contribute to the advancement of scientific research on female health.
For certain targeted academic or user research studies, we will contact you and rely on your consent. You can withdraw your consent at any time by emailing us at jo@allieapp.com
Information posted by you
The App features several community areas guided groups where users with similar interests can share information and support one another.
Posting your personal data in such groups is not permitted. Any information (including personal data) you share in any online community area or online discussion is by its nature, open to the community. Please think carefully before posting anything that may identify you in any public forum. Remember, what you post can be seen, disclosed to, or collected by others and may be used in ways we cannot control or predict, including to contact you for unauthorized purposes. If you mistakenly post personal data in our community areas and would like it removed, email us at jo@allieapp.com
If you are over 18 years old, you can select the service, in which you permit certain information from your account to be shared with your partner or the cost to be shared with your partner. As the main user, you have full control over this sharing and can stop sharing at any time.
What information will be shared with my partner?
Your partner will have read-only access to the information that you share. This means that they cannot download or edit your information. Your partner can not see or edit: your calendar information that was created prior to your decision to share; your personal notes; any symptoms or feelings that you have logged while using the App; or your interaction with other features in the App.
If logged an abortion, miscarriage or pregnancy in your medical survey when you sign up or if updated at any time, your partner will not have access to any of this information. They will only receive notifications about any changes that may be happening to your body, or possible side effects and symptoms you are experiencing. These will be shared by you, either manually or automatically, and received as a notification on your partners phone.
What data is collected from you as a partner?
If you’re a partner and you are receiving information from the main allie user, we will collect your name and email (in order to create a partner account with allie) and your month and year of birth in order to verify your age. While your gender information is not directly collected, this may be inferred by your use of the App. We will not collect any health data relating to you.
Retention of your personal data
Except as set forth below, we will retain your personal data for as long as needed to provide you with the Services or otherwise fulfill the purposes for which it was collected.
Impact of account deactivation/requests to erase personal data: At any time, you can deactivate your account by following the steps detailed above at ‘How to exercise your privacy rights’. We will address your deletion request within one-month after receipt. It will take us up to 90 days in some cases to complete full erasure of your personal data stored in our backup systems. If you choose to deactivate your account, allie will generally delete all your personal data, and it will not be recoverable should you later create another account.
Impact of App deletion or inactivity: If you choose to delete the App from your device or your account becomes inactive, we will retain your personal data for a period of three years in case you decide to reactivate the Services or reinstall the App. After three years of inactivity, we will delete your personal information. While this is the allie data retention standard, you can still ask for your data to be deleted at an earlier date by contacting us. The App covers different periods of users’ lifecycle; therefore, retention of your data is needed in some cases to secure your smooth experience with other App functions.
Limitations: You should be aware that although we will delete, anonymise or otherwise de-identify your data where possible, we may retain certain personal data and other information after your account has been terminated or deleted. This is as required and permitted by applicable law, like the GDPR, and will include the following circumstances:
- as necessary to comply with legal obligations;
- establishment, exercise or defense of legal claims; and
- for archiving purposes in the public interest, scientific or historical research or statistical purposes.
How do we delete your data?
We use industry-standard methods and procedures to ensure that we securely and permanently delete your personal data from our systems so that it is no longer capable of recovery. These procedures can include automated notifications to some of our processors who process your personal data on our behalf.
Security of your personal data
General security measures
We implement technical and organisational measures in an effort to protect personal data from loss, theft, misuse, and unauthorised access, disclosure, alteration, and destruction, taking into account the nature of the personal data that we process and risks associated with special categories of personal data we collect. For this first version of the app, we will be using Adalo’s security measures, which includes:
Databases are hosted in Tier IV data centers, providing the highest level of physical and operational security. We ensure encryption at rest and in transit to protect data integrity. This infrastructure has been meticulously designed to meet and exceed the standards previously offered in our cloud environment, now optimized as a premium-only ecosystem with the removal of free-tier environments.
We also ensure:
· organisational and legal measures: For example, our employees have different levels of access to your personal data and only access your personal data for limited and necessary purposes required for the operation of the Services. We impose strict responsibility on our employees for any disclosure, unauthorized access, alteration, destruction, or misuse of your personal data; and
- conducting periodical data protection impact assessments in order to ensure that the Services fully adhere to the principles of privacy by design, privacy by default, and others. We also commit to undertake a privacy audit in the event of a merger or takeover.
Please protect your password. Do not share it with others or allow anyone to use your mobile device. You may also wish to add a passcode or enable face ID to access the App for an added layer of protection.
No security system is perfect. Therefore, we cannot guarantee the absolute security of the Services or that your information will not be intercepted while being transmitted to us.
Security breaches
If we learn of a security systems breach, we may either post a notice or attempt to notify you by email and will take reasonable steps to remedy the breach as specified in applicable law and this Privacy Policy. If we learn of a potential personal data breach, together with other actions referred to in the Privacy Policy, we will take actions to remedy the breach as appropriate under the circumstances, which may include logging you out from all the devices, resetting a password (sending a temporary password for you to apply), and performing other reasonably necessary activities.
If you want to report a security incident related to the Services, please email us at jo@allieapp.com
Children’s privacy
General age limitation: The Services are not intended for children, and we do not knowingly collect personal information from children under 13 years old through the Services. If you are aware of anyone under 13 years old using the Services, please email us at jo@allieapp.com and we will take the required steps to delete such information and/or delete the child’s account.
Age limitation for residents of the European Economic Area (EEA), United Kingdom (UK) and Canada: Due to legal requirements, we do not allow the use of the Services by residents of EEA or the UK younger than 16 years old. If you are aware of anyone younger than 16 using the Services, please email us at jo@allieapp.com, and we will take steps to delete such information and/or delete the child’s account.
Some App functions are only available to users over the age of 18 years.
Communication with you
We may contact you from time to time via email or through other means (like pop-ups or push notifications) to communicate with you about Services, offers, promotions, rewards, and events offered by us and provide news and information that we think will be of interest to you. These communications may be based on the Services you have selected for use (e.g. your selected mode) and the App features you engage with.
Opt-out options: You can always opt out of receiving marketing emails by unsubscribing via the “Unsubscribe” link contained in the email. Opting out of these marketing emails or notifications will not end the transmission of service-related emails that are necessary to your use of the Services. You may also opt out of receiving push notifications by adjusting your settings in your device. If required, we may ask some users to provide additional consent for such communications.
Please note that we may contact you with information about Services, offers, promotions, rewards, and events offered by us and others via third-party platforms (like social media).
Presence on social networks
We may use social media platforms to promote allie and engage with our customers. When you interact with us on these platforms, we may process information, such as your username, profile picture, and any comments or posts you make related to allie, for engagement purposes only.
Storage and international personal data transfers
Allie is based in the UK and currently the Personal data we collect is transferred to and processed in the UK and Europe only; where it is governed by EU and UK law) and to other countries (where it is governed by the applicable laws of those countries). These transfers are usually cloud-based, and can occur when you engage with the Services and are subject to our retention policies. The laws of other countries may not offer the same protections as the laws of your jurisdiction.
Transfers of personal data outside of the EEA and the UK
Personal data in the EEA and the UK is protected by the GDPR and the UK GDPR. When transferring personal data outside of these locations, we will always apply appropriate safeguards in accordance with the law to ensure your personal data is protected. For example, we enter into data transfer agreements that incorporate the European Commission approved Standard Contractual Clauses and carry out transfer risk assessments.
For further information, please email us at jo@allieapp.com
Complaints and dispute resolution: We commit to resolve complaints about our collection and use of your personal data. EU, UK, and Swiss individuals with inquiries or complaints regarding our DPFs should first contact us by emailing us at jo@allieapp.com or by mail using the address 26 Alexander Street, London, ENG, W2 5NT, GB.
Contact us
General
Contact
Should you have any questions about our privacy practices or this Privacy Policy, or if you would like to exercise any of the rights available to you, please call or email us at jo@allieapp.com or contact us at 26 Alexander Street, London, ENG, W2 5NT, GB.
For the purpose of applicable data protection laws and if not explicitly stated otherwise, we are the data controller of your personal information.