1. Data Usage
1.1 If you are a InFasting user without an account created
Your personal information and fasting tracking data will only be stored on your device, to which InFasting has no access. However, InFasting cannot guarantee the security of your data storage. In case of data loss due to the loss or replacement of your mobile phone, or any other reason, InFasting cannot provide you with data recovery services.
In addition, if you don't have an account created, InFasting will only receive data provided by your device while using InFasting, such as your IP address, type of operating system (Android or iOS), device type and model, network provider, etc. Such information helps us identify application failures so that we can solve problems for you. It also helps us continuously optimize InFasting the application.
1.2 If you are a InFasting user with an account created
We will collect and store the following data you have entered:
• Personal information: including your age and profile picture. You can choose not to provide such data.
• Fasting data: the fasting data you have entered, such as your plan type, fasting records, and other log items supported by the application.
Since you have created a InFasting account, InFasting will help store the data you have locally entered on a cloud server. You can log in to your account on any device and synchronize your data. InFasting will also process such data in order to provide personal insights, notifications and reminders sending, as well as other services.
You may revoke your consent at any time and ask InFasting to delete your account. Once your account is deleted, all your data will be destroyed at the same time.
InFasting will not share your personal data with any third-party service providers, unless when it needs to do so to provide you with the features you request, such as sharing data with Apple Health Center.
When you send a message to our service team or contact us by any means, we will keep a record of our communication and the information you've submitted (including your email address), in order for us to respond to your enquiry and provide assistance.
In addition, our application has the feature of log uploading. The upload needs to be initiated by you. The uploaded logs help us solve the program problems for you remotely. InFasting will not trigger this feature by itself.
2. Data Security
We will adopt various security measures to avoid the abuse, alteration or loss of personal data within our reach, as well as follow the best practices of the industry and open principle that are known by the users when transferring or storing your data. While we cannot eradicate the abuse, loss and alteration of information, we will reasonably prevent such problems from occurring.
2.1 How we transfer and store personal data
In the InFasting application, your password will be stored using the one-way hash encryption method. We will not be able to decrypt it. All your data will be encrypted using the HTTPS before being transferred between your device and the InFasting server. Your profile picture, test strips, examination reports and other file data will be stored securely in our file storage service. Other data you've logged will be stored securely in our structured storage service. Such data can only be accessed by your logging in to your InFasting account.
3. The EU General Data Protection Regulation (GDPR)
We will comply with the laws and regulations stipulated by the GDPR. For users in the EU, we will inform them the relevant matters at the most prominent position in the InFasting application when they log on for the first time and ask if they authorize InFasting to use their data in order to provide them with services. InFasting will only collect the relevant data of the users and provide the relevant services after obtaining the authorization and consent from the users.
4. Third-Party Applications
4.1 Sensors Data
InFasting uses the data statistics and analysis services provided by Sensors Data. Such services can help us understand how users interact with our application and how to optimize the user experience. Sensors Data uses your identifier for advertising (Apple's IDFA or Google Play's ID), as well as modified IP address of your mobile device and modified address of your MAC for data statistics, which guarantees that the data will not be associated with you or make you personally identifiable in any way possible. By using our services, you expressly agree to the use and processing of the said collected data.
4.2 Amazon S3
InFasting uses the file storage services provided by Amazon S3. Such services are used to store the profile pictures, test strip photos, examination report photos and other file data uploaded by users. Users can only access the user data stored on Amazon S3 by logging in to the InFasting application and applying for the access tokens to our application server. All data stored on Amazon S3 are encrypted using HTTPS while being transferred or accessed.
4.3 Amazon RDS
InFasting uses the structured storage services provided by Amazon RDS. Such services are used to store all the non-file information users have logged in the application, such as personal information and health data. Users can only access the user data stored on Amazon RDS by logging in to the InFasting application and calling the API of our application server. All user information access APIs have strict authentication and access control. All data stored on Amazon RDS are encrypted using HTTPS while being transferred or accessed.
InFasting will use the contact details in your personal information and send you text messages or emails when necessary. Content generally includes operational health knowledge or notifications pushed, or some promotional information that may be of interest to you.
In order to provide such services, InFasting may forward your email address and other data to third-party providers for them to send the emails or text messages. Such service providers include Google, which may process your email address and send you messages via email, and Yunpian, which may process your mobile number and send you text messages.
The privacy policies for these services can be found on the websites of their companies. They both comply with the general privacy policies and the privacy laws and regulations where they provide the relevant services.