CBT Therapy Privacy Policy

 

1. Data Usage

1.1 If you are a CBT Therapy user without an account created

Your personal information and tracking data will only be stored on your device, to which CBT Therapy has no access. However, CBT Therapy cannot guarantee the security of your data storage. In case of data loss due to the loss or replacement of your mobile phone, or any other reason, CBT Therapy cannot provide you with data recovery services.In addition, if you don't have an account created, CBT Therapy will only receive data provided by your device while using CBT Therapy, such as your IP address, type of operating system (Android or iOS), device type and model, network provider, etc. Such information helps us identify application failures so that we can solve problems for you. It also helps us continuously optimize CBT Therapy the application.However, if you are using a third-party service (such as iCloud) for the backup, you may have transferred all your personal data stored on your device onto this third party. If this is the case for you, please read the privacy policy of this third-party service carefully to ensure the security of your personal data.

1.2 If you are a CBT Therapy user with an account created

1.2.1 Contact Data:

Including your email address and phone number. This information will be collected by us if you communicate with us, for example if you use the links on our Platform to communicate with us via email.

1.2.2 Identifiers:

Including your User ID and Device ID. We use this for App functionality and link to your identity.

1.2.3 Usage Data:

Including product interaction. We use this for App functionality and analytics.

1.2.4 Physical Data:

This may include your gender identity and age.

1.2.5 Session Data:

This includes your IP address, your device’s unique identifier details, browser details including version, device operating system, geo-location, time zone setting and time/date of access requests, the amount of data transmitted and the requesting provider. We may also capture other information about visits to our Platform such as pages viewed and traffic patterns. Since you have created a CBT Therapy account, CBT Therapy will help store the data you have locally entered on a cloud server. You can log in to your account on any device and synchronize your data. CBT Therapy will also process such data in order to provide personal insights, notifications and reminders sending, as well as other services.You may revoke your consent at any time and ask CBT Therapy to delete your account. Once your account is deleted, all your data will be destroyed at the same time.CBT Therapy will not share your personal data with any third-party service providers, unless when it needs to do so to provide you with the features you request, such as sharing data with Apple Health Center.

1.3 Others

When you send a message to our service team or contact us by any means, we will keep a record of our communication and the information you've submitted (including your email address), in order for us to respond to your enquiry and provide assistance.In addition, our application has the feature of log uploading. The upload needs to be initiated by you. The uploaded logs help us solve the program problems for you remotely. CBT Therapy will not trigger this feature by itself.

2. Data Security

We will adopt various security measures to avoid the abuse, alteration or loss of personal data within our reach, as well as follow the best practices of the industry and open principle that are known by the users when transferring or storing your data. While we cannot eradicate the abuse, loss and alteration of information, we will reasonably prevent such problems from occurring.

2.1 How we transfer and store personal data

In the CBT Therapy application, your password will be stored using the one-way hash encryption method. We will not be able to decrypt it. All your data will be encrypted using the HTTPS before being transferred between your device and the CBT Therapy server. Your profile picture, test strips, examination reports and other file data will be stored securely in our file storage service. Other data you've logged will be stored securely in our structured storage service. Such data can only be accessed by your logging in to your CBT Therapy account.

3. The EU General Data Protection Regulation (GDPR)

We will comply with the laws and regulations stipulated by the GDPR. For users in the EU, we will inform them the relevant matters at the most prominent position in the CBT Therapy application when they log on for the first time and ask if they authorize CBT Therapy to use their data in order to provide them with services. CBT Therapy will only collect the relevant data of the users and provide the relevant services after obtaining the authorization and consent from the users.

4. Third-Party Applications

4.1 Sensors Data

CBT Therapy uses the data statistics and analysis services provided by Sensors Data. Such services can help us understand how users interact with our application and how to optimize the user experience. Sensors Data uses your identifier for advertising (Apple's IDFA or Google Play's ID), as well as modified IP address of your mobile device and modified address of your MAC for data statistics, which guarantees that the data will not be associated with you or make you personally identifiable in any way possible. By using our services, you expressly agree to the use and processing of the said collected data.

4.2 Amazon S3

CBT Therapy uses the file storage services provided by Amazon S3. Such services are used to store the physical data and other file data uploaded by users. Users can only access the user data stored on Amazon S3 by logging in to the CBT Therapy application and applying for the access tokens to our application server. All data stored on Amazon S3 are encrypted using HTTPS while being transferred or accessed.

4.3 Amazon RDS

CBT Therapy uses the structured storage services provided by Amazon RDS. Such services are used to store all the non-file information users have logged in the application, such as personal information and health data. Users can only access the user data stored on Amazon RDS by logging in to the CBT Therapy application and calling the API of our application server. All user information access APIs have strict authentication and access control. All data stored on Amazon RDS are encrypted using HTTPS while being transferred or accessed.

5. Emails

CBT Therapy will use the contact details in your personal information and send you text messages or emails when necessary. Content generally includes operational health knowledge or notifications pushed, or some promotional information that may be of interest to you.In order to provide such services, CBT Therapy may forward your email address and other data to third-party providers for them to send the emails or text messages. Such service providers include Google, which may process your email address and send you messages via email, and Yunpian, which may process your mobile number and send you text messages.The privacy policies for these services can be found on the websites of their companies. They both comply with the general privacy policies and the privacy laws and regulations where they provide the relevant services.

6. About

Bongmi Limited. reserves the right to revise this Privacy Policy at any time. When, among other things, the relevant laws and regulations, our data collection, use practice and service features change, we will also make the corresponding adjustment. When we believe that there are major revisions, we will notify you via the application, website or email.