Effective from 1st November 2021
This privacy policy outlines what data we collect, why, and how we store it. We hope you find it clear and informative, but if you have any questions at all please don't hesitate to contact our Data Protection Officer:
Who we are
When this policy talks about "Chronic Insights", "us", "we" or "our", it means Chronic Insights Ltd, a private limited company registered in England, UK, and our registered office address is TusPark, Maybrook House, 27 Grainger Street, Newcastle upon Tyne, United Kingdom, NE1 5JE. Our company registration number is 11543455.
When this policy talks about the "App", it means the Chronic Mindfulness mobile app available on the Google Play Store and Apple App Store.
The purpose of our data collection
Chronic Insights Ltd was founded by James Allen who has ankylosing spondylitis, a painful and long-term health condition, to help other people live better with chronic illness. The mission of the company is to alleviate suffering by helping people with long term health conditions live better lives.
To help achieve this mission, we collect some anonymised data to help us identify problems with the app, and to collect anonymous feedback. Privacy is a central value to Chronic Insights. This is why we don't collect or sell any personal information (data which can be linked to you personally). For example, we do not collect email addresses, names, telephone numbers, IP addresses, location / GPS.
Categories of data we collect
Crash Data
All Crash Data is anonymous. Crash Data contains the following information which is collected if the app suffers a crash or error:
What time the App crashes or develops an error
Technical details of the crash or error
The version of the App
Information about your device (make and model, technical specs)
Feedback
Beta testers are able to submit feedback about the app. This includes things like:
Star ratings
Comments and suggestions
Android Advertising ID
If you are using the app on an Android device, your Android Advertising ID is used to help us optimise our ads for the App. This means that if you download the App via an ad, and you accept this privacy policy, your Android Advertising ID is used to optimise ads in the future by sending the following items of information to Facebook:
When you installed the app
When you launch the app
When you purchase a subscription
Crash information relating to the collection of your Android Advertising ID
Chronic Insights does not collect or store your Android Advertising ID, or use it in any other way other than outlined above. We do not use it to target advertising at you (in fact, we do not show any paid advertising in the App at all).
How we collect your data
Crash Data
Crash Data are collected, stored and processed by Sentry Inc, a GDPR-compliant data processor.
Feedback
Feedback is stored by Airtable, a GDPR-compliant data processor.
Android Advertising ID
If you are using the app on an Android device, your Android Advertising ID is sent to Facebook via the Facebook SDK.
How we use your data
Crash Data
Crash Data collected by us will be used in the following ways:
to rectify usability problems with the App which make it hard to use
to design new features which will make the App more useful to you
to remove or redesign features which are not useful to you
to investigate, fix and patch software bugs and design flaws
Android Advertising ID
If you are using the app on an Android device, your Android Advertising ID is used to optimise our own ads for the App. This means that when you install, launch and purchase a subscription, this information is sent to Facebook with your Android Advertising ID, and this is used by Facebook to optimise the targeting of adverts for the App to other users.
Sharing personal data with others
All data we collect is anonymous. By design, this means that we cannot share or sell your personal data.
Sharing anonymous data with others
Crash Data
Anonymous crash Data are collected, stored and processed by a data processor called Sentry Inc (address: 132 Hawthorne St, San Francisco, CA 94107). Sentry is a GDPR-compliant data processor certified under the EU-US Privacy Shield Framework. You can request a copy of our data processing agreement between Chronic Insights Ltd and Sentry Inc by emailing our Data Protection Officer at:
Airtable
Feedback data are stored by a data processor called Airtable (headquarters: San Francisco, CA). Airtable is a GDPR-compliant data processor certified under the EU-US Privacy Shield Framework. You can request a copy of our data processing agreement between Chronic Insights Ltd and Airtable by emailing our Data Protection Officer at:
Retention periods
Crash Data
Telemetry and Crash Data are only retained for as long as necessary to fulfil the purposes for which we process this data for.
Crash Data will be retained for as long as it takes to rectify the software error causing the crash, roll out a new version of the app, and verify that the problem has been resolved.
Telemetry data will be retained for as long as it is useful in identifying problems with the design and usability of the App, and how users use the App.
As this data is strictly anonymous, we are unable to identify any specific user's data.
Feedback
Feedback data are only retained for as long as necessary to fulfil the purposes for which we process this data for (identifying problems with the app, what features are working well, what features are not working well, and the collection and processing of suggestions, ideas and other feedback from beta testers).
Data storage and security
We have carefully designed the App and our servers to never store any data which can be personally linked back to you.
We follow best practice security measures to ensure that our App and servers are secure and maintained using the latest software updates, and to minimise the possibility that any personally identifiable data is accidentally transmitted, lost, used or accessed in an unauthorised way, altered or disclosed.
Some of your anonymous data is processed on our behalf by data processors as specified in this Privacy Policy. All our data processors are GDPR-compliant, and have entered into Data Protection Agreements with Chronic Insights Ltd.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach.
Data deletion
As all data collected is anonymous, we are unable to accommodate requests to delete your data from our servers, since by design we cannot identify which data are yours.
Changes to this policy
We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. By continuing to use our App after any changes are made and we have notified you of them, the way we use your data will be subject to the terms of the updated policy.
Contact us
For any questions or concerns, you can contact us by sending an email to: