Privacy Policy

1. Data We Collect

We collect the following types of personal data:

Information You Provide

• Name: Your first name for personalizing workout reminders
• WhatsApp Number: Your mobile phone number for sending reminders
• Workout Preferences: Your chosen exercise types, schedules, and reminder times

Data from WhatsApp API

• Message Metadata: Delivery status, timestamps, and read receipts
• Conversation History: Messages sent to and received from you for accountability and service improvement

Technical Data

• Usage Data: How you interact with our service (reminder responses, schedule changes)
• Device Information: Limited technical data required for WhatsApp API communication

2. How We Use Your Data

We process your personal data for the following purposes and lawful bases under GDPR Article 6:

Service Delivery (Contract Performance - Article 6(1)(b))

• Sending personalized workout reminders via WhatsApp
• Managing your workout schedule and preferences
• Processing your account and subscription

Communication (Consent - Article 6(1)(a))

• Responding to your support requests and inquiries
• Sending service-related notifications (only with your consent)

Service Improvement (Legitimate Interests - Article 6(1)(f))

• Analyzing usage patterns to improve reminder effectiveness
• Enhancing our coaching algorithms and message content
• Maintaining conversation logs for accountability and quality assurance

Legal Compliance (Legal Obligation - Article 6(1)(c))

• Complying with applicable laws and regulations
• Maintaining records as required by WhatsApp Business policies

3. Data Sharing and Third Parties

Meta/WhatsApp

When you receive WhatsApp messages from us:

• Your data is processed through the WhatsApp Business API (owned by Meta)
• We share only the necessary data to deliver messages (your phone number and message content)
• Meta's WhatsApp Business Policy and Privacy Policy also apply to your interactions
• Usage is strictly limited to communication with you as our user

Essential Service Providers

We may share data with:

• Hosting Providers: For secure data storage and service delivery
• Payment Processors: For subscription billing (Stripe)
• Support Tools: For customer service (when you contact us)

No Data Sales

We never sell, trade, or rent your personal data to third parties. Data is only shared for essential operational purposes described above.

4. Your Rights Under GDPR

If you are in the EU, you have the following rights regarding your personal data:

• Access (Article 15): Request copies of your personal data and information about how it's processed
• Rectification (Article 16): Correct inaccurate or incomplete personal data
• Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
• Restriction (Article 18): Limit how we process your personal data
• Data Portability (Article 20): Receive your data in a machine-readable format or transfer it to another service
• Objection (Article 21): Object to processing based on legitimate interests
• Withdraw Consent: Revoke consent for processing where consent is the lawful basis

How to Exercise Your Rights

To exercise any of these rights:

• Email us at privacy@pushpal.ai
• Include your name and WhatsApp number for verification
• Specify which right you want to exercise
• We will respond within 30 days as required by GDPR

5. Data Retention

We retain your data for the following periods:

• Active Account Data: For the duration of your subscription plus 30 days
• Workout History: 12 months after last activity for service improvement
• WhatsApp Messages: 180 days for accountability and support purposes
• Consent Records: 3 years for legal compliance
• Financial Records: 7 years as required by law

After these periods, data is securely deleted unless retention is required by law.

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: Data is encrypted in transit (TLS) and at rest (AES-256)
• Access Controls: Limited access to authorized personnel only
• Regular Audits: Security practices are regularly reviewed and updated
• Secure Infrastructure: Industry-standard security measures and monitoring
• Data Minimization: We only collect and process data necessary for our service

7. WhatsApp Consent and Opt-out

• Explicit Consent: We only send WhatsApp messages with your explicit consent during onboarding
• Easy Opt-out: Reply "STOP" to any message or email privacy@pushpal.ai
• Consent Records: We maintain records of your consent for compliance purposes
• Withdrawal: You can withdraw consent at any time without affecting service legitimacy up to that point

8. International Data Transfers

Your data may be transferred to countries outside the EU/EEA. When this occurs:

• We ensure adequate protection through Standard Contractual Clauses or adequacy decisions
• WhatsApp/Meta transfers are covered by their privacy frameworks and safeguards
• All transfers comply with GDPR requirements for international data protection

9. Contact Information

Privacy Contact: For all privacy-related questions or to exercise your rights:

• Email: privacy@pushpal.ai
• Response Time: We will respond within 30 days as required by GDPR

Supervisory Authority: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. When we make changes:

• We will update the "Last updated" date at the top of this policy
• For material changes, we will notify you via WhatsApp or email
• Continued use of our service after changes constitutes acceptance of the updated policy