Zolt Privacy Policy

Last Updated: September 1, 2024

Introduction

Welcome to Zolt!

Zolt Labs LLC, which we will refer to as “Zolt,” is deeply committed to safeguarding your personal information, which we’ll call “Personal Data.” This privacy notice (“Privacy Notice” or simply “Notice”) explains our practices regarding your Personal Data, how we protect it, and what rights you may have under applicable data protection and privacy laws.

As a quick note – your health data is processed and stored primarily on-device. Some user data, like your email you signed up with, is stored on servers, naturally.

Summary of Our Privacy Notice

At Zolt, we prioritize your privacy. We want you to be aware that:

  1. We Don’t Sell Your Personal Data: Your Personal Data is not sold to third parties.
  2. No Cross-Behavioral Advertising: Unlike many other apps, we don’t share your data for cross-behavioral advertising. As a premium app, we don’t engage in such practices.
  3. You Have Control: We aim to make managing your Personal Data straightforward. You can:
    • Delete Your Data: Request deletion of your personal data via Data & Privacy by selecting “Delete Your Account.” Note that this doesn’t cancel your subscription, which you manage through your phone’s app store.
    • Edit Your Data: Correct or update your personal information in your Profile tab or by contacting our support team.
    • Download Your Data: Request a copy of your data through the app via Data & Privacy by selecting “Generate Spreadsheet.”
    • Unsubscribe from Emails: Opt out of our emails using the Unsubscribe option at the bottom of each email.
  4. List of Third Parties That Process Your Personal Data:
    • If you download or use the app, including its customer support, Knowledge Base and roadmap features:
      • PostHog (USA)
      • Apple Inc (USA)
    • If you visit the website:
      • Google, LLC (USA)
      • Vercel (USA)
    • If you are an affiliate:
      • PayPal Holdings, Inc. (USA)
      • RevenueCat, Inc. (USA)
    • If you engage with us on social media or see our ads:
      • Meta Platforms, Inc. (USA)
      • Microsoft Corp. (USA)
      • reddit Inc. (USA)
      • X Corp (USA)
      • TikTok Inc (USA)
  5. You Can Contact Us At Any Time: For any questions or privacy concerns, reach out to:
  6. Your Privacy Matters To Us: We are genuinely committed to transparency and implementing the best privacy practices. For more details on how we handle your data, please refer to our detailed privacy notice below.

What Does this Privacy Notice Cover?

This Privacy Notice covers your interactions with us in various ways, such as:

  • Using Our App: When you use Zolt, we collect and process your Personal Data to provide our services.
  • Getting Help and Providing Feedback: If you need assistance or share thoughts via our help center, feedback portal, or roadmap portal, we handle your Personal Data there too.
  • Visiting Our Website: When you visit zolthealth.com, this Privacy Notice applies to your data.
  • Social Media: We may engage with you on our social media sites, and this Notice describes how we handle your data there. This includes our Facebook, Twitter, Instagram, TikTok, YouTube, and LinkedIn pages.
  • Partnering with Businesses: We clarify how your data is involved in collaborations with business partners.
  • Staying in Touch: When we communicate about our products and services, your Personal Data is treated with care.
  • Participating in the Zolt Affiliate Referral Program: When you join our Affiliate Referral Program, we collect and process your Personal Data as necessary to facilitate this program.

What This Privacy Notice Does Not Cover

This Privacy Notice does not apply to:

  • Zolt Personnel: Except where indicated otherwise, this notice doesn’t cover the Personal Data of our employees, interns, job applicants, contractors (excluding participants of our Affiliate Referral Program), business owners, directors, officers, and medical staff. They have their own privacy arrangements.
  • Non-Personal Data: If the information we have cannot identify an individual or household, this Notice doesn’t apply. However, we’ll do our best to describe our processing of non-Personal Data, such as aggregate data.
  • The Use of Your Personal Data Determined by Others: For instance, when you interact with us on social media or open a PayPal account to receive payment for your participation in the Affiliate Referral Program, we can’t control what the social media platform or PayPal do with your Personal Data beyond our requests. This Notice includes links to the privacy notices of third parties who might collect and use your Personal Data during your interactions with Zolt, so you can review them.

Our Role With Respect to Your Personal Data

In the context of this Notice, Zolt plays the role of a “data controller” or “business” for the Personal Data we process. This means we decide how and why your Personal Data is collected and used.

Legal Justifications for Processing Your Personal Data

To use your Personal Data, we must have a valid reason, which under some laws is called the “lawful basis for processing” or “legal grounds for processing.” We may process your Personal Data based on these reasons:

  • Your Consent: Sometimes, we’ll use your Personal Data because you actively indicated it’s okay that we do so. This includes, for example, when you agree to receive our newsletter or choose to share any non-mandatory information in our app.
  • Keeping Our Agreement Obligations: This includes using your Personal Data to fulfill our agreement with you by, for example, providing requested customer support or informing you of changes to our terms or to your subscription, or pay you for your participation in the Affiliate Referral Program.
  • Legitimate Interests: We sometimes use your Personal Data because we believe it’s in our best interest or the interest of someone else. Legitimate interests work when we use your Personal Data in ways that make sense and don’t intrude on your privacy much. Or when we have a very good reason for it. Here is what it normally means for us:
    • Product Improvement: Zolt may use data to enhance its app’s features and functionality, making it more useful and user-friendly.
    • Customer Engagement: Keeping users, subscribers and others informed about updates, new features, and nutrition-related content that may interest them.
    • Research and Development: Using aggregated and anonymized data to conduct research on nutrition trends and user behavior to improve the app.
    • Marketing and Promotion: Promoting the app to a wider audience and providing tailored recommendations based on user data.
    • Security and Fraud Prevention: Protecting the app and its users from security threats, fraud, and abuse.
    • Legal Compliance: Ensuring compliance with relevant laws and regulations, including the rules from other countries besides yours.
    • Business Operations: Managing day-to-day operations and ensuring the app’s sustainability and growth.
  • Following the Law: This includes processing your Personal Data to follow the law, such as keeping records of your cookie choices to comply with EU law, such as the e-Privacy Directive and the General Data Protection Regulation.
  • Other Reasons: This includes using your data for any other reason that the law allows.

If we use legitimate interests as the reason for using your Personal Data, you can ask us for more details about why we think it’s a good idea. Just get in touch using the contact details provided.

When we use your Personal Data because you gave us permission (consent), you can change your mind at any time. However, this will not undo the things we did with your data before you changed your mind. It also will not change the things we are allowed to do with your data based on other reasons.

How Long We Keep Your Personal Data

We retain your Personal Data for as long as necessary for the purpose we collected it and in accordance with our data retention policies. For specific retention periods for each use of your Personal Data, refer to this section.

We keep and use your Personal Data as required to meet legal obligations, resolve disputes, and enforce our agreements and policies. If we use your data for multiple purposes, we retain it until the purpose with the longest retention period expires, discontinuing use for shorter periods. Our retention periods align with our business needs and industry standards.

International Transfers of Your Personal Data

Our company is based in the USA, and our service providers operate globally. When your Personal Data is safeguarded by EU or UK General Data Protection Regulation, before sending it to parties outside the European Economic Area or the UK, we will do one of two things:

  1. Seek your consent; or
  2. Demand privacy and security: We will ensure the third party maintains the same level of privacy and security for your data as we do.

We are accountable for the protection of your Personal Data when we transfer it to others. We use safeguards like the Data Privacy Framework or the Standard Contractual Clauses (also known as the “SCCs”) approved by the European Commission under Article 46.2 of the GDPR. In some cases, the authorities of a country may have determined that the laws of other countries provide a level of protection equivalent to domestic law. You can see here the list of countries that the European Commission recognized as providing an adequate level of protection to personal data, and here the list of countries recognized by the UK.

What Privacy Rights Do You Have?

You have specific rights regarding your Personal Data that we collect and process. In this section, we first describe those rights and then we explain how you can exercise those rights.

Right to Know What Happens to Your Personal Data

This is also known as the right to be informed. It means that you can ask us for all the information about how we handle your Personal Data. This includes, for example, how we collect and use it, how long we will keep it, and who it will be shared with, among other things.

We are informing you of how we process your Personal Data with this Notice.

We will make every effort to let you know how we use your Personal Data. Yet, if we did not get your data directly from you, the GDPR does not require us to inform you in these cases: (1) When it is impossible or too costly to provide the information. (2) When the law obliges us to gather or share the data. (3) If the Personal Data must stay confidential because of professional or other secrecy obligations.

Right to Know What Personal Data Zolt Has About You

This is called the right of access. This right allows you to (1) get confirmation of whether we process Personal Data about you (2) ask for full details of the Personal Data we hold about you; (3) get a copy or access to the Personal Data.

Once we receive and confirm that the request came from you or your authorized agent, you can ask us for:

  • The categories of your processed Personal Data.
  • The categories of sources for your Personal Data.
  • Our purposes for processing your Personal Data.
  • Where possible, the retention period for your Personal Data, or, if not possible, the criteria used to determine the retention period.
  • The categories of third parties with whom we share your Personal Data.
  • Details on automated decision-making and its implications.
  • The specific pieces of Personal Data we process about you in a shareable format.
  • Disclosure details if we sold or disclosed your data.
  • Specific legitimate interests if we rely on them for processing.
  • The appropriate safeguards used to transfer Personal Data from the EEA or the UK to a third country, if applicable.

To obtain a copy of your data, go to Data & Privacy and select Generate Spreadsheet. Note that we are working on adding all types of Personal Data to the spreadsheets.

Under some circumstances, we may deny your access request and provide for the denial.

For security and legal compliance, we cannot disclose certain sensitive information like Social Security numbers, driver’s license numbers, financial account numbers, health insurance or medical IDs, passwords, or security questions and answers. However, we can inform you if we have such information without disclosing specific details.

Right to Change Your Personal Data

This is called the right to rectification. It gives you the right to ask us to correct without undue delay anything that you think is wrong with the Personal Data we have on file about you, and to complete any incomplete Personal Data.

If you are having trouble changing the information yourself in your Profile tab or editing your entries, please contact us and we will do our best to change the Personal Data for you or help you edit it yourself.

Right to Delete Your Personal Data

This is called the right to erasure, right to deletion, or the right to be forgotten. This right means you can ask for your Personal Data to be deleted. To delete your account and data, go to Data & Privacy and select Delete Your Account. This will not cancel your subscription, which you can manage through your phone’s app store.

Sometimes we can delete your information, but other times it is not possible for either technical or legal reasons. If that is the case, we will consider if we can limit how we use it. We will also inform you of our reason for denying your deletion request.

Right to Ask Us to Limit How We Process Your Personal Data

This is called the right to restrict processing. It is the right to ask us to only use or store your Personal Data for certain purposes. You have this right in certain instances, such as where you believe the data is inaccurate or the processing activity is unlawful.

Right to Ask Us to Stop Using Your Personal Data

This is called the right to object. This is your right to tell us to stop using your Personal Data. You may have this right where we rely on a legitimate interest of ours (or of a third party). You may also object at any time to the processing of your Personal Data for direct marketing purposes. If you receive a mass email from us and no longer wish to receive communications, simply look for the “Unsubscribe” option at the bottom of the email.

We will stop processing the relevant Personal Data unless: (i) we have compelling legitimate grounds for the processing that override your interests, rights, or freedoms; or (ii) we need to continue processing your Personal Data to establish, exercise, or defend a legal claim.

Right to Port or Move Your Personal Data

This is called the right to data portability. It is the right to ask for and receive a portable copy of your Personal Data that you have given us or that you have generated by using our services, so that you can:

  • Move it;
  • Copy it;
  • Keep it for yourself; or
  • Transfer it to another organization.

We will provide your Personal Data in a structured, commonly used, and machine-readable format. When you request this information electronically, we will provide you a copy in electronic format.

To obtain a copy of your data, go to Data & Privacy and select Generate Spreadsheet. Note that we are working on adding all types of Personal Data to the spreadsheets.

Right Related to Automated Decision Making

We sometimes use computers to study your Personal Data. We might use this Personal Data so we know how you use our services. For decisions that may seriously impact you, you have the right not to be subject to automatic decision-making, including profiling. But in those cases, we will always explain to you when we might do this, why it is happening, and the effect.

Right to Withdraw Your Consent

Where we rely on your consent as the legal basis for processing your Personal Data, you may withdraw your consent at any time. In most cases, this will mean deleting your entry from your profile. If you withdraw your consent, our use of your Personal Data before you withdraw is still lawful.

If you have given consent for your details to be shared with a third party and wish to withdraw this consent, please also contact the relevant third party in order to change your preferences.

Generally, you will just need to delete the entry or profile information to withdraw your consent.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Unless the applicable data protection laws permit it, we will not:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

How Can You Exercise Your Privacy Rights?

To exercise any of the rights described above, please submit a request by either:

  • Contacting us by email at hi@zolthealth.com; or
  • Contacting our support team within the app;

Verifying Your Identity

In order to correctly respond to your privacy rights requests, we need to confirm that YOU made the request. Consequently, we may require additional information to confirm that you are who you say you are.

If you submit requests through your password-protected accounts, your identity is already confirmed. However, for requests sent through other methods, we will verify your identity by asking a few questions.

We will only use the Personal Data you provide us in a request to verify your identity or authority to make the request.

Verification of Authority

If you are making a request on someone else’s behalf, we need to verify your authority to act for them. Please provide proof that the individual authorized you to make this request. This can include:

  • Signed permission from the individual.
  • A valid power of attorney.
  • Proof of parental responsibility or legal guardianship.

Alternatively, you may ask the individual to directly contact us by using the contact details above to verify their identity with Zolt and confirm with us that they gave you permission to submit this request.

Response Timing and Format of Our Responses

We aim to acknowledge the receipt of your request within ten (10) business days. In this communication, we will describe our identity verification process (if required) and provide an estimated response time, unless the request has already been approved or denied.

Please allow us up to a month to reply to your requests from the day we received your request. If we need more time (up to 90 days in total), we will inform you of the reason and the extension period in writing.

If we cannot satisfy a request, we will explain why in our response.

We will not charge a fee for processing or responding to your requests. However, if we find that your request is excessive, repetitive, or groundless, we may charge a fee. In such cases, we will explain the reason for the fee and provide a cost estimate before proceeding.

Privacy of Children

The Zolt app is not directed at, or intended for use by, children under the age of thirteen.

Data Integrity & Security

We are strongly committed to keeping your Personal Data safe. We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect your Personal Data from unauthorized processing. Unauthorized processing includes unauthorized access, exfiltration, theft, disclosure, alteration, or destruction. Some of those measures include encryption, access control measures, and we also have dedicated teams to look after privacy. However, it is important to note that we cannot guarantee full security if you continue to use a deprecated version of the app. To ensure the best protection for your Personal Data, we recommend keeping your app up-to-date.

Right to Lodge a Complaint with a Supervisory Authority

If the EU or the UK General Data Protection apply to our processing of your Personal Data, you have the right to lodge a complaint with a supervisory authority if you are not satisfied with how we process your Personal Data.

Specifically, you can lodge a complaint in the Member State of the European Union of your habitual residence, place of work, or the alleged violation of the GDPR. In the UK, you can lodge a complaint with the UK Information Commissioner’s Office.

Changes to this Notice

If we make any material change to this Notice, we will post the revised Notice to this web page and notify our users. We will also update the “Effective” date. By continuing to use our Services after we post any of these changes, you accept the modified Notice.

Contact Us

If you have any questions about this Notice or our processing of your Personal Data, or want to submit a privacy right request, please email us at hi@zolthealth.com or use the support feature within the app.

Please allow up to four weeks for us to reply.