Updated On: 18th May 2024

Welcome to Shape U’s (Managed By MU TECH SOLUTION) Privacy Policy. We hold the sincere belief that you should always know what data we collect from you, the purposes for which such data is used, and that you should have the ability to make informed decisions about what data you want to share with us.

This is why we want to be fully transparent about: (i) how and why we collect, store, share and use your personal data through the various capacities in which you interact with us; and (ii) the rights that you have to determine the parameters of this interaction.

While we would strongly advise you to read the Policy in full, the following summary will give you a snapshot of the salient points covered herein:

• Your personal data relationship with Shape U varies based on the capacity in which you interact with us/avail of our products and services (“Services”). You could be: (i) a visitor to https://www.theshapeu.com (“Website”) or any pages thereof (“Visitor”); or (ii) a person who has an account with Shape U to avail our Services (“Registered User”);
• Based on whether you are a Visitor or Registered User, the type of data we collect and the purpose for which we use it will differ and this Policy details such variations;
• This Policy applies to all the Services provided by Shape U through the Website, App or any other associated website of Shape U;
• This Policy is a part of and should be read in conjunction with our Terms of Service; and
• This Policy will clarify the rights available to you vis-à-vis the personal data you share with us.

If you have any queries or concerns with this Policy, please contact our Grievance Officer. If you do not agree with the Policy, we would advise you to not visit/use the Website or the App.

1. INFORMATION WE COLLECT AND HOW WE USE IT

TYPE OF USER	VISITOR/UNREGISTERED USER	REGISTERED USER
WHAT DATA WE MAY COLLECT	Your IP Address; Your location; How you behave on the Website, (what pages you land on, how much time you spend, etc.); What device you use to access the Website and its details (model, operating system, etc.); Cookies and web beacon data; and/or Photos containing food items ("Food Photos”) that you upload through our [Snap feature];	Your name, age, gender, phone number, e-mail address, mailing address; Your height, weight; Your lifestyle, food preferences, medical conditions (if any), health goals or other fitness regimes; Your ethnicity, genetics, health or sexual orientation; Username or other relevant unique identifier; How you behave on the Website, (what pages you land on, how much time you spend, etc.); Credit card/debit card/other payment mode information to facilitate payments for our Services; Your IP Address; Your location unless you deactivate location services in the relevant section of the Website/App; How you behave in the relevant product environment and use the features; What device you use to access the Website/App and its details (model, operating system, etc.); Cookies and web beacon data.; Food Photos in case the ‘auto-snap’ feature is enabled on the App; and All health data through the integration with Google Health Connect, including your heart rate, number of steps taken,etc.
HOW AND WHY WE USE IT	We use this information to analyse and identify your behaviour and enhance the interactions you have with the Website. If you submit your details and give us your consent, we may use your data to send you e-mails/newsletters, re-target Shape U advertisements or re-market our Services using services from third-parties like Facebook and Google. The Food Photos will be collected, stored and processed in terms of Section 2 below.	We collect this data in order to help you register for and facilitate provision of our Services. We use this data to show age appropriate content and advertisements. We use this data to track your nutrition, weight and fitness regimes. We use the data from the device you access our Website/App to identify the login information of multiple users from the same device. We use this data to prepare a specific diet plan and training regime for you. We use this data to enable you to make payments for our Services. We use a third-party service provider to manage payment processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of payment processing on our behalf. We use this data for processing your requests, enquiries and complaints, customer services and related activities. We use this data to communicate about existing or new offers, content, advertisements, surveys, key policies or other administrative information. We also use this data to provide you with informative features and services that are developed by us from time to time. We also use this data for providing, testing, improving, or recommending the Services. We also use this data for analytics and reviews to improve the Services. We also use this data to provide support to law enforcement agencies or in connection with an investigation on matters related to public safety, as permitted by law or anti-fraud activities/systems. If you give us your consent, we may send you newsletters and emails to market other products and services we may provide. The Food Photos will be collected, stored and processed in terms of Section 2 below. We use your health data collected through the integration with Google Health Connect to provide personalized insights and recommendations to help you improve your well-being and access relevant health-related offerings through our App.

2. SPECIAL CATEGORIES OF DATA

PERSONAL DATA: We may collect and process ‘special categories of personal data’ such as ethnic origin, genetics, health or sexual orientation, which are considered sensitive. We use this special category of personal data, for example to provide specialized diet plan and exercise routines. We require your explicit consent to collect and process special categories of personal data. You may refuse or revoke your consent at any time, please see the section about 'Your Rights & Preferences As A Data Subject In The EU' below. A limited number of our personnel will have access to special categories of personal data provided by you.

FOOD PHOTOS - SNAP:

With your prior consent, the following activities may be undertaken with respect to your Food Photos:

1. FILTERING: The Food Photos will be analyzed on your device (i.e., without storing them on our servers) to check the type of data contained therein. Using our technology, we will, to the extent possible, blur any and all contents other than food.
2. STORAGE: Thereafter, such Food Photos will be stored in our servers to help you track your nutrition and achieve your health goals. When you give us permission to access your photo gallery, we will only collect and store the Food Photos you choose to track on our App. We will not upload any other photos or data from your device. To provide more nuance, we would like to clarify that the decision to classify photos as food or non-food is made by algorithms, not through human review. Furthermore, this algorithm operates solely on the device, and no photo is transferred to our server unless the algorithm determines that it is a food photo. It is important to understand that the algorithm may occasionally misclassify non-food photos as food photos. While we are constantly reviewing and improving our code to reduce such occurrences, there is still a chance that your photo may be uploaded even if it is not a food photo. If you are registered with us and intend to use the ‘auto-snap’ feature, please note that you can decide if we can access the photos in your gallery, and we're open about how we use them.
3. UTILIZATION. We analyse the Food Photos you choose to track using our proprietary technology to determine the nutritional content of your meals. We do not share your information with any third parties.
4. DATA SECURITY: We take the security of the Food Photos seriously and have implemented industry-standard security measures to protect such data from unauthorized access or disclosure. All data is encrypted and stored on secure servers that are regularly monitored and updated.
5. DATA RETENTION: We keep your Food Photos as needed, then delete them. You could choose to remove them manually if so desired.
6. CONSENT: If no consent is provided by you, we will not analyze or collect any Food Photos. You will still be able to avail of the other functionalities of our App.
3. WHAT ARE THE COOKIES AND WEB BEACONS REFERRED TO ABOVE?

TYPE OF FILE	COOKIES	WEB BEACON
WHAT THEY DO	Cookies are text files which are sent from our server and downloaded to your device when you visit our Website. They are useful because they allow us to recognize your device when you return. You can disable them through your browser should you so wish. We use cookies to see which parts of our Website are used by Registered Users/Visitors and to record the number of visits to our Website. You can find more information about cookies at: www.allaboutcookies.org	Web beacon (also known as Clear GIF, Web Bugs or Pixel Tag) is a tiny picture file embedded on the Website/App that tracks your behaviour and navigation. It is similar to a cookie in what it does, but it does not get downloaded on to your device. We use web beacons to manage cookies, record visits, and to learn marketing metrics. We also use web beacons to track and monitor email opening rates as well as link clicks. You can find more information about web beacons at: http://www.allaboutcookies.org/faqs/beacons.html
WHAT THEY WON’T DO	Contain any executable software, malicious code or virus.

Usually, browsers have default setting to accept cookies until you change your browser settings. You can choose to reject and remove cookies from our Website by changing your browser settings. If you reject or remove our cookies, it could affect how our Website works.

FOR THE AVOIDANCE OF ANY DOUBT, WE SHOULD CLARIFY THAT IN THE EVENT WE ANONYMIZE AND AGGREGATE INFORMATION COLLECTED FROM YOU, WE WILL BE ENTITLED TO USE SUCH ANONYMIZED DATA FREELY, WITHOUT ANY RESTRICTIONS OTHER THAN THOSE SET OUT UNDER APPLICABLE LAW.

4. YOUR RIGHTS & PREFERENCES AS A DATA SUBJECT IN THE EU

It might have come to your attention that a new law was passed in the European Union (EU) called the General Data Protection Regulation (GDPR). The GDPR gives certain rights to individuals who are EU data subjects, in relation to their personal data.

Subject to the GDPR and applicable law’s limitations, the rights afforded to you if you are an EU data subject are:

RIGHT TO BE INFORMED You have a right to be informed about the manner in which any of your personal data is collected or used which we have endeavoured to do by way of this Policy.	RIGHT OF ACCESS You have a right to access the personal data you have provided by requesting us to provide you with the same.
RIGHT TO RECTIFICATION You have a right to request us to amend or update your personal data if it is inaccurate or incomplete.	RIGHT TO ERASURE You have a right to request us to delete your personal data.
RIGHT TO RESTRICT You have a right to request us to temporarily or permanently stop processing all or some of your personal data.	RIGHT TO OBJECT You have a right, at any time, to object to our processing of your personal data under certain circumstances. You have an absolute right to object to us processing your personal data for the purposes of direct marketing.
RIGHT TO DATA PORTABILITY You have a right to request us to provide you with a copy of your personal data in electronic format and you can transmit that personal data for using another third-party’s product/service.	RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISION-MAKING You have a right to not be subject to a decision based solely on automated decision making, including profiling.

In case you want to exercise the rights set out above you can contact our Grievance Officer whose details are set out in Section 16 below.

The data provided by you as a Visitor, or when you sign up as a Registered User for our Services will be processed by us for the purpose of rendering Services to you or in order to take steps prior to rendering such Services, at your request. Where such data is not being used by us to render Services to you, we shall explicitly seek your consent for using the same. You can choose to withdraw this consent at any time by writing to us at mailsupport@theshapeu.com Additionally, we may process your data to serve legitimate interests.

Accordingly, the grounds on which we can engage in processing are as follows:

NATURE OF DATA	GROUNDS
Visitor Data	Consent; Performance of a Contract; and Legitimate Interest.
Account Registration Data	Performance of a Contract; and Legitimate Interest.
Special Categories of Personal Data	Consent; and Performance of a Contract.
Payment Data	Legitimate Interest; and Performance of a Contract; and Compliance with applicable laws.
Service Usage Data	Performance of a Contract; and Legitimate Interest.
Data for Marketing our Services	Consent; and Legitimate Interest.
Personal Stories	Consent.

If you believe we have used your personal data in violation of the rights above or have not responded to your objections, you may lodge a complaint with your local supervisory authority.

5. PUBLISHED CONTENT

Any success stories, comments, messages, blogs, scribbles etc. posted/ uploaded/ conveyed/ communicated by you on the public sections of the Website/App becomes published content. We may publish such published content on our Website/App so long as you consent. You may request that such published content be taken down at any time and we shall remove such published content. However, we are not responsible for any actions taken by third-parties with respect to such published content.

6. INFORMATION WE GET FROM OTHERS

We may receive data about you from other sources i.e., expert calls, smart watch, surveys, and such data may be added to our Website/App from time to time. Such data may include your behaviour towards various content posted on our Website/App from other sources. We use the data collected from other sources to prepare a specific diet plan and training regime for you. We also use this data for providing, testing, improving, or recommending the Services.

7. RETENTION OF PERSONAL INFORMATION

We will store any personal data we collect from you as long as it is necessary in order to facilitate your use of the Services and for ancillary legitimate and essential business purposes – these include, without limitation, for improving our Services, attending to technical issues, and dealing with disputes.

Your personal data will primarily be stored in electronic form. We may enter into agreement with third parties to collect, store, process your personal data but under full compliance with applicable laws. In the event, you have any telephonic interactions with our customer representatives, the call data is recorded and stored on the Amazon Web Services (AWS) for training and quality purposes.

We may need to retain your personal data even if you seek deletion thereof, if it is needed to comply with our legal obligations, resolve disputes and enforce our agreements.

If you are a Registered User, please be advised that after you terminate your usage of a Service, we may, unless legally prohibited, delete all data provided or collected by you from our servers.

8. TRACKING BY OUR ADVERTISEMENT PARTNERS

Upon receiving your specific consent, we may share the data we collect from cookies or web beacons with our advertisement partners to track your visits, establish your non-personal identity and present you with targeted advertisements about our Services.

9. COMPLIANCE WITH CHILDREN’S ONLINE PRIVACY PROTECTION ACT

As a business service, we neither knowingly collect or store nor use any personal data of any child. Children under the age of 18 (or such other minimum age prescribed under law of the relevant territory) a should seek the consent of their parents before providing any information about themselves, their parents, or other family members on our Website/App.

10. TRANSFER OF INFORMATION

In the ordinary course of business, we may employ other companies and people to assist us in providing certain components of our Services in compliance with the provisions of this Policy. To do so, we may need to share your data with them.

Where applicable – if the entities to which these transfers are effected are not situated in countries deemed ‘adequate’ by the European Commission or are not registered under the EU-US Privacy Shield framework, we shall enter into appropriate Data Protection Addendums with the transferee parties that comprehensively protect your data. We shall also put in place industry-standard technical and organizational measures (including robust data handling policies) to ensure that such transfers are completed in accordance with applicable laws.

Some of the examples of where we may sub-contract processing activities to third parties include—record keeping, data analysis, marketing assistance, processing payments, and providing customer service.

11. THIRD PARTY LINKS

We may display links to third-party websites or applications on our Website or App for advertising or providing you with relevant content. We will not be responsible for such third-party websites or applications if you choose to access them. If you provide any data to such website/application, please ensure you read their policies given that you will no longer be bound by this Policy in doing so.

We may receive data whenever you visit a third-party link through our Website/App which includes the date and time of your visit to the third-party website, the web address or URL, technical information about the IP address, browser and the operating system you use and, if you are logged into Shape U, your username.

12. INTEGRATION WITH GOOGLE – LIMITED USE POLICY

We have integrated the App with services provided by Google to: (a) enable you to sign in to the App using your existing Gmail ID; and/or (b) provide insights and analysis of your health. To this end, please note that any collection, storage, use and/or transfer of your data that is received from:

1. Google API will, at all times, adhere to Google API Services User DataPolicy, including the limited use requirements prescribed therein; and
2. Google Health Connect will, at all times, adhere to the Health Connect Permissions Policy, including the limited use requirements prescribed therein.

To summarize, Shape U's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the concerned Limited Use requirements.

13. COMPELLED DISCLOSURE

In addition to the purposes set out in the Policy, we may disclose any data we collected or processed from you if it is required:

• under applicable law or to respond to a legal process, such as a search warrant, court order, or subpoena;
• to protect our safety, your safety or the safety of others or in the legitimate interest of any party in the context of national security, law enforcement, litigation, criminal investigation or to prevent death or imminent bodily harm;
• to investigate fraud, credit risk or violation of our Acceptable Use Policy;
• in connection with legal proceedings brought against Shape U, its officers, employees, affiliates, customers or vendors;
• to establish, exercise, protect, defend and enforce our legal rights; or
• when we do a business deal or negotiate a business deal, or our assets are merged or acquired by the other business entity, or during restructuring of business or re-organization, we may have to share information provided by you with the other business entities.
14. SECURITY OF YOUR PERSONAL INFORMATION

We implement industry-standard technical and organizational measures by using a variety of security technologies and procedures to help protect your data from unauthorized access, use, loss, destruction or disclosure. When we collect particularly sensitive data (such as a credit card number or your geo-location), it is encrypted using industry-standard cryptographic techniques including but not limited to PBKDF2, AES256, TLS1.2 & SHA256.

The collection, storage, usage, and sharing of your data by the Company shall be in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and other applicable laws.

Your password is your first line of defence once you set up a Shape U account, we recommend that you set a strong password which you never share with anyone.

We have taken appropriate steps for the security and protection of all our digital platforms including internal applications, however, we shall not be responsible for any breach of security or the disclosure of personal data for reasons outside our control, such as hacking, social engineering, cyber terrorism, espionage by third parties, or any events by way of force majeure such as sabotage, fire, flood, explosion, acts of God, civil commotion, strikes or industrial action of any kind, riots, insurrection, war or acts of government.

15. ACCESS, CORRECTION & DELETION

You may request access, correction or updation, and deletion of the data by contacting support@theshapeu.com You may note that deletion of certain data or withdrawal of consent may lead to cancellation of your registration with us or your access to our Services.

Based on technical feasibility, we will provide you with access to all your personal and sensitive personal data that we maintain about you. We will perform verification before providing you access to this data.

You may opt out of our marketing emails by clicking on the ‘opt-out’ link provided in the emails. However, we may still send you non-marketing emails about your accounts or any other transactions with you.