MyFoodDiary Privacy Policy

MyFoodDiary
Attn: Data Protection Officer
1600 Harmony Hall
Lexington, KY 40502

Information from all users

As is true of most websites, we gather certain information automatically and store the data in server log files. This data includes the visitor’s browser type, language preference, referring site, file requested, IP address, and the date and time of each file request. This information is used to analyze trends, administer and secure our services, track user movement in the aggregate, and gather broad demographic information for aggregate use.

Information from users with accounts

We collect personal data required to fulfill our obligations under our Terms of Service. This data is used to provide a personalized user experience and offer fitness recommendations based on your particular needs. For example:

• We collect basic account information, such as your name, email address, username and password that helps provide you with access to our services.
• As part of the sign-up process, we collect billing information in order to process your payment and guard against credit card fraud, such as name on card, billing address, credit card number, expiration date, and card security code. We do not store your complete credit card number or card security code. Instead, we provide this information to a credit card processor that securely stores this information.
• In order to provide tailored fitness recommendations and estimates, we collect body metrics, lifestyle choices, and fitness goals, such as date of birth, gender, height, weight, body frame, whether you smoke or drink, and whether or not you are vegetarian, pregnant, or nursing.
• Once an account is fully created, we collect daily dietary and exercise details, such as date/time and type of food eaten or exercise performed. Additionally, users may record personal notes, hours of sleep, and body metrics, including waist circumference, blood sugar levels, and blood pressure.
• We offer a member forum, which provides a venue for our members to share information and provide or receive encouragement. When you submit a post in the general forum, the following information will be available to all users: a) the contents of your post, b) your username, c) your profile image, d) the date you joined MyFoodDiary, d) the number of posts submitted, e) date of last post, f) a list of topics you created, and g) your location (optional). If you submit a post in a private group, only members of that group (and possibly our employees) can view the previously mentioned information. You also have the option of providing additional details about yourself in your profile.
• We collect information from devices and apps you connect to our services. For example, you may choose to connect your Fitbit and MyFoodDiary accounts. Once connected, personal data may be synced between your accounts.

Information from affiliates

In order to join our Affiliate Program, you will need to provide your contact information and website address. We use this information to aid in the tracking of referrals and to pay you. Your information will not be distributed to any third parties, and you will not have access to any of our members’ personal data.

Information not collected

We do not intentionally collect sensitive personal information, such as social security numbers, genetic data, health status, or religious affiliation. Although we do not intentionally collect any sensitive personal information, we recognize that you might wish to store this information in your account, such as in your personal notes. If you store any sensitive personal information on our servers, you are responsible for complying with any regulatory controls regarding that data.

Children under 13 years of age are not permitted to create or use a MyFoodDiary account. We do not knowingly collect information or direct any of our content specifically to children under 13. If you live in a country with a different minimum age limit and you are below the minimum age for providing consent for data collection, you may not use our services without obtaining your legal guardians' consent.

MyFoodDiary processes personal information on the following legal bases:

• Pursuing our legitimate interests of fulfilling our Terms of Service and providing a customized experience to our members.
• Keeping our service safe and secure, which is a legitimate interest of MyFoodDiary and our members. For example, credit card companies require us to keep logs of IP addresses that access MyFoodDiary, which can aid in an investigation in the event of a security breach.
• Pursuing our legitimate interest of improving and marketing our services.

Service providers

We share your personal data with your consent or as necessary to complete transactions, communicate with you, or provide services you have requested. For example, we share your credit card information with our credit card processor in order to complete the transaction. We do not sell personally identifiable information to 3rd parties.

3rd party app data sharing

When you choose to share your MyFoodDiary data with another online service (e.g., Fitbit, Facebook, and Twitter), we will send the data you have agreed to share. Information collected by these third parties is subject to their terms of service and privacy policies. We are not responsible for the practices of third parties.

Legal necessity

We reserve the right to disclose your personally identifiable information as required by law, including complying with court orders and other legal or regulatory processes. Additionally, we may share personal data with law enforcement, our legal counsel, or other consultants as needed to protect our business interests, employees, members, and the general public from fraud, abuse, and other harmful acts.

Aggregate information

We may share aggregated demographic information and analyses about our user base with our partners. This data does not contain personally identifiable information. For example, we may share the gender distribution of our membership with our affiliates.

Google Analytics

Google Analytics provides us with statistics about our site traffic. We also use Remarketing with Google Analytics for advertising purposes. Third-party vendors, including Google, show our ads on sites across the Internet. We and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on someone's past visits to our website.

We will not facilitate the merging of personally identifiable information with non-personally identifiable information unless we have robust notice of and the user's affirmative consent (i.e., opt-in) to that merger.

Visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings or by installing the Google Analytics opt-out browser add-on.

Web beacons

We use web beacons (typically invisible images) to track advertising performance on various ad networks, including Bing, Google, and Facebook. These networks may also show you targeted ads based on your browsing activity. You can opt out of these behavioral ads at http://preferences-mgr.truste.com/

Copyright notices

We may share your information with third parties when we forward Digital Millennium Copyright Act (DMCA) notifications, which will be forwarded as submitted to us.

Preventing serious bodily harm

We may retain, preserve or disclose your information if we determine that disclosure is reasonably necessary or appropriate to prevent death or serious bodily injury.

Business transitions

In the event MyFoodDiary or its parent company, Aligned Web Solutions, Inc., goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personally identifiable information will likely be among the assets transferred. You will be notified via prominent notice on our website for 30 days of any such change in ownership or control of your personal information.

We use cookies (and similar technologies) to keep you logged in, remember your preferences, and provide a customized user experience. By using our services, you agree that we may store these small bits of text on your computer or device. We do not recognize or respond to browser-initiated Do Not Track signals, as the internet industry has not fully developed Do Not Track standards, implementations and solutions. If you configure your browser to reject cookies, you will not be able to log in or use our member services.

We take data security seriously. We have implemented a variety of technical and procedural controls to meet the Payment Card Industry Data Security Standards (PCI DSS) for handling your sensitive data, including the use of security scanning services, firewalls, security patches, web application firewalls, data encryption, and intrusion detection systems.

In order to secure your information during transmission, we offer data encryption using Transport Layer Security (TLS) technology. Secure URLs begin with https:// rather than http://. Our security certificate is supplied and certified by Comodo.

We submit to daily security scans that check our servers for vulnerabilities. If a security vulnerability is found, the scanning service will notify us immediately.

While we work hard to protect your personal information, data transmission over the Internet and data storage cannot be guaranteed to be absolutely secure, and we cannot warrant the security of the information you transmit. Transmitting personal information is done at your own risk.

Our services are operated in the United States. If you are located outside of the United States and you choose to use our services or provide information to us, you acknowledge and understand that your information will be transferred, processed and stored in the United States, as it is necessary to provide our services and perform the Terms of Service. While the United States privacy laws may not be as protective as those in your jurisdiction, we are committed to this Privacy Policy, which is far more restrictive than US legal requirements regarding privacy.

Generally, we retain your personal data for as long as your account is active or as needed to provide you services.

We may retain certain account data indefinitely unless you delete it or request its deletion. For example, we do not automatically delete inactive user accounts, so unless you choose to delete your data, we may retain your account information indefinitely. Doing so allows for the easy reactivation of your account.

Web server logs are retained for a minimum of 1 year.

Accessing personal data

You may access your personal data by signing into your account and viewing your account details.

Rectification of personal data

If you find your data is incomplete or incorrect, you may correct your information using the forms provided on our website.

Erasure of personal data

You can easily delete food, exercise, body, and personal notes data by logging into your account, clicking the "settings" icon, choosing "My Data," and then selecting the data you wish to remove. If you would like to remove contact and billing information, you will need to cancel your account and submit your request using our contact information provided in this document.

We are under a contractual obligation with Visa, Mastercard, Discover, and American Express to follow the requirements set forth in the Payment Card Industry Data Security Standard (PCI DSS). For example, we are required to store web server logs (including IP addresses) for a minimum of 1 year. As a result of this contractual obligation and our legitimate interest of safeguarding the data stored, some personal data cannot be removed at the time of your request.

Restricting the processing of personal data

You can modify or remove all non-essential data provided to us. Deleted data is permanently removed. Data essential to maintaining your account can be edited but not removed while your account is active.

Right to complain to a data protection authority

If you have contacted us about privacy concerns and we have been unable to resolve the issue to your satisfaction, you have the right to bring the complaint to the relevant data protection authority, which has the power to enforce privacy laws in your country.

Exportation of personal data

You may export your food, exercise, and weight data in comma-separated values (CSV) files, which can be viewed using a spreadsheet application (e.g., Microsoft Excel).

Withdrawing consent

You have the right to withdraw your consent to the processing of your information at any time. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.

Right to object to processing of personal data

You have the right to object to our handling of your personal data at any time. If you object to our use of your personal data for direct marketing purposes, such as an email newsletter, we will honor your request as quickly as reasonably possible. We will review all other objections on the grounds of each situation based on any legal requirements or legitimate interests we may hold processing the data.

We reserve the right to modify this privacy policy at any time. Please review it occasionally. If we make changes to this privacy policy, the updated policy will be posted in a timely manner and, if we make material changes, we will provide a prominent notice. If you object to any of the changes to this Privacy Policy, you should cancel your account and stop using our services.