Terra End User Privacy Policy
Effective Date: 20th April 2023
OverviewAt Terra, the privacy and safety of your health data are paramount. One of our core principles is transparency and through this End User Privacy Policy (“Policy”), we seek to clearly explain how Terra collects, uses, shares, and processes your data. When you (”the end user”) use Terra to connect your wearables and other health devices (collectively “wearables”) to applications (”apps”), these apps are built by our customers (”developers”) and driven by Terra's platform. By using Terra, our customers can easily integrate your wearable data into their apps.This Policy applies to Terra Enabling Developers Inc. and its affiliates and subsidiaries, including Terra Enabling Developers Ltd. (collectively, “Terra,” “we,” “our,” and “us”). It does not include how developers of connected apps (”apps you have connected wearables to using Terra”) use, share, or process your data. We recommend reviewing the privacy policies and terms of service of connected apps; doing so will help you understand how your data is ultimately used, stored, and protected. This Policy does not include data we collect when you visit our website or interact with Terra outside of using our product or services. For more detail, see the legal section of our website at https://tryterra.co/legal. Finally, please read this Policy carefully; it's important that you understand how we handle your data and your privacy rights.Data CollectionThis section of the Policy describes how we process information about you. We have categorised the sources of your personal information as follows:The following will describe, for each category listed above, the data types that Terra may collect about you, including examples.Data you provide usThis refers to information that you provide us with directly when using our services. We may collect the following data types from you directly:Login data that you supply when logging in to your wearable account through our widget. For example, your username, email address, password, or security token;Authentication data that are required to help verify your identity and connected accounts, such as your phone number.When you provide this information to connect apps to your wearables using Terra, you also give us permission and authority to access and transfer your data to and from the relevant wearable or health data provider that holds your wearable or health data account (“wearable partners”).Data from our wearable and health data partnersThis refers to information collected from wearable and health data partners when you connect your wearable or health data account using Terra. Using this data source, we may collect the following data types:Identifiers that identify you, such as your name, sex, email address, phone number, date of birth, and address information;Authentication data that are required to help verify your identity and connected accounts, such as an access token;Account Data about your account with a wearable or health data provider, such as the name of your wearable account provider and wearable account user ID;Health Device Data about a wearable or health device you connect to an app using Terra, such as brand, model, serial number, firmware version, and software version;Activity Data about your physical activity and workouts, such as activity duration, calories burned, distance travelled, energy burned, strain, and heart rate;Body Data about your body composition, such as blood pressure, blood glucose, height, weight, body fat, and oxygen saturation;Menstruation Data about your menstrual cycle if applicable to you, such as period length, current day in cycle, cycle length, and current phase;Nutrition Data about your diet and food consumption. These data may include calories consumed; macros like carbohydrate, fat, and protein consumed; micros like iron, magnesium, and potassium consumed; and meal types;Sleep Data collected while you are asleep, resting, and in bed, such as sleep start time, sleep end time, heart rate, heart rate variability, body temperature variation, and respiratory rate;Location Data are data that explicitly reveal your location or can be used to determine your location, such as time zone setting and location and device GPS coordinates. We will never collect your IP address;Data from electronic devicesThis refers to information collected from the electronic devices you use to connect your wearables to the apps you are using.Identifiers that identify you, such as your name, sex, email address, phone number, date of birth, and address information;Account Data about your account with a wearable or health data provider, such as the name of your wearable account provider and wearable account user ID;Health Device Data about a wearable or health device you connect to an app using Terra, such as brand, model, serial number, firmware version, and software version;Activity Data about your physical activity and workouts, such as activity duration, calories burned, distance travelled, energy burned, strain, and heart rate;Body Data about your body composition, such as blood pressure, blood glucose, height, weight, body fat, and oxygen saturation;Menstruation Data about your menstrual cycle if applicable to you, such as period length, current day in cycle, cycle length, and current phase;Nutrition Data about your diet and food consumption. These data may include calories consumed; macros like carbohydrate, fat, and protein consumed; micros like iron, magnesium, and potassium consumed; and meal types;Sleep Data collected while you are asleep, resting, and in bed, such as sleep start time, sleep end time, heart rate, heart rate variability, body temperature variation, and respiratory rate;Location Data are data that explicitly reveal your location or can be used to determine your location, such as time zone setting and location and device GPS coordinates. We will never collect your IP address;Other Device Data are other miscellaneous data, such as device name, hardware model, operating system, MAC address, and other technical data about your device.Data from developersThis refers to data collected directly from the developer(s) of the app you have connected to. The only data type we collect from this source is:Identifiers Identifiers that identify you, such as your unique user ID assigned by the developer(s) of the app(s) you have connected to.Authentication data that are required to help verify your identity and connected accounts, such as an access token;Account Data about your account with a wearable or health data provider, such as the name of your wearable account provider and wearable account user ID;Health Device Data about a wearable or health device you connect to an app using Terra, such as brand, model, serial number, firmware version, and software version;Activity Data about your physical activity and workouts, such as activity duration, calories burned, distance travelled, energy burned, strain, and heart rate;Body Data about your body composition, such as blood pressure, blood glucose, height, weight, body fat, and oxygen saturation;Menstruation Data about your menstrual cycle if applicable to you, such as period length, current day in cycle, cycle length, and current phase;Nutrition Data about your diet and food consumption. These data may include calories consumed; macros like carbohydrate, fat, and protein consumed; micros like iron, magnesium, and potassium consumed; and meal types;Sleep Data collected while you are asleep, resting, and in bed, such as sleep start time, sleep end time, heart rate, heart rate variability, body temperature variation, and respiratory rate;Location Data are data that explicitly reveal your location or can be used to determine your location, such as time zone setting and location and device GPS coordinates. We will never collect your IP address;Information we deriveThis refers to data we derive from the data we collect about you; in other words, using existing information about you to create additional, related information about you. Examples of derived data may include fitness age, disease risk, weight, and mental well-being.Data UsageThis section explains how we use your data once we have collected it. Our primary goal is to unify the world’s fragmented wearable data, and your data plays a crucial role in achieving that objective. We handle your information responsibly and are committed to helping you understand how we use it. The following describes and categorises how we use the data we have collected:Deliver Services: to manage, supply, and uphold our service offerings;Service Enhancement: to refine, strengthen, and extend our service offerings;Aid Assistance: to offer assistance to you or developers. This includes helping to resolve queries related to Terra's services or developers' applications;Product Development: to create new products and services;Generate insights: by analysing the data we've collected, we generate insights. These insights assist connected app developers in offering improved services or enhancing user experiences;Create visualisations: with the data we've collected, we create charts and visualisations for our developers to enhance user experiences;Investigating Misuse and Misbehaviour: we may examine any improper use of our services or developers' applications, including policy violations, illicit activities, or unauthorised service access;Consent-Based Usage: only with your explicit approval, we may use your information for other specified purposes or as directed by you.Real-Time Streaming FunctionalityTerra’s service offers real-time streaming functionality, which allows your wearable and health data to be transmitted to connected apps instantly upon generation. This feature enables apps to provide you with up-to-date and dynamic insights, and it allows apps to offer highly personalised user experiences based on your current data. When you use our services and grant permission for an app to access your data, please be aware that your information, potentially including all applicable data types mentioned in the ‘Data Collection’ section of this Policy except location data may be streamed in real-time to connected apps.For more details about data usage, please see the table at the end of this Policy that visualises how we may use data types.Data SharingThis section of the Policy outlines the categories of third parties with whom we may share your information to give you a clear understanding of how your data may be disclosed to others. We may share you data with:Developer(s) of the app(s) you use, and as directed by the developer(s). These developers are our customers; they use Terra to easily integrate many wearables into the apps they built and that you use;Wearable or health data providers that you have connected to apps using Terra; Contractors that perform services for Terra or Terra’s employees;Communication platform providers which facilitate communication and data transfer between Terra's employees and between Terra and our customers. These platforms may act as intermediaries in the data-sharing process, even if they cannot access the content of the messages directly;Service providers that help Terra analyse data for Terra's business purposes. These platforms may help us track our customers’ engagement and behaviour, identify trends in data, and visualise data;Cloud storage services providers that offer remote data storage solutions over the internet that allow us to store, manage, and/or access collected data in a secure and scalable environment;Software development services providers that assist with software maintenance, software testing, quality assurance, and application support, among other things;Terra group entities and/or subsidiaries that are wholly owned by Terra Enabling Developers, Inc., such as Terra Enabling Developers Ltd., our UK-based subsidiary;Third parties to comply with relevant laws or to respond to subpoenas or warrants served on Terra; to protect or defend the rights or property of Terra or users of the Services; to investigate or assist in preventing any violation or potential violation of the law, this End User Privacy Policy, or our Terms of Service. For example, law enforcement or other governmental authorities.Corporate RestructuringWe may share some or all of your data in connection with or during the negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of insolvency, bankruptcy, or receivership, data may also be transferred as a business asset. If another company acquires Terra, our business, or assets, that company will possess the data collected by us and will assume the rights and obligations regarding your data described in this End User Privacy Policy.Our Retention and Deletion PracticesThis section covers our retention and deletion practices, which are designed to reduce data retention periods to the minimum required time to deliver our services to our customers successfully.To offer our services, it’s necessary for us to retain your data for a short period. Usually, your data is retained for two days after the point of collection and then automatically deleted. Two days is the minimum retention period required for us to serve daily data to all time zones. However, in rare cases, your data may be retained for up to 6 months, as some of our wearable partners require us to store data to offer our services. None of your data will be stored in our databases for longer than six months from the point of collection. We do not review the data we hold periodically to ensure it is still needed to fulfil the purpose for which it was collected. This is because we only retain data for the minimum required period, and it’s not in our best interests to store data longer than necessary. If an app you have connected your wearable(s) to using Terra ceases to be a customer of Terra, your data will normally be deleted after two days. But, in this scenario, it’s possible we may retain your data for up to six months from the point of collection.If the connection between your wearable(s) and the app you use is terminated by the app’s developers, through your instruction or not, all your data stored by us will usually be immediately deleted. Exceptions to this normality include but are not limited to:Protection of DataTerra is committed to protecting the security of your data. We use a variety of security technologies and procedures to help protect your data from unauthorised access, use, or disclosure. We do not use or store your data in non-production systems or environments. This means your data is not used or stored using technology not meant for live use of our services, such as systems or environments used for testing, staging, and development. No method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore, while Terra uses reasonable efforts to protect your data, we cannot guarantee its absolute security.International Data TransfersPlease note that our data processing takes place mainly in the United Kingdom. As such, our Services are governed by the laws of the United Kingdom. If you use our Services, your data will be subject to United Kingdom law and processed in the United Kingdom or in other countries. To operate our services, we may transmit your data internationally. We take steps to ensure the safety of your data should it be transferred internationally. We employ HTTPS encryption when transmitting your data between servers, regardless of their location. This ensures your data remains secure and protected from theft, tampering, or other threats during transit.Notice to European End UsersThe information provided in this “Notice to European Users” section applies only to individuals in Europe.Personal informationReferences to “personal information” in this End User Privacy Policy are equivalent to “personal data” governed by European data protection legislation.Role as ProcessorTerra generally processes your personal information on behalf of controllers, and hence Terra is the processor of your personal information. To the extent that we collect your data directly and determine the purposes and means of the processing of your data, Terra is the controller.We have appointed a Data Protection Officer, whose contact information is: Kyriakos Eleftheriou, CEO at Terra ([email protected])Legal bases for processingWe use your personal information only as permitted by law. Our legal bases for processing the personal information described in this End User Privacy Policy are described in the table below.Use for new purposes. We may use your personal information for reasons not described in this End User Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.Sensitive personal information. If you provide us with any sensitive personal information when you use the Services, you must consent to our processing and use of such sensitive personal information in accordance with this End User Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through the Services.Automated Decision-Making and Profiling. We do not use automated decision-making and/or profiling in regard to your personal information in connection with the Services.Data Protection RightsThe following ensures that you are aware of your rights and how you can exercise them. Understanding your data protection rights enables you to make informed decisions about how your personal information is used and managed. We will honour the following rights, subject to limitations of the law. You may:If you wish to exercise any of the above rights, you should contact the developer of the app that you are using; they are the controller of your data.ChildrenOur Services are not intended for children under 13 years of age, and you must be at least 18 years old to have our permission to use our Services. We do not knowingly collect, use, or disclose personally identifiable information from children under 13. If you believe that we have collected, used, or disclosed personally identifiable information of a child under the age of 13, please contact us using the contact information below so that we can take appropriate action.Additional InformationThis policy may change from time to time. If we update it, we will notify you on our website at https://tryterra.co/legalIf you have any questions or complaints about this Policy or other privacy-related topics, you can contact us at [email protected]
•
Data you provide us;
•
Data from our wearable and health data partners;
•
Data from the electronic device you use to connect;
•
Data from the developer of the app you have connected to;
•
Information we derive from the data we collect about you.
•
There is a functioning connection established by Terra between your wearable(s) and another app;
•
The law compels Terra to keep your data;
•
Separately from the acceptance of this policy, you grant us permission to retain your data for longer than six months;
•
We need your data to aid our anti-fraud efforts or investigations into misuse and misconduct.
Processing Purpose
Legal Basis
Delivering Services
Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Services you access and request.
Product Development
Service Enhancement
Aid Assistance
Create Visualisations
Generate Insights
For compliance, fraud prevention and safety
Service Enhancement
Aid Assistance
Create Visualisations
Generate Insights
For compliance, fraud prevention and safety
These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise permitted to by law).
To comply with law
Processing is necessary to comply with our legal obligations.
With your consent
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it at any time in the manner indicated when you consent or in the Services.
•
Withdraw the consent you previously provided us with to process your data;
•
Request the update or correction of inaccuracies in your data;
•
Access data collected about you;
•
Request the restriction of processing of your personal data;
•
Object to our reliance on legitimate interest as a legal basis for processing your data that impacts your rights;
•
Request that we erase or limit the processing of your data;
•
Request further details of the data types we have collected about you in the last six months;
•
Request that a machine-readable copy of your data be sent to a third party of your choice
•
Request further details about the third parties your data has been shared with.
Annex A: Data Handling Table
© Terra API. 2023 — All rights reserved.
