Read the End User License Agreement here.
Last Updated: December 23, 2019
We may provide additional privacy notices to you at the time we collect your data. This type of an "in-time" notice will govern how we may process the information you provide at that time.
California residents may click here for Your California Privacy Rights
2. Sources of Information and Purposes of Use
3. How We May Use Your Personal Information
4. How We May Share Information about You with Others
5. Do Not Track Disclosures
6. Social Media and other Communications
7. Information for Individuals in the European Economic Area
8. Information for Residents of California: Your California Privacy Rights
We may obtain information about you in a variety of ways, including through your use of our Services, when you call, email or otherwise communicate with us (including through social media), or when you participate in events or other promotions.
Categories of personal information we collect, which may vary based on the Service being used:
|A. Identifiers.||A real name, alias, unique personal identifier, online identifier, IP address, email address, account or other similar identifiers.|
|B. Geolocation data.||Physical location or movements.|
|C. Sensory data.||Audio, electronic, visual, or similar information.|
|E. Inferences drawn from other personal information.||Profile reflecting a person's preferences, characteristics, and behavior.|
Please note that when using certain Services, you may choose to input or provide access to certain physical or health-related information about yourself. Such information will be stored locally on your device and accessed only as described in the "Information collected from you" subsection below.
Some of this information you provide to us and some we collect when you use our Services. We also may obtain information about you (including personal information) from our business partners, such as vendors, and others.
You may choose not to provide some or all of your personal information to us but doing so may prevent us from providing our Services to you or limit our ability to provide you with the level of service that you would otherwise expect from us.
The following are examples of the types of information we may collect directly from you:
- Name. We require your name to personalize your user experience.
- Telephone number. We require your phone number for the technical provision of our Services to you.
- Email address. We use your email address to communicate with you about the products and Services we offer, responding to requests, inquiries, comments, and suggestions and updating you with information about your account.
- Username and/or PIN. Certain of our Services use this information to facilitate your access to our website or mobile application and validate your login for your security.
- Photograph or photographs you may provide to the Services.
- Physical or health-related information: When using certain Services, you may choose to input or provide access to certain physical or health-related information about yourself.
• When using our Paloma app, you may choose to provide information about your menstruation cycle, and when using our Sleepzy app, you may provide access to your sleep patterns, exercise or health related information. This information will remain on your device and we will not use this data for any purpose other than to provide the Services in the app. Additionally, in our Sleepzy app, for example, we ask for your explicit permission to access your heart rate data, which is stored on your device through Apple "Health" app. If you permit Sleepzy to access this data, then this data will be displayed in the Sleepzy app to help you gain a better understanding of your sleep habits and sleep quality alongside your health metrics.
• Should you wish to sync data held in your Apple "Health" app with any of our Services (or vice versa), we will ask you for your permission to do this. In such case, this data will only be stored on your device and will not be transmitted to Apalon, and we will not transmit this data to external servers or any other third party. You can "unsync" our Services from your Apple "Health" app or vice versa at any time – however, please note that all previously synced data will remain. You can remove your data from your Apple "Health" app or from the Services manually at any time. For additional clarity, we will not use your health data for advertising, promotion, cross-selling or any similar service.
- Feedback. From time to time, we may request your opinions, suggestions, or modification and improvement ideas ("Feedback") through surveys, or other similar requests. Any responses you provide are voluntary, however you agree that any Feedback you provide shall be owned Apalon and may be used by Apalon in our sole discretion.
Information collected by automated means ("Automated Information")
- "Pixel tags" (also known as a "clear GIFs" or "web beacons") which are tiny images (in most cases, typically just one-pixel) that can be placed on a Web page or in our electronic communications to you in order to help us measure the effectiveness of our content by, for example, counting the number of individuals who visit us online or verifying whether you've opened one of our emails or seen one of our Web pages.
- "HTML5" (the language some websites, such as mobile websites, are coded in) may be used to store information on your computer or device about your website usage activities and to help determine how our Services are being used by our visitors, how the services can be improved and to customize our Services for our users.
Automated Information includes information such as:
- IP address
- Operating system used (for example: iOS)
- Internal resolution of the browser window
- Device type
- Country code
- Identifiers associated with technologies that may uniquely identify your device or browser (e.g., IMEI/UDID and MAC address)
- Dates and times of access
- Subscription information
This Automated Information is generally used for the following purposes:
- for the technical provision of our Services in order to be able to provide you with a functioning user-friendly experience
- to provide you with a secure experience and to take measures to protect our website and mobile applications from cyber risks
- to uncover insights about your use of our website and mobile applications in order to improve our Services and features, including developing new products and features
- to facilitate your access to our website or mobile application
- to customize our Services for you
- to help us better understand our current and potential customers so that we may market our Services accordingly
- events and usage data are captured for our internal business analytics in order to understand how our users interact with our mobile applications and use our services. For example, we may capture when a user visits a screen, taps a button, permits notifications, upgrades, or otherwise interacts with the app
- Monitoring and analyzing the effectiveness of our communications (including by identifying when emails sent to you have been received and read)
Information we collect when you use our #VPN app
Our #VPN app is intended to provide for secure and private internet browsing to be used in accordance with all applicable laws. In our #VPN app, we collect information from and about the device(s) you use to access our VPN app, including:
- From when you open the #VPN App:
• Our servers automatically record information about how a person uses the app, including, for example, app install source, IP address, app version, operating system, device model and device language.
• From time to time, we might show you subscription offers - but we will not display advertisements in our #VPN app.
• We will not access your precise device location data in our #VPN app.
- From when you turn on #VPN software:
• Your browsing activity (including your IP address) becomes encrypted, meaning it becomes invisible to ISPs, third party snoopers and even us.
• We have a strict no-logs policy when it comes to seeing user activity online. Your IP address is deleted after you disconnect from the VPN.
- If you contact our support team, we collect the information you give us when you report a problem, contact or communicate with us. In our VPN App, we do not connect this information to your internet browsing activities through our VPN.
Information collected from integrated services.
We may obtain information, including personal information from third parties and sources that we integrate into our Services either for the provision of our services or to facilitate your access to our Services such as described below.
In addition to the purposes described above, we may use the information we collect for a variety of purposes, such as the following:
- Performing Our Services
• Maintaining or servicing accounts, providing customer service, operation our website and mobile applications; processing or fulfilling orders and transactions, verifying user information, processing payments
• Communicating about the products and Services we offer, and responding to requests, inquiries, comments, and suggestions
- Internal Research
• Understanding and evaluating how our Services and features perform with our users
• Uncovering insights about usage in order to improve the Services and provide customers with enhanced features as well as inform our development of new features and products.
• Development of customized or personalized experiences of our Services, such as remembering your information so you do not have to re-enter it each time you use one of our Services
- Auditing Interactions with Consumers
• measuring usage of our websites and mobile applications
• measuring our advertising and marketing activity (e.g., measuring how a user was acquired)
• To provide you with a secure experience and to take measures to protect our website and mobile applications from cyber risks
• Protecting against, identifying, investigating, preventing, and responding to fraud, illegal activity (such as incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities, including by enforcing the terms and conditions that govern the Services we provide
• identification and repair of impairments to intended, existing functionality of our Services
• Understanding our customer in order to more effectively market our Services
- Quality and Safety Maintenance and Verification
• activities related to improving the quality of the Services we provide, including upgrade or enhancement of the Services
• verification or maintenance of the quality or safety of Services
• Tracking and responding to quality and safety matters
• Protecting our rights and property
- Complying with legal or regulatory requirements, judicial process, industry standards and our company policies
- Other purposes that may be described at the time you choose to provide personal information to us
To perform the above functions, we may match information collected from you through different means or at different times, including both personal information and Automated Information, and use such information along with information obtained from other sources. We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis and business planning – without restriction.
Apalon is part of the IAC Group family of businesses. We share your information with other parts of IAC for legitimate business purposes, including:
- to assist us in technical processing operations, such as data hosting and maintenance, finance, legal, HR and accounting assistance, securing our data and systems and fighting against spam, abuse, fraud, infringement and other wrongdoings; and
- for corporate audit, analysis and consolidated reporting as well as compliance with applicable laws.
Third Party Service Providers
We may share information about you with the following categories of third-party providers for a variety of business purposes:
- Customer Communications and Insights Platforms. We may share phone number, email, app usage and interactions with our third-party customer communications platform provider for the following business purposes: performing services that allow us to communicate with you and administer your account as well as track your usage for our internal analytics.
- Internal Business Insights Platforms. Our third-party internal business analytics platform provides us with the tools to help us understand app usage and interactions and uncover insights that allow us to improve our product and features. We may share or make available unique user identifiers, IDFA, deviceID, IP address and app usage and events (such as when you subscribed to our services) with these providers for the following business purposes: performing services that allow us to (i) monitor and understand usage in order to enhance existing Services or develop new products and features and (ii) better understand our customers in order to market our products more effectively.
- Measurement and Attribution. These service providers offer tools that allow us to measure and attribute the source of new subscription sign ups and that allow us to uncover insights about usage and app events. We may use unique user identifiers made available to us from these third-party providers to help us measure the effectiveness of our ads (e.g., where and how a user is acquired) and to uncover information about how our customers are using our apps in order to improve their quality and safety. We may also share and/or store unique user identifiers, deviceIDs, IDFA or IP addresses with these providers for the same purpose.
- Other technology providers necessary to provide our services (including cloud storage and web hosting providers). We may make certain Automated Information and/or aggregate or non-personally identifiable information available for various purposes including monitoring network traffic to detect malicious actors and to protect against malware, fraud or other unlawful uses or activity.
Legal, Regulatory, Compliance and Similar reasons.
In addition, we may disclose and/or share your information to comply with legal or regulatory requirements (including to comply with a court order, judicial subpoena or other subpoena or warrant), industry standards, judicial process, and our company policies, as well as to protect against, identify, investigate, prevent and respond to fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications), adverse event reporting, and claims and other liabilities.
We also reserve the right to disclose your information (i) when we believe in good faith that disclosure is appropriate or necessary to take precautions against liability, (ii) to protect our rights or property or the legal and property rights of others and (iii) investigate and defend third party claims or allegations against us.
Some web browsers may transmit "do-not-track" signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, our sites do not currently process or respond to "do-not-track" (DNT) settings in your web browser. If and when a final standard is established and accepted, we will reassess how to respond to these signals.
Certain third parties, such as ad networks, web analytics companies and social media and networking platforms, collect information about your online activities over time and across websites. These third parties may not change their tracking practices in response to DNT settings in your web browser and we do not obligate these parties to honor DNT settings. Information about how to opt out from your data being used by third parties can be found above under "Information collected by automated means."
If you choose to communicate with us or another user through social features available on our websites or mobile applications or through our social media pages, or other similar communication or messaging features or services, such information may be made publicly available. For security purposes, please do not include any password, social security number, payment card or other sensitive information via these features. We have the right, but not the obligation to monitor messages and communications between and among users for security and training purposes. We may, but are not obligated to, remove any content we deem inappropriate.
If you reside in the European Economic Area ("EEA"), then the company that is responsible for your personal information is IAC Search & Media Europe, Ltd.
Your Choices and Rights.
As a resident of the EEA, you may have some or all of the following rights in relation to how we use your personal information:
- Access: you may request access to your personal information and receive copies of it;
- Correction: you may have inaccurate/incomplete personal information corrected and updated;
- Object to, or Limit or Restrict, Use of Data: you can ask us to stop using all or some of your personal information or to limit our use of it;
- Deletion: in certain circumstances, you can request a right "to be forgotten" (this is a right to have your information deleted or our use of your data restricted). We will honor such requests unless we have to retain this information to comply with a legal obligation or unless we have an overriding interest to retain it;
- Portability: in certain circumstances, exercise the right to data portability (this is a right to obtain a transferable version of your personal information to transfer to another provider); and
- Consent Management: where we rely on consent to process your personal data, you may withdraw consent at any time. You do not have to provide a reason for your withdrawal where processing is based on consent.
If you are a resident of the EEA and you wish to access, change or delete personal information we hold about you, you may contact us here. If we change or delete your personal information or if you decline to actively share certain personal information with us, we may not be able to provide you with our Services or some of the features and functionality of our Services. Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on the rights and freedoms of another person. For example, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
For your protection, we may require proof of identity and verification before we can answer the above requests.
Legal basis for processing data
In this section, we identify the legal grounds on which we rely to process personal information.
In some cases, we have a legitimate interest to process the personal information that we collect, such as to develop, administer and support our products and services; to operate, evaluate and improve our business; to facilitate and manage engagement programs; to promote research; to support our recruitment activities; or to facilitate a Corporate Transaction (including a sale of assets or merger or acquisition).
In other cases, we process personal information to fulfill our contracts with business partners, such as third parties that distribute our products.
It may also be necessary for us to process personal information to establish, exercise or defend against fraud, illegal activity, and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide.
Our processing of certain information may be necessary to comply with our legal obligations, and for reasons of public interest, such as with respect to adverse event and product safety reporting.
We may also process personal information as specifically permitted by applicable legal requirements.
If we rely on consent for the processing of your personal information, we will seek such consent at the time we collect your personal information.
International data transfers
We may transfer your personal information to countries other than the country in which the data was originally collected for the purposes described in this Privacy Notice. For example, if you are located outside of the United States, we may transfer your personal information to the United States. The countries to which we transfer personal information may not have the same data protection laws as the country in which you initially provided the information. When we transfer personal information across borders, we consider a variety of requirements that may apply to such transfers.
Specifically, we may transfer personal information from the European Economic Area to:
- Countries that the European Commissions has deemed to adequately safeguard personal information,
- Pursuant to the recipient's compliance with standard contractual clauses (also known as Model Clauses), EU-US Privacy Shield, or Binding Corporate Rules,
- Pursuant to the consent of the individual to whom the personal information pertains, or
- As otherwise permitted by applicable EEA requirements.
Access to Information and Data Portability Rights
You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
- The categories of personal information we have collected about you.
- The categories of sources from which we collected your personal information.
- The business or commercial purposes for our collecting or selling your personal information.
- The categories of third parties to whom we have shared your personal information.
- The specific pieces of personal information we have collected about you.
- A list of the categories of personal information disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
- A list of the categories of personal information sold about you in the prior 12 months, or that no sale occurred. If we sold your personal information, we will explain:
• The categories of your personal information we have sold.
• The categories of third parties to which we sold personal information, by categories of personal information sold for each third party.
You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your personal information that we have collected in the period that is 12 months prior to the request date and are maintaining.
Data Deletion Rights
Except to the extent we have a basis for retention under CCPA, you may request that we delete your personal information that we have collected directly from you and are maintaining. Note also that we are not required to delete your personal information that we did not collect directly from you.
Exercising Your Rights
To make a request for access, portability or deletion according to your rights under CCPA, click here or mail your request for the attention of the Privacy / Legal Department to Apalon, LLC, 330 West 34th Street, 5th Floor, New York, NY 10001. California Consumers may exercise these rights via an authorized agent who meets the agency requirements of the CCPA. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. Any request you submit to us is subject to an identification and residency verification process ("Verifiable Consumer Request").
The Verifiable Consumer Request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Some personal information we maintain about Consumers is not sufficiently associated with enough personal information about the Consumer for us to be able to verify that it is a particular Consumer's personal information (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA, we do not include that personal information in response to Verifiable Consumer Requests. If we cannot comply with a request, we will explain the reasons in our response.
We will make commercially reasonable efforts to identify Consumer personal information that we collect, process, store, disclose, and otherwise use and to respond to your California Consumer privacy rights requests. We will typically not charge a fee to fully respond to your requests, but we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome.
We do not "sell" personal information that we collect from you, in accordance with the definition of "sell" in the CCPA and will treat personal information we collect from you as subject to a do not sell request. There is not yet a consensus as to whether third party cookies and tracking devices associated with our websites and mobile apps may constitute a "sale" of your PI as defined by the CCPA. See the "Online Privacy Choices and Rights" section to learn how you can exercise your rights regarding interest-based advertising.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale and retention and use of your personal information as permitted by the CCPA that can, without limitation, result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in its program terms. We may add or change incentive programs and/or their terms by posting notice on the program descriptions and terms linked to above so check them regularly.
California's "Shine the Light" law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses' practices related to disclosing personal information to third parties for the third parties' direct marketing purposes. Alternately, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties' direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. As discussed above, if we share Personal Information with third parties for their marketing purposes you will be able to elect for us not to do so by submitting your request here (please include your name, mailing address, and email address).
Access, Edit and Delete Your Information.
Mobile platforms have permission systems for specific types of device data and notifications, such as camera and microphone as well as push notifications. Where applicable, you can change your settings on your device to either consent or oppose the collection of the corresponding information or the display of the corresponding notifications. Of course, if you do that, certain services may lose full functionality.
You can stop all information collection by the app by disabling call forwarding and deactivating your account by following the instructions on the Service's Settings screen and then uninstalling the app using the standard uninstall process for your device. If you uninstall the app from your mobile device, the unique identifier associated with your device will continue to be stored. If you re-install the application on the same mobile device, we will be able to re-associate this identifier to your previous transactions and activities.
If you choose to opt-in, some of our apps may collect your device's precise real-time location, and in such cases, you may be able to opt out from further allowing us to have access to such location data by managing your location preferences in the app and/or on your device.
Notice to Nevada users
Under Nevada law, Nevada residents may opt out of the "sale" of certain "covered information" (as defined under Nevada law) collected by operators of websites or online services. We currently do not sell covered information, as "sale" is defined by Nevada law, and we do not have plans to sell this information. However, if you would like to be notified if we decide in the future to sell personal information covered by the Act, please contact us here. You are responsible for updating any change in your email address by the same method and we are not obligated to cross-reference other emails you may have otherwise provided us for other purposes. We will maintain this information and contact you if our practices change.
You may choose whether to receive some Interest-based Advertising by submitting opt-outs. Some of the advertisers and Service Providers that perform advertising-related services for us and third parties may participate in the Digital Advertising Alliance's ("DAA") Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising, including use of Cross-device Data for serving ads, visit http://www.aboutads.info/choices/, and http://www.aboutads.info/appchoices for information on the DAA's opt-out program specifically for mobile apps (including use of precise location for third party ads). Some of these companies may also be members of the Network Advertising Initiative ("NAI"). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain Interest-based Advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective.
We use various efforts intended to safeguard the security and integrity of personal information collected through our Services. Despite these measures, however, we cannot and do not guarantee that information will be absolutely safe from interception or intrusion during transmission or while stored on our system, or otherwise, and you provide information to us at your own risk.
If you correspond with us by email, text message or using Web forms like a "contact us" feature available through our Services, you should be aware that your transmission might not be secure from access by unauthorized parties. We have no liability for disclosure of your information due to errors or unauthorized acts of third parties during or after transmission. If you create an account as part of using our Services, you are responsible for maintaining the confidentiality of your account password and for any activity that occurs under your account. Please notify us of any unauthorized use of your password or account.
If we believe that the security of your personal information in our care may have been compromised, we may seek to notify you. If we have your email address, we may notify you by email to the most recent email address you have provided us in your account profile. Please keep your email address in your account up to date. You can change that email address anytime in your account profile. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your email account using your computer or mobile device and email application software. We may also post a conspicuous notice on our site or notify you through the mobile application. You consent to our use of email, text message and/or notification through the app as a means of such notification. If you prefer for us to use the postal service to notify you in this situation, please let us know by submitting your request here. You can make this election any time, and it will apply to notifications we make after a reasonable time thereafter for us to process your request. You may also use this email address to request a print copy, at no charge, of an electronic notice we have sent to you regarding a compromise of your personal information.
For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by us. The websites and third-party content to which we link may have separate privacy notices or policies. We are not responsible for the privacy practices of any entity that it does not own or control. We encourage you to review the privacy policies of such third parties before providing them with any personal information.
We do not knowingly collect information from children under the age of 16 years old (or older if required in an applicable jurisdiction to comply with applicable laws). If you are not over 16 years old (or older if required in an applicable jurisdiction to comply with applicable laws) then DO NOT DOWNLOAD OR USE THE SERVICES. If you believe that we may have personal information from or about a child under the age of 16 years old, please contact us here. Note that we'll attempt to delete the account of any child under the age of 16 that's reported to us as soon as possible. You are responsible for any and all account activity conducted by a minor on your account.
For our European users, our Data Protection Officer is responsible for ensuring your rights are respected and to review and oversee how we collect and use your personal information. They can be reached here.
If you are a resident of California, please contact us here.
Our support team can be contacted [email protected].
Apalon , LLC
330 West 34th Street, 5th Floor
New York, NY 10001
Attention: Privacy Officer/Legal Dept.
Without prejudice to any other rights you may have, if you are located in the EEA, you also have the right to file a complaint against IAC SAM EU (the controller of your information) with the Irish Data Protection Commissioner ("DPC"), which is IAC SAM EU's Lead Supervisory Authority. The DPC's contact details are:
Office of the Data Protection Commissioner
Canal House, Station Road
Portarlington, Co. Laois, R32 AP23,
Phone: +353 (0761) 104 800
LoCall: 1890 25 22 31
Fax: +353 57 868 4757
Email: [email protected]
If you live in the EEA, you may also file a complaint with your local data protection regulator.