MDAAT ECO WELLNESS

1. Introduction

Welcome to SweatPoint. We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the SweatPoint mobile application ("Application").

By using the SweatPoint Application, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Application.

2. Information We Collect

2.1 Personal Information

We collect the following information when you register and use the Application:

• Account Information:
  • Full name
  • Email address
  • Password (encrypted)
  • Phone number (optional)
  • Date of birth
  • Gender
• Profile Information:
  • Profile picture
  • Weight
  • Height
  • Fitness goals
  • Activity level

2.2 Health and Fitness Data

• Exercise Data:
  • Exercise type
  • Exercise duration
  • Calories burned
  • Heart rate
  • Distance (for running/walking activities)
  • Date and time of activity
• Nutrition Data:
  • Logged food items
  • Nutrient information (calories, protein, carbohydrates, fat)
  • Food photos (if uploaded)
  • Meal timing
• Class Data:
  • Registered classes
  • Class attendance
  • Class ratings and reviews

2.3 Application Usage Data

• Technical Data:
  • Device type and model
  • Operating system and version
  • Unique device identifier
  • IP address
  • Application activity logs
  • Diagnostic and performance data
• Location Data:
  • GPS location (only when using outdoor exercise tracking features)
  • IP-based location

2.4 Sweatpoints Data

• Sweatpoints earned
• Points transaction history
• Redeemed items
• In-store purchase history

2.5 Communication Data

• Customer support messages
• Feedback and reviews
• Survey responses

3. How We Use Your Information

3.1 Primary Purposes

We use your information to:

• Provide Services:
  • Create and manage your account
  • Track your fitness and nutrition activities
  • Calculate and display health statistics
  • Manage the Sweatpoints system and rewards
  • Enable class registration and participation
• Personalization:
  • Customize the application experience according to your goals
  • Provide exercise and nutrition recommendations
  • Display relevant content
• Communication:
  • Send notifications about account activity
  • Notify about upcoming classes
  • Send Sweatpoints updates
  • Respond to customer support inquiries

3.2 Secondary Purposes

• Service Improvement:
  • Analyze application usage patterns
  • Identify and fix bugs
  • Develop new features
  • Improve application performance
• Security:
  • Detect and prevent fraud
  • Protect against misuse
  • Enforce Terms and Conditions
• Legal Compliance:
  • Comply with legal obligations
  • Protect user rights and safety

4. Information Sharing

4.1 We DO NOT Sell Your Data

We will not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Limited Sharing

We may share your information in the following circumstances:

• Service Providers:
  • Server hosting and cloud storage (Digital Ocean)
  • Analytics services
  • Payment processors (for in-app purchases)
  • Email and notification services
• Business Partners:
  • Fitness centers and gyms (for class attendance verification)
  • Reward providers (for Sweatpoints redemption)
• Legal Requirements:
  • When required by law
  • To protect our rights and safety or that of others
  • In cases of fraud or security investigations

4.3 Aggregated and Anonymous Data

We may share aggregated statistical data that does not personally identify you for:

• Health and fitness research
• Industry reports
• Marketing purposes

5. Data Storage and Security

5.1 Storage Location

• Your data is stored on secure servers hosted by Digital Ocean
• Servers are located in data centers that comply with international security standards
• Data backups are performed regularly

5.2 Security Measures

We implement technical and organizational security measures to protect your data:

• Encryption:
  • Passwords are encrypted using bcrypt algorithm
  • Data is transmitted via secure HTTPS connections
  • Sensitive data is encrypted at rest
• Access Controls:
  • Data access is limited to authorized personnel only
  • Two-factor authentication for administrator access
  • Audit logs for all data access
• Infrastructure Security:
  • Firewalls and intrusion detection systems
  • Regular security updates
  • Periodic penetration testing

5.3 Retention Period

• Active Account Data: Stored as long as your account is active
• Inactive Account Data: Deleted after 2 years of inactivity
• Backup Data: Stored for up to 90 days
• System Logs: Stored for up to 12 months

6. Your Rights

6.1 Access and Correction

You have the right to:

• Access personal information we hold about you
• Correct inaccurate or incomplete information
• Update your profile information at any time

6.2 Data Deletion

You can request deletion of your data by:

• Using the "Delete Account" function in application settings
• Contacting our customer support

After deletion:

• Your personal data will be deleted within 30 days
• Certain data may be retained for legal compliance
• Anonymous aggregated data may remain for analysis

6.3 Data Portability

You can request a copy of your data in machine-readable format (JSON/CSV).

6.4 Withdrawal of Consent

You can withdraw your consent at any time by:

• Disabling specific permissions in device settings
• Disabling notifications in application settings
• Deleting your account

6.5 Objection and Restriction

You have the right to:

• Object to processing of your data for specific purposes
• Request restriction of processing in certain circumstances

7. Children's Privacy

SweatPoint is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

If you believe we have collected information from a child under 13, please contact us immediately and we will delete such information.

For users aged 13-17, parental or guardian consent is required.

8. Cookies and Tracking Technologies

8.1 Types of Technologies Used

• Session Cookies: To maintain your login session
• Preference Cookies: To remember your settings
• Analytics Cookies: To understand application usage
• Device Identifiers: For security and fraud prevention

8.2 Your Control

You can control cookie usage through:

• Your browser settings (for web version)
• Your device settings (for mobile application)
• Privacy settings within the application

9. Third-Party Links

The Application may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

10. International Data Transfers

Your data may be transferred and processed in countries other than your country of residence. We ensure such transfers comply with applicable data protection laws.

11. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through:

• In-app notifications
• Email to your registered address
• Announcements on our website

Continued use of the Application after changes means you accept the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding privacy, please contact us:

• Email: privacy@sweatpoint.com
• Address: [Your Company Address]
• Phone: [Support Phone Number]

Data Protection Officer:
Email: dpo@sweatpoint.com

13. Legal Compliance

This Privacy Policy complies with:

• Personal Data Protection Act 2010 (Malaysia)
• General Data Protection Regulation (GDPR) - for EU users
• California Consumer Privacy Act (CCPA) - for California users

14. Region-Specific Rights

14.1 For EU Users (GDPR)

You have additional rights:

• Right to be forgotten
• Right to data portability
• Right to object to automated processing
• Right to file a complaint with supervisory authority

14.2 For California Users (CCPA)

You have the right to:

• Know the categories of personal information collected
• Know whether personal information is sold or disclosed
• Opt-out of the sale of personal information
• Not be discriminated against for exercising CCPA rights