Privacy Policy

Privacy Policy

Last Updated: December 29, 2024

Introduction

Triny LLC (“we,” “us,” or “our”) is dedicated to safeguarding your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you engage with our services. Our services include:

• Using our mobile application, Triny Fitness.
• Interacting with us through related activities, such as customer support, sales, marketing, or events.

By accessing or using our services, you agree to the terms outlined in this Privacy Policy. If you have any concerns or questions, feel free to contact us at privacy@triny.app or  support@triny.app. 

1. Personal Data We Collect

At Triny, we are committed to protecting your personal data. We collect information to provide, improve, and secure our services. This section explains the types of personal data we collect when you use the Triny app or visit our website.

A. Information You Provide Directly

• Account Information:
  • Details Collected: Full name, email address, password, phone number (optional), and date of birth.
  • Purpose: To create and manage your account, authenticate your identity, and personalize your experience.
• Profile Information:
  • Details Collected: Profile photo (optional), gender, fitness goals, and preferences.
  • Purpose: To personalize workout recommendations and enhance your community interactions within the app.
• Payment and Subscription Information:
  • Details Collected: Payment method (credit/debit card details), billing address, transaction history, subscription status.
  • Purpose: To process payments, manage subscriptions, and provide purchase-related support.
  • Note: Payment processing is handled securely through third-party providers (e.g., Google Play Billing, Apple In-App Purchases). We do not store sensitive payment data on our servers.
• Health and Fitness Data (Optional):
  • Details Collected: Weight, height, body mass index (BMI), heart rate, activity level, workout history, calories burned, steps taken, and menstrual cycle data (if tracked).
  • Purpose: To generate personalized workout plans, track your fitness progress, and provide health insights.
  • Source: This data may be entered manually by you or synced from third-party services like Apple HealthKit or Google Fit, with your explicit consent.

• Communication Data:

  • Details Collected: Messages you send to our support team, feedback, surveys, and responses to in-app prompts.
  • Purpose: To respond to inquiries, improve customer service, and enhance the app’s features based on your feedback.

• AI Chatbot Interactions:

  • Details Collected: Conversations and questions you submit to the AI-powered fitness assistant within the app.
  • Purpose: To improve the chatbot’s recommendations and provide personalized fitness advice.

B. Information Collected Automatically

When you use the Triny app or website, we automatically collect certain data to improve performance, security, and user experience:

• Device and Technical Information:

  • Details Collected: Device type, operating system, browser type, IP address, language preferences, device identifiers (e.g., IDFA for iOS, GAID for Android).
  • Purpose: To ensure app compatibility, optimize performance, detect errors, and enhance security.

• Usage Data:

  • Details Collected: Features used, pages visited, time spent on the app, date and time of access, clicks, scrolls, and interactions with content.
  • Purpose: To analyze user engagement, improve app functionality, and deliver personalized content.

• Location Information (Optional):

  • Details Collected: Approximate geolocation based on your IP address or precise GPS data (only if you grant permission).
  • Purpose: To offer location-based features, such as finding nearby fitness events or classes.
  • Note: You can control location access through your device settings at any time.

• Cookies and Tracking Technologies:

  • Details Collected: Cookies, web beacons, pixels, and similar technologies used on our website and app.
  • Purpose: To remember user preferences, track usage trends, and measure the effectiveness of marketing campaigns.

C. Information from Third Parties

We may receive information about you from third-party sources when you link, connect, or log in through external services:

• Social Media Integrations:

  • Details Collected: Public profile information (e.g., name, profile picture, email) when logging in via Google, Facebook, or Apple ID.
  • Purpose: To simplify the sign-in process and personalize your app experience.

• Health and Fitness Apps:

  • Details Collected: Fitness activity, workout data, heart rate, and health-related metrics from Apple Health, Google Fit, or similar apps, with your consent.
  • Purpose: To provide accurate fitness tracking and personalized health recommendations.

• Marketing Partners and Analytics Providers:

  • Details Collected: Referral data, device information, and campaign performance metrics.
  • Purpose: To measure the effectiveness of our marketing efforts and improve user acquisition strategies.

D. Special Categories of Personal Data

In some jurisdictions, health-related data is classified as sensitive personal data. We collect and process this data only with your explicit consent and solely for the purposes described above. You can revoke your consent at any time through the app settings.

E. Children’s Data

Our Services are not intended for children under the age of 13. We do not knowingly collect personal data from minors without parental consent. If you believe we’ve collected data from a child without proper consent, please contact us at support@triny.app, and we will promptly delete the information.

How to Manage Your Data

You can access, update, or delete your personal data at any time by:

• Adjusting your account settings within the app.
• Contacting our support team at support@triny.app.

2. How We Use Your Personal Data

At Triny, we are committed to using your personal data responsibly and transparently. We collect and process your information to provide a seamless, personalized fitness experience while ensuring data security and compliance with applicable privacy laws.

A. To Provide and Manage Our Services

• Account Creation and Management:

  • Purpose: To register your account, verify your identity, and maintain your profile.
  • Data Used: Name, email address, password, and account preferences.

• Personalized Fitness Plans:

  • Purpose: To generate customized workout routines, fitness recommendations, and progress tracking tailored to your goals.
  • Data Used: Health data (e.g., weight, height, activity level), fitness goals, and preferences.

• Subscription and Payment Processing:

  • Purpose: To manage your subscriptions, process payments, and deliver receipts.
  • Data Used: Payment details (processed securely via third-party providers), transaction history.

• Customer Support:

  • Purpose: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Data Used: Communication history, support requests, and contact details.

B. To Improve and Optimize Our Services

• Performance Monitoring:

  • Purpose: To analyze app performance, detect bugs, and ensure a smooth user experience.
  • Data Used: Device information, crash logs, and usage data.

• User Behavior Analysis:

  • Purpose: To understand how you interact with our app and identify areas for improvement.
  • Data Used: Click patterns, time spent on features, and in-app interactions.

• AI-Powered Enhancements:

  • Purpose: To improve the performance of our AI chatbot for fitness recommendations and provide more accurate responses over time.
  • Data Used: Chatbot interaction history and user feedback.

C. To Communicate with You

• Service-Related Communications:

  • Purpose: To send important updates, security alerts, and administrative messages.
  • Data Used: Email address, device notifications.
  • Note: These communications are necessary and cannot be opted out of without deactivating your account.

• Marketing and Promotional Messages:

  • Purpose: To inform you about new features, special offers, and promotions (only with your consent).
  • Data Used: Contact details, usage behavior, marketing preferences.
  • Opt-Out: You can unsubscribe from marketing emails at any time via the link provided in the email or through app settings.

• Feedback and Surveys:

  • Purpose: To collect your input to improve our products and services.
  • Data Used: Survey responses, feedback forms, email communication.

D. To Ensure Security and Prevent Fraud

• Fraud Prevention:

  • Purpose: To detect and prevent fraudulent activities, security breaches, or unauthorized access.
  • Data Used: IP addresses, device IDs, transaction history, and security logs.

• Account Security:

  • Purpose: To secure user accounts through multi-factor authentication and other protective measures.
  • Data Used: Login credentials, device authentication tokens, and security settings.

E. To Comply with Legal Obligations

• Regulatory Compliance:

  • Purpose: To fulfill legal requirements, respond to lawful requests, and comply with tax, anti-fraud, and data protection regulations.
  • Data Used: Transaction records, user identification information, legal correspondence.

• Law Enforcement Requests:

  • Purpose: To cooperate with law enforcement when required by law.
  • Data Used: Specific data requested under applicable laws or court orders.

F. To Enable Social Features and Third-Party Integrations

• Social Sharing:

  • Purpose: To allow you to share your fitness achievements with friends on social media platforms.
  • Data Used: Profile data, workout achievements (shared only with your consent).

• Third-Party Integrations:

  • Purpose: To sync data with third-party health apps like Apple Health or Google Health Connect, enhancing your fitness tracking experience.
  • Data Used: Health and activity data (collected only with your explicit consent).

G. For Research and Development

• Product Development:
  • Purpose: To analyze anonymized or aggregated data to improve Triny’s features, develop new functionalities, and conduct fitness-related research.
  • Data Used: De-identified fitness data, app usage statistics, feedback trends.

H. Legal Basis for Processing (for EU/EEA Users)

If you are located in the EU/EEA, UK, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR):

• Performance of a Contract: Processing necessary to provide our Services.
• Legitimate Interests: For improving our app, preventing fraud, and ensuring security.
• Consent: For marketing communications, health data processing, and third-party integrations.
• Legal Obligations: When required to comply with legal or regulatory obligations.

I. How to Opt-Out of Data Sharing

If you do not want your personal data shared with third parties for marketing or analytics purposes:

• Contact Us Directly:

  • Email your request to support@triny.app with the subject line: “Opt-Out of Data Sharing”.
  • Include your name and email associated with your Triny account for verification.

J. How to Opt-Out of Targeted Advertising

You can opt out of personalized ads (also known as interest-based advertising) through your device settings:

• For Android Devices:

  • Go to Settings > Privacy > Ads.
  • Enable “Opt-Out of Ads Personalization”.

• For iOS Devices:

  • Go to Settings > Privacy > Tracking.
  • Disable “Allow Apps to Request to Track”.

• In the Triny App:

  • Go to Settings > Privacy Preferences.
  • Disable the option for “Personalized Ads”.

K. CCPA and VCDPA Opt-Out Rights

For residents of California (CCPA/CPRA) and Virginia (VCDPA):

• You have the right to opt out of the sale or sharing of your personal data.
• Submit your opt-out request at support@triny.app or use the in-app privacy settings.
• Response Time: We will process opt-out requests within 15 business days.

L. Confirmation of Opt-Out

After submitting your opt-out request:

• You will receive an email confirmation once your request has been processed.
• Your preferences will remain in effect unless you choose to opt back in.

M. Questions About Opting Out?

If you need help with the opt-out process:

• Contact us at support@triny.app or reach out to our Data Protection Officer (DPO) at dpo@triny.app.

How to Control Your Data Usage

You have full control over how your data is used. You can:

• Adjust privacy settings within the app.
• Opt out of marketing emails through the unsubscribe link provided.
• Contact us at support@triny.app for any data-related inquiries.

3. Legal Bases for Processing Personal Data

At Triny, we process your personal data based on lawful grounds, in accordance with global data protection regulations such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Virginia Consumer Data Protection Act (VCDPA). This section outlines the legal bases on which we rely to process your personal data.

A. For Users in the European Union (EU), European Economic Area (EEA), the United Kingdom (UK), and Switzerland

Under the GDPR, we process personal data based on the following legal grounds:

• Performance of a Contract

  • Purpose: To provide, maintain, and support the Triny app, including account registration, personalized workout plans, and customer support.
  • Examples:
    • Creating and managing your account.
    • Processing subscription payments.
    • Providing access to premium features.

• Legitimate Interests

  • Purpose: To improve our services, ensure security, and prevent fraud, provided these interests are not overridden by your rights.
  • Examples:
    • Analyzing user behavior to enhance app performance.
    • Detecting fraudulent activity and securing user accounts.
    • Sending service-related communications.

• Consent

  • Purpose: To process certain types of data only when you’ve explicitly given us permission.
  • Examples:
    • Collecting health and fitness data through integrations with Apple Health or Google Fit.
    • Sending marketing emails or push notifications.
    • Accessing your precise location data.
  • Your Rights:
    You can withdraw your consent at any time by adjusting your app settings or contacting us at support@triny.app.

• Compliance with Legal Obligations

  • Purpose: To comply with legal and regulatory requirements, including tax obligations, anti-fraud measures, and law enforcement requests.
  • Examples:
    • Retaining transaction records for accounting purposes.
    • Responding to legal claims or court orders.

• Vital Interests

  • Purpose: To protect your vital interests or those of another individual, particularly in emergency situations.
  • Examples:
    • Sharing emergency information with relevant authorities if required for your safety.

B. For Users in the United States

1. California (CCPA/CPRA Rights)

If you are a resident of California, we process your data in accordance with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Business Purposes:
  • Providing and improving our services.
  • Security and fraud prevention.
  • Internal analytics and research.
• Your Rights:
  • Right to know what data we collect and how it’s used.
  • Right to request deletion of your personal data.
  • Right to opt out of data sharing for targeted advertising (if applicable).

To exercise your CCPA rights, contact us at support@triny.app.

2. Virginia (VCDPA Rights)

For residents of Virginia, we comply with the Virginia Consumer Data Protection Act (VCDPA):

• Legal Grounds for Processing:
  • To provide personalized fitness services.
  • For security and fraud prevention.
  • For marketing (with your consent).
• Your Rights:
  • Right to access, correct, or delete your personal data.
  • Right to opt out of targeted advertising and profiling.

To exercise your VCDPA rights, contact us at support@triny.app.

C. For Users in Other Jurisdictions

For users outside the EU, US, and UK, we process your personal data based on:

• Consent: When legally required for specific purposes (e.g., marketing communications).
• Contractual Necessity: To deliver services you’ve signed up for.
• Legitimate Interests: For service improvements, security, and fraud prevention, unless overridden by your rights.
• Legal Obligations: To comply with applicable laws and regulations.

D. How We Obtain Your Consent

When we rely on consent as the legal basis for processing your data, we ensure that:

• You are informed about the specific purpose of data collection.
• Consent is obtained through clear, affirmative action (e.g., opt-in checkboxes, permissions).
• You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To withdraw your consent, please adjust your privacy settings in the app or contact us at support@triny.app.

E. Data Transfers Outside of Your Jurisdiction

If you are accessing the Triny app from a location outside the United States, please note that your data may be transferred to, stored, and processed in the United States or other countries where our servers or service providers are located.

• EU/EEA Transfers: We implement safeguards, such as Standard Contractual Clauses (SCCs), to ensure your data is protected according to GDPR standards.

F. Your Rights and How to Exercise Them

Depending on your jurisdiction, you may have the right to:

• Access: Request access to your personal data.
• Rectify: Correct inaccurate or incomplete data.
• Delete: Request deletion of your personal data.
• Restrict: Limit how we process your data.
• Portability: Request a copy of your data in a portable format.
• Object: Object to data processing based on legitimate interests.
• Opt-Out: Opt out of targeted advertising or data sharing (where applicable).

To exercise these rights, contact us at support@triny.app.

4. Sharing Your Personal Data

At Triny, we prioritize the security and privacy of your personal data. We do not sell your personal information for monetary gain. However, to deliver our services effectively, we may share your data with trusted third parties under strict conditions. This section outlines how, when, and with whom we share your personal data.

A. Sharing with Service Providers

We partner with third-party service providers who assist us in delivering, improving, and securing our services. These providers process your data on our behalf, following strict confidentiality agreements.

• Cloud Hosting and Storage Providers

  • Purpose: To store and manage data securely.
  • Examples: AWS, Google Cloud, Microsoft Azure.

• Payment Processors

  • Purpose: To handle secure payment transactions and manage subscriptions.
  • Examples: Google Play Billing, Apple In-App Purchases, Stripe.
  • Note: We do not store your full payment information.

• Analytics and Performance Tools

  • Purpose: To monitor app performance, analyze user behavior, and improve features.
  • Examples: Google Analytics, Firebase, Mixpanel.

• Marketing and Communication Platforms

  • Purpose: To send emails, push notifications, and promotional content (only with your consent).
  • Examples: Mailchimp, SendGrid.

• Customer Support Services

  • Purpose: To provide technical support and manage user inquiries.
  • Examples: Zendesk, Intercom.

B. Legal and Regulatory Disclosures

We may disclose your personal data if required by law or in response to valid legal requests. This includes:

• Compliance with Legal Obligations: To meet tax, regulatory, or legal requirements.
• Law Enforcement Requests: To respond to court orders, subpoenas, or government investigations.
• Protecting Rights and Safety: When necessary to detect fraud, prevent security threats, or protect Triny’s legal rights.

C. Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the acquiring entity.

• Purpose: To ensure business continuity and maintain the functionality of our services.
• User Notification: We will notify you before any transfer that significantly impacts your data privacy rights.

D. Sharing with Third-Party Integrations (with Your Consent)

If you choose to integrate Triny with third-party apps or platforms, we may share specific data with your consent:

• Health and Fitness Apps

  • Examples: Apple Health, Google Health Connect.
  • Data Shared: Workout activity, steps, heart rate, calories burned.
  • Purpose: To enhance fitness tracking and personalized recommendations.

• Social Media Platforms

  • Examples: Facebook, Instagram, Google.
  • Data Shared: Profile information or achievements (only when you choose to share).
  • Purpose: To enable social sharing features within the app.

• Single Sign-On (SSO) Providers

  • Examples: Google, Apple ID, Facebook Login.
  • Data Shared: Authentication tokens, basic profile information.
  • Purpose: To simplify account login and registration.

E. Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot reasonably identify you.

• Purpose: For statistical analysis, research, marketing, or industry reporting.
• Example: Sharing anonymized fitness trends with research organizations.

F. Your Rights Regarding Data Sharing

You have the right to:

• Know: Request information about how and with whom your data is shared.
• Opt-Out: Withdraw consent for data sharing (where applicable).
• Control Integrations: Manage third-party integrations via app settings.

To exercise these rights, contact us at support@triny.app.

G. International Data Transfers

If you are located outside the United States, please be aware that your data may be transferred to, processed, and stored in the United States or other countries where our service providers operate.

• Data Protection: We implement safeguards, such as Standard Contractual Clauses (SCCs), to ensure your data is protected according to applicable privacy laws.

5. Data Retention

At Triny, we retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. This section explains how long we keep your data, the factors that determine retention periods, and your rights regarding data deletion.

A. General Data Retention Principles

We follow these key principles when determining data retention periods:

• Purpose Limitation: We retain data only as long as needed to provide our services, meet legal obligations, or for legitimate business purposes.
• Data Minimization: We regularly review the data we hold and securely delete or anonymize information that is no longer necessary.

B. Retention Periods by Data Category

• Account Information

  • Data Retained: Name, email address, account credentials, profile data.
  • Retention Period: As long as your account is active and up to 12 months after account deletion.
  • Reason: To allow for account reactivation, resolve disputes, or comply with legal obligations.

• Subscription and Payment Data

  • Data Retained: Payment history, billing information, transaction records.
  • Retention Period: Up to 7 years to comply with financial regulations, tax laws, and fraud prevention measures.
  • Note: Payment details are processed securely through third parties; we do not store full credit card information.

• Health and Fitness Data

  • Data Retained: Workout history, activity logs, health metrics (e.g., steps, heart rate, weight).
  • Retention Period: Retained as long as your account is active. Deleted or anonymized within 12 months of account deactivation.
  • Reason: To maintain your fitness progress history and personalized recommendations.

• Communication and Support Data

  • Data Retained: Customer support tickets, emails, chat logs, feedback forms.
  • Retention Period: 2 years after the last interaction to improve customer service and for internal record-keeping.

• Usage and Technical Data

  • Data Retained: App usage logs, device identifiers, crash reports, analytics data.
  • Retention Period: Up to 24 months for performance analysis, app improvements, and security monitoring.
  • Note: Data may be anonymized and retained longer for statistical analysis.

• Marketing and Consent Records

  • Data Retained: Marketing preferences, consent records for data processing, opt-in/opt-out history.
  • Retention Period: 5 years to comply with data protection regulations and manage consent history.

C. Data Deletion and Anonymization

When the retention period expires, we:

• Securely Delete: Data is permanently deleted from our systems and backup servers.
• Anonymize: Where deletion isn’t technically feasible, we anonymize data to ensure it cannot be linked to any individual.

D. Your Rights Regarding Data Retention

You have the right to:

• Request Deletion: You can request the deletion of your personal data at any time by contacting us at support@triny.app.
• Data Portability: Request a copy of your data before deletion (where applicable).
• Withdraw Consent: For data processed based on your consent, you can withdraw consent, and we will delete the related data.

E. Exceptions to Standard Retention Periods

We may retain your data beyond the standard periods in the following cases:

• Legal Compliance: To comply with legal obligations, tax requirements, or regulatory investigations.
• Dispute Resolution: If your data is relevant to ongoing legal proceedings or disputes.
• Fraud Prevention: For the detection, investigation, and prevention of fraudulent activities.

F. Account Deletion Process

When you delete your Triny account:

1. Your personal data will be deactivated immediately.
2. Data will be securely deleted or anonymized within 12 months unless retention is required for legal reasons.
3. Residual data may remain in backups for up to 30 days before being overwritten.

6. Your Rights Regarding Personal Data

At Triny, we are committed to protecting your privacy and ensuring transparency in how your personal data is handled. Depending on your location and applicable data protection laws, you have specific rights regarding your personal data. This section outlines your rights and how you can exercise them.

A. Your Privacy Rights

• Right to Access (Right to Know)

  • What This Means: You have the right to request confirmation of whether we process your personal data and to access a copy of the data we hold about you.
  • How to Exercise: Contact us at support@triny.app to request a data report.
  • What We Provide: Details of the personal data collected, the purposes of processing, categories of third parties with whom we share data, and data retention periods.

• Right to Rectification (Correction of Data)

  • What This Means: You have the right to request the correction of inaccurate or incomplete personal data.
  • How to Exercise: Update your information directly in the app settings or contact us for assistance.

• Right to Erasure (Right to be Forgotten)

  • What This Means: You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent.
  • Exceptions: We may retain data where required for legal compliance, fraud prevention, or dispute resolution.
  • How to Exercise: Submit a deletion request to support@triny.app.

• Right to Data Portability

  • What This Means: You can request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • When Applicable: When data is processed based on your consent or as part of a contract.
  • How to Exercise: Request data portability at support@triny.app.

• Right to Restrict Processing

  • What This Means: You can request that we limit the processing of your personal data under specific circumstances (e.g., when contesting data accuracy or objecting to processing).
  • How to Exercise: Contact us with your request and reason at support@triny.app.

• Right to Object to Processing

  • What This Means: You can object to the processing of your personal data if it is based on our legitimate interests, direct marketing, or profiling activities.
  • How to Exercise: Adjust your preferences in the app settings or contact us directly.

• Right to Withdraw Consent

  • What This Means: Where we rely on your consent to process data, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
  • How to Exercise: Manage consent in the app settings or contact us at support@triny.app.

• Right to Lodge a Complaint

  • What This Means: You have the right to file a complaint with a data protection authority if you believe your data protection rights have been violated.
  • Contact for EU Residents: Find your local authority here.

B. Specific Rights Based on Jurisdiction

1. California (CCPA/CPRA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: Request details of personal data collected, sold, or disclosed.
• Right to Delete: Request deletion of personal data.
• Right to Opt-Out: Opt out of the sale or sharing of personal data (Triny does not sell personal data).
• Right to Non-Discrimination: You won’t be discriminated against for exercising your privacy rights.
• How to Exercise: Submit a request at support@triny.app.

2. Virginia (VCDPA Rights)

If you are a resident of Virginia, under the Virginia Consumer Data Protection Act (VCDPA):

• Right to Confirm and Access: Confirm whether we process your data and access it.
• Right to Correct: Correct inaccuracies in your personal data.
• Right to Delete: Request deletion of personal data.
• Right to Opt-Out: Opt out of targeted advertising, data sales, and profiling.
• Appeal Process: If your data request is denied, you have the right to appeal the decision.
• How to Exercise: Contact support@triny.app.

3. European Union (GDPR Rights)

If you are in the EU, EEA, UK, or Switzerland, the General Data Protection Regulation (GDPR) grants you these rights:

• Right to Access, Rectification, and Erasure
• Right to Restriction and Objection
• Right to Data Portability
• Right to Withdraw Consent
• Right to Lodge a Complaint: You can contact your local data protection authority for further assistance.
• How to Exercise: Submit your request to support@triny.app.

C. How to Exercise Your Rights

• Submitting a Request:

  • Send your request to support@triny.app.
  • Include relevant details such as your name, email, and the nature of your request.

• Verification Process:

  • For security, we may need to verify your identity before processing requests.
  • We will respond within 30 days unless an extension is needed (we’ll notify you if so).

• Appeal Process:

  • If we deny your request, you can appeal by contacting dpo@triny.app.
  • For unresolved complaints, you may contact your local data protection authority.

D. Contact Information for Privacy Requests

• Email: support@triny.app
• Data Protection Officer (DPO): Yazid Aqel — dpo@triny.app
• Address: Triny LLC, 8 The Green, Dover, DE 19901, USA

7. Security of Your Personal Data

At Triny, we take the security of your personal data seriously. We implement robust technical, administrative, and physical security measures to protect your information from unauthorized access, disclosure, alteration, and destruction. This section outlines how we safeguard your data and the steps we take to minimize security risks.

A. Security Measures We Implement

• Encryption

  • Data in Transit: All data transmitted between your device and our servers is encrypted using Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocols to prevent unauthorized access.
  • Data at Rest: Sensitive data stored on our servers is encrypted using industry-standard encryption algorithms (e.g., AES-256).

• Access Controls

  • Role-Based Access: Access to personal data is restricted to authorized employees, contractors, and service providers who need it to perform their duties.
  • Two-Factor Authentication (2FA): We enforce 2FA for internal systems to enhance account security.

• Secure Data Storage

  • Cloud Security: We use reputable cloud service providers (e.g., AWS, Google Cloud) with advanced security protocols and regular audits.
  • Backups: Regular encrypted backups are performed to ensure data availability in case of system failures.

• Monitoring and Threat Detection

  • Real-Time Monitoring: Continuous monitoring for suspicious activities, unauthorized access attempts, and potential vulnerabilities.
  • Intrusion Detection Systems (IDS): Automated systems detect and respond to security threats.

• Regular Security Audits

  • Vulnerability Assessments: Periodic penetration testing and security reviews are conducted to identify and address potential risks.
  • Compliance Reviews: Ongoing assessments to ensure compliance with data protection regulations like GDPR, CCPA, and VCDPA.

B. Data Breach Response Plan

Despite our best efforts, no system is 100% secure. In the event of a data breach:

• Immediate Action: We will promptly investigate and contain the breach to minimize potential harm.
• User Notification: If your personal data is affected, we will notify you and relevant authorities within 72 hours as required by applicable laws.
• Remediation: Implement corrective measures to prevent future incidents.

C. Your Role in Protecting Your Data

While we maintain strong security measures, you also play a vital role in safeguarding your personal data:

• Strong Passwords: Use unique, complex passwords for your Triny account and avoid reusing passwords from other services.
• Two-Factor Authentication (2FA): Enable 2FA if available to add an extra layer of security.
• Device Security: Keep your devices updated with the latest security patches and use trusted antivirus software.
• Be Cautious: Do not share your account credentials with others. Be wary of phishing attempts and suspicious links.

D. How We Protect Payment Information

• Secure Payment Gateways: All payment transactions are processed through secure, PCI-DSS-compliant third-party payment providers like Google Play Billing and Apple In-App Purchases.
• No Direct Storage: Triny does not store full credit or debit card details on its servers. Payment providers handle encryption and processing.

E. Data Security in Third-Party Integrations

When you connect Triny with third-party services (e.g., Apple Health, Google Fit):

• Secure APIs: We use secure API protocols to ensure safe data exchange.
• Limited Data Access: We only access the data necessary to provide the requested features, and only with your explicit consent.

F. Data Retention and Secure Deletion

When data is no longer needed:

• Deletion: Personal data is securely deleted from active databases and backups within the specified retention period.
• Anonymization: In cases where deletion isn’t feasible, data is anonymized to remove any identifiable information.

G. International Data Transfers and Security

For users outside the United States:

• Data Transfers: Your data may be transferred to and processed in countries where data protection laws may differ.
• Safeguards: We implement Standard Contractual Clauses (SCCs) and other safeguards to ensure your data is protected in compliance with global privacy laws.

H. How to Report Security Concerns

If you believe your personal data has been compromised or if you notice suspicious activity related to your account:

• Contact Us Immediately: support@triny.app
• Data Protection Officer (DPO): Yazid Aqel — dpo@triny.app

8. Children’s Privacy

At Triny, we are committed to protecting the privacy of children. Our services are designed for individuals aged 13 and older, and we do not knowingly collect, use, or disclose personal data from children under this age without appropriate parental consent. This section outlines our practices regarding children’s data in compliance with laws such as the Children’s Online Privacy Protection Act (COPPA) and relevant international data protection regulations.

A. Age Restrictions

• Minimum Age Requirement:
  Triny’s services are not intended for children under the age of 13 (or the minimum legal age in your jurisdiction).
• For EU Residents:
  In the European Union, the minimum age to provide consent for data processing is generally 16, unless a lower age is permitted by local law (but not below 13).

B. Data Collection for Children

• No Intentional Collection:
  We do not knowingly collect or solicit personal data from children under 13. If we learn that we have inadvertently collected personal data from a child without proper consent, we will take steps to delete that information promptly.
• Parental Consent (if applicable):
  If we discover that a child under the applicable age has registered without verifiable parental consent, we will delete the account and any associated data.

C. Parental Rights and Controls

Parents or legal guardians have the right to:

• Review Data: Request to review any personal data collected from their child.
• Request Deletion: Request the deletion of their child’s personal data from our systems.
• Control Data Sharing: Revoke consent for the collection or sharing of their child’s personal data at any time.

How to Submit a Request:
Parents can contact us directly at support@triny.app with proof of their relationship to the child to exercise these rights.

D. Steps We Take to Protect Children’s Privacy

• Age Verification:
  We include age verification mechanisms during account registration to prevent children under the required age from creating accounts.
• Monitoring and Compliance:
  Our team regularly reviews our data collection practices to ensure compliance with children’s privacy laws globally.
• Data Deletion Protocols:
  If unauthorized data collection is detected, we have procedures in place to promptly delete the data and prevent further collection.

E. What to Do If You Believe We’ve Collected Data from a Child

If you believe that Triny may have inadvertently collected personal data from a child without appropriate consent:

• Contact Us Immediately:
  • Email: support@triny.app
  • Data Protection Officer (DPO): Yazid Aqel — dpo@triny.app
• Response Time:
  We will investigate the issue promptly and delete any personal data collected from a child without proper consent within 30 days.

F. International Compliance

Triny complies with international regulations regarding children’s data, including:

• COPPA (United States): Governs the collection of data from children under 13.
• GDPR (EU): Provides protections for minors under 16 (or lower age, depending on local laws).
• Other Global Laws: Adheres to child data protection laws in jurisdictions where Triny operates.

9. Changes to This Privacy Policy

At Triny, we are committed to maintaining transparency regarding how we collect, use, and protect your personal data. This Privacy Policy may be updated periodically to reflect changes in our practices, legal requirements, or technological developments. This section outlines how we manage updates to the Privacy Policy and how we will notify you of any significant changes.

A. Why We Update This Privacy Policy

We may revise this Privacy Policy for several reasons, including:

1. Legal Compliance: To comply with new laws, regulations, or legal requirements (e.g., GDPR, CCPA, VCDPA).
2. Service Improvements: To reflect updates to Triny’s features, services, or data processing practices.
3. Security Enhancements: To improve security measures in response to new threats or vulnerabilities.
4. Business Changes: In case of mergers, acquisitions, or changes in our business structure.

B. How We Notify You About Changes

1. Minor Changes (Non-Material Updates):

   • Updates related to formatting, clarification, or minor legal adjustments will be posted directly to this page without direct notification.
   • We recommend reviewing this Privacy Policy regularly for the latest information.

2. Significant Changes (Material Updates):

   • If we make material changes that affect your rights or the way we process your personal data, we will provide a clear and prominent notice. This may include:
     • In-App Notifications: A pop-up message or banner within the Triny app.
     • Email Notifications: An email sent to the address associated with your account.
     • Website Notice: A prominent banner or notice on our website.

3. Advance Notice (When Required):

   • Where required by law, we will provide advance notice of significant changes (e.g., 30 days before changes take effect) to give you time to review and understand the updates.

C. Your Responsibility to Review Changes

• Regular Review:
  We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
• Continued Use as Acceptance:
  Your continued use of Triny’s services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
• Right to Discontinue Use:
  If you do not agree with the updated terms, you may choose to deactivate your account and discontinue using our services.

D. Historical Versions

• Version History:
  For transparency, we maintain a record of previous versions of this Privacy Policy.
• Requesting Past Versions:
  You can request a copy of previous Privacy Policy versions by contacting us at support@triny.app.

E. Contact Us About Privacy Policy Changes

If you have questions or concerns regarding changes to this Privacy Policy:

• Email: support@triny.app
• Data Protection Officer (DPO): Yazid Aqel — dpo@triny.app
• Address: Triny LLC, 8 The Green, Dover, DE 19901, USA

10. Contact Us

At Triny, we are committed to protecting your privacy and addressing any concerns you may have regarding your personal data. If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please reach out to us through the contact information provided below.

A. General Inquiries

For general questions about Triny’s Privacy Policy, data collection practices, or your privacy rights:

• Email: support@triny.app
• Mailing Address:
  Triny LLC
  8 The Green, Dover, DE 19901, USA

B. Data Protection Officer (DPO) Contact

For data protection-related inquiries, requests to exercise your privacy rights (e.g., access, correction, deletion, data portability), or to file a privacy-related complaint, please contact our Data Protection Officer:

• Name: Yazid Aqel
• Email: dpo@triny.app
• Address: Triny LLC, 8 The Green, Dover, DE 19901, USA

The DPO will handle privacy-related issues in accordance with data protection laws such as GDPR, CCPA, and VCDPA.

C. How to Submit a Privacy Request

To exercise your privacy rights, including requests to:

• Access or delete your personal data
• Correct inaccurate information
• Withdraw consent
• Opt-out of data sharing (where applicable)

D. Data Controller Information

For the purposes of data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Virginia Consumer Data Protection Act (VCDPA), the entity responsible for determining the purposes and means of processing your personal data is known as the Data Controller.

• Data Controller Name: Triny LLC
• Business Address: 8 The Green, Dover, DE 19901, USA
• Email: support@triny.app

E. Contacting the Data Controller

If you have questions about how your personal data is processed or if you would like to exercise your privacy rights (such as access, correction, deletion, or data portability), you can contact Triny’s Data Controller:

• Email: support@triny.app
• Mailing Address: Triny LLC, 8 The Green, Dover, DE 19901, USA

Submit a request:

• By email: support@triny.app
• Include relevant details: Your name, email address associated with your account, and a clear description of your request.
• Verification: We may require verification of your identity before processing certain requests to ensure the security of your data.

D. Response Time

• Standard Requests: We aim to respond to all privacy-related inquiries within 30 days.
• Complex Requests: For complex cases, we may extend the response time to 60 days and will notify you accordingly.

E. Lodging a Complaint

If you believe we have not adequately addressed your data protection concerns:

• For EU/EEA/UK Residents: You have the right to lodge a complaint with your local data protection authority.
• For U.S. Residents: You can contact your state’s attorney general’s office or data protection authority.

Thank you for trusting Triny with your fitness journey.