Privacy Policy (Innolope)

Last Updated: December 23, 2025

1. Introduction

This Privacy Policy describes how Innolope LLC ("Innolope", "we", "us", or "our") collects, uses, and handles your personal data ("Personal Data") when you use Innolope, our white noise and productivity timer application, including our web and mobile applications (collectively, the "App" or "Service"). We are committed to protecting your privacy and being transparent about our data practices.

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Policy, please do not access or use the App. Any capitalized terms not defined herein have the meaning ascribed to them in our Terms of Service. This Privacy Policy applies to all users of Innolope, regardless of their geographic location, though certain sections may specifically address rights available under particular jurisdictions' laws.

2. Information We Collect

We have designed Innolope with privacy as a core principle, collecting only the minimum information necessary to provide you with a functional, personalized experience. Unlike many applications that collect extensive behavioral and personal data, we limit our data collection to essential account information, basic analytics, and optional payment processing information. The following sections detail exactly what information we collect, how we collect it, and why it is necessary for the operation of the App.

2.1 Account and Registration Information

When you create an account with Innolope, we collect certain Personal Data that you voluntarily provide to us. This information is necessary to establish your account, authenticate your identity, and provide you with access to the App's features across multiple devices. Specifically, we collect your full name and email address during the registration process. Your name is used to personalize your experience within the App, such as displaying a welcome message or customizing notifications. Your email address serves as your unique account identifier and is used for authentication purposes, password reset functionality, and essential communications regarding your account and the Service.

We require a valid email address to ensure account security and to provide you with important information about service updates, security notifications, or changes to our terms and policies. Your password, while provided by you during registration, is immediately cryptographically hashed using industry-standard algorithms before being stored in our systems. We never store passwords in plain text, and even our own technical staff cannot retrieve your original password. If you forget your password, you can reset it through a secure password reset process that sends a time-limited reset link to your registered email address.

2.2 Optional Payment Information

Innolope is offered as a free application with optional support payments that users can choose to make if they wish to support the continued development and maintenance of the App. These payments are entirely voluntary and are not required to access any features of the App. All payment processing is handled through Stripe, a third-party payment processor that complies with the Payment Card Industry Data Security Standard (PCI DSS). When you choose to make a support payment, you are redirected to Stripe's secure payment interface, where you enter your payment card information directly with Stripe.

We never receive, process, or store your complete payment card details, including card numbers, CVV codes, or expiration dates. Stripe processes your payment information according to their own privacy policy and security standards, and they provide us only with confirmation that a payment was successfully processed, along with limited transaction metadata such as the payment amount, currency, and a unique transaction identifier. This approach ensures that your sensitive payment information remains with a specialized, highly secure payment processor rather than being stored by us. We may retain basic transaction records for accounting and legal compliance purposes, but these records do not include your complete payment card information.

2.3 Analytics and Usage Information

To improve Innolope and understand how users interact with the App, we collect analytics data through Firebase Analytics, a service provided by Google. This analytics information helps us identify which features are most valuable to users, detect technical issues or crashes, optimize performance, and make informed decisions about future development priorities. The analytics data we collect is automatically gathered by the Firebase SDK integrated into our application and includes information about your device, your usage patterns, and your interactions with the App.

Device information collected includes your device type and model, operating system and version, app version number, device language settings, screen resolution, and mobile network information. We also collect a general geographic location based on your IP address, typically limited to your country or region, which helps us understand our user base's geographic distribution and optimize server locations for better performance. Usage analytics include information about which features you use, how long you spend in the App during each session, which sounds or timer configurations you prefer, how often you use the App, and patterns in your usage over time.

Firebase Analytics assigns a unique identifier to your app installation to track usage patterns over time, but this identifier is not directly associated with your name or email address in the analytics system. The data collected through Firebase Analytics is aggregated and anonymized, meaning we analyze trends across all users rather than examining individual user behavior. We cannot and do not use Firebase Analytics data to identify specific individuals or to track your activities outside of the Innolope app. Firebase Analytics data is subject to Google's own data retention policies and privacy practices, which are detailed in Google's Privacy Policy. We have configured Firebase Analytics to collect only the minimum information necessary for improving the App and have disabled any optional data collection features that are not essential to our purposes.

2.4 Application Preferences and Settings

To provide you with a personalized and consistent experience across devices, we store your application preferences and settings. These preferences include your timer configurations, preferred white noise sounds, volume levels, theme and display settings, notification preferences, and any custom timer durations you have created. Most of these preferences are stored locally on your device for immediate access and optimal performance. When you are logged into your account, we also synchronize certain preferences to our cloud infrastructure, which allows you to maintain consistent settings when you use Innolope on multiple devices or after reinstalling the App.

The synchronization of preferences is entirely for your convenience and can be disabled if you prefer to keep settings local to each device. We do not analyze your individual preferences for marketing purposes or share them with third parties. These settings are associated with your account and are deleted when you delete your account. The technical implementation of preference storage uses industry-standard encryption both in transit and at rest to ensure that your settings remain private and secure.

2.5 Information We Do Not Collect

It is important to note what information we do not collect. We do not collect precise geolocation data, such as GPS coordinates or detailed location tracking. We do not access your contacts, photos, or other personal files stored on your device unless you explicitly grant permission for specific features. We do not collect information about other apps installed on your device. We do not track your browsing history or activities outside of the Innolope app. We do not collect biometric information, voice recordings, or any other sensitive personal data categories. We do not employ tracking technologies that follow you across other websites or applications. Our approach is to collect only what is essential for the App to function and improve, nothing more.

3. How We Use Your Information

We use the Personal Data we collect solely to provide, maintain, and improve the Innolope application and to communicate with you about the Service. Our use of your information is guided by principles of necessity, proportionality, and transparency. We do not use your Personal Data for purposes beyond those described in this Privacy Policy without obtaining your explicit consent. The following sections provide detailed explanations of each purpose for which we process your information and the legal basis for such processing where required by applicable law.

3.1 Providing and Operating the Service

The primary purpose for collecting and processing your Personal Data is to provide you with the Innolope application and all of its features. Your account information enables us to create and maintain your user account, authenticate you when you log in, and ensure that you have authorized access to your personalized settings and preferences. When you use Innolope across multiple devices, your account information allows us to recognize you and synchronize your preferences, ensuring a seamless experience regardless of which device you're using.

Your preferences and settings information is processed to remember your timer configurations, sound selections, and other customizations between sessions. This processing occurs both locally on your device and on our servers when syncing across devices. Without processing this information, we would be unable to provide you with a personalized experience or maintain consistency across your devices. The processing of your account and preference information is necessary for us to perform our contract with you to provide the Innolope service, and it is conducted on the legal basis of contractual necessity where such a legal basis is required under applicable privacy laws.

3.2 Improving and Developing the Service

We process analytics data to understand how users interact with Innolope, identify areas for improvement, and guide our development priorities. By analyzing aggregated usage patterns, we can determine which features are most valuable, identify features that may be confusing or underutilized, and make informed decisions about where to invest development resources. For example, if analytics show that users frequently encounter errors with a particular feature, we can prioritize fixing that issue. If data shows that certain timer durations are rarely used, we might simplify the interface by highlighting more popular options.

This processing also includes analyzing app performance metrics to identify and resolve technical issues, optimize loading times, reduce crashes, and improve overall stability. We use crash reports generated by Firebase Analytics to identify bugs and technical problems that impact user experience. These crash reports contain technical diagnostic information but do not include personally identifiable information beyond the anonymous device identifiers used by Firebase. The legal basis for this processing is our legitimate interest in improving the Service and ensuring it functions reliably for all users. We believe this legitimate interest is balanced and does not override your rights, as the data collected is minimized, anonymized, and used solely for improvement purposes rather than for marketing or other secondary uses.

3.3 Communicating with You

We use your email address to send you important communications regarding your account and the Service. These essential communications include account verification emails when you first register, password reset emails when you request to reset your password, security notifications if we detect unusual account activity, and important updates about changes to our Terms of Service or Privacy Policy. These communications are necessary for account security and to keep you informed of changes that may affect your use of the Service.

We may also send you optional communications about new features, tips for using Innolope more effectively, or updates about the App's development. However, we will only send these non-essential communications if you have explicitly opted in to receive them, and you can unsubscribe from such communications at any time by clicking the unsubscribe link included in every email or by adjusting your communication preferences in your account settings. We do not use your email address to send you advertising for third-party products or services. The legal basis for processing your email address for essential communications is contractual necessity, as these communications are necessary to provide you with the Service and maintain account security. For optional marketing communications, the legal basis is your consent, which you can withdraw at any time.

3.4 Processing Support Payments

When you choose to make an optional support payment, we process limited transaction information to record your contribution, issue any applicable receipts, and maintain financial records for accounting and legal compliance purposes. As described earlier, Stripe handles all sensitive payment processing, and we receive only confirmation of successful payments along with basic transaction metadata. We process this payment information to fulfill our obligations as a business, including maintaining accurate financial records, complying with tax regulations, and responding to any payment-related inquiries you may have.

This processing is necessary for us to perform our contract with you regarding payment processing and to comply with legal obligations related to financial recordkeeping and tax reporting. We retain payment records for the period required by applicable accounting and tax laws, which typically ranges from five to seven years depending on jurisdiction. Your decision to make a support payment is entirely voluntary and does not affect your access to any features of the App.

3.5 Security and Fraud Prevention

We process certain information to maintain the security of your account and the Service as a whole, and to detect and prevent fraudulent activity, abuse, or security threats. This includes monitoring for unusual login patterns that might indicate unauthorized access attempts, detecting automated or bot-like behavior that could indicate abuse of the Service, and responding to potential security incidents. For example, if we detect multiple failed login attempts from unusual locations, we may temporarily restrict access to the account and send you a security notification.

These security measures are implemented to protect both individual users and the integrity of the Service for all users. The processing of information for security purposes is based on our legitimate interest in maintaining a secure service and protecting users from security threats. Where required by law, we may also process information to comply with legal obligations related to security incident reporting or to respond to lawful requests from law enforcement authorities.

3.6 Legal Compliance and Protection

We may process your Personal Data to comply with applicable laws, regulations, and legal processes. This includes retaining records for the periods required by law, responding to valid legal requests from authorities, and establishing, exercising, or defending legal claims. We may also process information to enforce our Terms of Service, investigate potential violations of our policies, or protect the rights, property, or safety of Innolope, our users, or the public. Such processing is based on legal obligation where we are required by law to act, and on legitimate interest where we are taking steps to protect our legal rights or the rights and safety of our users.

4. How We Share Your Information

We respect your privacy and do not sell, rent, or trade your Personal Data to third parties for their marketing purposes. The only circumstances under which we share your information are those strictly necessary to provide the Service, process payments, comply with legal obligations, or protect our rights and the rights of our users. We carefully vet all third parties with whom we share information and require them to maintain appropriate security measures and to use your information only for the specific purposes we authorize.

4.1 Service Providers and Data Processors

We engage carefully selected third-party service providers to perform specific functions necessary for operating the Service. These service providers act as data processors on our behalf and are contractually obligated to protect your Personal Data and use it only for the purposes we specify. Our primary service providers include Firebase, a platform provided by Google LLC, which we use for analytics and app infrastructure. Firebase processes analytics data as described in Section 2.3, and their data practices are governed by Google's Privacy Policy, available at https://policies.google.com/privacy. Firebase stores data on Google's secure cloud infrastructure and implements comprehensive security measures to protect user data.

We also use cloud hosting providers such as Amazon Web Services, Google Cloud Platform, or similar services to host our application infrastructure, databases, and backups. These providers process and store your account information, preferences, and other data necessary for the Service to function. Our hosting providers maintain industry-leading security certifications including SOC 2, ISO 27001, and other standards that demonstrate their commitment to data security. All service providers we engage are required to sign data processing agreements that specify their responsibilities regarding data protection, security measures, data retention, and confidentiality. These agreements ensure that service providers cannot use your data for their own purposes and must return or delete data when our relationship ends or when we request it.

4.2 Payment Processor

Stripe, Inc., our payment processor, handles all payment card processing when you choose to make support payments. Stripe is a PCI DSS Level 1 certified service provider, which is the highest level of certification in the payment card industry. When you make a payment, Stripe processes your payment information according to their Privacy Policy, available at https://stripe.com/privacy, and their Terms of Service. Stripe may share your payment information with banks, card networks, and other parties necessary to process the transaction, but these parties are also bound by confidentiality and security obligations.

We receive from Stripe only the information necessary to confirm that a payment was successfully processed and to maintain our financial records, such as the payment amount, currency, timestamp, and a unique transaction identifier. We never receive your complete payment card number, CVV code, or other sensitive payment credentials. If you have questions about how Stripe handles your payment information, you can review their privacy policy or contact them directly through their support channels.

4.3 Legal Requirements and Protection of Rights

We may disclose your Personal Data if we determine in good faith that disclosure is reasonably necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. This includes complying with court orders, subpoenas, warrants, or other legal demands that meet jurisdictional requirements. Before disclosing information in response to legal requests, we review the request carefully to ensure it is valid and properly scoped, and we may seek legal counsel to verify the request's legitimacy. Where legally permitted, we will notify you of such legal requests so that you can seek to protect your rights, unless we are prohibited from doing so by law or court order, or if providing notice could undermine the purpose of the request.

We may also disclose information to enforce our Terms of Service, to investigate potential violations of our policies or laws, or to protect the rights, property, or safety of Innolope, our users, or the public. For example, if we have reason to believe that a user is engaging in fraudulent activity, abusing the Service, or using it for illegal purposes, we may disclose relevant information to appropriate authorities. Such disclosures are made on a case-by-case basis and only when we believe they are necessary and proportionate to address the specific situation. We may also disclose information to prevent imminent harm to individuals or property, such as when we receive credible threats of violence or self-harm.

4.4 Business Transfers and Corporate Transactions

If Innolope is involved in a merger, acquisition, asset sale, bankruptcy, dissolution, reorganization, or similar corporate transaction or proceeding, your Personal Data may be transferred or disclosed as part of that transaction. In such circumstances, we will take reasonable steps to ensure that any successor entity or acquiring party honors this Privacy Policy or provides you with notice of any changes to how your Personal Data will be handled. Where required by applicable law, we will provide you with advance notice of the transfer through email or a prominent notice on our website, and we will inform you of any material changes to how your Personal Data will be processed or who will control it.

You will have the opportunity to delete your account before such a transfer takes effect if you do not wish your information to be transferred. After such a transfer, the acquiring entity would become the data controller of your Personal Data and would be responsible for complying with applicable privacy laws and honoring the commitments made in this Privacy Policy unless you are provided notice and, where required, an opportunity to consent to a different privacy policy.

4.5 Aggregated and Anonymized Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you individually. This type of information sharing might include publishing general statistics about app usage, sharing industry insights derived from aggregated user data, or providing anonymized data to researchers studying productivity tools or user behavior patterns. Before sharing such information, we ensure that it has been properly anonymized through techniques such as aggregation, generalization, or data masking, so that it cannot be reverse-engineered to identify specific individuals.

For example, we might share statistics such as "Innolope users completed an average of 12 focus sessions per week" or "The most popular timer duration is 25 minutes," but we would never share information that could be traced back to individual users. This type of information sharing helps advance understanding of productivity patterns and can benefit the broader community of users and researchers. Because this information cannot be used to identify you, it is not considered Personal Data under most privacy laws, and we may use and share it without restriction.

4.6 With Your Explicit Consent

We may share your Personal Data for purposes not described in this Privacy Policy when we have obtained your explicit consent to do so. Before sharing your information for any new purpose, we will clearly explain what information will be shared, with whom it will be shared, for what purpose, and what the consequences of sharing might be. You will have the opportunity to provide or withhold your consent, and you can withdraw consent at any time for future processing, though withdrawal of consent will not affect the lawfulness of processing that occurred before consent was withdrawn.

5. Data Retention and Deletion

We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, resolve disputes, and enforce our agreements. Our retention practices are designed to balance our operational needs, legal requirements, and your privacy rights. We implement data retention policies that specify retention periods for different categories of information, and we have processes in place to ensure that data is securely deleted or anonymized when it is no longer needed.

5.1 Account and Profile Information

Your account information, including your name, email address, and account credentials, is retained for as long as your account remains active. An account is considered active from the time you create it until you explicitly delete your account or until we close inactive accounts in accordance with our account retention policies. If your account remains completely unused for an extended period, typically twenty-four months or more, we may contact you to confirm whether you wish to keep your account active. If we receive no response, we may close the account and delete the associated data after providing reasonable notice.

When you delete your account through the app settings or by contacting our support team, we begin the deletion process immediately. Your account is first deactivated, which prevents you from logging in and removes your account from active systems. However, we maintain your account data for a grace period of thirty days after deletion to allow for account recovery in case you deleted your account by mistake or change your mind. During this thirty-day period, you can contact us to reactivate your account. After the grace period expires, we permanently delete your account information from our active systems and backups, subject to the retention requirements described below.

5.2 Analytics and Usage Data

Analytics data collected through Firebase Analytics is subject to Firebase's data retention policies, which we have configured to retain user-level and event-level data for a period of two months. After this retention period, Firebase automatically aggregates or deletes the data. Aggregated analytics reports that do not contain user-level information may be retained indefinitely to track long-term trends and measure the App's performance over time. Because these aggregated reports do not contain information that can identify individual users, they are not considered Personal Data and are not subject to deletion requests.

Crash reports and technical diagnostic data are typically retained for up to twelve months to allow us to identify patterns in crashes and verify that fixes we implement are effective. After this period, crash reports that are no longer needed for ongoing troubleshooting are automatically purged from our systems. We may retain anonymized crash statistics indefinitely for trend analysis and quality assurance purposes.

5.3 Payment and Transaction Records

Payment transaction records are retained for the period required by applicable tax and accounting laws, which generally require businesses to maintain financial records for at least seven years. This retention is necessary for us to comply with tax reporting obligations, respond to tax audits, and maintain accurate business records. Payment records retained for these purposes include transaction amounts, dates, payment methods used (without complete card details), and transaction identifiers, but do not include your complete payment card information, which is never provided to us by Stripe.

If you delete your account, your payment transaction history will be retained for the legally required period but will be disassociated from your account information to the extent possible while still maintaining the integrity of our financial records. After the legally required retention period expires, payment records are securely deleted from our systems.

5.4 Communications and Support Records

Communications you send to us through customer support channels, including emails, support tickets, and chat conversations, are retained for up to three years to maintain a record of our interactions, improve our support quality, and protect both your interests and ours in case of disputes. These records help our support team provide you with more effective assistance by allowing them to review previous interactions and understand the full context of your inquiries.

If you delete your account and request deletion of support communications, we will delete or anonymize these records unless we have a legitimate need to retain them, such as an ongoing dispute, a legal obligation, or if the communications contain information relevant to the safety or security of the Service.

5.5 Backup and Disaster Recovery

We maintain encrypted backups of our systems for disaster recovery purposes to ensure that we can restore the Service in the event of a catastrophic failure, natural disaster, cyber attack, or other major incident. These backups may contain copies of your Personal Data as it existed at the time the backup was created. Backups are automatically cycled and deleted according to our backup retention schedule, which typically retains daily backups for thirty days, weekly backups for ninety days, and monthly backups for one year.

When you delete your account, your data is removed from our production systems within the timeframes described above, but copies may remain in backups until those backups are cycled out according to our retention schedule. We do not restore data from backups except in the event of a major system failure affecting multiple users. Backups are stored in secure, encrypted form and are accessible only to authorized technical personnel who require access for disaster recovery purposes.

5.6 Anonymization and Aggregation

After the applicable retention periods have expired, we may retain information in anonymized or aggregated form indefinitely. Anonymized information is data that has been modified so that it can no longer reasonably be linked to an individual user, either by itself or in combination with other available information. Aggregated information is data that has been combined from multiple users in a way that makes it impossible to identify individual contributions. For example, we might retain aggregated statistics about average session lengths or popular features without retaining any information about specific users.

These anonymized and aggregated datasets are valuable for long-term analysis, product development, research, and industry insights. Because this information cannot be used to identify you, it is not considered Personal Data under most privacy laws, and we are not required to delete it upon request. However, we ensure that our anonymization processes meet industry standards and that anonymized data cannot be reverse-engineered to identify individuals.

6. International Data Transfers

Innolope LLC is headquartered in the United States, and our primary servers and operations are located in the United States. If you access or use the Innolope application from outside the United States, your Personal Data will be transferred to, stored in, and processed in the United States and potentially in other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your country of residence and may not provide the same level of data protection as your jurisdiction.

6.1 Legal Mechanisms for Transfers

When we transfer Personal Data internationally, particularly from the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions with comprehensive data protection laws, we implement appropriate safeguards to ensure that your Personal Data remains protected in accordance with this Privacy Policy and applicable law. These safeguards may include Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office, adequacy decisions issued by competent authorities recognizing that certain jurisdictions provide adequate data protection, binding corporate rules for transfers within multinational organizations, or other legally recognized transfer mechanisms.

For transfers to the United States, we monitor developments in transatlantic data transfer frameworks and implement supplementary measures as necessary to ensure adequate protection of Personal Data in light of legal requirements and guidance from data protection authorities. If we rely on Standard Contractual Clauses or other contractual safeguards for transfers, we conduct transfer impact assessments to evaluate the legal environment in the destination country and implement additional technical and organizational measures where necessary to ensure adequate protection.

6.2 Data Localization and Processing Locations

Our primary data processing occurs in data centers located in the United States, operated by our cloud hosting providers. These data centers are certified under industry-standard security frameworks including SOC 2 Type II, ISO 27001, and other relevant certifications that demonstrate comprehensive security controls. Data may be replicated across multiple geographic locations for redundancy, disaster recovery, and performance optimization purposes. For example, backup copies of data may be stored in geographically separate data centers to ensure data availability in the event of a regional outage.

Firebase Analytics, operated by Google, may process analytics data in any country where Google maintains facilities, which includes the United States, Europe, and Asia-Pacific regions. Google implements appropriate safeguards for international data transfers and provides detailed information about their data processing locations and transfer mechanisms in their Privacy Policy. When you use Innolope, analytics data about your usage may be transmitted to and processed by Firebase servers in any of these locations.

6.3 Your Rights Regarding International Transfers

By using the Innolope application, you acknowledge and consent to the transfer of your Personal Data to the United States and other countries as described in this section. However, your consent to international data transfers does not waive any of your rights under applicable data protection laws. You retain all rights granted under such laws, including the right to access your data, request corrections or deletion, object to certain processing, and lodge complaints with supervisory authorities in your jurisdiction.

If you have concerns about the international transfer of your Personal Data or if you reside in a jurisdiction with specific requirements regarding data transfers, you may contact us at [email protected] to discuss your concerns and learn more about the specific safeguards we have implemented for transfers from your jurisdiction. We will provide you with information about the transfer mechanisms we use and, where appropriate, provide you with copies of relevant documentation such as Standard Contractual Clauses.

7. Your Rights and Choices

We respect your rights to understand and control how your Personal Data is used. Depending on your location and the applicable data protection laws that govern our relationship, you may have various rights regarding your Personal Data. These rights are designed to give you control over your information and ensure transparency in how it is processed. The following sections describe your rights in detail and explain how you can exercise them.

7.1 Right to Access

You have the right to request confirmation of whether we are processing your Personal Data and, if so, to receive access to that data. This right, sometimes called a "right to know," allows you to understand what information we hold about you, how we obtained it, how we use it, and with whom we share it. You can request a copy of your Personal Data in a structured, commonly used format that allows you to review the information and potentially transfer it to another service.

To exercise your right to access, you can review much of your account information directly through the Innolope app settings, where you can view your profile information, preferences, and account details. For a more comprehensive report of all Personal Data we hold about you, you can submit a request to [email protected]. We will respond to verified access requests within the timeframe required by applicable law, typically within thirty days. If we need additional time to compile your information, we will notify you of the delay and the reason for it.

7.2 Right to Rectification and Correction

You have the right to request correction of inaccurate or incomplete Personal Data we hold about you. If you discover that your account information is incorrect or outdated, you should update it as soon as possible to ensure that we have accurate information for communicating with you and providing the Service. You can directly update most of your account information through the Innolope app settings, including your name, email address, and preferences.

If you are unable to correct information through the app settings, or if you believe we hold inaccurate information about you that you cannot directly access or modify, you can contact us at [email protected] with a description of the information you believe is inaccurate and the corrections you would like us to make. We will review your request and, if we agree that the information is inaccurate, we will correct it promptly. If we disagree about whether the information is inaccurate, we will explain our position and, where appropriate, allow you to submit a statement of disagreement that will be stored with your data.

7.3 Right to Deletion and Erasure

You have the right to request deletion of your Personal Data in certain circumstances, sometimes referred to as the "right to be forgotten" or "right to erasure." You can exercise this right at any time by deleting your account through the Innolope app settings. When you delete your account, we will permanently remove your account information, preferences, and associated data from our active systems within thirty days, subject to certain exceptions described below.

We may be unable to delete your Personal Data if retention is necessary for us to comply with legal obligations, such as maintaining financial records for tax purposes, or if deletion would prevent us from establishing, exercising, or defending legal claims. In such cases, we will restrict processing of your data to only those purposes that require retention and will delete the data as soon as the retention requirement no longer applies. If you have concerns about specific information and why it has not been deleted following your request, you can contact us for clarification.

To request deletion of your account and data, you can use the "Delete Account" option in the app settings or send an email to [email protected] with your request. We may ask you to verify your identity before processing deletion requests to prevent unauthorized deletion of accounts. After verifying your identity, we will process your deletion request and send you a confirmation when the deletion is complete.

7.4 Right to Restriction of Processing

In certain circumstances, you have the right to request that we restrict or limit how we process your Personal Data. Restriction of processing means that we can continue to store your data but cannot use it for other purposes without your consent, except for specific permitted purposes such as legal claims or protecting the rights of others. You might request restriction of processing if you contest the accuracy of your Personal Data while we verify its accuracy, if you object to deletion of unlawfully processed data and instead request restriction, if we no longer need your data but you need it for legal claims, or if you have objected to processing based on legitimate interests while we verify whether our legitimate grounds override yours.

To request restriction of processing, contact us at [email protected] with a description of your request and the reason you believe restriction is appropriate. We will respond to your request within the timeframe required by applicable law and will inform you before lifting any restriction on processing.

7.5 Right to Data Portability

Where technically feasible and required by applicable law, you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit that data to another service provider without hindrance from us. This right applies to Personal Data you have provided to us where the processing is based on consent or contract and is carried out by automated means. Data portability allows you to move, copy, or transfer your Personal Data easily from one IT environment to another in a safe and secure way.

To request data portability, contact us at [email protected]. We will provide your data in JSON or CSV format, which are commonly used, machine-readable formats that can be easily imported into other systems. The data export will include your account information, preferences, and other Personal Data we hold about you, excluding information that would disclose confidential commercial information or adversely affect the rights and freedoms of others.

7.6 Right to Object

You have the right to object to our processing of your Personal Data based on legitimate interests, including processing for direct marketing purposes or profiling. When you object to processing, we will stop processing your Personal Data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

For marketing communications specifically, you have an absolute right to object at any time. You can exercise this right by clicking the "unsubscribe" link in any marketing email we send, by adjusting your communication preferences in the app settings, or by contacting us at [email protected]. Once you opt out of marketing communications, we will not send you promotional content, though we will continue to send essential service-related communications necessary for account administration and security.

7.7 Right to Withdraw Consent

Where our processing of your Personal Data is based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing that occurred before you withdrew consent, but it will stop future processing that requires consent. For example, if you consented to receive optional marketing communications, you can withdraw that consent at any time, and we will stop sending you marketing emails going forward.

To withdraw consent, you can adjust your settings in the app, click the unsubscribe link in emails, or contact us at [email protected] specifying which consent you wish to withdraw. We will process your withdrawal promptly and confirm when it has taken effect.

7.8 Right to Lodge a Complaint

If you believe that we have not complied with applicable data protection laws or have not adequately addressed your concerns about how we handle your Personal Data, you have the right to lodge a complaint with a supervisory authority in your jurisdiction. Supervisory authorities are independent public authorities that oversee compliance with data protection laws and investigate complaints from individuals about how their Personal Data is processed.

For users in the European Economic Area, you can find your local data protection authority through the European Data Protection Board's website at https://edpb.europa.eu/about-edpb/board/members_en. Users in the United Kingdom can lodge complaints with the Information Commissioner's Office (ICO) at https://ico.org.uk. Users in other jurisdictions should consult their local data protection authority or privacy commissioner. While you have the right to lodge a complaint with a supervisory authority at any time, we encourage you to contact us first at [email protected] so that we have an opportunity to address your concerns directly.

7.9 How to Exercise Your Rights

To exercise any of the rights described in this section, you can contact us using any of the following methods. You can send an email to [email protected] with a clear description of your request and the specific right you wish to exercise. You can use the account settings in the Innolope app to directly update your information, delete your account, or manage your communication preferences for certain rights. You can send written correspondence to our mailing address listed in Section 12 of this Privacy Policy.

When you submit a request to exercise your rights, we may need to verify your identity to protect your Personal Data from unauthorized access or disclosure. We may ask you to confirm your email address, answer security questions, or provide additional information to verify that you are the account holder. This verification process is necessary to ensure that we only provide Personal Data to the individual it belongs to and do not inadvertently disclose your information to someone impersonating you.

We will respond to your request within the timeframe required by applicable law, which is typically thirty days from receipt of a verified request. If we need additional time to process your request due to its complexity or the volume of requests we are handling, we will notify you of the delay and the expected response time, which will not exceed an additional thirty days unless permitted by law. There is no fee for exercising your rights under normal circumstances, though we may charge a reasonable fee or refuse to act on a request if it is clearly unfounded, repetitive, or excessive.

8. Data Security

Protecting your Personal Data is a critical priority for us. We implement comprehensive technical, physical, and organizational security measures designed to safeguard your information from unauthorized access, accidental loss, destruction, alteration, or disclosure. While no system can guarantee absolute security, we employ industry-standard practices and continuously update our security measures to address evolving threats and vulnerabilities.

8.1 Technical Security Measures

We employ multiple layers of technical security controls to protect your data throughout its lifecycle. All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) protocol with strong cipher suites, which creates a secure, encrypted channel that prevents eavesdropping or tampering during transmission. This encryption applies to all communications, including when you log in, sync your preferences, or interact with any features of the App. We use TLS version 1.2 or higher and regularly update our encryption protocols to maintain strong security as older protocols become deprecated.

Your Personal Data stored on our servers is encrypted at rest using industry-standard encryption algorithms such as AES-256, which provides strong protection even if storage media were to be physically compromised. Encryption keys are managed securely using dedicated key management services that restrict access to authorized systems and personnel only. Database encryption is implemented at multiple levels, including full-disk encryption, database-level encryption, and field-level encryption for particularly sensitive data such as authentication credentials.

We implement strict access controls using role-based access control (RBAC) principles, which means that access to Personal Data is granted only to employees and systems that require it to perform specific job functions. Each employee is assigned the minimum level of access necessary for their role, and access rights are reviewed regularly and revoked immediately when no longer needed. Administrative access to production systems requires multi-factor authentication using hardware security keys or time-based one-time passwords, adding an additional layer of security beyond traditional passwords.

Our network infrastructure is protected by enterprise-grade firewalls that filter incoming and outgoing traffic according to strict security rules, allowing only legitimate traffic while blocking potentially malicious connections. We employ intrusion detection and prevention systems (IDS/IPS) that monitor network traffic for suspicious patterns and can automatically block or alert on potential security threats. Network segmentation isolates different components of our infrastructure, limiting the potential impact of a security breach by preventing lateral movement between systems.

We conduct regular vulnerability scans and penetration testing to identify potential security weaknesses before they can be exploited by malicious actors. Automated security scanning tools run continuously to detect vulnerabilities in our code, dependencies, and infrastructure configurations. We engage independent security researchers and firms to perform periodic penetration testing, which simulates real-world attacks to identify weaknesses that automated tools might miss. When vulnerabilities are identified, we prioritize remediation based on severity and implement fixes promptly.

8.2 Organizational Security Measures

Beyond technical controls, we implement organizational measures to ensure that security is embedded in our culture and processes. All employees and contractors who have access to Personal Data receive comprehensive security awareness training covering topics such as password security, phishing recognition, data handling procedures, incident response, and privacy principles. This training is mandatory for new hires and is repeated annually with updates reflecting current threats and best practices.

We maintain documented information security policies and procedures that govern how Personal Data must be handled, stored, transmitted, and disposed of. These policies are regularly reviewed and updated to reflect changes in technology, legal requirements, and security best practices. Employees are required to acknowledge and comply with these policies, and violations can result in disciplinary action including termination of employment.

Access to Personal Data is granted only after employees have undergone background checks appropriate to their level of access and have signed confidentiality agreements that survive the termination of their employment. Employees are trained to recognize and report security incidents, and we maintain a formal incident response plan that defines roles, responsibilities, and procedures for responding to security breaches or data protection incidents.

We carefully vet all third-party service providers who process Personal Data on our behalf, conducting due diligence reviews of their security practices, certifications, and track record. Service providers must sign data processing agreements that specify their security obligations, and we periodically review their compliance with these obligations. We limit the data we share with service providers to only what is necessary for them to perform their specific functions.

8.3 Application Security

The Innolope application itself is designed with security in mind from the ground up. Your password is never stored in plain text; instead, it is processed through a cryptographic hash function using algorithms such as bcrypt or Argon2, which are specifically designed for password hashing and resistant to brute-force attacks. These algorithms incorporate salting and key stretching techniques that make it computationally infeasible to reverse the hash and recover the original password, even if an attacker were to gain access to the hashed values.

We implement account security features such as password strength requirements that encourage you to create strong, complex passwords, automatic session timeout after periods of inactivity to prevent unauthorized access from unattended devices, and suspicious activity monitoring that can detect and alert on unusual login patterns such as logins from new locations or devices. If we detect potentially unauthorized access to your account, we may temporarily restrict access and require additional verification before allowing access to be restored.

The application code undergoes security code review as part of our development process, where experienced developers examine code for potential security vulnerabilities such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and other common attack vectors. We follow secure coding guidelines and use automated static analysis tools to identify potential security issues during development before code is deployed to production. Regular dependency updates ensure that third-party libraries and frameworks used in the application are kept current with security patches.

8.4 Physical Security

Our servers and data centers are housed in facilities that implement stringent physical security controls. These facilities feature 24/7 security personnel and surveillance monitoring, biometric access controls and multi-factor authentication for entry, secure cages or locked cabinets for server equipment, environmental monitoring and controls for temperature and humidity, fire detection and suppression systems, redundant power supplies and backup generators, and comprehensive disaster recovery capabilities. These facilities are certified under security standards such as ISO 27001 and SOC 2, demonstrating their commitment to maintaining a secure environment for hosting sensitive data.

8.5 Monitoring and Logging

We maintain comprehensive logging of system activity, including authentication attempts, data access, configuration changes, and security events. These logs are centralized and analyzed using security information and event management (SIEM) systems that can correlate events across multiple systems and detect patterns indicative of security incidents. Logs are retained for a period sufficient to support security investigations and are protected from unauthorized modification or deletion.

Automated alerting notifies our security team of suspicious activities in real-time, enabling rapid response to potential security incidents. We monitor for activities such as repeated failed login attempts, unusual data access patterns, system configuration changes, network anomalies, and indicators of compromise from threat intelligence feeds. When alerts are triggered, security personnel investigate and take appropriate action, which may include blocking suspicious IP addresses, forcing password resets, or escalating to incident response procedures.

8.6 Incident Response and Breach Notification

Despite our comprehensive security measures, no system is completely immune to security incidents. We maintain a documented incident response plan that defines how we detect, respond to, contain, and recover from security incidents. This plan includes procedures for assembling an incident response team, assessing the scope and impact of the incident, containing the threat to prevent further damage, eradicating the root cause, recovering affected systems, and conducting post-incident analysis to identify lessons learned and improve our security posture.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and any applicable supervisory authorities as required by law. Notification will typically occur within seventy-two hours of our becoming aware of the breach, unless a delay is necessary for law enforcement purposes or to allow us to assess the full scope of the incident. Our notification will describe the nature of the breach, the categories and approximate number of affected individuals, the likely consequences of the breach, the measures we have taken or propose to take to address the breach and mitigate its effects, and contact information for obtaining more information.

8.7 Your Security Responsibilities

While we implement extensive security measures to protect your Personal Data, security is a shared responsibility, and there are important steps you must take to protect your account. You are responsible for maintaining the confidentiality of your login credentials, including your password and any recovery codes or authentication factors. Never share your password with anyone, including people claiming to be from Innolope support staff, as we will never ask you for your password.

Use a strong, unique password for your Innolope account that you do not use for any other service. A strong password is typically at least twelve characters long and includes a mix of uppercase and lowercase letters, numbers, and special characters. Consider using a password manager to generate and store complex passwords securely. If you believe your password may have been compromised, change it immediately through the app settings.

If multi-factor authentication is available for your account, we strongly recommend enabling it. Multi-factor authentication significantly increases account security by requiring a second form of verification beyond your password, making it much more difficult for unauthorized users to access your account even if they obtain your password. Keep the software on your devices updated with the latest security patches, as outdated software may contain vulnerabilities that could be exploited to compromise your device or steal your credentials.

Be cautious of phishing attempts, which are fraudulent communications designed to trick you into revealing your password or other sensitive information. Innolope will never send you unsolicited emails asking you to click on links to verify your account, provide your password, or download attachments. If you receive suspicious communications claiming to be from Innolope, do not click on links or provide any information. Instead, navigate directly to the Innolope app or website and log in through the official application to check for any legitimate notifications.

If you become aware of any unauthorized access to your account, any loss or theft of your device containing the Innolope app, or any other security concern, notify us immediately at [email protected] so that we can take appropriate action to protect your account and investigate the incident.

9. Children's Privacy

Innolope is designed as a productivity tool for general audiences and is not specifically directed toward children. We are committed to protecting the privacy of children and comply with applicable laws regarding the collection of personal information from minors. We define children as individuals under the age of thirteen in the United States and under the age of sixteen in the European Economic Area, or such other age as may be defined by applicable law in other jurisdictions.

We do not knowingly collect, use, or disclose Personal Data from children without appropriate parental consent as required by applicable laws such as the Children's Online Privacy Protection Act (COPPA) in the United States or Article 8 of the General Data Protection Regulation (GDPR) in the European Union. Our Terms of Service specify minimum age requirements for creating an account, and we rely on users to provide truthful information about their age during registration.

If you are a parent or legal guardian and believe that your child has provided us with Personal Data without your consent, please contact us immediately at [email protected]. Please include in your message your child's name, email address if you know it, and any other information that will help us locate the account. Upon receiving credible notice that we have collected Personal Data from a child without appropriate parental consent, we will take prompt steps to delete that information from our systems and terminate the account. We will delete the child's Personal Data as quickly as reasonably possible, typically within thirty days of verification.

If we become aware through our own detection methods that we have inadvertently collected Personal Data from a child without proper parental consent, we will delete the information promptly without requiring a request from a parent. We may implement age verification mechanisms or other technical measures to prevent children from creating accounts, though we acknowledge that such measures cannot be completely effective and rely on truthful age declarations from users.

Parents who wish to review, modify, or delete Personal Data that we have collected from their child should contact us at [email protected] with appropriate verification of their parental status. We may require documentation proving the relationship between the parent and child before granting access to or deleting a child's Personal Data to prevent unauthorized disclosure to individuals who are not the child's legal guardians.

10. State-Specific Privacy Rights

In addition to the rights described elsewhere in this Privacy Policy, residents of certain U.S. states may have additional privacy rights under state laws. These state-specific rights are described in the following sections. If you are a resident of one of these states and wish to exercise your rights, please contact us at [email protected].

10.1 California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights include the right to know what Personal Data we have collected about you in the preceding twelve months, including the categories of Personal Data, the sources from which it was collected, the purposes for collection, and the categories of third parties with whom we have shared it. You have the right to request deletion of Personal Data we have collected from you, subject to certain exceptions such as when retention is necessary to complete a transaction, detect security incidents, comply with legal obligations, or exercise free speech rights.

You have the right to correct inaccurate Personal Data that we maintain about you. If you discover that information we hold about you is inaccurate, you can request that we correct it. You have the right to opt out of the sale or sharing of your Personal Data. We want to be clear that we do not sell your Personal Data to third parties for monetary consideration, nor do we share it for cross-context behavioral advertising purposes. Therefore, there is no opt-out mechanism for these practices because we do not engage in them.

California residents also have the right to limit the use and disclosure of sensitive Personal Data. Under the CPRA, sensitive personal information includes Social Security numbers, driver's license numbers, financial account information, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, genetic data, biometric data used for identification, health information, sex life, and sexual orientation information. We do not collect most categories of sensitive Personal Data as defined by the CPRA. To the extent we collect any sensitive Personal Data, we use it only for purposes permitted under the CPRA that do not require providing an opt-out right.

You have the right to non-discrimination for exercising your CCPA rights. We will not discriminate against you for exercising any of your CCPA rights, including by denying goods or services, charging different prices or rates, providing a different level or quality of goods or services, or suggesting that you will receive a different price or level of quality for goods or services.

10.2 Categories of Personal Data Collected (California)

In the preceding twelve months, we have collected the following categories of Personal Data from California residents: identifiers such as name, email address, and IP address; commercial information such as records of support payments made through Stripe; internet or other electronic network activity information such as app usage patterns and analytics data collected through Firebase; and professional or employment-related information such as company name or job title if you voluntarily provided it during registration.

We collect this information directly from you when you provide it during account creation or through your use of the App, automatically through Firebase Analytics as you interact with the App, from Stripe when you make support payments, and from third-party services if you choose to connect integrations to your Innolope account. We collect and use this information for the purposes described in Section 3 of this Privacy Policy, including providing the Service, improving the App, communicating with you, processing payments, and ensuring security.

We do not sell Personal Data. In the preceding twelve months, we have not sold Personal Data of California residents. We do not share Personal Data for cross-context behavioral advertising. We disclose Personal Data to service providers such as Firebase and Stripe as described in Section 4 of this Privacy Policy. These disclosures are made pursuant to written contracts that prohibit the service providers from using the Personal Data for any purpose other than providing the specified services to us.

10.3 Exercising California Privacy Rights

To exercise your California privacy rights, you may submit a request by emailing [email protected] with a clear description of the right you wish to exercise. You may also use the contact information in Section 12 of this Privacy Policy. We will need to verify your identity before processing your request to protect your Personal Data from unauthorized disclosure. We may ask you to provide your email address and confirm your identity through your registered email account, or we may request additional information necessary to verify your identity depending on the sensitivity of the information you are requesting.

We will respond to verified requests within forty-five days of receipt. If we need additional time to respond, we will notify you of the reason for the delay and the expected response date, which will not exceed an additional forty-five days. There is no fee for submitting up to two requests per year. If you submit excessive, repetitive, or manifestly unfounded requests, we may charge a reasonable administrative fee or decline to respond.

You may designate an authorized agent to make requests on your behalf. If you use an authorized agent, we will require written proof that the agent is authorized to act on your behalf, such as a power of attorney, and we may require you to verify your identity directly with us. We may deny requests from agents who cannot provide proof of authorization. For more information about California privacy rights or to submit a request, please contact us at [email protected].

10.4 Virginia, Colorado, Connecticut, and Other State Privacy Rights

Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws have rights similar to those described for California residents, including the right to confirm whether we process your Personal Data, the right to access your Personal Data, the right to correct inaccuracies in your Personal Data, the right to delete your Personal Data, the right to obtain a copy of your Personal Data in a portable format, and the right to opt out of the processing of Personal Data for purposes of targeted advertising, the sale of Personal Data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

We do not engage in targeted advertising as defined by these state laws, we do not sell Personal Data, and we do not engage in profiling that produces legal or similarly significant effects concerning you. Therefore, there are no opt-out mechanisms for these activities. If these practices change in the future, we will update this Privacy Policy and provide appropriate opt-out mechanisms.

To exercise your rights under these state laws, please contact us at [email protected]. We will respond to verified requests within the timeframes required by applicable state law, typically forty-five days. You may appeal our decision regarding your request by contacting us at the same email address and including "Appeal" in the subject line. We will respond to appeals within the timeframe required by applicable law, typically sixty days, and will provide you with information about how to contact your state's Attorney General office to submit a complaint if you are not satisfied with the outcome of the appeal.

11. Third-Party Services and Links

The Innolope app may contain links to third-party websites, services, or resources that are not operated or controlled by Innolope. This Privacy Policy applies only to information collected by Innolope and does not apply to any third-party websites, services, or resources. When you click on links to third-party sites or use third-party services, you leave the Innolope environment and become subject to the privacy policies and terms of service of those third parties.

We are not responsible for the privacy practices, content, or security of any third-party websites or services. Third-party sites may collect information from you, use cookies or other tracking technologies, or have different privacy practices than Innolope. We encourage you to read the privacy policies and terms of service of any third-party websites or services before providing them with any Personal Data or other information. The inclusion of links to third-party sites does not imply our endorsement of those sites or their practices.

11.1 Firebase Analytics

As described in Section 2.3, we use Firebase Analytics, a service provided by Google LLC, to collect usage data about how users interact with the Innolope app. Firebase Analytics is governed by Google's Privacy Policy, available at https://policies.google.com/privacy. Google provides detailed information about how Firebase Analytics collects and processes data, including options for users to control some aspects of data collection through device settings or Google's privacy controls.

Firebase Analytics may use cookies and similar technologies to identify your device and track your usage across sessions. Data collected by Firebase Analytics is transmitted to and stored on Google's servers, which may be located in the United States or other countries. Google implements security measures to protect this data and provides tools for app developers like us to configure data retention periods and control what data is collected. We have configured Firebase Analytics to collect only the information necessary to improve the App and have disabled optional features that are not essential to our purposes.

11.2 Stripe Payment Processing

When you choose to make a support payment, payment processing is handled by Stripe, Inc., a third-party payment processor. Stripe's services are governed by their Privacy Policy, available at https://stripe.com/privacy, and their Terms of Service. When you provide payment information to Stripe, you are subject to Stripe's privacy practices, and Stripe becomes an independent data controller of your payment information.

Stripe collects and processes payment card information, billing addresses, and other payment-related data necessary to complete transactions. Stripe uses this information to process payments, prevent fraud, and comply with applicable payment card industry standards and regulations. Stripe may retain payment information for their own compliance and business purposes as described in their Privacy Policy. If you have questions about how Stripe handles your payment information or wish to exercise rights regarding that information, you should contact Stripe directly through their support channels or as described in their Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational, legal, or regulatory reasons. When we make changes to this Privacy Policy, we will update the "Last Updated" date at the top of this document to indicate when the most recent changes were made. It is your responsibility to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your Personal Data.

For minor changes that do not materially affect your rights or how we process your Personal Data, such as clarifications of existing practices, corrections of typographical errors, or updates to contact information, we may update this Privacy Policy without additional notice beyond updating the "Last Updated" date. You can review the current version of this Privacy Policy at any time through the Innolope app or on our website.

For material changes that significantly affect how we collect, use, or share your Personal Data, or that materially impact your rights, we will provide more prominent notice to ensure you are aware of the changes. This notice may include sending an email to the address associated with your account, displaying a prominent notification in the Innolope app when you next open it, posting a notice on our website, or using other reasonable means to inform you of the changes. Material changes might include changes to the types of Personal Data we collect, new ways we use or share Personal Data, changes to data retention practices, or changes to how you can exercise your rights.

In some cases, particularly when required by applicable law or when changes are especially significant, we may seek your explicit consent to the updated Privacy Policy before the changes take effect. If we are required to obtain your consent and you do not provide it, you may not be able to continue using the Service, though you will have the opportunity to delete your account and data before the changes take effect if you do not wish to agree to the new terms.

Your continued use of the Innolope app after the effective date of an updated Privacy Policy constitutes your acceptance of the revised Policy. If you do not agree to the updated Privacy Policy, you must stop using the App and may delete your account as described in Section 5.1. We encourage you to review this Privacy Policy regularly, especially before providing any new Personal Data or using new features, to ensure you understand and agree with our current practices.

We may, upon request, provide you with access to prior versions of this Privacy Policy for your reference. If you have questions about changes to this Privacy Policy or would like to receive notification of future changes, please contact us at [email protected].

13. Contact Us

If you have any questions, concerns, comments, or requests regarding this Privacy Policy or our data practices, we encourage you to contact us. We are committed to addressing your privacy concerns promptly and transparently, and we welcome your feedback on how we can improve our privacy practices.

You can reach us by email at [email protected]. This is our primary contact method for privacy inquiries, and we typically respond to emails within two to three business days. When contacting us by email, please include "Privacy Inquiry" in the subject line to help us route your message to the appropriate team. Please provide as much detail as possible about your inquiry or request, including your registered email address if you are asking about your account or exercising privacy rights.

You can also contact us by mail at the following address:

Innolope LLC
Attn: Privacy Officer
8 The Green, Suite A
Dover, DE 19901
United States