Privacy Policy

1. Information We Collect

Information You Provide

• Account Information: When you create an account, we collect your name and email address through Apple Sign-In or Google Sign-In. We do not store your authentication credentials directly.
• Skin Profile Data: During onboarding, you provide your skin type (based on the Fitzpatrick scale), desired tanning intensity, tanning goal (build or maintain), age range, and any skin concerns (such as freckles, moles, photosensitive medication use, or history of sunburns). This information is used solely to personalize your tanning recommendations.
• Photos: You may capture a baseline selfie during onboarding and progress photos over time. Photos are stored securely in encrypted cloud storage and are used only within the app to track your tanning progress.
• Communications: If you contact us for support, we collect the content of your messages and any information you choose to provide.
• Payment Information: Subscription payments are processed entirely through Apple In-App Purchase. We do not collect, store, or have access to your credit card or payment details.

Information Collected Automatically

• Device Information: Device model, operating system version, and unique device identifiers for authentication and push notification delivery.
• Usage Data: Features accessed, screens visited, session durations, and interaction patterns to help us improve the app experience.
• Location Data: With your permission, we collect your approximate geographic location (latitude, longitude, and timezone) to provide location-specific weather and UV index data for your tanning recommendations. Location is collected only when you grant permission and is updated periodically using battery-efficient methods. We do not continuously track your location.
• Analytics Data: Aggregated and anonymized usage statistics to understand how our Services are used and to identify areas for improvement.

Information from Third Parties

• Authentication Providers: When you sign in with Apple or Google, we receive limited profile information (name, email) as authorized by you during the sign-in process.
• Weather Services: We use OpenWeatherMap to fetch real-time UV index, temperature, humidity, cloud cover, and hourly weather forecasts for your location. This data is fetched server-side using your stored location coordinates; no personal information is shared with OpenWeatherMap.
• Subscription Management: We use Superwall to manage paywalls and subscription status. Superwall may process limited device and transaction data in accordance with its own privacy policy.

2. How We Use Your Information

• Service Provision: To generate personalized daily tanning guidance, including recommended tanning windows, session durations, and SPF recommendations based on your skin type, location, and current weather conditions.
• Session Management: To power the tanning session timer, flip reminders, and session completion tracking.
• Progress Tracking: To store and display your progress photos in a chronological timeline within the app.
• Notifications: To send you daily tanning guidance alerts, session reminders, and flip notifications during active sessions (with your permission).
• Account Management: To create and maintain your account, manage your subscription, and provide customer support.
• Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and improve our Services.
• Safety and Compliance: To ensure the security of our Services, prevent fraud, and comply with applicable laws.
• Marketing: With your explicit opt-in consent only, to send promotional communications about new features or offers. You can opt out at any time.

3. Health and Wellness Data

4. Photo Data

5. How We Share Your Information

• Service Providers: We share limited data with trusted service providers who assist in operating our Services, including Firebase (Google) for authentication, database, cloud storage, push notifications, and analytics; and Superwall for subscription management. All service providers are bound by data processing agreements.
• Legal Requirements: We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of Ferrix Labs Inc., our users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and any choices you may have.
• Aggregated Data: We may share aggregated, de-identified data that cannot reasonably be used to identify you.

6. Your Privacy Rights

Universal Rights

Regardless of your location, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate or incomplete personal information
• Delete your personal information and account
• Port your data in a commonly used format
• Opt out of marketing communications

Canadian Residents (PIPEDA)

Under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, you have the right to:

• Access your personal information held by us
• Request corrections to your personal information
• Withdraw consent for the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions)
• File a complaint with the Office of the Privacy Commissioner of Canada

US Residents

Depending on your state of residence, you may have additional rights under the California Consumer Privacy Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), or similar state privacy laws. These rights may include:

• The right to know what personal information is collected
• The right to delete your personal information
• The right to opt out of the sale or sharing of personal information (we do not sell your data)
• The right to non-discrimination for exercising your rights

How to Exercise Your Rights

To exercise any of these rights, please contact us at bask@ferrixlabs.com with the subject line "Privacy Request." We will respond within 30 days (or such shorter period as required by applicable law). We may verify your identity before processing your request.

7. How to Delete Your Data

You can delete your account and all associated data at any time using either of the following methods:

• In-App: Open Bask → Settings → "Delete Account" → Confirm
• Email: Send a request to bask@ferrixlabs.com with the subject line "Delete My Account" and include the email address associated with your account

What Gets Deleted: Your profile information, skin profile data, progress photos, session history, tanning guidance history, device tokens, and push notification data.

8. Data Security and Retention

We implement industry-standard security measures to protect your personal information, including:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Access controls and authentication for all administrative systems
• Regular security monitoring and vulnerability assessments
• Incident response procedures, including breach notification within 72 hours where required by law

Retention: We retain your personal information for as long as your account is active or as needed to provide you with our Services. After account deletion, your data is permanently removed within 30 days, except for data we are required to retain by law or for legitimate business purposes such as fraud prevention.

9. Cookies and Tracking Technologies

Our website (trybask.app) may use the following types of cookies:

• Essential Cookies: Required for basic website functionality and security
• Analytics Cookies: Help us understand how visitors interact with our website

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality. Our mobile app does not use cookies.

10. Children's Privacy

Our Services are intended for users aged 18 and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will promptly delete that information. If you believe a child under 18 has provided us with personal information, please contact us at bask@ferrixlabs.com.

11. International Data Transfers

Ferrix Labs Inc. is headquartered in Nova Scotia, Canada. Your data may be processed in Canada, the United States, or other countries where our service providers operate. When your data is transferred internationally, we ensure appropriate safeguards are in place, including contractual protections with our service providers. Canada's adequacy status under PIPEDA provides a recognized level of data protection for international transfers.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes through an in-app notice, email notification, or by updating the "Last Updated" date at the top of this page. Your continued use of our Services after any changes indicates your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: