ESRT StrongMind

BeWell IT Limited ("we", "our", "us", or "BeWell IT"), company number 16095961, registered in England and Wales, is committed to protecting your privacy. This Privacy Policy explains our practices regarding the handling of information when you use our ESRT StrongMind mobile application ("App").

1. Information We Collect

Our App collects:

• Account Information: Email address and display name when you create an account
• Wellness Data: Mood logs, journal entries, and activity tracking data you choose to record
• Usage Information: How you interact with the App to improve user experience
• Device Information: Device type, operating system version, and app version for technical support
• Content Data: For teachers and administrators only - educational content and program materials you create or manage

Our App does NOT collect:

• Location data
• Contacts
• Camera/photo access
• Microphone access
• Financial information
• Government identifiers

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the App's core functionality
• Enable secure authentication and account management
• Store and synchronize your wellness data across devices
• For teachers/administrators: Manage educational content and monitor program usage
• Improve our services and user experience
• Comply with legal obligations

3. Artificial Intelligence Processing (Teachers/Administrators Only)

Limited AI Features

AI-powered insights using Google's Gemini are:

• Only available to teachers and administrators (not general users)
• Only activated upon specific request - AI features are disabled by default
• Used to analyze anonymized program usage patterns and generate insights about overall wellness trends

What AI Processing Includes:

• Analysis of aggregated, anonymized wellness patterns
• Generation of program effectiveness insights
• Recommendations for content improvements
• No individual user data is processed by AI

AI Data Handling:

• Data is anonymized before any AI processing
• AI insights are generated on-demand only
• You can request deletion of any AI-generated insights
• AI features can be disabled at any time

4. Legal Basis for Processing (UK GDPR)

We process your personal data based on:

• Consent: For creating an account and storing wellness data
• Legitimate interests: For app functionality, security, and service improvement
• Legal obligations: For compliance with applicable laws
• Vital interests: In emergency situations as permitted by law

5. Data Storage and Security

Firebase Implementation:

• All data is encrypted in transit and at rest
• Stored securely on Google Firebase servers
• Real-time synchronization with offline capability
• Regular security audits and updates
• Access controls and authentication measures

Security Measures:

• Industry-standard encryption protocols
• Secure authentication through Firebase Auth
• Regular security assessments
• Incident response procedures
• Limited access to personal data (need-to-know basis)

6. Third-Party Services and Data Processors

We work with the following service providers:

• Google Firebase: Authentication, data storage, and real-time synchronization
• Google Cloud Platform (Gemini AI): For teacher/admin analytics only, upon request

All third-party processors are bound by data processing agreements ensuring GDPR compliance.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA, including the United States where our service providers' servers are located. We ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs) with all processors
• Technical and organizational security measures
• Data Processing Agreements requiring GDPR-equivalent protection

8. Data Retention

We retain your data for the following periods:

• Account information: Duration of your account plus 30 days after deletion
• Wellness data: As long as you maintain an account, or until you delete specific entries
• AI-generated insights (teachers/admins): Until manually deleted or 2 years, whichever is sooner
• Anonymized analytics: May be retained indefinitely for service improvement

9. Age Restrictions

• Our App is intended for users aged 16 and above
• By creating an account, you confirm you are at least 16 years old
• If we learn that we have inadvertently collected information from anyone under 16, we will promptly delete such information
• Educational institutions using our App must ensure appropriate consent for any minor users

10. Your Rights

Under UK GDPR and applicable US state privacy laws, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing of your data
• Object to certain processing activities
• Data portability - receive your data in a portable format
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner's Office (ICO)

For Teachers/Administrators using AI features:

• Right to object to AI processing
• Right to human review of AI-generated insights
• Right to request explanation of AI processing

11. Managing Your Information

Access and Modification:

• Access and modify your personal information through the Account screen
• Update wellness entries directly in the App
• Export your data through the Account settings

Account Deletion:

• Navigate to "Account > Delete Account" to permanently delete your account
• This action immediately removes all your personal information from our systems
• Anonymized, aggregated data may be retained for analytics

12. Updates to This Policy

We may update this Privacy Policy as our App evolves. When we make changes:

• The "Last Updated" date will be revised
• For material changes, we will notify you via email or in-app notification
• Your continued use of the App after changes constitutes acceptance

13. California Privacy Rights

California Consumer Privacy Act (CCPA)

While we limit data collection, California residents have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal data)
• Right to non-discrimination for exercising privacy rights

Do Not Track

Our App does not track users across third-party websites and does not respond to Do Not Track (DNT) signals.

14. Emergency Situations

In situations involving imminent risk of serious harm, we may share limited information with appropriate authorities or designated emergency contacts in accordance with applicable laws and only to the extent necessary to address the emergency.

15. Links to External Services

Our App may contain links to external websites or services. We are not responsible for the privacy practices of these external services. We encourage you to review their privacy policies.

16. Children's Privacy

We do not knowingly collect personal information from children under 16. Educational institutions using our App for younger users must:

• Obtain appropriate parental consent
• Ensure compliance with applicable children's privacy laws
• Notify us of any minor users in their programs

17. Contact Information

For questions or concerns about this Privacy Policy or our privacy practices:

18. Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with:

19. Governing Law

This Privacy Policy is governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales, without limiting any rights or protections provided under applicable privacy laws in your jurisdiction.