Slimmy

1. Data Controller

The data controller of personal data is:

Nova Service FCO S.r.l.
Via della Foce Micina 10/L
00054 Fiumicino (Rome) - Italy
Email: privacy@slimmy.app

Hereinafter referred to as "Controller", "Company", "We" or "Our".

2. Types of Data Collected

The Slimmy.app App collects the following categories of personal data:

2.1 Registration Data

First and last name
Email address
Profile picture (optional)
Date of birth (optional)
Gender (optional)

2.2 Health and Wellness Data

Body weight (daily recordings)
Height
Weight goal
Food preferences and allergies
Physical activity level

2.3 Geolocation Data

GPS location during walks (only if authorized)
Routes of physical activities
Distance traveled and activity time

2.4 User-Generated Content

Progress photos
Posts and comments in the social feed
Participation in group challenges
Photos for AI transformation

2.5 Technical Data

IP address
Device type and operating system
Device identifiers
App usage logs
Cookies and similar technologies

3. Purpose of Processing

Your personal data is processed for the following purposes:

3.1 Service Provision

Creation and management of user accounts
Tracking weight and displaying progress
Generating personalized dietary suggestions through AI
Functioning of group challenges
Managing the social feed
Processing of AI photo transformation

3.2 Communications

Sending service-related push notifications
Service communications (updates, changes to terms)
Newsletters and promotional communications (with prior consent)

3.3 Service Improvement

Aggregate statistical analysis on App usage
Development of new features
Resolution of technical problems

3.4 Legal Obligations

Compliance with tax and accounting obligations
Responding to requests from competent authorities

4. Legal Basis for Processing

The processing of your personal data is based on:

Contract performance: for the provision of the requested Service
Consent: for health data, geolocation, and promotional communications
Legitimate interest: to improve the Service and prevent fraud
Legal obligation: to comply with legal obligations

5. Special Data (Sensitive Data)

Important Note: Data related to weight, dietary habits, and physical activity may be considered health data under the GDPR. The processing of such data occurs solely based on your explicit consent, which you may withdraw at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. Data Sharing

Your data may be shared with:

6.1 Service Providers

MongoDB Atlas: database hosting (USA, with adequate safeguards)
OpenAI: AI processing for dietary suggestions (USA, with adequate safeguards)
Fal.ai: AI photo transformation processing
Stripe: payment processing (PCI-DSS compliant)
Google: OAuth authentication
Firebase: push notifications
Resend: sending transactional emails

6.2 Other Users

The content you publish in the social feed and public challenges is visible to other App users. You can control the visibility of your progress in the privacy settings.

6.3 Authorities

Data may be communicated to competent authorities if required by law.

7. Data Transfer Outside the EU

Some of our service providers are located outside the European Union (mainly in the USA). In these cases, data transfer is based on:

European Commission adequacy decisions (e.g., Data Privacy Framework)
Standard Contractual Clauses (SCC) approved by the European Commission
Other appropriate safeguards pursuant to Art. 46 GDPR

8. Data Retention

Personal data is retained for:

Account data: until account deletion or for 3 years of inactivity
Weight and activity data: until account deletion
Payment data: 10 years for tax obligations
Technical logs: 12 months
Marketing data: until withdrawal of consent

9. Your Rights

Under the GDPR, you have the following rights:

Access: obtain confirmation of processing and a copy of your data
Rectification: correct inaccurate or incomplete data
Erasure: request deletion of your data ("right to be forgotten")
Restriction: limit processing under certain circumstances
Portability: receive your data in a structured, readable format
Objection: object to processing based on legitimate interest
Consent withdrawal: withdraw consent at any time

To exercise these rights, contact us at: privacy@slimmy.app

10. Data Security

We adopt appropriate technical and organizational measures to protect your personal data, including:

Data encryption in transit (HTTPS/TLS)
Data encryption at rest
Role-based access controls
Continuous security monitoring
Regular data backups
Staff training on data protection

11. Cookies and Similar Technologies

The App uses local tracking technologies (localStorage, sessionStorage) to:

Maintain login sessions
Store user preferences (language, theme)
Improve App performance (offline cache)

We do not use third-party advertising profiling cookies.

12. Minors

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from individuals under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

13. Changes to the Privacy Policy

We reserve the right to change this Privacy Policy at any time. Changes will be communicated through the App or via email. We encourage you to periodically review this page. Continued use of the Service after changes constitutes acceptance of the new Privacy Policy.

14. Complaints

If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the Data Protection Authority:

Garante per la Protezione dei Dati Personali
Piazza Venezia 11, 00187 Rome
www.garanteprivacy.it
protocollo@gpdp.it

15. Contacts

For any questions regarding this Privacy Policy or the processing of your personal data, you can contact us:

Nova Service FCO S.r.l.
Via della Foce Micina 10/L
00054 Fiumicino (Rome) - Italy

Privacy email: privacy@slimmy.app
General email: info@slimmy.app