Privacy Policy

Introduction

Welcome to ASHA ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services.

ASHA is developed by Lash Development Co (trading as LASH DEVELOPMENT CO), ABN 44 824 607 606, located in Newcastle, NSW, Australia. Please read this privacy policy carefully. If you do not agree with our policies and practices, please do not use our application.

1. Information We Collect

We collect various types of information to provide and improve our services:

Account Information

When you create an account, we collect information such as your name, email address, date of birth, password, and profile picture.

Fitness Data

We collect detailed fitness and health information from your device, including:

• Workout activity (duration, intensity, type)
• Step counts and daily movement data
• Heart rate data and cardiovascular metrics
• Calories burned and nutritional information
• Sleep patterns and quality
• Weight and body measurements

Location Data

We collect precise location information when you use location-based features, including GPS coordinates and location history during workouts.

Social Data

If you choose to use social features, we collect information about your interactions with other users, including friendships, activity sharing, leaderboard participation, and messages.

Device Information

We automatically collect information about your device, including:

• Device type, model, and operating system
• Unique device identifiers
• Device settings and capabilities
• IP address and connection information
• Mobile network information

ASHA records your device model and operating system version at the time of account creation. This information is stored to verify device compatibility in the event of a support request or refund claim, and to assist our development team in ensuring the app is optimised for all supported devices. This data is not shared with third parties and is used solely for compatibility verification and internal research purposes.

Financial Data

If you participate in our referral programme, we collect financial information related to referral rewards and earnings.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our services
• To personalise your experience and deliver customised content
• To process transactions and send related communications
• To monitor and analyse trends, usage, and activities in connection with our services
• To send periodic emails regarding updates, promotions, and new features
• To respond to your inquiries and provide customer support
• To maintain the security and integrity of our platform
• To comply with legal obligations and enforce our agreements
• To process referral programme rewards and payments

3. Data Sharing and Disclosure

We do not sell your personal data. We also do not use your data for advertising purposes. Your data may be shared only in the following circumstances:

Service Providers

We may share your information with third-party service providers who assist us in operating our website, conducting our business, or servicing you. These providers are contractually obligated to use your information only for the purposes of providing these services.

Legal Compliance

We may disclose your information when required by law or in response to valid requests by public authorities.

Social Features

If you participate in social features, certain information (such as your username, profile picture, and activities) may be visible to other users.

Business Transfers

In the event of a merger, acquisition, or bankruptcy, your information may be transferred as part of that transaction.

4. Data Storage and Security

Your data is securely stored on Supabase servers located in the United States (AWS us-east-1 region). All data is encrypted and may be processed internationally. We implement industry-standard security measures to protect your personal information, including:

• Encryption of data in transit and at rest (TLS/SSL and AES-256)
• Regular security audits and updates
• Restricted access controls
• Secure authentication mechanisms
• Regular backup and disaster recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

5. Children's Privacy

ASHA is strictly for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a person under 18, we will take steps to delete such information and terminate their account immediately.

ASHA does not offer parental consent options. Users must be 18 or older to use the service. This is in compliance with the Online Safety Amendment (Social Media Minimum Age) Act 2024 (Cth).

6. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights:

Right to Access

You have the right to request access to the personal information we hold about you.

Right to Export

You can export your data in a portable format at any time through your account settings.

Right to Delete

You have the right to request deletion of your personal data. You can initiate account deletion through your account settings, and we will remove your information within 30 days.

Right to Correct

You have the right to correct inaccurate or incomplete information we hold about you.

Australian Privacy Act Compliance

As a company operating in Australia, we comply with the Privacy Act 1988 (Cth). This policy is designed to meet the requirements of the Australian Privacy Principles (APPs).

7. App Tracking and Advertising Transparency

Apple App Tracking Transparency (ATT) Disclosure: ASHA does not use IDFA (Identifier for Advertisers) and does not participate in cross-app tracking. We do not request App Tracking Transparency permission from iOS users. Your fitness data is never shared with third-party advertisers or advertising networks, and we do not engage in cross-app or cross-site tracking of your behaviour.

No Advertising Tracking: ASHA does not use any advertising identifiers, does not track you for advertising purposes, and does not sell your data to advertisers. Your personal and fitness information remains private and is used only to provide and improve the ASHA service.

8. Cookies and Tracking Technologies

ASHA may use cookies and similar tracking technologies to enhance user experience and track usage patterns. These technologies help us:

• Remember your preferences and login information
• Understand how you use our services
• Personalise content and recommendations
• Improve the overall user experience

You can control cookie settings through your browser or app preferences. However, disabling certain cookies may affect the functionality of our application.

9. GDPR Rights for European Users

For users subject to the General Data Protection Regulation (GDPR): Although ASHA is operated by an Australian company, we respect the privacy rights of international users, including those in the European Union. If you are an EU resident, you have the following rights under GDPR:

• Right to Access: You can request a copy of all personal information we hold about you.
• Right to Rectification: You can request correction of inaccurate or incomplete personal data.
• Right to Erasure: You can request deletion of your personal data (subject to legal retention requirements).
• Right to Data Portability: You can request your data in a portable, machine-readable format for transfer to another service.
• Right to Restrict Processing: You can request that we limit how we use your personal data.
• Right to Object: You can object to certain types of data processing, including for marketing purposes.

To exercise these rights, please contact us at support@ashafit.com with "GDPR Request" in the subject line. We will respond to your request within 30 days in accordance with GDPR requirements.

10. Third-Party Links

Our application may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services before providing your personal information.

11. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfil the purposes outlined in this policy. If you delete your account, we will retain data only as required by law or for legitimate business purposes. You can request permanent deletion of your data at any time.

12. Content Suitability and Age Rating

ASHA is a fitness and workout tracking application rated suitable for all ages (4+). The app does not contain, display, or promote any of the following:

• Profanity or crude humour: ASHA does not contain offensive, vulgar, or inappropriate language. User-generated content (such as usernames and workout names) is subject to our community guidelines.
• Mature or suggestive themes: The app does not contain sexual, romantic, or mature content of any kind.
• Sexual content or nudity: No depictions of sexual behaviour or nudity, explicit or otherwise.
• Horror or fear themes: The app does not contain content designed to evoke anxiety, dread, or terror.
• Alcohol, tobacco, or drug use: ASHA does not reference, depict, or promote the consumption of alcohol, tobacco, or any licit or illicit substances.
• Violence: The app contains no violent content.
• Gambling: The app does not contain gambling or contest mechanics.

ASHA is designed as a health and fitness tool and all content within the application relates exclusively to exercise, workout tracking, and fitness goal-setting.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our platform and updating the "Last Updated" date. Your continued use of ASHA following the posting of revised Privacy Policy means that you accept and agree to the changes.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us: