Privacy Policy

CONTENTS

1. Who are we? 
2. What data do we collect about you? 
3. Do we collect data from children? 
4. Why do we process your personal data? 
5. How will we inform you about changes in our privacy policy? 
6. Your rights 
7. Payments
8. Communication and marketing 
9. Who do we share your data with? 
10. International transfers 
11. How long do we store your data? 
12. Technical and organisational measures and processing security 
13. Links to third-party websites 
14. Contact details

In this privacy policy: 
Services mean any products, services, content, features, technologies, or functions, and all related
websites, applications, and services offered to you by us. 
Platform means the websites, mobile apps, mobile sites or other online properties through which we
offer our Services.

1. Who are we?
Yoga Buddy at 2300 Corporate Blvd. NW #135, Boca Raton, FL 33431, is the data controller and
responsible for your personal data (collectively referred to as ”Yoga Buddy”, “we”, “us” or “our” in
this privacy policy).

2. What data do we collect about you?
We collect personal data to provide and improve our Services and operate our Platform. The types
of data we collect, how we collect it and why are described below

 2.1.1. Data provided through direct interactions 
Depending on the choices you make when registering for or during the process of engaging
our Services, you may opt to give the following personal data: 

• Your name

• E-mail address

• mobile number

• Your credit card details

• Preferences (such as the Preferred method of communication)

• Current city

• Profile picture 

• User ID

• List of friends/followers (such as on a social media account)

• Facebook or Google account details; and

• Any other information you choose to provide in connection with your account 

In addition, when you use our chat feature to communicate with other users, we collect the
information that you provide and communicate with other users through this feature. 
Please note that your user name and your profile picture will be made available to the other users
and the public when you engage with some of our Services. For example, when you post a product
some of your information will be available to Platform users, so you should exercise discretion when
using the Services to post personal data. 
Please note, other users and community members may be able to collect your information through
the Platform. While we protect the information you share with Yoga Buddy, we are not responsible
for protecting such information that you choose to share with third parties through our Services and
Platform (e.g., sending your telephone number to another user through the Services). 
You may choose to access some parts of the Services as a guest. However, some features are
reserved for users with registered accounts and guests may not be able to access and use all content
and features of the Services. 

 2.1.2. Data we collect automatically when you use our Services 
When you interact with our Platform or use our Services, we automatically collect the
following information about you:

• Device Information. We collect device-specific information such as operating system version and unique device identifiers. For example, we collect the IMEI number of your device and name of the mobile network that you are using. We associate the device identifiers with your Yoga Buddy account.

• Location information. Depending on your device permissions, if you post an item on our Platform, we automatically collect and process information about your actual location. We use various technologies to determine location, including IP address, GPS, Wi-Fi access points and mobile towers. Your location data allows you to see user items near you and helps you in posting items within your location.

• Client and Log data. Technical details, including the Internet Protocol (IP) address of your device, time zone, and operating system. We will also store your login information(registration date, date of last password change, date of last successful login), type and version of your browser.

• Usage Information. We collect information about your activity on our Platform which includes the sites from which you accessed our Platform, date and time stamp of each visit, advertisement banners or content that you clicked, your interaction with such advertisements, clickstream information, duration of your visit and the order in which you visit the content on our Platform. 

• Cookies. We use cookies to manage our users’ sessions, to store your preferences language selection and deliver you relevant advertisements. "Cookies" are small text files transferred by a web server to the hard drive of your device. Cookies may be used to collect the date and time of your visit, your browsing history, your preferences, and your username. You can set your browser to refuse all or some cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our

• Services/Platform may become inaccessible or not function properly. 

• Most web browsers are set to accept cookies by default. You can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Platforms. Please note that not all tracking will stop even if you delete cookies. 

Some browsers have a Do Not Track (“DNT”) feature that lets you tell websites that you do
not want to have your online activities tracked. At this time, we do not respond to DNT
features.

• Analytics. We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about the use of the Services and report on activities and trends.

• This service may also collect information regarding the use of other websites, apps, and online resources. You can learn about Google’s practices by going to Google privacy &

Terms, and opt out of them by downloading the Google Analytics opt-out browser add-on,
available at Google Analytics Opt-out Browser Add-on 

 2.1.3. Data from third parties or publicly available sources. 
To the extent permitted by law, we may also collect personal data from third parties
including from publicly available sources and third-party companies or entities. 
We may collect personal data about you from our group companies.
 

3. Do we collect data from children?

Our Services are not intended for children under 13 and we do not knowingly collect data from
anyone under 13. If a parent or guardian becomes aware that his or her minor child of any age has
provided us with personal data without their consent, please contact us at
theyogabuddyapp@gmail.com. If we become aware that a minor under 18 has provided us with
personal data without the consent of their parent or guardian, we will delete it immediately.
 

4. Why do we process your personal data?

We will only use your personal data when the law allows us to. Most commonly, we will use your
personal data in the following circumstances:

• Where we need to perform the Terms of Service contract we are about to enter into or have entered into with you.

• Where it is necessary for our legitimate interests to improve our Services and to provide you a safe and secure Platform.

• Where we need to comply with a legal or regulatory obligation. 

In certain circumstances, we may also process your personal data based on your consent. If we do
this, we will let you know the purpose and the category of personal data to be processed at the time
we seek your consent. 
We have set out below a description of the ways we use your personal data. 

 4.1 For providing access and delivering Services through our Platform 
i. If you log in using your email id, we use your first name and last name and/or e-mail
address to identify you as a user and provide access to our Platform. 
ii. If you log in using your Google or Facebook account, we use your first name and last name
from your Google or Facebook profile and the e-mail address to identify you as a user on our
Platform and to provide you access to our Platform. 
iii. The above log-in information is also used by us to deliver our Services to you in
accordance with our Terms of Use  

iv. We use your e-mail address to make suggestions and recommendations to you about our
Services that may be of interest to you. 
We process the above information for the adequate performance of our contract with you
and on the basis of our legitimate interest in providing the Services and undertaking
marketing activities to offer you Services that may be of your interest.
 4.2 For improving your experience on the Platform 
We use clickstream data to 

• Offer you tailored content, such as giving you more relevant search results when using our Services. 

• To determine how much time you spend on our Platform and in what manner you navigate through our Platform in order to understand your interests and to improve our Services based on this data. For example, we may provide you with suggestions on content that you can visit based on the contents you have clicked. 

• To monitor and report the effectiveness of the campaign delivery to our business partners and for internal business analysis. 

• To prevent repeatedly displaying the same items to the same user. 

We use your location data for the following purposes: 

• To compile anonymously and aggregated information about the characteristics and behavior of Yoga Buddy users, including for the purposes of business analysis, segmentation and development of anonymous profiles. 

• To enhance the performance of our Services and to personalise the content we direct towards you. For example - with the help of location data we display ad listings which are in your vicinity to improve your buying experience. 

• To measure and monitor your interaction with the third-party advertisements banners we place on our Platform. 

We process the above information on the basis of our legitimate interest to improve your
experience on our Platform and market our Services and for adequate performance of our
contract with you. 
 4.3 To provide you a safe and secure Platform 
i. We use your email address and unique device identifiers to administer and protect our
Platform (including troubleshooting, data analysis, testing, fraud prevention, system
maintenance, support, reporting and hosting of data). 
ii. We analyze your communications done through our chat feature for fraud prevention and
to promote safety by blocking spam or abusive messages that may have been sent to you by
any other user. 
We process the above information for the adequate performance of our contract with you,
to improve our services and on the basis of our legitimate interest to prevent fraud. 
In addition, we may aggregate and/or de-identify data about visitors to our Platforms and
use it for any purpose, including product and service development and improvement
activities.
 

5. Your rights

You may have rights under data protection laws in relation to your personal data. 
If you wish to exercise any of the rights set out below, please go to your account/privacy settings or
contact us. 

Right to request access to your personal data. This enables you to receive a copy of the personal
data we hold about you. 
Right to request correction of any of the data we have about you. This enables you to have any
incomplete or inaccurate data we hold about you corrected, though we may need to verify the
accuracy of the new data you provide to us. 
Right to request restriction of processing of your personal data. This enables you to ask us to
suspend the processing of your personal data in the following scenarios: (a) if you want us to
establish the data's accuracy; (b) where you believe our use of the data is unlawful; (c) where you
need us to hold the data even if we no longer require it as you need it to establish, exercise or
defend legal claims; or (d) you have objected to our use of your data but we need to verify whether
we have overriding legitimate grounds to use it. 
Right to request erasure of your personal data. This enables you to ask us to delete or remove
personal data where there is no reason for us continuing to process it. You also have the right to ask
us to delete or remove your personal data where you have successfully exercised your right to
object to processing (see below), where we may have processed your information unlawfully or
where we are required to erase your personal data to comply with local law. Please note that for
certain purposes we may be legally obligated to retain your data. 
Right to object to the processing of your personal data where we are relying on a legitimate interest
(or those of a third party) and there is something about your particular situation which you believe
impacts your fundamental rights and freedoms. You may also have the right to object where we are
processing your personal data for direct marketing purposes. In some cases, we may deny your
request if we have compelling legitimate grounds to process your information. 
Right to request for the transfer of your personal data to you or to a third party. We will provide to
you, or a third party you have chosen, your personal data in a commonly used format. 
Right to withdraw your consent to the processing of your personal data at any time. This does not
affect the legality of any processing we have already carried out based on the consent given
previously.
No fee usually required: You will not have to pay a fee to access your personal data (or to exercise
any of the other rights). However, we may charge a reasonable fee if your request is clearly
unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in
these circumstances. 
Time to respond: We try to respond to all legitimate requests within one month. Occasionally it may
take us longer than a month if your request is particularly complex or you have made several
requests. In this case, we will notify you and keep you updated. 
In addition to these rights, you have the right to make a complaint at any time to your Data
Protection Authority. 
However, before you make a complaint to the data protection authority, we would appreciate the
chance to deal with your concerns in the first instance, please reach out to our Data Protection
Officer at theyogabuddyapp@gmail.com. 
There may be instances where we cannot grant you access to the personal data we hold about you.
If that happens, we will give you written reasons for any refusal. Where permitted by law, we may
also disagree with your request to correct or update your personal data (for example, if we consider
that your proposed update is incorrect). 
In addition to the foregoing, you may have additional rights depending on your local law. 
We reserve the right to verify your identity in connection with any requests regarding personal data
to help ensure that we provide the information we maintain to the individual to whom it pertains,
and allow only that individual or their authorized representatives to exercise rights with respect to
that information. We will try to comply with your request as soon as reasonably practicable. Please
note that your exercise of these rights is subject to certain exemptions and our interests. 
 

6. Communication and marketing

We may communicate with you by email or in app notification in connection with our
Services/Platform to confirm your registration, to inform you in case your product listing has
become live/expired and for other transactional messages in relation to our Services. 
We (or our service providers and advertising partners) may send you direct marketing
communications and information about our Services that we consider may be of interest to you. We
will provide an option to unsubscribe or opt out of further communication on any electronic
marketing communication sent to you or you may opt out by contacting us as set out in the “contact
details” section below. 
If you opt out of receiving marketing or commercial communications, we retain the right to send you
non-marketing communications such as correspondence about your relationship with us,
information about transactions, or notifying you of updates to our Privacy Notices or Terms of Use.
Please note that we also carry out digital advertising campaigns from time to time that does not rely
on your personal data.
 

7. Payments
All payments on Yoga Buddy are processed through the payment platform Stripe:
7.1: Confidentiality: Stripe will only use User Data as permitted by this Agreement, by other
agreements between you and us, or as otherwise directed or authorized by you. You will protect all
Data you receive through the Services, and you may not disclose or distribute any such Data, and
you will only use such Data in conjunction with the Services and as permitted by this Agreement or
by other agreements between you and us. Neither party may use any Personal Data to market to
Customers unless it has received the express consent from a specific Customer to do so. You may
not disclose Payment Data to others except in connection with processing Transactions requested by
Customers and consistent with applicable Laws and Payment Method Rules.
7.2: Privacy: Protection of Personal Data is very important to us. Stripes privacy policy can be found
at (https://stripe.com/privacy) and explains how and for what purposes they collect, use, retain,
disclose, and safeguard the Personal Data you provide to us. You hereby agree to the said terms,
which they may update from time to time.
You affirm that you are now and will continue to be compliant with all applicable Laws governing the
privacy, protection, and your use of Data that you provide to us or access through your use of the
Services. You also affirm that you have obtained all necessary rights and consents under applicable
Laws to disclose to Stripe – or allow Stripe to collect, use, retain, and disclose – any Personal Data
that you provide to us or authorize us to collect, including Data that we may collect directly from
Customers using cookies or other similar means. As may be required by Law and in connection with
this Agreement, you are solely responsible for disclosing to Customers that Stripe processes
Transactions (including payment Transactions) for you and may receive Personal Data from you.

Additionally, where required by Law or Payment Method Rules, we may delete or disconnect a
Customer’s Personal Data from your Stripe Account when requested to do so by the Customer.
If we become aware of an unauthorized acquisition, disclosure or loss of Customer Personal Data on
our systems, we will notify you consistent with our obligations under applicable Law. We will also
notify you and provide you sufficient information regarding the unauthorized acquisition, disclosure
or loss to help you mitigate any negative impact on the Customer.
7.3 PCI Compliance: If you use Payment Processing Services to accept payment card Transactions,
you must comply with the Payment Card Industry Data Security Standards (“PCI-DSS”) and, if
applicable to your business, the Payment Application Data Security Standards (PA-DSS) (collectively,
the “PCI Standards”). The PCI Standards include requirements to maintain materials or records that
contains payment card or Transaction data in a safe and secure manner with access limited to
authorized personnel. Stripe provides tools to simplify your compliance with the PCI Standards, but
you must ensure that your business is compliant. The specific steps you will need to take to comply
with the PCI Standards will depend on your implementation of the Payment Processing Services. You
will promptly provide us, or any applicable Payment Method Provider or Payment Method Acquirer,
with documentation demonstrating your compliance with the PCI Standards upon our request. If you
are unable to provide documentation sufficient to satisfy us, the Payment Method Providers, or their
Payment Method Acquirers, that you are compliant with the PCI Standards, then Stripe, and any
applicable Payment Method Provider or Payment Method Acquirers, may access your business
premises on reasonable notice to verify your compliance with the PCI Standards.
If you elect to store or hold “Account Data”, as defined by the PCI Standards (including Customer
card account number or expiration date), you must maintain a system that is compliant with the PCI
Standards. If you do not comply with the PCI Standards, or if we or any Payment Method Provider or
Payment Method Acquirer are unable to verify your compliance with the PCI Standards, we may
suspend your Stripe Account or terminate this Agreement. If you intend to use a third party service
provider to store or transmit Account Data, you must not share any data with the service provider
until you verify that the third party holds sufficient certifications under the PCI Standards, and notify
us of your intention to share Account Data with the service provider. Further, you agree to never
store or hold any “Sensitive Authentication Data”, as defined by the PCI Standards (including CVC or
CVV2), at any time. You can find information about the PCI Standards on
https://www.pcisecuritystandards.org/.
7.4 Stripe’s Security: Stripe is responsible for protecting the security of Data in its possession. They
will maintain commercially reasonable administrative, technical, and physical procedures to protect
User Data and Personal Data stored in our servers from unauthorized access, accidental loss,
modification, or breach, and will comply with applicable Laws and Payment Method Rules when

handling User and Personal Data. However, no security system is impenetrable and we cannot
guarantee that unauthorized parties will never be able to defeat their security measures or misuse
any Data in our possession. You provide User Data and Personal Data to Stripe with the
understanding that any security measures it provides may not be appropriate or adequate for your
business, and you agree to implement Security Controls and any additional controls that meet your
specific requirements. In our sole discretion, we may take any action, including suspension of your
Account, to maintain the integrity and security of the Services or Data, or to prevent harm to you,
us, Customers, or others. You waive any right to make a claim against us for losses you incur that
may result from such actions.
 

8. With whom do we share your data?

We may share your personal data with the parties set out below for the purposes set out above. 
Corporate affiliates: We may share your data with other Yoga Buddy group companies which are
located within as well as outside EEA. 
Third Party Service Providers: We share your data with third party service providers that help us
deliver certain aspects of our Services. For example, we use cloud storage facilities to store our data,
we use customer support software providers to administer and respond to user inquiries and we use
payment processors for certain services within the Platform. We need to share your data with these
third parties otherwise we would not be able to provide the Service. Service providers may be
located inside or outside of the “EEA”. 
Advertising and analytics providers: In order to improve our Services, we will sometimes share your
non-identifiable information with analytics providers that help us analyse how people are using our
Platform/Service. We also partner with demand side platforms who buy our ad placements through
auctions such as Criteo, and Double Click etc. We share your information with them in a deidentified
and aggregated form for monitoring and reporting the effectiveness of the campaign delivery to our
business partners and for internal business analysis. 
Law enforcement authorities, regulators, grand juries, courts and tribunals, governmental or public
bodies and others: We may disclose your data, including your personal data, to law enforcement
authorities, regulators, grand juries, courts and tribunals, governmental or public bodies and other
relevant third parties as we believe necessary or appropriate to protect people or property, to
protect our services, rights or property, to comply with legal or regulatory requirements and to
respond to legal process, law enforcement requests and requests from other public and government
authorities. 
Business Transfer or Reorganization. We reserve the right to transfer the information we maintain in
the event we sell or transfer all or a portion of our business or assets. If we engage in such a sale or
transfer, we will make reasonable efforts to direct the recipient to use your personal data in a
manner that is consistent with this privacy policy. After such a sale or transfer, you may contact the
recipient with any inquiries concerning the recipient’s privacy practices. 
Publicly available information: When you post an item for sale using our Services, you may choose to
make certain personal data visible to other Yoga Buddy users. This may include your first name, last
name, your email address, your location and your contact number. Please note, any information you
provide to other users can always be shared by them with others so please exercise discretion in this
respect. 
 

9. International transfers

We operate our information technology systems from the United States. Any information you
provide to us may be stored and processed, transferred between and accessed from the United
States (including our group companies and our external IT service providers), and other countries
which may not guarantee the same level of protection of personal data as the one in which you
reside. However, we will handle your personal data in accordance with this privacy policy regardless
of where your personal data is stored/accessed. 
We take reasonable steps to ensure that the overseas recipients of your personal data do not breach
the privacy obligations relating to your personal data. Where required by certain jurisdictions, we
will transfer your information subject to jurisdiction-approved safeguards, such as standard
contractual clauses.
 

10. How long do we store your data?

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it
for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 
Please note that we often need to retain certain data for recordkeeping purposes and/or to
complete any transactions that you began prior to requesting a change or deletion. In addition,
there may be certain data that we may not allow you to review for legal, security or other reasons. 
 

11. Technical and organisational measures and processing security

We maintain administrative, technical and physical safeguards designed to protect personal data we
maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure
or use. 
Please note, despite the measures we have implemented to protect your data, the transfer of data
through the Internet or other open networks is never completely secure and there is a risk that your
personal data may be accessed by unauthorised third parties.

12. Links to third-party websites

Our Platform may contain links to third party websites or apps. If you click on one of these links,
please note that each one will have its own privacy policy. We do not control these websites/apps
and are not responsible for those policies. When you leave our Platform, we encourage you to read
the privacy policy of every website you visit.
 

13. User submitted content

Some features of the Services allow you to post content on our Platform or social media pages, such
as photos. We do not have control over how other users who have access to the Platform will use

any content you post publicly or send to them privately. We urge you to exercise discretion when
sharing personal information with other users. 
We may also use any ad you post on Yoga Buddy, including the uploaded photo or image of the
product as well as other data (including user name and location) associated with the ad, for our own
advertising purposes, including social media, Facebook ads, newsletters and ads for any media. 
To help protect your privacy, we allow only limited access to other users’ contact information as
necessary to fulfill your transactions and collect payments. However, when users are involved in a
transaction, they may have access to each other’s name, user ID, email address, and other contact
information.

14. Contact details

If you have any questions or comments regarding this policy or wish to contact our Data Protection
Officer, please contact us by email at theyogabuddyapp@gmail.com. Please do not send sensitive
information to us by email, as email communications are not always secure.
 

15. How will we inform you about changes in our privacy policy?

We may amend this privacy policy from time to time. We will post changes on this page and will let
you know through e-mail or other reasonable means. If you do not agree with the changes, you may
close your account by going to account setting and select delete account.