Your data, handled with care

This Privacy Policy explains how we collect personal data when you use the AddMile mobile application (the "App"), the website at myaddmile.com (the "Website"), and related services (collectively, the "Services"), and how we use, share, and process that data.

By using the Services you confirm that: (i) you have read, understood, and agreed to this Privacy Policy, and (ii) you are over 16 years of age (or your parent/guardian has read and agreed for you). If you do not agree, please delete your account in "Settings," cancel your subscription through Apple, Google, or the Website, and remove the App from your devices.

"GDPR" refers to General Data Protection Regulation (EU) 2016/679. "EEA" includes EU member states, European Economic Area nations, and the United Kingdom. "Process" encompasses collecting, storing, and disclosing personal data.

1. Categories of personal data we collect

1.1 Data you give us

You provide information during registration and use of the Services — including your name, email, content shared within the Service, plus support inquiries and any communications you send us.

1.2 Data provided by third parties

Google Login — we receive your email, name, profile image, and Google ID. Revoke access via your Google permissions page.

Apple Sign In — we receive your name and verified Apple ID email (or anonymous private relay email). Revoke access via Apple's instructions.

Facebook Login — we receive your profile image, name, and Facebook ID (and email unless you opt out at login).

1.3 Data we collect automatically

• Source data — the referring app or URL where you encountered our advertisement.
• Device and location — language settings, IP address, time zone, device type and model, OS version, ISP, mobile carrier, hardware ID, advertising identifiers (IDFA / AAID).
• Usage — interactions with screens and features, time spent in Services, account age, subscription status, total spending, and refund activity.
• Transaction data — we do not store full credit card numbers; payment processors handle them. We may receive transaction date, time, amount, and payment method type.
• Cookies — small text files used for record-keeping. Session cookies expire when you close your browser; persistent cookies remain longer. Tracking pixels support advertising delivery.

2. For what purposes we process your personal data

2.1 To provide our Services

We use personal data to enable seamless use of the Services and to prevent or address errors and technical issues. We rely on cloud platforms including Google Cloud, Vercel, and Hetzner. Sentry logs front-end errors. Intercom powers live chat. CookieYes manages cookie compliance. Cloudflare handles security and performance. OpenAI's API provides AI-powered features — OpenAI does not use API inputs or outputs for model training; inputs/outputs may be retained for up to 30 days for abuse monitoring.

2.2 To customize your experience

We process personal data to tailor Service content and offers based on your preferences — for example, surfacing more lessons in topics you engage with.

2.3 To manage your account

We secure account access and send technical notifications and emails about performance, security, payment transactions, and policy updates.

2.4 To communicate about your use of the Services

We send push notifications and emails — reminders, motivational messages, and Service information. Opt out of push notifications via device settings. Opt out of marketing emails via the unsubscribe link in any email footer.

2.5 To provide customer support

We use personal data to respond to support requests, handled via Gmail.

2.6 To research and analyze your use of the Services

We work with analytics partners including Appsflyer, Meta Events Manager, Google Analytics, Amplitude, Firebase Analytics, Firebase Remote Config, and Hotjar to understand product usage, identify preferences, and test improvements.

2.7 To send marketing communications

We add your email to marketing lists for product information and special offers. Unsubscribe via the footer of any marketing email. Push marketing opt-out is via device settings. Our partners include Iterable and Customer.io.

2.8 To personalize ads

We work with Facebook Pixel, Facebook Ads Manager + Custom Audience, Google Ads, Revealbot, and TikTok Ads to deliver relevant advertising. You can influence personalized advertising in your device or browser settings:

• iOS: Settings → Privacy & Security → Apple Advertising → deselect Personalized Ads.
• Android: Settings → Privacy → Ads → enable Opt out of Ads personalization.
• macOS: System Preferences → Security & Privacy → Privacy → Apple Advertising → deselect Personalized Ads.
• Windows 10: Start → Settings → Privacy → turn off "Let apps use advertising ID."

Industry opt-out resources: Network Advertising Initiative, Digital Advertising Alliance, DAA (EU), DAA AppChoices.

2.9 To process payments and refunds

Payments are processed by third parties — Solidgate and PayPal. We do not collect or store full payment card details. Refunds are handled per our Terms and Conditions; App Store refund requests may involve sharing limited usage data with the relevant App Store.

2.10 To enforce our Terms and combat fraud

We process data to enforce agreements and detect, prevent, and address fraud — including sharing limited information with law enforcement when disputes arise.

2.11 To comply with legal obligations

We process, use, or share data when law requires it — particularly in response to lawful law-enforcement requests.

3. Legal bases for processing (EEA users)

This section applies only to users based in the EEA.

3.1 Your consent

Used for sending marketing emails. Withdraw consent via the unsubscribe link in any marketing email footer.

3.2 Performing our contract with you

Covers: Service provision under the Terms and Conditions, experience customization, account management, customer support, Service-use communications, and payment processing.

3.3 Legitimate interests

Covers communications encouraging Service use, research and analysis to improve the Services, marketing communications, ad personalization, and Terms enforcement / fraud prevention. Each of these is balanced against your interests and fundamental rights.

3.4 Compliance with legal obligations

Used when processing is required by law.

4. With whom we share your personal data

4.1 Service providers

• Mobile app marketplaces (Apple App Store, Google Play)
• Cloud storage (Google, Hetzner, Vercel)
• Analytics (Meta, Google, Amplitude, Firebase, Appsflyer, Hotjar)
• Measurement partners (CookieYes, Sentry, Revealbot)
• Marketing partners (Facebook, Google, TikTok, social-media networks)
• Network and security infrastructure (Cloudflare)
• Payment processing (Solidgate, PayPal)
• Communications (Iterable, Intercom, Google, Customer.io, Firebase)

4.2 Law enforcement and public authorities

We may share personal data to enforce the Terms and Conditions, protect rights and safety, respond to court, law-enforcement, regulatory, or other government requests, or as otherwise required by law.

4.3 Mergers and acquisitions

If our business is sold, merged, or restructured, customer information may be transferred as part of that transaction. We will share information with affiliated entities and successor entities as appropriate.

5. How you can exercise your privacy rights

You have the right to:

• Access / review / update / correct your personal data — directly within the Services or by request.
• Delete your personal data as permitted by law (some data may be retained briefly to meet legal obligations).
• Object to or restrict certain uses of your personal data.

EEA users additionally have:

• The right to lodge a complaint with the data protection supervisory authority in your country of residence.
• The right to data portability — receive your personal data in a machine-readable format.

To exercise any of these rights, email support@myaddmile.com.

6. Age limitation

We do not knowingly process personal data from anyone under 16. If you believe someone under 16 has shared personal data with us, please email support@myaddmile.com.

7. International data transfers

We may transfer your personal data to countries other than the one in which it was originally collected to deliver the Services. Where transfers go to countries without equivalent protection, we rely on European Commission Standard Contractual Clauses or adequacy decisions.

8. Changes to this Privacy Policy

We may update this Privacy Policy. Material changes will be communicated through the Services or other available means. Continued use after changes take effect indicates agreement to the revised policy.

9. Supplemental notice for California residents

Under the California Consumer Privacy Act of 2018 ("CCPA"), California residents have the right to know what categories of personal information are collected and whether such information was disclosed for business purposes in the past twelve months. We do not "sell" personal information as defined by the CCPA, and we have no actual knowledge of "selling" personal information of minors under 16. To exercise CCPA rights, email support@myaddmile.com.

10. Supplemental notice for Virginia residents

Under the Virginia Consumer Data Privacy Act ("VCDPA"), Virginia residents may opt out of processing for targeted advertising by emailing support@myaddmile.com with the subject line "Virginia Do Not Sell Request." We do not sell personal data as defined by the VCDPA or use it for legally significant profiling. To appeal a denied data-rights request, email us with the subject line "Appeal of Refusal to Take Action on Privacy Request." If your appeal is denied, you may contact the Virginia Attorney General.

11. Supplemental notice for Nevada residents

Nevada residents may opt out of third-party sales of certain personal information by emailing support@myaddmile.com with the subject line "Nevada Do Not Sell Request," along with your name and account email. We do not currently sell personal information as defined by Nevada Revised Statutes Chapter 603A.

12. Account deletion

You can delete your account at any time via "Settings" in the App or Website, or by emailing support@myaddmile.com. Deletion may take up to 30 days. Cancel your subscription before deletion to avoid additional charges — see our Subscription Terms.

13. Data retention

We retain personal data only as long as reasonably necessary to fulfill the purposes outlined in this Privacy Policy, including legal-obligation compliance, dispute resolution, and agreement enforcement.

14. How "Do Not Track" requests are handled

Except as otherwise stated, the App does not support "Do Not Track" requests. For third-party services, please consult their own privacy policies.

15. Personal data controller

GTHW App Limited, a Republic of Cyprus registered company (registration number HE 395742), with registered address at Omonoias Avenue 13, Office 1B, Limassol 3052, Cyprus, controls your personal data.

16. Contact us

For any questions about this Privacy Policy, your account, or your personal data, please email support@myaddmile.com.