Privacy Policy

This Privacy Policy explains how Anderson Melo ("we", "our") collects, uses, stores, and protects your personal and health information when you use our applications and services.

We are committed to complete transparency and rigorous protection of your data, following Brazil's General Data Protection Law (LGPD), Europe's GDPR, and international best practices.

This policy applies to all our services, including mobile applications, websites, and related functionalities.

We collect different types of information to provide and improve our health and fitness services:

Basic Personal Data:

• Full name and nickname

• Email address

• Date of birth

• Profile photo (optional)

Health and Biometric Data:

• Weight, height, and BMI

• Fitness and health goals

• Exercise and activity history

• Biometric metrics (heart rate, blood pressure)

• Sensor data (accelerometer, gyroscope)

• Sleep and rest information

• Nutritional and dietary data

Technical and Usage Data:

• Device information (model, operating system)

• App usage data (features used, time)

• Performance and crash data

• User preferences and settings

We implement bank-level security to protect your sensitive health data:

Technical Measures:

• AES-256 encryption for stored data

• TLS 1.3 encryption for data transmission

• Secure servers in certified data centers

• Encrypted and geographically distributed backups

Organizational Measures:

• Limited access only to authorized staff

• Regular data security training

• Quarterly security audits

• Incident response plans

Data Location:

• Primary data stored on servers in Brazil

• Compliance with LGPD localization requirements

• International transfers only with adequate protections

We use AI technologies to personalize your health and fitness experience, always with your permission:

How AI Works:

• Your personal data is completely anonymized before use

• We use only aggregated patterns, never individual information

• Algorithms learn from general behaviors to improve recommendations

• Improvements benefit all platform users

Your AI Controls:

• You can opt out at any time

• Granular settings for different data types

• Complete transparency about which data is used

• Option to export or delete training data

You have complete control over your health data. Your rights include:

Access Rights:

• Know what personal data we process about you

• Receive copy of all your health data

• Understand how your data is used for AI and recommendations

• See sharing history (when applicable)

Control Rights:

• Correct incorrect or outdated health information

• Complete incomplete health data

• Restrict processing for specific purposes

• Object to processing based on legitimate interest

Deletion Rights:

• Delete all health data ("right to be forgotten")

• Revoke consent for specific processing

• Request anonymization instead of deletion

• Delete account and all associated data

SPECIAL FOR EUROPEAN RESIDENTS:

• Right to erasure guaranteed by GDPR (Article 17)

• COMPLETE and IRREVERSIBLE deletion of all personal data

• Processing within 30 days according to European legislation

• Notification to third-party processors when applicable

• Proof of deletion provided after processing

• Right to lodge complaint with local supervisory authority

To exercise any right, contact us at contato@anderson.app.br or dpo@anderson.app.br.

We have a strict no-sharing policy. Your health data is NEVER sold.

Authorized Integrations (only with your permission):

• Google Fit and Apple HealthKit (data synchronization)

• Wearable devices (Fitbit, Garmin, smartwatches)

• Nutrition apps (when specifically authorized)

• Medical monitoring platforms (with explicit consent)

We Never Share:

• Health data for third-party marketing

• Biometric information to health insurers

• Exercise data to employers

• Any information without clear legal basis and consent

You control all integrations and can revoke access at any time.

We keep your data only as long as necessary:

• Account Data: While active + 30 days for reactivation

• Health Data: While active + 1 year for continuous history

• Biometric Data: While active + 6 months

• Exercise Data: While active + 2 years for progression

• Payment Data: 7 years (tax obligations)

• Anonymized Data: Indefinitely for improvements

You can request early deletion at any time. Health data is deleted securely and irreversibly.

Special protection for children and adolescents' health data:

Age Restrictions:

• Under 13: not permitted

• 13-17 years: requires guardian consent

• Mandatory age verification at registration

Special Protections for Minors:

• Minimal health data collection

• We do not allow sharing of minor data

• Parental controls for monitoring

• Right of parents to access and control health data

Minor data collected without adequate consent is immediately deleted.

We update this policy to reflect improvements in health data protection:

Change Process:

• Rigorous legal review before any change

• 30-day advance notification for significant changes

• Highlight for changes affecting health data

• Previous version always available for consultation

How You Will Be Notified:

• Email to all registered users

• Highlighted notification in app

• Notice on main website

Changes that reduce health data protections require renewed explicit consent.

For questions about privacy, health data protection, or exercising rights:

Main Contact:

• Email: contato@anderson.app.br

• Subject: "Privacy and Health Data"

• Response guaranteed within 48 hours

Data Protection Officer (DPO):

• Anderson Melo - dpo@anderson.app.br

• Responsible for overseeing LGPD/GDPR compliance

• Contact point with regulatory authorities

Supervisory Authorities:

• Brazil: ANPD (National Data Protection Authority)

• Europe: Local data protection authorities in each country

• Right to file complaint about health data treatment

SPECIAL PROCESS FOR EUROPEAN RESIDENTS:

• To exercise right to erasure: send email to dpo@anderson.app.br

• Subject: "GDPR - Data Deletion Request"

• Include: full name, account email, proof of EU residency

• Response time: 72 hours for confirmation, 30 days for completion

• Deletion includes: health data, biometrics, exercises, backups and logs

• Proof: digital deletion certificate will be sent

We are committed to resolving any concerns about your health data quickly and transparently.