Privacy Policy
As part of our company values, especially putting members first, we at SPNS Enterprise FZ-LLC are committed to protecting and respecting your privacy in connection with your use of our content and products via our websites, including www.thesophy.app (“Websites”), our applications, including the Sophy mobile app (“Apps”), or other delivery methods (Websites, Apps, and other delivery methods are collectively referred to as our “Products”). Throughout this Privacy Policy, we will collectively refer to all of our Products and Services as our “Platform.” This Privacy Policy covers the “personal information,” meaning information about an identified or identifiable individual that is collected through our Product or Services.
Table of Contents
This Privacy Policy is provided in a layered format. We provided summaries for each section, but we encourage you to read each section in detail.
Collection of personal information
We may collect your personal information through our Platform, or when you otherwise share your information with us. Our collection may require your input or can be automatically collected while you engage with us.
Use of personal information
We primarily use your personal information for our Products and Websites to function and to deliver you the Services. We also may use your personal information for other purposes like communicating to you about your interest in our Platform, processing payments, complying with legal obligations, or to develop new features or improvements.
Sharing of personal information
We may share your personal information with certain third-party service providers to help make our Platform function. We may also share personal information as directed by you, to provide you with opportunities we think may interest you, or as legally required, such as to comply with a court order.
Data security and retention
The security of your personal information is of utmost importance to us. We retain your personal information for as long as necessary, and we maintain appropriate safeguards to protect it.
Your privacy rights
We want you to have choice in how your personal information is used. We provide you rights to request actions regarding your personal information including deletion, no matter where you reside. Further rights may be provided for your specific jurisdiction, which are outlined in Section 10.
Children's Privacy
Our Platform is generally intended for adults, except in limited circumstances depending on your offering.
Cookies
When you visit our Websites, we may collect certain information from you automatically through cookies and other tracking technologies. You can decide what cookies are deployed using the cookies settings on our Websites.
Changes
We may change this Privacy Policy to reflect new services, changes in our data practices, or to comply with relevant laws.
Contact us
You may contact us for comments, questions, or to exercise your privacy rights in various ways including emailing [email protected]
Supplemental notices
This section provides additional information specific to certain jurisdictions.
Other Choices
Promotional Communications and Mobile Push Notifications/Alerts
1. Collection of personal information
We may collect or process the following personal information about you from what you provide us directly, we receive from others, and personal information we may automatically collect when you interact with our Platform.
(a) Information you provide to us
- Contact information and identifiers. When you use our Platform, we may ask you to provide certain contact information, including your first and last name and email address. We may also collect your social media identification number if you choose to access the Products via a social media account.
- Account Information. If you decide to set up an account with us, we may ask you to provide certain additional contact information including, for example, your first and last name, e-mail address (personal and/or work), telephone number, mailing address, employer or company name, job title, student identification number, emergency contact information, as well as password and other authentication-related information. For individuals who participate in special subscriptions and features, including group plans, we may collect additional personal information, for example, home address and names and emails of household members for example, the names and emails of household members.
- Payment information. If you sign up for a paid product or service from us, you may be required to provide your payment card or bank account information. Please note that Sophy does not directly process payment card information, and instead relies upon third party payment processors to do so on our behalf. Please note that third party terms may apply to these payment services. Personal information collected for these purposes includes card number, type, expiration date, and billing address, and certain anonymized, limited and/or truncated versions of this information may be provided to Sophy.
- Survey information. We may present you with surveys for Product functionality, to provide you the Services, to provide you with information about our Products and Services that we think may be of interest to you, or for research purposes. These surveys may give you the opportunity to describe certain things about you, your use of the Platform, or feedback on future improvements.
- Communication information. When you send or respond to emails, messages, chats, or other communications from Headspace, we may collect your email address, name, and any other personal information you choose to include in the body content of your communications. In addition, when you interact with certain features of our Products, we may collect the content of those communications.
- Support information. When you submit a support request or otherwise engage with our support team, we collect the information you provide as part of that interaction. We also utilize live chat and/or chatbot technology, which allow you to communicate directly with our automated customer service system and/or customer service representatives via a chat window about our Products and Services. Text entered into this form prior to submission may be collected, retained, and used by Sophy for our business purposes, including by our customer service and other personnel and service providers.
(b) Information we automatically collect
Our Products and Websites may collect information from you automatically during your use which may include:
- Browser and device data, such as IP address, device identifier, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the Websites and Products you are visiting.
- Usage data, such as time spent on the Products and Websites including pages visited, links clicked, approximate location, language preferences, performance of features, patterns of use, and the pages that led or referred you to our Products and Websites.
(c) Aggregated, anonymous, and de-identified data We may create or collect aggregated, anonymous, or de-identified data from personal information by removing, masking, or otherwise altering data components that make the data personally identifiable, or potentially personally identifiable to you (“De-Identified Data”). De-Identified Data is not personal information and not subject to this Privacy Policy.
2. Use of personal information
We may use your personal information in the following ways:
- To provide our Platform, including the delivery of content and interactive features;
- To communicate with you regarding our Platform including updates or changes;
- To provide you support, answer your questions or requests for information, or handle your complaints;
- To process payment, manage your orders, and account for applicable sales taxes;
- To fulfill our obligations under any agreements that we may have with you;
- To maintain and improve the quality of our Platform, including to perform research and development, understand user trends, and, in a limited way, understand the effectiveness of our marketing and advertising such as recording a sales conversion;
- To provide you with information about new Products and Services, promotions, and other opportunities that we believe may be of interest to you
- To personalize the advertisements you receive about our Platform through third-party platforms, on other websites and apps;
- To protect ourselves, you and others such as by taking actions to prevent fraud and other unlawful or unauthorized activity, and creating and maintaining a trusted, secure, and reliable online environment; and
- To comply with our legal obligations including meeting regulatory compliance obligations, responding to subpoenas, court orders or other legal processes; and
- To establish or exercise our legal rights or defense against legal claims.
3. Sharing of personal information
We may disclose your personal information with the following categories of third parties:
- Our service providers. In some circumstances we may need to disclose your personal information to a third party so that they can provide a service on our behalf, such as to help deliver Products or Services that you have requested. These service providers may include services such as analytics, payment processing, advertising and marketing, website hosting, customer and technical support, and other services. Our service providers have access to your personal information only to perform these tasks on our behalf, based on our instructions and are contractually obligated to maintain the confidentiality and security of your personal information, and to not disclose or use your personal information for any other purpose inconsistent with this Privacy Policy and applicable law.
- Your integrations. You may connect your account through supported integrations with third parties and we will share your personal information with those third parties. If you do connect an integration, that third party’s terms and privacy policy may apply to the personal information shared as a result and we encourage you to review those before setting up the integration.
- Community Activity. If you engage with other Platform users using our community features, we will share some information about you such as your name associated with your comment on a forum or other information you choose to share with other users.
- Third party business partners. In limited cases, we may provide certain personal information to third party businesses with which we have a joint promotional relationship, bundled subscription offer, or other trusted partnership. This type of sharing will most often be consistent with your notice, consent, direction, and/or reasonable expectations in light of the circumstances in which you provided the personal information.
- Third party advertising platforms. We work with third party platforms who provide us with analytics and advertising services. This includes helping us understand how users interact with our Platform serving advertisements on our behalf to those who may be interested, and measuring the performance of those advertisements.
- Compliance and harm prevention. If we are under a duty to disclose or share your personal information in order to comply with any legal obligation, such as to comply with a subpoena, bankruptcy proceeding, similar legal process, or in order to enforce our agreements with you; or to protect the rights, property, or safety of Sophy, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. We may also disclose personal information where we believe that doing so would be in accordance with or required by any applicable law, regulation or legal process.
- Affiliates and business transfer. If Sophy, including any of our subsidiaries, brands, or affiliates, is involved in a merger, acquisition, asset sale, or other corporate combination, your personal information may be transferred to the acquiring or surviving entity. If such transfer results in a material change to the use of your personal information, we will provide notice before your personal information is transferred or becomes subject to a different privacy policy.
4. Data security and retention
The security of your personal information is important to us. We follow generally accepted standards, practices, and procedures to protect the personal information submitted to us, both during transmission and once it is received. We maintain appropriate technical, administrative and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, disclosure or misuse.
No security can be fully guaranteed, though. If you have an account with us and you suspect unauthorized use of your account or its credentials, you should contact us immediately using the contact information in Section 9 below or contact our security team directly at [email protected].
We will keep your personal information for as long as needed to perform our obligations to you, or for as long as legally permitted. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). For example, we keep your account information, like your name, email address, and password, for as long as your account exists so that you may access it.
5. Your privacy rights
We believe that you should have control of your personal information. To that end we provide the following rights to make requests regarding your personal information. You may make these requests by contacting [email protected] or in some cases using features within the Platform:
- Access. You have the right to know what personal information we collect about you and how we use it. This Privacy Policy serves to inform you about that collection and use. If we have personal information about you, you may also request a copy of that information.
- Correction. You have the right to request the correction of your inaccurate personal information.
- Portability. You may request an export of your personal information in a structured and machine readable format such as a .csv or .pdf. Where feasible, we can send that export to a third party you identify.
- Deletion. You have the right to request, under certain circumstances, the deletion of your personal information that we collect.
- Restriction. You have the right to request that SPNS Enterprise FZ-LLC restrict the use of your personal information in certain circumstances. Please note that in some cases we may not be able to place a restriction due to the use being necessary for Product functionality or delivery of the Services.
- No retaliation or discrimination. You have the right not to receive discriminatory or retaliatory treatment for making a request.
Upon receiving your request, we may ask for additional information from you in order to verify the request or confirm how you would like to proceed. We endeavor to respond to a verifiable request without undue delay. If we require an extended amount of time, we will inform you using the email associated with your account or the email you used to make the request.
We do not charge a fee to process your verifiable request unless it is excessive, repetitive, or clearly unfounded. If we determine that your request requires a fee, we will tell you why and provide you with a cost estimate before completing your request.
Your rights are not absolute, and exceptions may apply. These exceptions can arise from different factors including our legal obligations, the rights of others, your or another’s safety, and our ability to bring or defend against legal claims. Additionally, we will not fulfill your request if you do not provide sufficient information to verify your identity or to verify that a third party making the request is authorized to act as your representative.
Some US jurisdictions provide residents with certain rights with respect to their personal information as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and that certain other rights might apply. Please review our Supplemental Notices, which are described in Section 9, including our Privacy Notice for EU and UK, our Privacy Notice for California, and our Privacy Notice for Virginia, Connecticut, Colorado, Utah, and Nevada for more information on rights and terms specific to your location or place of residence.
6. Children’s privacy
At Sophy, we are committed to protecting and respecting children’s privacy. Our Platform is generally intended for individuals at least 18 years old and we do not intentionally collect personal information from individuals under 18 years old.
If you are a parent or guardian and you are aware that a child under age 18 has provided us with their personal information without parental consent, please contact us at [email protected] and we will take steps to remove that personal information from our servers.
7. Cookies
When you visit our Websites, we may collect information from you automatically through cookies including cookies provided by third parties. We use cookies and the information they collect for a variety of purposes including functionality, analyzing performance, security, personalizing Website content, and advertising. We will get your consent in order to use such trackers or provide you with the opportunity to opt-out of cookies, to the extent required by applicable law. You may use an opt-out preference signal, such as the Global Privacy Control (GPC), to opt-out of the sale/sharing of your personal information. For more information on the types of cookies we use and your choices regarding them, please review our Cookie Policy.
8. Changes
This Privacy Policy is effective as of the date posted at the top. We may update this Privacy Policy from time to time to reflect Platform changes, make corrections, improve clarity, reflect changes in our privacy practices, or as required by applicable laws. When we may make a significant change, such as on how we use your personal information or your rights, we will notify you within the Platform or through another channel such as the email you supplied during account registration, in addition to posting the revised version on our Website. We encourage you to periodically check this Privacy Policy to stay informed about how we handle your personal information.
9. Contact us
We want to hear from you if you have questions, concerns, or requests regarding this Privacy Policy. You can reach us by emailing [email protected].
10. Supplemental notices
Depending on your jurisdiction, you have additional rights that apply to you under your jurisdiction’s privacy laws. We provide the supplemental information in this section in our efforts to comply with those additional privacy laws and inform you about your rights. If you do not see your jurisdiction below please do not interpret that to mean that we do not respect your privacy and we encourage you to still contact us using the contact details above with your questions or concerns.
(a) Information for Individuals in EEA, Switzerland, and UK
The sections below apply to you if you use the Services while in the European Economic Area, Switzerland, or the United Kingdom (collectively, “Europe”). SPNS Enterprise FZ-LLC is the data controller for personal data governed by this Privacy Policy.
Data Retention
We retain personal data for no longer than is necessary for the purposes for which it is processed, unless applicable law requires storage for a longer period of time.
Data Subject Requests
Subject to certain limits and conditions provided under law, in addition to the rights described under the Privacy Rights section above, you have the right to:
- Object to certain processing (like receiving direct marketing), or request that we restrict processing in certain circumstances (like to retain but not further process pending resolution of a claim).
- Withdraw any consent you have provided.
- Request that Sophy transfer certain data to another data controller.
- File a complaint regarding our data protection practices with a supervisory authority.
- Please see this directory for contact details: https://edpb.europa.eu/about-edpb/board/members_en.
- If you are in Switzerland, please visit this FDPIC site for contact details: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
- If you are in the United Kingdom, please see this site for contact details: https://ico.org.uk/global/contact-us/.
If you would like to exercise any of these rights and can’t do so directly via the Services or your device, you may contact us as indicated in Section 9.
(b) Information for California Residents
We include this section for residents of California in order to comply with the California Consumer Privacy Act of 2018, and its amendment, the California Privacy Rights Act of 2020 (together, the “CCPA”). This section is intended to comply with the CCPA by supplementing the information provided elsewhere in the Privacy Policy.
Categories of personal information. The CCPA includes categories of personal information that businesses like us are required to tell you what of them we have collected from you. To comply with those requirements, we have provided the table below disclosing the categories of personal information we have collected through our Platform within the last twelve (12) months.
Categories of personal information we collect
Identifiers, such as your name, phone number, email address, social media handle, and unique identifiers (like IP address) tied to your browser or device. Characteristics of protected classifications under state or federal law, such as gender and age. Commercial information, such as your payment information and Sophy product or service purchases. Approximate geolocation data. Internet or other electronic network activity, such as browsing behavior and information about your usage and interactions with the Services. Audio, electronic, visual, or similar information, such as profile photo or personal information you may provide during customer support calls and call recordings. Professional, employment, and education information, such as information about your employer or professional background that you voluntarily provide to us. Other personal information you provide, including opinions, preferences, goals, and previous meditation experience and other personal information contained in product reviews, surveys, or communications. Inferences drawn from the above, such as product interests and purchasing insights.
Business or commercial purposes for which we may use your information
Perform or provide the services, such as to maintain accounts, provide customer service, process orders and transactions, and verify customer information. Improve and maintain the Services, such as by improving the Services and developing new products and services. Debug, such as to identify and repair errors and other functionality issues. Communicate with you about marketing and other relationship or transactional messages. Analyze usage, such as by monitoring trends and activities in connection with use of the Services. Personalize your online experience, such as by tailoring the content and ads you see on the Services and on other platforms based on your preferences, interests, and browsing behavior. Legal reasons, such as to help detect and protect against security incidents, or other malicious, deceptive, fraudulent, or illegal activity.
Parties with whom information may be shared
Companies that provide services to us, such as those that assist us with customer support, subscription and order fulfillment, advertising measurement, communications and surveys, data analytics, fraud prevention, cloud storage, bug fix management and logging, and payment processing. Third parties with whom you consent to sharing your information, such as with social media services or academic researchers. Government entities or other third parties for legal reasons, such as to comply with law or for other legal reasons as described in our Section 3.
(c) Privacy Notice for Virginia, Connecticut, Colorado, Utah, and Nevada
We include this section for residents of other US states with privacy laws that may impact them. These privacy laws include the Virginia Consumer Data Privacy Act (“VCDPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), the Colorado Privacy Act (“CPA”), and the Nevada Privacy Law (“NPL”). This section is intended to comply with these laws by supplementing the information provided elsewhere in the Privacy Policy.
Collection of personal information. Sophy may collect the personal information described in Section 1 and as categorized in the table within Section 10(b) above. Please note that some of this personal information will be considered sensitive under your state’s legal definition which can vary across different states. The personal information we may collect depending on how you use our Platform includes mental or physical health information, racial or ethnic origin, and information about sexual orientation or gender identity.
Use of personal information. Sophy may collect, use, or disclose personal information about US state residents for purposes listed in Section 2 of our Privacy Policy. We use sensitive personal information for the same purposes except for personalizing ads.
Disclosure of personal information. We may disclose your personal information to the categories of service providers and third parties identified in Section 3 of this Privacy Policy, and in ways that are described in that section.
Your privacy rights. We generally provide the privacy rights described in Section 5 above to you regardless of your location. Your state may afford you additional privacy rights as noted below. To exercise your right, see the contact information in Section 9 or follow the instructions below for specific state rights. We will respond to your verifiable request within the time limit afforded under applicable law. Exceptions may still apply as described in Section 5.
Residents of Colorado, Connecticut, Virginia, and Utah have the right to opt out of targeted advertising and sales. If you are a resident of these states, you may opt out by Your privacy choices and, if you are an Apps user, by sending your request by email [email protected].
For users in Colorado, Connecticut and Virginia, you may opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. While you may still make this request, Headspace does not currently use profiling in this manner.
Nevada provides its residents a limited right to opt out of the sale of personal information. Please know that we do not trigger this requirement because we do not sell your personal information for payment.
11. Other Choices
Promotional Communications
You may opt out of receiving promotional emails from Sophy by following the instructions in those emails or by logging into your account and managing your contact preferences. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations.
Mobile Push Notifications/Alerts
With your consent, we send promotional and other push notifications to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device.
Cookie Policy
Does Sophy use cookies?
Yes. Sophy uses cookies and other similar technologies to ensure everyone who uses the website has the best possible experience.
What is a cookie?
A cookie is a small text file that is placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. You can find out more about each cookie by viewing our current cookie list below. We update this list every six months, so there may be additional cookies not yet listed. Web beacons, tags, and scripts may be used on the website or in emails to help us to deliver cookies, count visits, understand usage and advertising campaign effectiveness, and determine whether an email has been opened and clicked on. We may receive reports based on the use of these technologies by our service/analytics providers on an individual and aggregated basis.
Why does Sophy use cookies?
When you visit our website, we may place a number of cookies in your browser. These are first-party cookies, and they allow us to hold session information as you navigate within the site. For example, we use cookies on our website to understand visitor and user preferences, improve their experience, and track and analyze usage, navigational, and other statistical information. You can control the use of cookies at the individual browser level. If you choose not to activate cookies or to later disable them, you can still visit our website, but your ability to use some features may be limited.
How do I disable cookies?
You can generally activate or later deactivate the use of cookies through your web browser. Find your browser below to learn more about how to manage your cookie settings.
- Firefox: Click here to learn more about “Private Browsing” and managing cookie settings.
- Chrome: Click here to learn more about “Incognito” and managing cookie settings.
- Internet Explorer: Click here to learn more about “InPrivate” and managing cookie settings.
- Safari: Click here to learn more about “Private Browsing” and managing cookie settings.
If you want to learn more about cookies or how to control, disable, or delete them, please visit http://www.aboutcookies.org for detailed guidance.
In addition, certain third party advertising networks, including Google, allow users to opt out of or customize preferences associated with your internet browsing. To learn more about this feature from Google, click here.
Cookies Sophy uses
Many jurisdictions require or recommend that website operators disclose the types of cookies they use and occasionally get consent from users before placing certain cookies.
We may use any of the following categories of cookies on our website as detailed below. Each cookie falls within one of these four categories:
Category
Description
Essential Cookies
Essential cookies (first-party cookies) are sometimes called “strictly necessary” as without them we cannot provide many services that you need on the website. For example, essential cookies help remember your preferences as you move around the website.
Analytics Cookies
These cookies track information about website visits so we can make improvements and report our performance. For example, we analyze visitor and user behavior to provide more relevant content or suggest certain activities. These cookies collect information about how visitors use the website, which site the user came from, the number of each user’s visits, and how long a user stays on the website. We might also use analytics cookies to test new ads, pages, or features to see how users react to them.
Functionality or Preference Cookies
During your visit to the website, these cookies are used to remember information you have entered or choices you make such as your username, language, or region. They also store your preferences when personalizing the website to optimize your use of Sophy, for example, your preferred language. These preferences are remembered through the use of the persistent cookies, and the next time you visit the website you won’t have to set them again.
Targeting or Advertising Cookies
These third-party cookies are placed by third-party advertising platforms or networks in order to deliver ads and track ad performance, enabling advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called behavioral, tracking, or targeted advertising) on the website. They may subsequently use information about your visit to show you ads that you may be interested on our website and other websites. For example, these cookies remember which browsers have visited the website.
