SlouchSniper LogoSlouchSniper

Privacy Policy for Slouch Sniper

Effective Date: April 29, 2025

1. Introduction

Welcome to Slouch Sniper! We are committed to protecting your privacy and handling your personal data in an open and transparent manner. Slouch Sniper ("we," "us," or "our") operates the website https://slouchsniper.com (the "Website") and the Slouch Sniper health and wellness desktop application (the "App"), which is designed to help improve your posture through AI-powered analysis and feedback.

This Privacy Policy outlines our practices concerning the collection, use, disclosure, and protection of your personal information when you visit our Website, use our App, or otherwise interact with our services. We understand the importance of your personal data, especially health-related information, and are dedicated to ensuring its security and your control over it.

This policy is designed to be compliant with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We encourage you to read this policy carefully to understand what data we collect, how we use it, and what rights you have in relation to it.

2. Purpose of the Privacy Policy

The primary purpose of this Privacy Policy is to provide you with clear and comprehensive information about:

  • What personal data we collect from you.
  • How and why we use your personal data.
  • The legal basis upon which we process your personal data.
  • With whom we might share your personal data.
  • How we protect your personal data.
  • How long we retain your personal data.
  • Your rights regarding your personal data and how you can exercise them.
  • Our use of cookies and similar technologies.

By being transparent about our data practices, we aim to build trust and empower you to make informed decisions about sharing your personal information with Slouch Sniper. This policy serves as our commitment to safeguarding your privacy and upholding your rights under the GDPR.

3. Scope of the Policy

This Privacy Policy applies to all personal data processed by Slouch Sniper in relation to:

  • Visitors and users of our Website, https://slouchsniper.com.
  • Users of our Slouch Sniper desktop App.
  • Individuals who contact us via email, including karol@slouchsniper.com, or other communication channels.
  • Any other interactions where Slouch Sniper acts as a data controller for your personal information.

This policy does not apply to third-party websites, services, or applications that may be linked from our Website or App, or to information collected by third parties independently from us. We encourage you to review the privacy policies of any third-party services before providing them with your personal information. For instance, if you navigate to a payment processor's site like Stripe, their privacy policy will govern the data they collect directly from you.

The processing of user images within the desktop App is a specific activity covered under this policy, and particular attention is given to the consent mechanisms and data handling practices for this sensitive data.

4. Information Collected

We collect different types of information to provide and improve our services, to communicate with you, and to fulfill our legal obligations. This information can be broadly categorized into Personal Information and Non-Personal Information.

4.1 Personal Information

Personal Information (or Personal Data) is any information that relates to an identified or identifiable individual. The specific types of personal information we collect depend on your interaction with us:

Information you provide directly through our Website:

  • Email address: When you sign up for an account, subscribe to our newsletter, or contact us for support via karol@slouchsniper.com or other forms on our Website.
  • Height: When you provide this information to personalize your experience within the Slouch Sniper App or for account setup.
  • Age: When you provide this information for profile creation or to help tailor the AI's posture correction feedback.
  • Gender: When you provide this information for profile creation or to help tailor the AI's posture correction feedback.

Information you provide directly through our Desktop App (with explicit consent):

  • User Images: Our desktop App may offer features that require access to your device's camera to capture images of you for the purpose of AI-powered posture analysis. We will only collect user images with your explicit, informed, and unambiguous consent. This consent will be requested separately within the App before any images are captured or processed. These user images are used solely to train and improve our posture-detection AI models. They are aggregated and never sold or shared with third parties for any other purpose beyond improving the Slouch Sniper App's functionality for all users. You can revoke this consent at any time, though this may affect the functionality of certain AI features.

Payment Information:

If you make a purchase (e.g., a subscription to the App), your payment information (such as credit card details) is processed directly by our third-party payment processor, Stripe. Slouch Sniper does not directly store your full payment card details. We may receive transaction confirmations and limited payment information from Stripe for record-keeping and service fulfillment purposes.

4.2 Non-Personal Information

Non-Personal Information is data that cannot, on its own, be used to identify or contact you. We may collect this information automatically when you interact with our Website or App:

  • Usage Data: Information about how you use our Website and App, such as features accessed, time spent on pages/screens, clicks, and performance metrics. This helps us understand user behavior and improve our services.
  • Device and Technical Information: Information about the device you use to access our services, including IP address (which can sometimes be considered personal data), browser type and version, operating system, device identifiers, and screen resolution.
  • Aggregated Data: We may aggregate personal data (including user images in an anonymized or pseudonymized form) for statistical analysis and to improve our AI models. This aggregated data does not personally identify you. For example, we might analyze posture trends across different demographic groups without identifying individual users.

5. Use of Information

We use the information we collect for various purposes, all aimed at providing, maintaining, improving, and protecting our services, as well as communicating with you.

To Provide and Maintain Our Services:

  • To create and manage your Slouch Sniper account.
  • To process your email address, height, age, and gender to personalize the posture correction guidance and feedback within the App.
  • To process payments for subscriptions or other services through Stripe.
  • To provide customer support and respond to your inquiries sent to karol@slouchsniper.com or through other channels.

To Improve Our Services and AI Models:

  • To analyze usage patterns and trends to understand how our Website and App are being used, enabling us to enhance user experience and develop new features.
  • With your explicit consent, to use user images to train, validate, and improve the accuracy and effectiveness of our AI-powered posture detection and correction algorithms. This use is strictly internal and focused on enhancing the Slouch Sniper App.
  • To conduct research and development.

To Communicate With You:

  • To send you important service-related announcements, such as updates to our terms, conditions, and policies, or information about your account.
  • To send you marketing communications, newsletters, and promotional offers about Slouch Sniper products and services, but only if you have opted-in to receive such communications. You can unsubscribe at any time.

For Security and Legal Compliance:

  • To protect the security and integrity of our Website, App, and user data.
  • To prevent fraud, abuse, and other harmful activities.
  • To comply with applicable legal obligations, court orders, or governmental requests.

6. Legal Basis for Processing (GDPR)

Under the GDPR, we must have a valid legal basis for processing your personal data. Our legal bases for processing include:

Consent (Article 6(1)(a) GDPR):

  • We rely on your explicit consent for collecting and processing user images through our desktop App for AI model training and improvement. You have the right to withdraw this consent at any time.
  • We rely on your consent for sending you direct marketing communications via email address.
  • We rely on your consent for the use of non-essential cookies (see Cookies Policy section).

Performance of a Contract (Article 6(1)(b) GDPR):

  • When you create an account or subscribe to Slouch Sniper, we process your personal data (such as email address, height, age, gender) as necessary to fulfill our contractual obligations to provide you with the App's services and features.
  • Processing payment information through Stripe is necessary for the performance of the contract if you purchase a paid service.

Legitimate Interests (Article 6(1)(f) GDPR):

We process certain personal data based on our legitimate interests, provided these interests are not overridden by your rights and interests. Our legitimate interests include:

  • Improving our Website, App, and AI models (where not relying on explicit consent for specific data like images).
  • Ensuring the security of our services and preventing fraud.
  • Understanding how our users interact with our services to enhance user experience.
  • Responding to your inquiries and providing customer support (where not part of a contractual obligation).
  • Internal administrative purposes and record-keeping.

When relying on legitimate interests, we conduct a balancing test to ensure your fundamental rights and freedoms are not unduly impacted.

Legal Obligation (Article 6(1)(c) GDPR):

We may process your personal data if necessary to comply with a legal obligation, such as responding to lawful requests from public authorities or for tax and accounting purposes.

For "special categories of personal data" under GDPR (which can include health-related data inferred from posture analysis, or biometric data if images are processed in a way that uniquely identifies individuals), we will rely on your explicit consent (Article 9(2)(a) GDPR) or other specific derogations as permitted by law. The collection of user images for AI training falls under this, and explicit consent is paramount.

7. Sharing of Information

Slouch Sniper does not sell your personal data. We only share your personal data with third parties in the limited circumstances described below:

7.1 Third-Party Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf or to assist us in analyzing how our service is used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We ensure that these providers are compliant with GDPR and have appropriate data processing agreements in place.

  • Supabase: We use Supabase for backend services, including user authentication (managing your login credentials like email address) and data storage (e.g., storing your profile information like height, age, gender, and potentially aggregated or anonymized data derived from user images). Supabase acts as a data processor on our behalf. Their privacy policy and data processing terms are available on their website.
  • Stripe: If you make a purchase, we use Stripe for payment processing. Stripe handles your payment card information directly and securely. Stripe acts as a data controller for the payment information they process. We do not store your full credit card details on our servers. You can review Stripe's privacy policy on their website.
  • Cloud Infrastructure Providers: Our data, including your personal information and user images (if consented to), is stored on secure cloud infrastructure. These providers are responsible for the physical security of the servers and provide robust security measures.
  • Analytics Providers: We may use third-party analytics services (e.g., Google Analytics for website traffic, or similar services for app usage) to help us understand the use of our services. These providers may collect information sent by your browser or device as part of a web page request, including cookies and your IP address. This information is typically aggregated and anonymized.

7.2 Legal Obligations and Rights Protection

We may disclose your personal data if we believe in good faith that such disclosure is necessary to:

  • Comply with a legal obligation, subpoena, court order, or other lawful request from public authorities (e.g., law enforcement).
  • Protect and defend the rights, property, or safety of Slouch Sniper, our users, or the public.
  • Detect, prevent, or otherwise address fraud, security, or technical issues.
  • Enforce our terms and conditions or other agreements.

7.3 Business Transfers

In the event that Slouch Sniper is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transition, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

7.4 Aggregated or Anonymized Data

We may share aggregated or anonymized information that does not directly identify you with third parties for research, marketing, analytics, or other purposes. For example, we might share statistics about user posture improvements without revealing individual data.

User images, when collected with explicit consent, are used solely to improve the Slouch Sniper app and are never sold or shared with external third parties for their own marketing or commercial purposes. They may be processed by our cloud infrastructure providers and accessed by our internal AI development team under strict confidentiality and security protocols.

8. Data Security

Slouch Sniper takes the security of your personal data very seriously. We implement appropriate technical and organizational measures to protect your personal information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption: We use encryption (such as SSL/TLS) for data in transit between your device and our servers. Data at rest stored with our cloud providers (including Supabase) is also encrypted.
  • Access Controls: Access to personal data is restricted to authorized personnel who need access to perform their job duties. We implement role-based access controls and strong authentication mechanisms.
  • Secure Infrastructure: We leverage the robust security features of our cloud service providers, like Supabase and other leading cloud platforms, which include physical security, network security, and regular security audits.
  • Data Minimization: We only collect personal data that is necessary for the purposes outlined in this policy.
  • Regular Security Assessments: We regularly review and update our security practices to address new threats and vulnerabilities.
  • Explicit Consent for Sensitive Data: For sensitive data like user images, we ensure collection only occurs after explicit user consent and that these images are handled with heightened security.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us by contacting karol@slouchsniper.com. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by law.

9. User Rights (Access, Correction, Deletion, Portability)

Under the GDPR, you have several rights concerning your personal data. Slouch Sniper is committed to upholding these rights. To exercise any of these rights, please contact us at karol@slouchsniper.com. We will respond to your request within one month, as required by GDPR, unless the request is complex or numerous, in which case we may extend this period.

  • Right of Access (Article 15 GDPR): You have the right to request a copy of the personal data we hold about you and information about how we process it. This includes information on the purposes of processing, categories of personal data concerned, recipients to whom the data has been or will be disclosed, and the envisaged period for which the personal data will be stored.
  • Right to Rectification (Article 16 GDPR): You have the right to have any inaccurate or incomplete personal data we hold about you corrected. If you have an account with us, you may be able to update some of your information directly through your account settings.
  • Right to Erasure ('Right to be Forgotten') (Article 17 GDPR): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, you withdraw consent (and there is no other legal ground for processing), you object to the processing and there are no overriding legitimate grounds, or if the data has been unlawfully processed. This includes the deletion of your email address, height, age, gender, and any user images you consented to provide.
  • Right to Restriction of Processing (Article 18 GDPR): You have the right to request that we restrict the processing of your personal data under certain circumstances, such as if you contest the accuracy of the data, the processing is unlawful but you oppose erasure, or we no longer need the data but you require it for legal claims.
  • Right to Data Portability (Article 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller without hindrance from us, where the processing is based on consent or on a contract and is carried out by automated means.
  • Right to Object (Article 21 GDPR): You have the right to object to the processing of your personal data based on our legitimate interests or for direct marketing purposes. If you object to processing for direct marketing, we will cease processing for such purposes. If you object to processing based on legitimate interests, we will cease processing unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
  • Right to Withdraw Consent (Article 7(3) GDPR): Where we rely on your consent to process your personal data (e.g., for user images or marketing emails), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • Rights related to Automated Decision-Making and Profiling (Article 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except under certain conditions (e.g., with your explicit consent, or if necessary for a contract). Our AI-powered posture correction offers suggestions and feedback; it does not make automated decisions with legal or similarly significant effects in this context.

If you wish to exercise any of these rights, please contact us at karol@slouchsniper.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

10. Data Retention

Slouch Sniper will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements, and to provide our services to you.

The criteria used to determine our retention periods include:

  • Purpose of Collection: We retain data as long as it's needed for the specific purpose it was collected for. For example, account information (like email address, height, age, gender) is retained as long as your account is active.
  • User Consent: Data collected based on your consent (e.g., user images for AI training) will be retained until you withdraw your consent, or until it is no longer needed for the stated purpose, whichever comes first. We will periodically review the necessity of retaining such data.
  • Legal and Regulatory Requirements: We may be required to retain certain information for a specific period to comply with applicable laws (e.g., tax and accounting records, data related to legal claims).
  • Contractual Obligations: Data needed to fulfill contractual obligations will be kept for the duration of the contract and any subsequent period required for claims or dispute resolution.
  • Operational Needs: Some data may be retained for a reasonable period for backup, archival, fraud prevention, or audit purposes.

Specifically:

  • Your account information (email address, profile details like height, age, gender) will be retained for as long as your account remains active with Slouch Sniper. If you choose to delete your account, we will delete or anonymize this information within a reasonable timeframe, subject to any legal obligations to retain it longer.
  • User images provided with explicit consent for AI model improvement will be retained as long as they are useful for this purpose or until you withdraw your consent. Once no longer needed or upon withdrawal of consent, these images will be securely deleted or fully anonymized.
  • Data processed by Supabase will be subject to retention policies aligned with our own.
  • Data processed by Stripe for payments will be retained according to Stripe's own data retention policies and legal obligations.
  • Non-personal, aggregated, or anonymized data may be retained indefinitely for analytical and service improvement purposes as it does not identify individuals.

Upon expiry of the applicable retention period, your personal data will be securely deleted or anonymized in accordance with best practices.

11. Cookies Policy

Our Website https://slouchsniper.com may use "cookies" and similar tracking technologies (like web beacons or pixels) to enhance your user experience, analyze website traffic, and for other operational purposes.

What are Cookies?

Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

How We Use Cookies:

We may use cookies for various purposes, including:

  • Essential Cookies: These cookies are strictly necessary to provide you with services available through our Website and to use some of its features, such as access to secure areas (e.g., logging into your account). Without these cookies, the services you have asked for cannot be provided.
  • Performance and Analytics Cookies: These cookies collect information about how you use our Website, such as which pages you visit most often, and if you receive error messages from web pages. This information helps us improve how our Website works. The data collected is typically aggregated and anonymous.
  • Functionality Cookies: These cookies allow our Website to remember choices you make (such as your username, language, or the region you are in) and provide enhanced, more personal features.
  • Targeting or Advertising Cookies (if applicable): These cookies may be used to deliver advertisements more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and help measure the effectiveness of advertising campaigns. We will seek your consent before placing these types of cookies.

Your Choices Regarding Cookies:

When you first visit our Website, you may be presented with a cookie banner requesting your consent for the use of non-essential cookies. You have the right to accept or refuse cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Slouch Sniper services or Websites. You can typically find information on how to manage cookies in your browser's help section or by visiting websites like www.allaboutcookies.org.

Cookies Used by Third Parties:

Third-party services we use, such as Supabase for authentication or potentially analytics providers, may also place cookies on your device. Their use of cookies is governed by their own privacy policies. For example, Supabase might use cookies to manage authentication sessions.

Our desktop App itself does not typically rely on browser cookies in the same way a website does, but it may use similar local storage mechanisms to save preferences or session information.

12. International Data Transfers

Your personal information, including email address, height, age, gender, and potentially user images (with consent), may be transferred to, stored, and processed in countries other than your country of residence, including countries outside the European Economic Area (EEA). These countries may have data protection laws that are different from the laws of your country.

Specifically, our services utilize cloud infrastructure, and our third-party service providers like Supabase and Stripe may operate globally. This means that when we collect your personal information, it may be processed in countries where these providers have data centers.

When we transfer your personal data outside the EEA, we will take appropriate safeguards to ensure that your information is protected in accordance with this Privacy Policy and applicable data protection laws, including the GDPR. These safeguards may include:

  • Ensuring the country to which data is transferred has been deemed to provide an adequate level of protection for personal data by the European Commission (an "adequacy decision").
  • Implementing Standard Contractual Clauses (SCCs) approved by the European Commission between Slouch Sniper and the third-party recipient.
  • Relying on Binding Corporate Rules (BCRs) if applicable.
  • For transfers to the United States, we may rely on the EU-U.S. Data Privacy Framework or successor frameworks where our providers are certified, or SCCs.

By using our Website and App and providing your personal data, you acknowledge that your data may be transferred to and processed in these other countries. We are committed to ensuring that such transfers are lawful and that your data remains protected. For more information on the safeguards we use for international transfers, please contact us at karol@slouchsniper.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, service offerings, legal requirements, or for other operational reasons. When we make material changes to this Privacy Policy, we will notify you by posting the updated policy on our Website https://slouchsniper.com and updating the "Effective Date" at the top of this policy.

If the changes significantly alter how we process your previously collected personal data, we will provide you with more prominent notice, such as by sending an email notification to the email address associated with your account or by displaying a prominent notice within our App or on our Website before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how Slouch Sniper is protecting your information. Your continued use of our Website or App after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy, subject to your rights regarding consent where applicable.

14. Contact Information

If you have any questions, concerns, or complaints about this Privacy Policy, our data handling practices, or if you wish to exercise any of your GDPR rights, please do not hesitate to contact us.

You can reach our Data Protection contact at:

Company Name: Slouch Sniper

Contact Email: karol@slouchsniper.com

Website: https://slouchsniper.com