Effective date: 30th of March, 2023
At OneStepFitness L.T.D, we are committed to protecting your privacy. OneStepFitness L.T.D, the provider of the OneStep fasting app (“OneStep,” “we,” “us,” or “our”), has prepared this Privacy Policy to explain what Personal Data (defined below) we collect, how we use and share that data, and your choices concerning our data practices. Our mobile application (the “App”) hosts an online fasting community where users can access resources, set goals, log fasting activity, and track long-term progress (such services, including our web-based platform found at https://www.onestepapp.co/ (the “Site”) and the App, are referred to collectively in this Privacy Policy as the “Service”).
This Privacy Policy explains what Personal Data (defined below) we collect, how we use and share that data, and your choices concerning our data practices. This Privacy Policy is incorporated into and forms part of our Terms of Service. AGREEMENT: Before using the Service or submitting any Personal Data to OneStep, please review this Privacy Policy carefully and contact us if you have any questions. By using the Service, you expressly consent to OneStep Longevity Science's collection, use, maintenance and disclosure of your Personal Data in accordance with the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not access the Site or otherwise use the Service.
We collect information that alone or in combination with other information in our possession could be used to identify you (“Personal Data”) as follows:
Personal Data You Provide: We collect the following categories of Personal Data from you when you create an account, sign up for our newsletter, use the Service, or communicate with us:
Identification Data: We collect your name, email address, and unique identifiers assigned by third party platforms (such as analytics or communication tools). If you sign up using credentials from a third party account such as Apple, we may collect your name and email address from the applicable third party. Fasting Data: we collect information relating to your fasts, such as the length of your fasts and the information contained in the notes you submit relating to your fasts Health Data: We may collect your resting heart rate, weight, and sleep data, either directly from you or from Apple Health or Google Fit, if you choose to provide such information. We may also collect certain medical condition information, including data relating to Type 1 Diabetes, Type 2 Diabetes, PCOS, Non-Alcoholic Fatty Liver Disease, Obesity (BMI), and Eating Disorder, if you choose to provide it to us. Notwithstanding anything else in this Privacy Policy, (a) we use Health Data only to provide the Service and not for advertising and (b) we will not disclose Health Data for advertising, marketing, or use-based data mining not needed to provide the Service. Communication Data: We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing this information is optional to you. Demographic Data: We collect your age and gender if you choose to provide them during sign-up. Social Media Data: We have pages on social media sites like Instagram, Facebook, Medium, Twitter, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we will collect Personal Data that you elect to provide to us, such as your contact details. In addition, the companies that host our Social Media Pages may provide us with aggregate information and analytics regarding the use of our Social Media Pages.
Internet Activity Data: When you visit, use, and interact with the Service, we may receive certain information about your visit, use, or interactions. For example, we may monitor the number of people that visit the Service, peak hours of visits, which page(s) are visited, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access the Service (e.g., Chrome, Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and navigation pattern. In particular, the following information is created and automatically logged in our systems:
Log Data: Information that your browser automatically sends whenever you visit the Site. Log Data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interacted with the Site. Such Log Data is also collected when you interact with the App. Cookies Data: Please see the “Cookies” section below to learn more about how we use cookies. Device Data: Includes name of the device, operating system, and browser you are using. Information collected may depend on the type of device you use and its settings. Usage Data: We collect information about how you use our Service, such as the types of content that you view or engage with, the features you use, the actions you take, and the time, frequency, and duration of your activities. Location Data: We may derive a rough estimate of your location from your IP address. We may also collect your location using GPS coordinates if you choose to provide it through the App. Email Open/Click Data: We use pixels in our email campaigns that allow us to collect your email and IP address as well as the date and time you open an email or click on any links in the email.
Cookies: We use cookies to operate and administer our Site, gather usage data on our Site, and improve your experience on it. A “cookie” is a piece of information sent to your browser by a website you visit. Cookies can be stored on your computer for different periods of time. Some cookies expire after a certain amount of time, or upon logging out (session cookies), others survive after your browser is closed until a defined expiration date set in the cookie (as determined by the third party placing it), and help recognize your computer when you open your browser and browse the Internet again (persistent cookies). For more details on cookies please visit All About Cookies.
On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off.
Please note that if you limit the ability of websites to set cookies, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site.
We may deliver a file to you through the Service (known as a “web beacon”) from an ad network. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Because your web browser must request these advertisements and web beacons from the ad network’s servers, these companies can view, edit, or set their own cookies, just as if you had requested a web page from their site. You may be able to opt-out of web beacon tracking conducted by third parties through our Service by adjusting the Do Not Track settings on your browser; please note that we don’t control whether or how these third parties comply with Do Not Track requests.
Advertising networks may use cookies to collect Personal Data. Most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit the Network Advertising Initiative’s online resources at http://www.networkadvertising.org and follow the opt-out instructions there.
If you access the Site on your mobile device, you may not be able to control tracking technologies through the settings.
We use Segment, a customer data platform, to collect and manage data about how users interact with our Service. Segment enables us to understand user behavior and enhance your experience when you use the Service. For more information on how Segment handles the data, please visit their privacy policy at https://www.twilio.com/en-us/legal/privacy.
Online Tracking and Do Not Track Signals: We and our third party service providers, including Facebook, may use cookies, pixels, or other tracking technologies to collect information about your browsing activities over time and across different websites following your use of the Site and use that information to send targeted advertisements. Our Site currently does not respond to “Do Not Track” (“DNT”) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will update this Privacy Policy to describe how we do so.
We may use Personal Data for the following purposes:
To provide the Service and help you track your fasting habits and display your progress over time; To verify your identity, age, and contact details; To authenticate your access to the Service; To personalize the Service for you (i.e., to calculate your circadian fasts based on your Location Data or to present relevant content based on your Demographic Data); To provide disclaimers based on your Health Data to ensure your safety while using the Service; To share Personal Data back to select partner apps; To respond to your inquiries, comments, feedback, or questions; To send administrative information to you, for example, information regarding the Service and changes to our terms, conditions, and policies; To administer a promotion, survey or other OneStep Longevity Science features; To show you advertisements, including interest-based or online behavioral advertising; To analyze and better understand how you interact with our Service; To maintain and improve the Service; To develop new products and services; To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks; and To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
Aggregated Information. We may aggregate Personal Data and use the aggregated information to analyze the effectiveness of our Service, to improve and add features to our Service, and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Service and share aggregated information like general user statistics with prospective business partners. We may collect aggregated information through the Service, through cookies, and through other means described in this Privacy Policy.
Marketing. We may use your Personal Data (excluding Health Data) to contact you to tell you about products or services we believe may be of interest to you. For instance, if you elect to provide your email, we may use that information to send you special offers. You may opt out of receiving emails by following the instructions contained in each promotional email we send you. You can also control the marketing emails and/or push messages you receive by updating your settings through your account. In addition, if at any time you do not wish to receive future marketing communications, you may contact us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding management of your account, other administrative matters, and to respond to your requests.
OneStep does not sell your Personal Data. In certain circumstances we may share the categories of Personal Data described above without further notice to you, unless required by the law, with the following categories of third parties:
Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share Personal Data with vendors and service providers, including providers of cloud hosting/computing services, database providers, email delivery and in-app/push messaging services, advertising and marketing services, payment processors, content monitoring services, and web, subscription, and app analytics services. Pursuant to our instructions, these parties will access, process, or store Personal Data in the course of performing their duties to us. We take commercially reasonable steps to ensure our service providers adhere to the security standards we apply to your Personal Data. Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your Personal Data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets. Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Service, or the public, or (v) protect against legal liability. Other Users: Certain user profile information, including your name, location, and any video or image content that such user has uploaded to the Service, may be displayed to other users to facilitate user interaction within the Service or address your request for our Service. Your account privacy settings may allow you to limit the other users who can see the Personal Data in your user profile and/or what information in your user profile is visible to others. Please remember that any content you upload to your public user profile, along with any Personal Data or content that you voluntarily disclose online in a manner other users can view (on discussion boards, blogs, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your user name may also be displayed to other users if and when you send messages or comments or upload images or videos through the Service and other users can contact you through messages and comments. Health Apps: Through the Service you can share your Health Data with other health Apps (We will not share Health Data with Advertisers (defined below) under any circumstances. Advertisers: We allow advertisers and/or merchant partners (“Advertisers”) to choose the Demographic and Location Information of users who will see their advertisements and/or promotional offers and you agree that we may provide Demographic and Location Information we have collected from you in non-personally identifiable form to an Advertiser, in order for that Advertiser to select the appropriate audience for those advertisements and/or offers. For example, we might use the fact you are located in San Francisco to show you ads or offers for San Francisco businesses, but we will not tell such businesses who you are. Or, we might allow Advertisers to display their ads to users with similar usage patterns to yours, but we will not disclose Internet Activity Data to Advertisers except in aggregate form, and not in a manner that would identify you personally. Note that if an advertiser asks us to show an ad to a certain audience or audience segment and you respond to that ad, the Advertiser may know that you clicked on the ad and conclude that you fit the description of the audience the Advertiser was trying to reach.
We keep Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (e.g. for tax, legal, accounting, or other purposes), whichever is longer.
Please log in to your account or contact us if you need to change or correct your Personal Data.
Where provided for by law and subject to any applicable exceptions, California residents may have the following rights:
To know the categories of Personal Data that OneStep has collected about you, the business purpose for collecting your Personal Data, and the categories of sources from which the Personal Data was collected; To access the specific pieces of Personal Data that OneStep has collected about you; To know whether OneStep has disclosed your Personal Data for business purposes, the categories of Personal Data so disclosed, and the categories of third parties to whom we have disclosed your Personal Data; To have OneStep, under certain circumstances, delete your Personal Data; and To be free from discrimination related to the exercise of these rights.
If you would like to exercise any or all of these rights, you may do so by contacting us. Your authorized agent may submit requests in the same manner. Once we receive your request, we will verify your identity by sending an email to the email address you provide to us.
Please contact us if you have questions about your rights or our disclosures under the CCPA, or to request access to an alternative format of this Privacy Policy.
If you are a resident of the European Economic Area (EEA), you have certain data protection rights covered by GDPR. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed about what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.
Under GDPR, you have the following rights:
Right of Access: You have the right to know whether your Personal Data is being processed by us, and, where that is the case, access to the Personal Data.
Right to Rectification: You have the right to have your Personal Data corrected if it is inaccurate or incomplete.
Right to Erasure: You have the right to request the deletion of your Personal Data under certain circumstances.
Right to Restrict Processing: You have the right to restrict the processing of your Personal Data, under certain conditions.
Right to Data Portability: You have the right to receive the Personal Data that you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller, including to have it directly transmitted from one controller to another.
Right to Object to Processing: You have the right to object to the processing of your Personal Data, under certain conditions.
Right to Withdraw Consent: Where we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at [email protected].
Our Service is not directed to children who are under the age of 18. OneStep does not knowingly collect Personal Data from children under the age of 18. If you have reason to believe that a child under the age of 18 has provided Personal Data to OneStep through the Service please contact us and we will endeavor to delete that information from our databases.
The Service may contain links to other websites not operated or controlled by OneStep, including social media services (“Third Party Sites”). In certain situations, Third Party Sites may sell or provide products or services to you through or in connection with the Service (either alone or jointly with us). One such service may include the ability for you to automatically transmit information between your Service profile and your accounts at Third Party Sites. The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.
You use the Service at your own risk. We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or e-mail. Please keep this in mind when disclosing any Personal Data to OneStep via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third party websites.
By using our Service, you understand and acknowledge that your Personal Data will be transferred from your location to our facilities and servers in the United States.
In certain circumstances providing Personal Data is optional. However, if you choose not to provide Personal Data that is needed to use some features of our Service, you may be unable to use those features. You can also contact us to ask us to update or correct your Personal Data at [email protected] [You may also delete your account. Please note that we will need to verify that you have the authority to delete the account and certain activity generated prior to deletion may remain stored by us and may be shared with third parties as detailed in this Privacy Policy.]
This Privacy Policy shall not apply to any unsolicited information you provide to us through the Services or through any other means. This includes, but is not limited to, any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.
The Service and our business may change from time to time. As a result we may change this Privacy Policy at any time. When we do we will post an updated version on this page, unless another type of notice is required by the applicable law. By continuing to use our Service or providing us with Personal Data after we have posted an updated Privacy Policy, or notified you by other means if applicable, you consent to the revised Privacy Policy and practices described in it.
If you have any questions about our Privacy Policy or information practices, please feel free to contact us at our designated request address: [email protected]
Updated 21 November 2023