Last Revised: July 2, 2020
Note that you are under no legal obligation to provide us with any personal data, and that your consent is the sole basis for our use of it.
Please note that we are an Israeli company. Israel has an Article 29 Working Party Adequacy ruling, which, in plain language means that the EU Commission found that the level of personal data protection in Israel is adequate to the level required by EU regulation. We operate under Israeli law, and want to ensure your basic freedoms and rights are at the same level as they are granted to any nation worldwide.
How Do We Collect Personal Data?
We collect personal data in the following methods: First, we collect personal data when you register to our services or order our products. We do so by taking the personal data you filled out in our forms, as well as your use of the websites and applications. Then, we collect personal information when we interact with you: when you contact us through our support systems, when you send us emails or when you contact us via phone. We also use the device’s sensors you purchased from us to collect personal data.
What Personal Data Do We Collect?
We collect mainly information that relates to your use of our services, which includes: (i) information provided by you when you register to our services or order our products, such as: demographics, your first and last name, your email address, your gender, age, height, weight and approximate location (where the device was bought); (ii) information on why you bought our device; (iii) information relating to your use of the device, which includes the number of hours you sit and move each day, the pain levels you experience, your postures and progress; and (iv) information about your health and wellbeing, which includes habits, work environment, fitness routines and training preferences.
We also collect the contents of all correspondence between ourselves and our Customers.
How Do We Process Personal Data?
We use your personal data in order to provide you with the services. This is the purpose of collecting the personal data and the main reason for processing. This includes, first and foremost, collecting personal data by the sensors in our end-devices and using it to analyze your current posture and activity and to keep it for future analysis.
We also keep your contact information, both to provide you with access to our application, to contact you with notifications about your device, use of the software and new features, as well as to let you know if we believe something was compromised.
We process your personal data also in order to create statistical, non-personally identifiable, data which is used to assist us in better understanding of features. This means that we can compare behavior, for example, of different age groups, people living in different locations, or different genders in overall performance of our product. By using this data we can help you use our products and services in a better way.
We also process your personal data to understand your device level data, your posture score, your movement levels, and additional technical information including whether you slouched, sat at a smooth angle, had some training, and how you interacted with or without vibrations.
Who Has Access To Your Personal Data?
We do our best to ensure that your personal data remains secure. We provide our employees with limited, monitored, access, only on a need-to-know basis. We also use some contractors that are engaged by our company to provide us with services. Both our employees and contractors are under strict confidentiality agreements.
We also use a few, limited, third parties to process your information. These third parties are:
- Telespine, which only processes your information if you opt-in to use it, and is one of our tele-medicine partners.
- Intercom, which is our user-engagement system, and provides us with insights about how people use our services, and serves as a tool that our customer support uses to communicate with our users.
- Firebase by Google, which is an analytics system that helps us to understand how people use our mobile apps.
- Delighted, which is our user feedback tool.
- Apple Health, which is used if you use an iOS device, and helps you to track your workouts.
- Klaviyo, which is our email marketing service, and helps us to update you periodically about our services.
- Facebook Ads, which is one of our marketing tools and allows us to contact you via alternative channels.
- Logz.io, which is a statistical tool that helps us to analyze how people use our services.
- Swifty Beaver, which is a statistical tool that helps us to analyze how people use our services.
- Priority, which is our fulfillment system, that helps us to send you physical products.
- Google Suite, which provides both analytics and marketing services.
- Shopify, which is used for ecommerce management purposes.
- LuckyOrange, which is used for website engagement analytics.
We also use applications to connect our databases, which include Delighted to Bigquery, Intercom to Bigquery, Shopify to Bigquery, Firebase to Bigquery, and Bigquery to Tableau.
We also comply with legal requests, meaning that if we get an authorized legal warrant to provide your personal data from a law enforcement authority, court or other authorized authority, we will act accordingly. We do not, however, comply with mass-surveillance of our end-users, and shall challenge such requirements in courts until resorting all efforts.
How Do We Secure Personal Information?
We secure personal information by storing it in industry-grade servers, when information may be encrypted to prevent abuse and misuse. We also make sure that our servers are checked, occasionally, for known vulnerabilities and bugs, and we update our operating systems periodically. We make sure that all access to our servers is logged, and in some cases use two-factor-authentication.
Collection of Personal Information by Third Parties.
How Can We Contact You?
We may use your contact information to contact you from time to time with promotional offers, in order to provide you with content, training plans, exercises and instructions, articles, questionnaires, recommendations and updated related to our services, new features or information relating to a security breach, if it happens. We also may send you push notifications or text messages to update you with information relating to your specific use of the applications.
You can opt out from all notifications or any notifications using our services.
How Can You Review, Amend or Delete Your Personal Data?
We can provide you with a copy of your personal data if you contact us by sending an email to [email protected]; after you do so, we will verify that this request is genuine, and send your personal data. If you find any of the personal data to be inaccurate, please let us know and we will amend it.
You can also request, post-review, that we remove personal data. In such a case, we will retain the minimum amount that we are required by law but will remove all excess data.
Can You Request That We Cease Processing?
Yes. You can contact us at [email protected] and request that we cease processing your personal data. However, in such a case we will not be able to provide you with any of the services.
Please note that in some cases, we may prefer to remove personal data altogether than to cease processing due to costs. In such a case, we will provide you with a copy of your personal data.
Children and Minors.
Upright is meant for adults. We do not provide our services for children or minors. If you are over 14 and under 18, you need to provide us with parental permission to process and retain the information, and specifically, let us know.
Our website uses first party and third party cookies. A cookie is a small file placed on your browser’s environment which allows us to identify you as a unique user. It does not contain any personal information, nor can it be used to by anyone but ourselves and our third party service providers (who provide third party cookies).
You may opt out from storing cookies on your device altogether, or specifically from our website in your browser’s settings. However, this may impair your use of our services.
What Happens In Case of Merger?
If our company is acquired, merged, or otherwise transfers its business into a new entity, we might be required to merge databases as well. In such case, we will provide you with a 14-day notice to either delete your information or request that we cease processing. If no response arrives, we may merge databases.