Privacy policy

STEPOGRAM PRIVACY POLICY

Effective Date: 01.01.2025

1. TERMS AND DEFINITIONS

1.1. In this Privacy Policy, unless the context expressly requires otherwise, the following terms shall have the following meanings:
    * Company: IE "KAMILOV DJAXONGIR ULUGBEKOVICH".
    * Application: The Stepogram mobile application for Android / iOS and related services.
    * User: Any natural person using the Application in any capacity.
    * Personal Data: Any information relating directly or indirectly to the User, which the User provides about themselves independently during registration (account creation) or in the process of using the Application, including the User's personal data to which the User grants the Company access through third-party services (e.g., HealthConnect, HealthKit) or as a result of using the Application (e.g., activity data, location data, QR code scan data, data on obtaining Coupons and Prizes).
    * Policy: This Privacy Policy.
    * Agreement: The User Agreement (Terms of Use) available in the Application and/or at stepogram.com/termsofuse.
    * Fitness Coins, Coupon, Prize, Partner: Terms defined in the User Agreement.
    * Processing of Personal Data: Any action (operation) or set of actions (operations) performed with or without the use of automated means on Personal Data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data.

2. INFORMATION RECEIVED BY THE COMPANY

2.1. The Company collects, accesses, and uses Personal Data, technical, and other information related to the User, which is transmitted during the use of the Application, for the purposes defined in this Policy.
2.2. The Company processes the User's Personal Data, technical information, and other information only if such information is provided by the User independently or with their explicit consent, or if the transfer of such information is provided for by the functionality of the Application and the Agreement.
2.3. The information we may collect includes, but is not limited to:
    * Data provided during registration and Account use: Full name (or name/nickname), email address, gender (if required), phone number (if required), date of birth (if required), password (if required) (in encrypted form).
    * Activity and health data (with your consent via the Application itself, HealthConnect/HealthKit or similar platforms): Step count, distance traveled, calories burned, workout data, and other physical activity information you choose to share. We only request access to data types necessary for the Application's functionality (e.g., step counting for awarding Fitness Coins).
    * Location data (with your permission): GPS data for displaying routes, finding objects on the map (e.g., treasures, monsters, other players, Partner locations), and for verifying activity and QR code scans in specific locations (if applicable). You can manage location permissions in your device settings.
    * QR code scan data: Information contained in scanned fiscal QR codes (may include purchase details, merchant, time, amount), as well as the time and location of the scan (if location access is permitted). Photos of receipts, if you upload them.
    * Loyalty program usage data: Information about accumulated and spent Fitness Coins, participation in Auctions (bids, results), obtained Coupons and Prizes.
    * Technical information: IP address, device information (model, operating system, unique device identifiers), crash data, information about Application usage (screens visited, session times).
    * Communications: Information you provide when contacting customer support (info@stepogram.com and @StepogramAdmin on Telegram).

3. PURPOSES OF INFORMATION COLLECTION AND PROCESSING

3.1. The information provided by the User and collected by the Company is used solely for the purposes of:
    * Fulfilling the Company's obligations to the User under the Agreement, including providing access to the Application's functionality.
    * Ensuring the operation of the Application's core features: step tracking, calculating and awarding Fitness Coins, QR code scanning, operating the loyalty program ("Buy Now" Coupons, Auctions, Prize issuance).
    * Registering and identifying the User in the Application.
    * Establishing and maintaining communication with the User, sending informational messages (about the Application's operation, changes to the Agreement or Policy, status of Coupons/Prizes) and marketing communications (about new features, promotions, Partner offers), if the User has consented to this.
    * Displaying relevant content in the Application (routes, map objects, other users, available Coupons).
    * Improving the quality of service, developing new features, and upgrading the Application.
    * Detecting and preventing fraud, violations of the Agreement, and system abuse (verifying activity, QR code scans, operations with Fitness Coins and Coupons).
    * Conducting statistical and other research based on anonymized data to analyze Application usage and improve the service.
    * Ensuring the security of the Application and Users.
    * Complying with legal requirements and executing requests from authorized government bodies.

4. PROCESSING OF PERSONAL DATA AND USER CONSENT

4.1. By using the Application and accepting the terms of the Agreement and this Policy, the User gives their informed and conscious consent to the Company for the Processing of their Personal Data under the terms set forth in this Policy, for the purposes specified in Section 3.
4.2. Consent applies to all Personal Data specified in Section 2 and to all types of Processing necessary to achieve the stated purposes.
4.3. The User understands and agrees that to ensure the operation of certain functions (e.g., awarding coins for steps, displaying on the map), access to specific data (activity data, location data) is required. Refusal to grant access to such data or withdrawal of consent may result in the inability to use the corresponding Application features.
4.4. The Processing of Personal Data is carried out in compliance with the principles and rules provided for by applicable law, including the legislation of the Republic of Uzbekistan on personal data.

5. INFORMATION PROTECTION MEASURES AND COMPANY GUARANTEES

5.1. The Company takes necessary and sufficient legal, organizational, and technical measures to protect the User's Personal Data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions of third parties.
5.2. Security measures include, but are not limited to:
    * Using secure data transmission protocols (HTTPS).
    * Storing passwords in encrypted (hashed) form.
    * Restricting access to Personal Data for Company employees and contractors who need this information to perform their duties and are bound by confidentiality obligations.
    * Regular data backup.
    * Implementing measures to protect against malware and unauthorized access.
5.3. The Company guarantees that the information provided by Users is not provided to third parties and is not disclosed, except as provided in this Policy and applicable law.
5.4. The Company does not sell or transfer information about Users separately. Such information may be transferred only in the event of a partial or complete reorganization of the Company (merger, acquisition, sale of assets), provided that the acquirer assumes all obligations to comply with the terms of this Policy regarding the information received.

6. TRANSFER OF INFORMATION TO THIRD PARTIES

6.1. The Company has the right to transfer the User's Personal Data to third parties in the following cases:
    * The User has explicitly consented to such actions.
    * The transfer is necessary for the User to use a specific functionality of the Application or to fulfill the Agreement (e.g., transferring data to a Partner to verify Prize redemption for a Coupon; using third-party services for sending email newsletters or push notifications, analytics, hosting). Such third parties are obliged to maintain confidentiality and data security.
    * The transfer is necessary for conducting statistical and other research based on anonymized data.
    * The transfer is provided for by applicable law under an established procedure (at the request of a court, law enforcement agencies, etc.).
    * The transfer is necessary to protect the rights and legitimate interests of the Company or third parties in cases where the User violates the Agreement or this Policy, or there is a threat of such violation.
    * In the event of the Company's reorganization (see para 5.4).

7. USER RIGHTS

7.1. The User has the right to:
    * Receive information regarding the processing of their Personal Data in the manner and scope established by law.
    * Request the Company to clarify their Personal Data, block or destroy it if the Personal Data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing.
    * Withdraw their consent to the processing of Personal Data. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. In case of withdrawal of consent, the Company has the right to continue processing Personal Data without the User's consent if there are grounds specified by law. Withdrawal of consent may lead to the inability to use some or all features of the Application.
    * Delete their Account and associated Personal Data through the Application's functionality or by sending a request to the Company.
    * Exercise other rights provided for by law.
7.2. To exercise their rights, the User can contact the Company at info@stepogram.com. The request must contain information allowing the User to be identified and the substance of the request.

8. DATA RETENTION

8.1. The Company retains the User's Personal Data for as long as necessary to achieve the purposes for which it was collected (Section 3), or until the Account is deleted by the User or the Company, unless a longer retention period is required or permitted by law (e.g., to comply with legal obligations, resolve disputes, prevent fraud).
8.2. Photos of receipts and related data may be stored for the period necessary for verification, fraud prevention, and service improvement, but no longer than necessary for these purposes.
8.3. Upon expiration of the retention period or achievement of the processing purposes, Personal Data shall be destroyed or anonymized.

9. LIABILITY

9.1. The Company is not responsible for the loss of game assets (including Fitness Coins, Coupons) by Users in the event of software failures, errors (bugs), or hacking attacks, provided that the Company has taken reasonable security measures.
9.2. The User is responsible for providing accurate information and for unauthorized access to their Account due to failure to maintain confidentiality measures.

10. CHANGES TO THE PRIVACY POLICY

10.1. The Company reserves the right to make changes to this Privacy Policy.
10.2. The new version of the Policy comes into force from the moment it is posted in the Application and/or on the Company's website, unless otherwise provided by the new version of the Policy. The User undertakes to independently monitor changes to the Policy.
10.3. Continued use of the Application after the publication of a new version of the Policy means the User's acceptance of the Policy and its terms.
10.4. In case of disagreement with the terms of the Privacy Policy, the User must stop using the Application.

11. RESOLUTION OF CONTRADICTIONS

11.1. In the event that the Agreement between the Company and the User contains provisions on the use of personal information and/or Personal Data, the provisions of this Policy and such Agreement shall apply to the extent that they do not contradict the Policy. In case of contradictions, the provisions of this Policy shall prevail.

12. CONTACT INFORMATION

For all questions related to this Privacy Policy, please contact: info@stepogram.com.