Skip to content
Get Mellow now

Privacy Policy

Updated: February 8, 2023


Processors of your personal data

Our services are provided by Remote Future AG, Huobstrasse 3, 8808 Pfäffikon SZ, Switzerland (“Mellow”), a company registered under the laws of Switzerland.

When you are using our services, Mellow is processing your personal data. Mellow is outsourcing certain activities to third-party data processors (as listed in this policy) that may also use your personal data when acting on behalf of Mellow. 


Types of personal data processed

Registration information: When you register for our services, you submit some non-encrypted identification and contact data (such as your email address, name, job title or position, address, phone number). The data that we request at the time of registration is necessary for the provision of our services.

Phone contacts: You may grant us access to your phone contacts, which enables you to easily add emergency contacts in our apps. Should you choose to deny access to your phone contacts, you will still be able to manually add emergency contacts. 

Location services: When an alert is triggered, we share your location with your emergency contacts, so they know where you are and can provide help. We will only share your location with your emergency contacts, and only when an alert is triggered. Access to your location is necessary for our apps to function. 

Text messages: When an alert is triggered, we send a text and a voice message to your emergency contacts in order to inform them about your location and that you need help. We also notify your emergency contacts if you cancel the alert. We will only send messages with your consent, only to your emergency contacts and only when an alert is triggered.

Motion data: We analyze your motion (accelerometer and gyroscope) data to detect seizure-like activities. When an abnormal activity is detected, we notify your emergency contacts. We will also use your motion data to improve the performance of our seizure detection algorithm and analyze your personal seizure pattern.

Heart rate: We may use your heart rate data to improve the performance of our seizure detection algorithm and analyze your personal seizure pattern.

Information provided through communication with us: You may decide to share further information, including personal data, with us when you contact our support or communicate with us otherwise. It is solely your decision to share any data with us during such communications, so our processing of such data will be based on your consent.

Information that we collect about you on our website: When you visit our website, we may use so-called “cookies”, including cookies by third parties, and other information gathering technologies, to make our website more attractive and to enable certain features. These technologies may provide us with personal data, information about devices and networks you utilize to access our website, and other information regarding your interactions with our website.

How do we use cookies?

  • Essential: These cookies are essential for our website to function. They usually enable your movement around our website and services you have specifically asked for, such as setting your privacy preferences, or filling in forms. For example, essential cookies include session cookies needed to transmit the website, authentication cookies, and security cookies. This category of cookies cannot be disabled.

  • Performance and analytics: These cookies allow us to learn how well our website performs. We also use these cookies to better understand how visitors use our website so we can improve their experience. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our websites, and to identify areas for improvement, such as navigation and marketing campaigns. If you do not allow these cookies, we will not know when you have visited our website, and will not be able to monitor its performance.

  • Marketing: These cookies are used in order to better understand users’ needs and their interactions with our marketing communications. If you decide to identify yourself, e.g. by filling out a form, these cookies may collect personal information about you.

  • Targeting: These cookies may be set through our site by our advertising partners. They may be used to serve you with advertisements that may be relevant to you and your interests on other web sites and services, and to measure their effectiveness. If you do not allow these cookies, you will experience less targeted advertising.

Third party service providers that currently place cookies include (subject to change, please see list of third-party providers for more details):

You can choose not to allow some types of cookies. To change your cookie settings and preferences, click the “Cookie Settings” link in the footer of the page. Please note that blocking some types of cookies may impact your experience and the full functionality of the website may no longer be available. You are also free to decline cookies by applying the appropriate browser settings.

Website statistics: You can visit our website, which is separate from the Mellow app, without providing any direct information about yourself.

We store your browser type, the name of your internet service provider, the website from which you have visited us, and internet protocol (IP) addresses. Unless you choose to identify yourself by filling out a contact form, this data does not allow us to draw any conclusions regarding your identity. Storing and analyzing such information is essential for service improvement, security and debugging purposes.

Logs: We gather certain information and store it in log files when you interact with our service.

This information includes internet protocol (IP) addresses as well as browser type, operating system, device identifiers, time of access, and error logs.

Analytics: When you install our app, we automatically collect information such as the type of device you use, operating system version, and the IP addresses associated with you.

Information collected from third parties: We might receive information about you and your activities in our services from third parties, such as advertising partners. Upon your consent, such partners provide us with information about your engagement with online advertisements, our website, and our apps. 

When you register or sign in with your Apple ID, you give Apple permission to share your Apple login, a name which can be edited by you and an email address. You can choose to hide your email address and Apple will create a random email address to keep your personal email address private. This email address will be linked to your Mellow account.


Legal basis for processing (for EEA users)

If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. This means we collect and use your information only if:

  • It is necessary in order to provide our services, to provide customer support and to protect the safety and security of our services; 

  • It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services and to protect our legal rights and interests - please see “Types of use of your data” for more detail; 

  • You give us consent to do so for a specific purpose; or

  • It is needed to comply with a legal obligation. 


Types of use of your data

We may process your personal data for several purposes, depending on how you use our services.

Services: We will use your personal data for providing our services to you and for the provision and maintenance of your user account.

Communications: We will send you technical notices, updates, security alerts, support and administrative messages. Please be aware that you cannot opt out of receiving certain service messages from us, including necessary security alerts and legal notices.

We might also send messages about how to use the services. You may change your communication preferences at any time via the link at the bottom of our messages.

Push notifications may be sent to your mobile devices to notify you of certain events or actions regarding your account and our service. To opt out of push notifications, please edit settings at the device level. Please be aware that we are not able to provide our service if you opt out of receiving certain push notifications from us.

Our service also enables communications between you and others. In particular, we will send voice and text messages to your emergency contacts in case of a potential seizure.

Product development: We are constantly striving for ways to improve our services. We use aggregated usage data and users’ feedback to troubleshoot and to identify trends, usage, activity patterns and improvement of our services.

We also test and analyze certain new features with some users before rolling the feature out to all users.

We use analytics tools to better understand the functionality of our website and app. This software may record information such as usage, aggregated usage, and performance data. While we use your information to produce aggregate insights, such insights do not allow us to identify you.

Marketing: If you are an existing Mellow customer, we may use your email address to send you marketing communications, such as information about our services, unless you have opted-out.

We may also use information about you to personalize the content you receive on our website, in our app, marketing communications, and in our ads on other companies' websites and apps. If legally required, we also seek your consent for sending marketing communications.

Payment: We do not collect or store your payment details. This information is provided directly to Apple, Inc., which is acting as third-party payment processor for in-app purchases such as a subscription to our services. Apple, Inc. may provide us with some limited data related to you in order to identify your purchases.

Security: We use information about you to secure your profile, to verify activity, and to monitor suspicious activity and identify violations of our Terms & Conditions.

Support: Occasionally, we might connect personal information to information gathered in our log files as necessary to provide better customer support and to improve our services. In such a case, we would treat the combined information in accordance with this policy.

Protecting our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we will use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.

Other purposes: In accordance with applicable law and this policy, we may also process your data for any other purposes for which we obtain your consent where necessary.


Sharing of your personal data with third-party processors

We will only share your personal data with third parties in accordance with this policy. In certain cases we need to share information, including personal data, with our third-party service providers. We use third-party service providers for a number of services, including application development, backup, storage, analytics and other services. Whenever personal data is transferred to the United States, we rely on Standard Contractual Clauses as a transfer mechanism.

Currently, we use the following service providers:


Third-party processor:
Amazon Web Services, Inc. on behalf of HubSpot, Inc.

Purpose:
Data processing on behalf of:
HubSpot, Inc.
25 First Street
2nd Floor Cambridge, MA 02141
USA

Country:
Germany

Sub-processors:
https://legal.hubspot.com/dpa

Example Data:
IP addresses, contact requests, metadata and
communications, contact information, names, web page access, and other data



Third-party processor:
Amazon Web Services, Inc.

Purpose:
Hosting

Country:
USA

Sub-processors:
https://aws.amazon.com/compliance/sub-processors/

Example Data:
App usage data, potential seizure data, IP addresses, contact requests, metadata and
communications, contact information of users and emergency contacts, names, and other data



Third-party processor:
Apple, Inc.

Purpose:
Payments

Country:
USA

Sub-processors:
https://www.apple.com/legal/privacy/data/en/app-store/

Example Data:
Payment status, personal identifiers




Third-party processor:
AppsFlyer Ltd.

Purpose:
Ads on the Facebook and Instagram platforms

Country:
European Union

Sub-processors:
https://www.appsflyer.com/legal/subprocessors/

Example Data:
Data on interaction with advertisements, app and website usage data, device type, IP address



Third-party processor:
Chatwoot Inc.


Purpose:
Inbound and outbound customer communication

Country:
USA

Sub-processors:
https://www.chatwoot.com/security


Example Data:
IP addresses, communications, contact information of users, names




Third-party processor:
Functional Software, Inc. (Sentry)

Purpose:
Application Monitoring

Country:
USA

Sub-processors:
https://sentry.io/legal/subprocessors

Example Data:
App usage data, potential seizure data, IP addresses, contact requests, metadata and communications, contact information of users and emergency contacts, names, and other data




Third-party processor:
V&T Technologies Pty. Ltd. (GeoTargetly)

Purpose:
Routing of users based on their geolocation

Country:
https://geotargetly.com/data-processing

Sub-processors:
https://geotargetly.com/privacy-policy

Example Data:
IP address, user agent (from request headers), browser URL, referrer URL, browser screen size



Third-party processor:
HubSpot Inc.

Purpose:
Website hosting; management of existing and potential customer relationships and interactions; marketing activities

Country, sub-processors, example data:
See “Amazon Web Services on behalf of HubSpot”



Third-party processor:
Google Ireland Limited

Country:
https://www.google.com/about/datacenters/locations/

Sub-processors:
https://business.safety.google/adssubprocessors/

Purpose:
Google Ads: Display ads in the Google search engine or on third-party websites

Example Data:
User data Google has in its possession, such as location data and interests

Purpose:
Google Analytics: Analysis of behavior patterns of website visitors

Example Data:
Pages accessed, time spent on page, operating system, user’s origin; no IP addresses for EU users

Purpose:
Google Drive: Storage of data entered in Google Forms

Example Data:
User ID, details of seizures and symptoms, feedback on app usage


Purpose:
Google Tag Manager: Integration of tracking or statistical tools and other technologies on our website

Example Data:
IP address



Third-party processor:
Google LLC

Country:
https://www.google.com/about/datacenters/locations/

Purpose:
Firebase: Hosting of databases, content, notifications, and services

Sub-processors:
https://firebase.google.com/terms/subprocessors

Example Data:
Instance IDs, advertising ID

Purpose:
Google Fonts: Uniform presentation of fonts

Sub-processors:
https://cloud.google.com/terms/subprocessors

Example Data:
IP address



Third-party processor:
Hotjar Ltd

Purpose:
Information on use and user movements of of our website

Country:
EU

Sub-processors:
https://help.hotjar.com/hc/en-us/articles/360058514233-Sub-Processors-used-by-Hotjar

Example Data:
IP address, referring URL and domain, device type, operating system, browser type, window size and content



Third-party processor:
Rocket Science Group LLC (MailChimp)

Purpose:
Delivery and analysis of marketing emails to customers

Country:
USA

Sub-processors:
https://mailchimp.com/en-gb/legal/subprocessors/

Example Data:
Data in connection with email delivery and engagement and management service such as name, email address, email messages




Third-party processor:
Meta Inc.

Purpose:
Ads on the Facebook and Instagram platforms

Country:
Denmark, Ireland, Sweden, USA

Sub-processors:
https://m.facebook.com/legal/ads-subprocessors

Example Data:
Data in connection with email delivery and engagement and management service such as name, email address, email messages




Third-party processor:
Reddit, Inc.

Purpose:
Ads on the Reddit platform

Country:
USA

Sub-processors:
https://www.reddit.com/policies/privacy-policy

Example Data:
IP address; User data Reddit has in its possession, such as location data and interests




Third-party processor:
Snap Inc.

Purpose:
Ads on the Snapchat platform

Country:
USA

Sub-processors:
https://help.snapchat.com/hc/en-us/articles/7012351145364

Example Data:
IP address; User data Snap has in its possession, such as location data and interests


—

Third-party processor:
TikTok Inc. (US)

Purpose:
Ads on the TikTok platform

Country:
USA, Hong Kong, Singapore

Sub-processors:
https://ads.tiktok.com/i18n/official/article?aid=30242040634959695

Example Data:
IP address, User data TikTok has in its possession, such as location data and interests



Third-party processor:
Twilio Inc.

Purpose:
Voice and text messages, marketing and transactional emails to customers

Country:
USA

Subprocessors:
https://www.twilio.com/legal/sub-processors

Example Data:
Data in connection with voice and text messages such as phone number, verification message
Data in connection with email delivery and management service such as name, email address, email messages



Third-party processor:
Zapier Inc.

Purpose:
Exchange of potential customer data between different marketing tools, triggering customer communication based on events in backend

Country:
USA

Sub-processors:
https://zapier.com/help/account/data-management/data-privacy-at-zapier

Example Data:
Contact data of potential customers such as name, email address, IP address

We may also engage our affiliates in Germany, Remote Future GmbH, and the USA, Mellow Technology Inc., as sub-processors, or act as a sub-processor for our affiliates. 



Our use of third-party providers is subject to change.


Sharing of your data with other third parties

Aside from using third-party service providers, we may need to share some information, including your personal data, in the following circumstances:

Complying with legal requirements: We may transmit personal data if the applicable legal provisions require us to do so, or when such action is necessary to comply with any laws, including law enforcement requirements. We may also need to share personal data for the protection of our rights and interests, to protect your safety or the safety of others or to investigate fraud, in accordance with the applicable laws. Please note that we are not subject to medical secrecy obligations.

Data shared by you: Information, including personal data, will be shared with your designated emergency contacts in case of an alert. We ask you to pay special attention to who you designate as an emergency contact.

Business transactions: We may assign or transfer this policy, as well as your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge.

Testimonials: With your prior consent, we may post testimonials on our website that may contain personal data. If you wish to update or remove your testimonial, please contact us immediately.

 

Transfer of your data


Remote Future AG is a company organized and existing under the laws of Switzerland, having affiliates within the territory of the EEA (Germany). Switzerland was granted a data protection adequacy status by the European Commission. This means that, if you are located in the EEA, transfer of your personal data to Switzerland is practically considered as intra-EEA transmission of data.

We primarily store personal data within the EEA. Your personal data stored with us may also be transferred to countries outside of the EEA. Such transfers of personal data are and will always be made in accordance with applicable laws. Data transmission to the United States is based on the Standard Contractual Clauses (SCC) of the European Commission. For further information, please see our list of third-party data processors.

Protection of your data

We take appropriate technical and organizational measures to protect your personal data against loss or other forms of unlawful processing. We are only working with third-party service providers if they are applying the same standards.


Retention of your information

We will retain your personal data as long as it is needed to fulfill the purposes specified above, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it as soon as it is technically possible.

 

Exercising your privacy rights

At any time, you may ask us to:

  • provide information to you about the personal data that we or our processors maintain about you,

  • correct inaccuracies or amend your personal data,

  • delete your personal data.


You can request this by sending an email to privacy@getmellow.app. We will respond to your request within thirty days. Please note that we may ask you to verify your identity before complying with the request.


If you are an individual in the European Economic Area (EEA), in certain circumstances the GDPR may grant you additional rights such as:

  • a broader right to erasure of your personal data, for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.

  • the right to request us to stop processing your personal data.

  • the right to request that we restrict processing of your personal data in certain circumstances, for example, if you believe that the personal data we hold about you is inaccurate or unlawfully held.

  • the right to be provided with your personal data in a structured, machine-readable and commonly used format, and to request that we transfer the personal data to another data controller without hindrance.


You also have the right to complain to a data protection authority or claim damages before the court. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available here.

You can request to exercise your rights by sending an email to privacy@getmellow.app. We will consider your request in accordance with applicable laws and respond within thirty days. Please note that we may ask you to verify your identity before complying with the request.



Withdrawal of your consent

In cases where the processing of your personal data is based on your consent, you can withdraw this consent any time by editing your device settings. In addition, you can also contact us at  privacy@getmellow.app.

If you withdraw your consent, we will no longer process your personal data for the relevant purpose. Please be aware that we might no longer be able to provide our service if you withdraw your consent to process certain personal data.

Please also note that withdrawal of your consent does not affect the lawfulness of our processing activities based on consent before its withdrawal.


Children's privacy

Our services are mainly intended for adults and do not address anyone under the age of 16, with some jurisdictions legally providing a lower age for those purposes, provided that such lower age is not below 13 years. Below this age, we can only provide services if we are provided with a valid parental consent or guardianship approval, in accordance with the applicable legal requirements. We will not knowingly collect personal data from any person under the age of 13 unless described herein. If you are a parent or guardian and you are aware that your child has provided us with personal data please contact us. We will then remove that data from our databases. 


Changes to this policy

We reserve the right to modify this policy when it is necessary. If there are any material changes to this policy, you will be notified 30 days prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of our services constitutes your agreement to be bound by such changes to this policy. If you no longer accept the terms of this policy, your only remedy is to discontinue use of our services.


Links to third parties

Our website or apps may contain links to and from the websites or services of third parties. This policy does not extend to these external sites or companies, please refer directly to their privacy policies.


Contact information

Should you have any questions, please contact us at privacy@getmellow.app.