Privacy Policy
Updated: April 25, 2023
Processors of your personal data
Our services are provided by Remote Future AG, Huobstrasse 3, 8808 Pfäffikon SZ, Switzerland (“Mellow”), a company registered under the laws of Switzerland.
When you are using our services, Mellow is processing your personal data. Mellow is outsourcing certain activities to third-party data processors (as listed in this policy) that may also use your personal data when acting on behalf of Mellow.
Types of personal data processed
Registration information: When you register for our services, you submit some non-encrypted identification and contact data (such as your email address, name, job title or position, address, phone number). The data that we request at the time of registration is necessary for the provision of our services.
Information provided through communication with us: You may decide to share further information, including personal data, with us when you contact our support or communicate with us otherwise. It is solely your decision to share any data with us during such communications, so our processing of such data will be based on your consent.
Information that we collect about you on our website: When you visit our website, we may use so-called “cookies”, including cookies by third parties, and other information gathering technologies, to make our website more attractive and to enable certain features. These technologies may provide us with personal data, information about devices and networks you utilize to access our website, and other information regarding your interactions with our website.
How do we use cookies?
-
Essential: These cookies are essential for our website to function. They usually enable your movement around our website and services you have specifically asked for, such as setting your privacy preferences, or filling in forms. For example, essential cookies include session cookies needed to transmit the website, authentication cookies, and security cookies. This category of cookies cannot be disabled.
-
Performance and analytics: These cookies allow us to learn how well our website performs. We also use these cookies to better understand how visitors use our website so we can improve their experience. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our websites, and to identify areas for improvement, such as navigation and marketing campaigns. If you do not allow these cookies, we will not know when you have visited our website, and will not be able to monitor its performance.
-
Marketing: These cookies are used in order to better understand users’ needs and their interactions with our marketing communications. If you decide to identify yourself, e.g. by filling out a form, these cookies may collect personal information about you.
-
Targeting: These cookies may be set through our site by our advertising partners. They may be used to serve you with advertisements that may be relevant to you and your interests on other web sites and services, and to measure their effectiveness. If you do not allow these cookies, you will experience less targeted advertising.
Third party service providers that currently place cookies include (subject to change, please see list of third-party providers for more details):
- Appsflyer: https://www.appsflyer.com/legal/cookie-policy/
-
Chatwoot: https://www.chatwoot.com/docs/product/others/cookies/
- GeoTargetly: https://geotargetly.com/cookies-opt-out
-
Google Ads: https://business.safety.google/adscookies/
-
Google Analytics: https://support.google.com/analytics/answer/6004245 - for Google Analytics, you can opt out of tracking using the browser add-on provided by Google
-
MailChimp: https://mailchimp.com/en-gb/legal/cookies/
-
Twilio: https://www.twilio.com/legal/privacy#cookies-and-tracking-technologies
You can choose not to allow some types of cookies. To change your cookie settings and preferences, click the “Cookie Settings” link in the footer of the page. Please note that blocking some types of cookies may impact your experience and the full functionality of the website may no longer be available. You are also free to decline cookies by applying the appropriate browser settings.
Website statistics: You can visit our website, which is separate from the Mellow app, without providing any direct information about yourself.
We store your browser type, the name of your internet service provider, the website from which you have visited us, and internet protocol (IP) addresses. Unless you choose to identify yourself by filling out a contact form, this data does not allow us to draw any conclusions regarding your identity. Storing and analyzing such information is essential for service improvement, security and debugging purposes.
Logs: We gather certain information and store it in log files when you interact with our service.
This information includes internet protocol (IP) addresses as well as browser type, operating system, device identifiers, time of access, and error logs.
Analytics: When you install our app, we automatically collect information such as the type of device you use, operating system version, and the IP addresses associated with you.
Information collected from third parties: We might receive information about you and your activities in our services from third parties, such as advertising partners. Upon your consent, such partners provide us with information about your engagement with online advertisements, our website, and our apps.
When you register or sign in with your Apple ID, you give Apple permission to share your Apple login, a name which can be edited by you and an email address. You can choose to hide your email address and Apple will create a random email address to keep your personal email address private. This email address will be linked to your Mellow account.
Legal basis for processing (for EEA users)
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. This means we collect and use your information only if:
-
It is necessary in order to provide our services, to provide customer support and to protect the safety and security of our services;
-
It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services and to protect our legal rights and interests - please see “Types of use of your data” for more detail;
-
You give us consent to do so for a specific purpose; or
-
It is needed to comply with a legal obligation.
Types of use of your data
We may process your personal data for several purposes, depending on how you use our services.
Services: We will use your personal data for providing our services to you and for the provision and maintenance of your user account.
Communications: We will send you technical notices, updates, security alerts, support and administrative messages. Please be aware that you cannot opt out of receiving certain service messages from us, including necessary security alerts and legal notices.
We might also send messages about how to use the services. You may change your communication preferences at any time via the link at the bottom of our messages.
Push notifications may be sent to your mobile devices to notify you of certain events or actions regarding your account and our service. To opt out of push notifications, please edit settings at the device level. Please be aware that we are not able to provide our service if you opt out of receiving certain push notifications from us.
Product development: We are constantly striving for ways to improve our services. We use aggregated usage data and users’ feedback to troubleshoot and to identify trends, usage, activity patterns and improvement of our services.
We also test and analyze certain new features with some users before rolling the feature out to all users.
We use analytics tools to better understand the functionality of our website and app. This software may record information such as usage, aggregated usage, and performance data. While we use your information to produce aggregate insights, such insights do not allow us to identify you.
Marketing: If you are an existing Mellow customer, we may use your email address to send you marketing communications, such as information about our services, unless you have opted-out.
We may also use information about you to personalize the content you receive on our website, in our app, marketing communications, and in our ads on other companies' websites and apps. If legally required, we also seek your consent for sending marketing communications.
Security: We use information about you to secure your profile, to verify activity, and to monitor suspicious activity and identify violations of our Terms & Conditions.
Support: Occasionally, we might connect personal information to information gathered in our log files as necessary to provide better customer support and to improve our services. In such a case, we would treat the combined information in accordance with this policy.
Protecting our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we will use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
Other purposes: In accordance with applicable law and this policy, we may also process your data for any other purposes for which we obtain your consent where necessary.
Sharing of your personal data with third-party processors
We will only share your personal data with third parties in accordance with this policy. In certain cases we need to share information, including personal data, with our third-party service providers. We use third-party service providers for a number of services, including application development, backup, storage, analytics and other services. Whenever personal data is transferred to the United States, we rely on Standard Contractual Clauses as a transfer mechanism.
Currently, we use the following service providers:
Third-party processor:
Amazon Web Services, Inc. on behalf of HubSpot, Inc.
Purpose:
Data processing on behalf of:
HubSpot, Inc.
25 First Street
2nd Floor Cambridge, MA 02141
USA
Country:
Germany
Sub-processors:
https://legal.hubspot.com/dpa
Example Data:
IP addresses, contact requests, metadata and
communications, contact information, names, web page access, and other data
—
Third-party processor:
Amazon Web Services, Inc.
Purpose:
Hosting
Country:
USA
Sub-processors:
https://aws.amazon.com/compliance/sub-processors/
Example Data:
App usage data, potential seizure data, IP addresses, contact requests, metadata and
communications, contact information of users and emergency contacts, names, and other data
—
Third-party processor:
Chatwoot Inc.
Purpose:
Inbound and outbound customer communication
Country:
USA
Sub-processors:
https://www.chatwoot.com/security
Example Data:
IP addresses, communications, contact information of users, names
—
Third-party processor:
Functional Software, Inc. (Sentry)
Purpose:
Application Monitoring
Country:
USA
Sub-processors:
https://sentry.io/legal/subprocessors
Example Data:
App usage data, potential seizure data, IP addresses, contact requests, metadata and communications, contact information of users and emergency contacts, names, and other data
—
Third-party processor:
V&T Technologies Pty. Ltd. (GeoTargetly)
Purpose:
Routing of users based on their geolocation
Country:
https://geotargetly.com/data-processing
Sub-processors:
https://geotargetly.com/privacy-policy
Example Data:
IP address, user agent (from request headers), browser URL, referrer URL, browser screen size
—
Third-party processor:
HubSpot Inc.
Purpose:
Website hosting; management of existing and potential customer relationships and interactions; marketing activities
Country, sub-processors, example data:
See “Amazon Web Services on behalf of HubSpot”
—
Third-party processor:
Google Ireland Limited
Country:
https://www.google.com/about/datacenters/locations/
Sub-processors:
https://business.safety.google/adssubprocessors/
Purpose:
Google Ads: Display ads in the Google search engine or on third-party websites
Example Data:
User data Google has in its possession, such as location data and interests
Purpose:
Google Analytics: Analysis of behavior patterns of website visitors
Example Data:
Pages accessed, time spent on page, operating system, user’s origin; no IP addresses for EU users
Purpose:
Google Drive: Storage of data entered in Google Forms
Example Data:
User ID, details of seizures and symptoms, feedback on app usage
Purpose:
Google Tag Manager: Integration of tracking or statistical tools and other technologies on our website
Example Data:
IP address
—
Third-party processor:
Google LLC
Country:
https://www.google.com/about/datacenters/locations/
Purpose:
Firebase: Hosting of databases, content, notifications, and services
Sub-processors:
https://firebase.google.com/terms/subprocessors
Example Data:
Instance IDs, advertising ID
Purpose:
Google Fonts: Uniform presentation of fonts
Sub-processors:
https://cloud.google.com/terms/subprocessors
Example Data:
IP address
—
Third-party processor:
Rocket Science Group LLC (MailChimp)
Purpose:
Delivery and analysis of marketing emails to customers
Country:
USA
Sub-processors:
https://mailchimp.com/en-gb/legal/subprocessors/
Example Data:
Data in connection with email delivery and engagement and management service such as name, email address, email messages
—
Third-party processor:
Meta Inc.
Purpose:
Ads on the Facebook and Instagram platforms
Country:
Denmark, Ireland, Sweden, USA
Sub-processors:
https://m.facebook.com/legal/ads-subprocessors
Example Data:
Data in connection with email delivery and engagement and management service such as name, email address, email messages
—
Third-party processor:
Reddit, Inc.
Purpose:
Ads on the Reddit platform
Country:
USA
Sub-processors:
https://www.reddit.com/policies/privacy-policy
Example Data:
IP address; User data Reddit has in its possession, such as location data and interests
—
Third-party processor:
Snap Inc.
Purpose:
Ads on the Snapchat platform
Country:
USA
Sub-processors:
https://help.snapchat.com/hc/en-us/articles/7012351145364
Example Data:
IP address; User data Snap has in its possession, such as location data and interests
—
Third-party processor:
TikTok Inc. (US)
Purpose:
Ads on the TikTok platform
Country:
USA, Hong Kong, Singapore
Sub-processors:
https://ads.tiktok.com/i18n/official/article?aid=30242040634959695
Example Data:
IP address, User data TikTok has in its possession, such as location data and interests
—
Third-party processor:
Twilio Inc.
Purpose:
Voice and text messages, marketing and transactional emails to customers
Country:
USA
Subprocessors:
https://www.twilio.com/legal/sub-processors
Example Data:
Data in connection with voice and text messages such as phone number, verification message
Data in connection with email delivery and management service such as name, email address, email messages
—
Third-party processor:
Zapier Inc.
Purpose:
Exchange of potential customer data between different marketing tools, triggering customer communication based on events in backend
Country:
USA
Sub-processors:
https://zapier.com/help/account/data-management/data-privacy-at-zapier
Example Data:
Contact data of potential customers such as name, email address, IP address
—
We may also engage our affiliates in Germany, Remote Future GmbH, and the USA, Mellow Technology Inc., as sub-processors, or act as a sub-processor for our affiliates.
Our use of third-party providers is subject to change.
Sharing of your data with other third parties
Aside from using third-party service providers, we may need to share some information, including your personal data, in the following circumstances:
Complying with legal requirements: We may transmit personal data if the applicable legal provisions require us to do so, or when such action is necessary to comply with any laws, including law enforcement requirements. We may also need to share personal data for the protection of our rights and interests, to protect your safety or the safety of others or to investigate fraud, in accordance with the applicable laws. Please note that we are not subject to medical secrecy obligations.
Business transactions: We may assign or transfer this policy, as well as your account and related information and data, including any personal information, to any person or entity that acquires all or substantially all of our business, stock or assets, or with whom we merge.
Testimonials: With your prior consent, we may post testimonials on our website that may contain personal data. If you wish to update or remove your testimonial, please contact us immediately.
Transfer of your data
Remote Future AG is a company organized and existing under the laws of Switzerland, having affiliates within the territory of the EEA (Germany). Switzerland was granted a data protection adequacy status by the European Commission. This means that, if you are located in the EEA, transfer of your personal data to Switzerland is practically considered as intra-EEA transmission of data.
Your personal data stored with us may be transferred to countries outside of the EEA. Such transfers of personal data are and will always be made in accordance with applicable laws. Data transmission to the United States is based on the Standard Contractual Clauses (SCC) of the European Commission. For further information, please see our list of third-party data processors.
Protection of your data
We take appropriate technical and organizational measures to protect your personal data against loss or other forms of unlawful processing. We are only working with third-party service providers if they are applying the same standards.
Retention of your information
We will retain your personal data as long as it is needed to fulfill the purposes specified above, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it as soon as it is technically possible.
Exercising your privacy rights
At any time, you may ask us to:
-
provide information to you about the personal data that we or our processors maintain about you,
-
correct inaccuracies or amend your personal data,
-
delete your personal data.
You can request this by sending an email to privacy@getmellow.app. We will respond to your request within thirty days. Please note that we may ask you to verify your identity before complying with the request.
If you are an individual in the European Economic Area (EEA), in certain circumstances the GDPR may grant you additional rights such as:
-
a broader right to erasure of your personal data, for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
-
the right to request us to stop processing your personal data.
-
the right to request that we restrict processing of your personal data in certain circumstances, for example, if you believe that the personal data we hold about you is inaccurate or unlawfully held.
-
the right to be provided with your personal data in a structured, machine-readable and commonly used format, and to request that we transfer the personal data to another data controller without hindrance.
You also have the right to complain to a data protection authority or claim damages before the court. For more information, please contact your local data protection authority. A list of contact details for the EU data protection authorities is available here.
You can request to exercise your rights by sending an email to privacy@getmellow.app. We will consider your request in accordance with applicable laws and respond within thirty days. Please note that we may ask you to verify your identity before complying with the request.
Withdrawal of your consent
In cases where the processing of your personal data is based on your consent, you can withdraw this consent any time by editing your device settings. In addition, you can also contact us at privacy@getmellow.app.
If you withdraw your consent, we will no longer process your personal data for the relevant purpose. Please be aware that we might no longer be able to provide our service if you withdraw your consent to process certain personal data.
Please also note that withdrawal of your consent does not affect the lawfulness of our processing activities based on consent before its withdrawal.
Children's privacy
Our services are mainly intended for adults and do not address anyone under the age of 16, with some jurisdictions legally providing a lower age for those purposes, provided that such lower age is not below 13 years. Below this age, we can only provide services if we are provided with a valid parental consent or guardianship approval, in accordance with the applicable legal requirements. We will not knowingly collect personal data from any person under the age of 13 unless described herein. If you are a parent or guardian and you are aware that your child has provided us with personal data please contact us. We will then remove that data from our databases.
Changes to this policy
We reserve the right to modify this policy when it is necessary. If there are any material changes to this policy, you will be notified 30 days prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of our services constitutes your agreement to be bound by such changes to this policy. If you no longer accept the terms of this policy, your only remedy is to discontinue use of our services.
Links to third parties
Our website or apps may contain links to and from the websites or services of third parties. This policy does not extend to these external sites or companies, please refer directly to their privacy policies.
Contact information
Should you have any questions, please contact us at privacy@getmellow.app.