Back to Home

Privacy Policy

HiPat Health & Fitness Application

Effective Date: January 15, 2025 Last Updated: January 15, 2025

1. Introduction

This Privacy Policy describes how 1000944461 Ontario Ltd., operating as HiPat ("HiPat," "Company," "we," "us," or "our"), collects, uses, discloses, and protects your personal information when you use the HiPat mobile application, website, and related services (collectively, the "Services").

We are committed to protecting your privacy and handling your personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable privacy laws. For information about our consumer health data practices required by the Washington My Health My Data Act and similar laws, please see our separate Consumer Health Data Privacy Policy.

By using the Services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.

2. Information We Collect

2.1 Information You Provide. We collect information you provide directly, including:

  • Account information such as name, email address, date of birth, gender, and password
  • Profile information such as height, weight, fitness goals, dietary preferences, and profile photos
  • Health and fitness data such as exercise logs, nutrition logs, meal photos, weight measurements, body measurements, sleep data, and wellness notes
  • Payment information such as billing address and payment method details (processed by third-party payment processors)
  • Communications such as messages with our support team and feedback you provide
  • Affiliate program information such as tax identification numbers, payment details, and promotional content you create

2.2 Information Collected Automatically. When you use the Services, we automatically collect:

  • Device information such as device type, operating system, unique device identifiers, and mobile network information
  • Usage information such as features used, pages viewed, time spent, and interaction patterns with the AI coach
  • Log information such as access times, pages viewed, IP address, and referring URL
  • Location information such as general location derived from IP address (we do not collect precise GPS location)
  • Cookies and similar technologies as described in Section 8

2.3 Information from Third Parties. We may receive information from:

  • Third-party fitness platforms such as Apple Health, Google Fit, and Fitbit when you authorize integration
  • Social media platforms if you choose to connect your accounts
  • Marketing partners and advertising networks
  • Public sources and commercially available data

2.4 Sensitive Personal Information. We collect certain categories of sensitive personal information including health-related data (fitness metrics, nutrition data, body measurements) and, for affiliate program participants, tax identification numbers. Under CCPA/CPRA, California residents have the right to limit the use and disclosure of sensitive personal information.

3. How We Use Your Information

3.1 Primary Purposes. We use your personal information to:

  • Provide and operate the Services
  • Create and manage your account
  • Process transactions and payments
  • Deliver AI-powered fitness and nutrition recommendations
  • Enable third-party platform integrations
  • Respond to your requests and communications
  • Send service-related communications

3.2 Improvement and Development. We use your information to:

  • Improve and optimize the Services
  • Train and improve our AI systems (with anonymized data)
  • Develop new features and services
  • Conduct research and analytics
  • Fix bugs and troubleshoot issues

3.3 Safety and Compliance. We use your information to:

  • Prevent fraud and unauthorized access
  • Enforce our Terms and Conditions
  • Comply with legal obligations
  • Protect our rights and the rights of others
  • Respond to legal requests and prevent harm

3.4 Marketing and Communications. With your consent where required, we use your information to:

  • Send promotional communications
  • Personalize content and advertisements
  • Conduct surveys and collect feedback

3.5 AI Training. We may use anonymized and aggregated data derived from your interactions with the Services to train and improve our AI systems. You may opt out of AI training data usage at any time through Settings > Privacy > AI Training. Opting out does not affect your access to the Services but may limit certain personalization features.

4. How We Share Your Information

4.1 Service Providers. We share information with third-party service providers who perform services on our behalf, including:

  • Cloud hosting and infrastructure providers
  • Payment processors
  • Analytics and data analysis providers
  • Customer support platforms
  • Email and communication service providers
  • AI and machine learning service providers

These providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

4.2 Third-Party Integrations. When you authorize integration with Third-Party Platforms (Apple Health, Google Fit, Fitbit, etc.), we share data as necessary to provide the integration functionality. Your use of Third-Party Platforms is subject to their respective privacy policies.

4.3 Business Transfers. If HiPat is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

4.4 Legal Requirements. We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government requests). We may also disclose information to:

  • Comply with legal obligations
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public

4.5 With Your Consent. We may share your information with third parties when you have given us explicit consent to do so.

4.6 Affiliates. We may share information with our corporate affiliates for purposes consistent with this Privacy Policy.

4.7 Aggregated and De-identified Data. We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, and other purposes.

5. International Data Transfers

5.1 Cross-Border Transfers. As a Canadian company, your personal information may be transferred to, stored, and processed in Canada, the United States, or other countries where our service providers maintain facilities. These countries may have data protection laws that differ from those in your country of residence.

5.2 Safeguards. When we transfer personal information internationally, we implement appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy and applicable law. These safeguards may include standard contractual clauses, data processing agreements, and other legal mechanisms recognized under applicable law.

5.3 Disclosure to US Authorities. If your personal information is transferred to or stored in the United States, it may be subject to access by US authorities, including courts, law enforcement, and national security agencies, under applicable US law.

6. Data Retention

6.1 Retention Periods. We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including:

  • Active account data is retained while your account remains active and for a reasonable period thereafter
  • Transaction records are retained for seven (7) years to comply with tax and accounting requirements
  • Usage data and logs are retained for up to three (3) years for analytics and improvement purposes
  • Marketing preferences are retained until you update them or close your account
  • Legal hold data may be retained longer if required for legal proceedings

6.2 Account Deletion. When you request account deletion, we will delete or anonymize your personal information within thirty (30) days, except for information we are required or permitted to retain under applicable law. Some information may persist in backups for a limited period.

7. Your Rights and Choices

7.1 All Users. Regardless of your location, you have the right to:

  • Access your account settings and update your personal information
  • Opt out of marketing communications
  • Manage cookie preferences
  • Control third-party integrations
  • Request information about our data practices

7.2 Canadian Residents (PIPEDA Rights). Under PIPEDA, Canadian residents have the right to:

  • Access your personal information in our possession
  • Request correction of inaccurate personal information
  • Withdraw consent for future collection, use, or disclosure (subject to legal or contractual restrictions)
  • Challenge our compliance with PIPEDA and lodge a complaint with the Office of the Privacy Commissioner of Canada

To exercise these rights, contact our Privacy Officer at privacy@hipat.com.

7.3 California Residents (CCPA/CPRA Rights). California residents have additional rights under the CCPA/CPRA, including:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of the sale or sharing of personal information
  • Right to Limit: Limit the use and disclosure of sensitive personal information
  • Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights

California residents may submit requests at privacy@hipat.com. We will verify your identity before processing requests. You may designate an authorized agent to make requests on your behalf.

7.4 Other US State Rights. Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights to access, delete, correct, and opt out. Contact us at privacy@hipat.com to exercise your rights.

7.5 Do Not Sell or Share. We do not sell personal information in exchange for monetary consideration. For purposes of CCPA/CPRA, certain data sharing with advertising partners may constitute "sharing" for cross-context behavioral advertising. You may opt out by clicking "Do Not Sell or Share My Personal Information" on our website or by contacting us at privacy@hipat.com.

7.6 Global Privacy Control. We honor Global Privacy Control (GPC) signals as a valid opt-out of the sale and sharing of personal information under CCPA/CPRA.

8. Cookies and Tracking Technologies

8.1 Types of Cookies. We use the following types of cookies and similar technologies:

  • Essential cookies required for the Services to function properly
  • Performance cookies to understand how users interact with the Services
  • Functionality cookies to remember your preferences
  • Analytics cookies to measure and analyze usage patterns
  • Advertising cookies to deliver relevant advertisements

8.2 Your Cookie Choices. You can manage cookie preferences through:

  • Your browser settings to block or delete cookies
  • Our cookie preference center on the website
  • Mobile device settings for advertising identifiers

Note that disabling certain cookies may affect the functionality of the Services.

8.3 Do Not Track. Some browsers have a "Do Not Track" feature. We currently do not respond to Do Not Track signals, but we honor Global Privacy Control signals as described in Section 7.6.

9. Security

9.1 Security Measures. We implement reasonable administrative, technical, and physical security measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and monitoring
  • Employee training on data protection
  • Incident response procedures

9.2 No Guarantee. Despite our efforts, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your personal information.

9.3 Your Responsibilities. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account. Please notify us immediately if you suspect unauthorized access to your account.

10. Children's Privacy

10.1 Age Requirement. The Services are intended for users who are at least eighteen (18) years of age. We do not knowingly collect personal information from children under 18.

10.2 COPPA Compliance. We comply with the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected personal information from a child under 13 (or under 16 in California for certain data), we will promptly delete that information.

10.3 Parental Contact. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@hipat.com, and we will take steps to delete such information.

11. Changes to This Privacy Policy

11.1 Updates. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email or prominent notice on the Services at least thirty (30) days before taking effect.

11.2 Review. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Us

12.1 Privacy Officer. For questions about this Privacy Policy or our data practices, please contact our Privacy Officer at:

Email: privacy@hipat.com

Mail: Privacy Officer 1000944461 Ontario Ltd. (HiPat) 7398 Yonge Street, Suite 2073 Thornhill, Ontario, L4J8J2 Canada

12.2 Complaints. If you have a complaint about our privacy practices, please contact us first to attempt to resolve the issue. If you are not satisfied with our response, you may lodge a complaint with the relevant data protection authority:

  • For Canadian residents: Office of the Privacy Commissioner of Canada (www.priv.gc.ca)
  • For California residents: California Attorney General (oag.ca.gov)
  • For other jurisdictions: Your local data protection authority