Your Data

Your Data
Photo by Kaffeebart / Unsplash

Commit 250 User Data Statement

At Commit 250, we are committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal data. This User Data Statement outlines our data practices in compliance with the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Apple’s App Store Guidelines, and other applicable privacy regulations. Our goal is to provide you with clear information about how your data is handled and to empower you with control over your personal information.

1. Who We Are

Commit 250 is developed by Requisite Technologies, Inc, a corporation based in Nebraska. As the data controller, we are responsible for determining how and why your personal data is processed. For inquiries, you can contact our support team at [email protected].

2. Data We Collect

We collect and process the following categories of data to provide, improve, and secure the Commit 250 app:

  • Personal Data: Information that can identify you, such as:
    • Name, email address, or other contact details (provided during account creation or sign-up).
    • Device identifiers (unique device ID, IP address).
    • Usage data (app interactions, preferences, or settings).
  • Non-Personal Data: Anonymized or aggregated data that does not identify you, such as:
    • App performance metrics or crash reports.
    • General usage statistics.

We collect only the data necessary for the app’s functionality and lawful purposes, adhering to the principle of data minimization.

3. How We Collect Data

Data is collected through:

  • Direct Input: Information you provide (during registration or profile setup).
  • Automatic Collection: Data collected via app usage, such as device information or analytics, using technologies like cookies or SDKs (for crash reporting or performance monitoring).
  • Third-Party Services: If applicable, we may receive data from third-party services (e.g., Apple Sign-In, analytics providers) with your consent.

4. Purpose and Legal Basis for Processing

We process your data for the following purposes, grounded in lawful bases under GDPR and other regulations:

  • To Provide and Operate the App:
    • Allowing users to track their progress.
    • Authenticate users and manage accounts.
  • To Improve the App:
    • Analyze usage patterns to enhance user experience.
    • Debug and resolve technical issues.
  • To Comply with Legal Obligations:
    • Respond to data subject requests (access or deletion requests under GDPR/CCPA).
    • Comply with regulatory requirements, such as data breach notifications.

You may withdraw at any time by contacting support, however, this may affect certain app features.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share data with:

  • Service Providers: Analytics providers that process data on our behalf under strict data processing agreements compliant with GDPR and CCPA.
  • Legal Authorities: When required by law or to protect our rights, safety, or property.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred with appropriate safeguards.

For GDPR compliance, data transfers outside the EU/EEA (e.g., to servers in the U.S.) are protected by Standard Contractual Clauses or other mechanisms under Article 46 of GDPR.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this statement or to comply with legal obligations. For example:

  • Account data is retained while your account is active and for 6 months after account deletion, unless required by law.
  • Anonymized data may be retained indefinitely for analytics purposes. You can request deletion of your data as described in Section 8.

7. Data Security

We implement technical and organizational measures to protect your data, including:

  • Encryption of data in transit (e.g., via SSL/HTTPS) and at rest.
  • Regular security audits and access controls.
  • Anonymization or pseudonymization where possible.

Despite these measures, no system is completely secure. In the event of a data breach, we will notify affected users and supervisory authorities within 72 hours, as required by GDPR.

8. Your Rights

Under GDPR, CCPA, and other applicable laws, you have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Deletion: Request deletion of your data (the “right to be forgotten”).
  • Restriction: Limit how we process your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing for certain purposes (e.g., marketing).
  • Do Not Sell (CCPA): Opt out of the sale of your personal information (if applicable; note that Commit 250 does not sell data).
  • Withdraw Consent: Revoke consent for data processing at any time.

To exercise these rights, contact us at [support email or in-app mechanism]. We will respond within 30 days (or as required by law). For GDPR-related complaints, you may contact your local supervisory authority.

9. App Tracking Transparency (ATT)

Apple’s App Tracking Transparency framework (iOS 14.5 and later), allows apps to track your activity across apps and websites owned by other companies for advertising or analytics purposes. We do not use the App Tracking capabilities in any Smart Phone Technology.

10. Privacy by Design

We incorporate privacy by design and default principles, including:

  • Collecting only the data necessary for the app’s functionality.
  • Using privacy-friendly defaults (e.g., opt-in for non-essential data processing).
  • Providing clear, transparent privacy notices, such as Apple’s Privacy Nutrition Labels on the App Store.

11. Compliance with Apple’s App Store Guidelines

Commit 250 adheres to Apple’s App Store Review Guidelines, including:

  • Providing a visible link to this User Data Statement on our app’s App Store page.
  • Disclosing data collection practices via Apple’s Privacy Nutrition Labels.
  • Ensuring third-party SDKs (if used) comply with Apple’s privacy manifest requirements.

12. International Data Transfers

If Commit 250 processes data outside your region (e.g., EU data processed in the U.S.), we ensure compliance with GDPR’s data transfer requirements, such as Standard Contractual Clauses or adequacy decisions. We also adhere to the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) where applicable.

13. Children’s Privacy

Commit 250 is not intended for users under 18. We do not knowingly collect data from children without parental consent, in compliance with the Children’s Online Privacy Protection Act (COPPA) and GDPR’s provisions for minors.

14. Updates to This Statement

We may update this User Data Statement to reflect changes in our practices or legal requirements. We will notify you of material changes via in-app notifications or email before they take effect. The latest version will be available on our website https://commit250.com/your-data and App Store page.

15. Contact Us

For questions, concerns, or to exercise your data rights, contact us at: