Privacy Policy

1. INTRODUCTION

Welcome to Pedivo. Pedivo Ltd (“Pedivo”, “we”, “us”, “our”) is committed to protecting your privacy and safeguarding your personal data through transparent practices, appropriate technical and organizational security measures, and clear communication regarding how and why we process your information.

This Privacy Policy explains how we collect, use, store, disclose, transfer, and protect information when you access or use the Pedivo mobile application (the “App”), our website (if applicable), and any related features, community services, integrations, and reward systems (collectively, the “Services”). This Policy should be read together with our Terms of Service and any in-app notices that provide additional detail for specific processing activities.

Legal Compliance. This Policy is drafted to comply with applicable data protection laws and platform requirements, including where relevant: the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Nigeria Data Protection Regulation (“NDPR”) and the Nigeria Data Protection Act (as applicable), the California Consumer Privacy Act as amended (“CCPA”), and any implementing or successor legislation, together with the requirements of the Apple App Store and Google Play Store.

Medical Disclaimer. Pedivo is a fitness and lifestyle application and is not a medical device. We do not provide medical advice, diagnosis, or treatment. You should always seek professional medical advice regarding any medical condition or health concern and should not rely on the Services as a substitute for professional healthcare.

Scope. This Policy applies to information we process about Users and visitors. It does not apply to third-party services, even if they are linked to or integrated with the Services. Third parties have their own privacy policies which govern their processing of your data.

2. INFORMATION WE COLLECT

We collect and process certain categories of information in order to deliver the Services, maintain accuracy in activity tracking, support community features, prevent fraud, ensure security, and improve our product. The information we collect depends on how you use the Services, your device settings, and the permissions you grant.

3. HOW WE USE YOUR INFORMATION

We use your information only for legitimate, defined purposes aligned with the operation of the Services. In particular, we use your data for the following purposes:

• Service Provision: To operate the Services, authenticate your Account, track steps, calculate calories, and convert eligible activity into Virtual Coins.
• Gamification: To manage rewards, challenges, streaks, achievements, and public leaderboards where you elect to participate.
• Integrity: To detect, investigate, prevent, and remediate fraud, cheating, abuse, or violations of our Terms (including step-cheating detection and validation).
• Support: To respond to your inquiries, provide customer support, address disputes, and fix technical bugs.
• Security: To secure the App, prevent unauthorized access, and maintain network and information security controls.
• Improvement: To perform internal analytics, understand feature adoption, and enhance performance and user experience.

Health Data Policy. We do not sell health data to third parties. We do not use health data for targeted advertising or profiling. Where we use analytics, we do so to improve the Services and enforce integrity, and we apply safeguards designed to minimize privacy impact.

4. LEGAL BASIS FOR PROCESSING

Depending on your location and applicable law, we process personal data on one or more lawful bases. The primary lawful bases relied upon include:

• Consent: For health data, contact access, and profile photos. You may withdraw consent at any time through your device settings or in-app controls (where available).
• Contractual Necessity: To provide the core app features you sign up for, including account services, step tracking, and Virtual Coin functionality.
• Legitimate Interests: For app security, fraud prevention, cheating detection, service integrity, and internal analytics (balanced against your rights and expectations).
• Legal Obligation: To comply with statutory and regulatory requirements (including NDPR/GDPR compliance obligations, lawful requests, and recordkeeping duties).

Where required by law, we will provide additional notices and obtain additional consents before processing certain categories of data.

5. DATA SHARING & DISCLOSURE

We do not sell your personal data. We disclose information only where necessary to operate the Services, comply with law, enforce our Terms, or protect users and the public. We may share data with:

• Service Providers: Vendors that provide services on our behalf such as cloud hosting (e.g., AWS), analytics (e.g., Firebase), crash reporting (e.g., Sentry), and payment processing. These providers are authorized to process data only under our instructions and are subject to contractual confidentiality and security obligations.
• Community: If you participate in “Clubs” or “Leaderboards,” certain information such as your username and step totals may be visible to other users according to feature settings.
• Legal Authorities: Where required by a valid court order, subpoena, or other lawful process, or where disclosure is reasonably necessary to comply with law or protect the rights, property, or safety of Pedivo, users, or others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of the transaction, subject to applicable law and appropriate safeguards.

We may also share aggregated or de-identified information that cannot reasonably be used to identify you, for analytics and service improvement purposes.

6. THIRD-PARTY PLATFORMS & SERVICES

The Services may be distributed through or integrated with third-party platforms and services. Your use of those platforms is governed by their own policies. We encourage you to review those policies carefully.

Pedivo integrates with the following platforms. Their use of data is governed by their own policies:

Where you connect Apple Health (HealthKit) or Google Fit, those platforms may have additional controls and terms. Pedivo does not control third-party processing conducted by those platforms.

7. DATA RETENTION & DELETION

We retain personal data only for as long as necessary for the purposes described in this Policy, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

• Active Data: We retain account data as long as your account is active.
• Account Deletion: You can delete your account in the App Settings. Upon deletion, we remove or anonymize your data within 30 days, subject to legal and security requirements.
• Inactivity: Accounts inactive for more than 24 months may be anonymized or deleted, subject to applicable law and operational constraints.

Certain records may be retained for longer periods where required to comply with legal obligations, fraud prevention, dispute resolution, or the establishment, exercise, or defense of legal claims.

8. YOUR GLOBAL PRIVACY RIGHTS

Depending on your location and applicable law, you may have rights in relation to your personal data. These rights are not absolute and may be subject to legal exceptions.

• Access/Portability: Request a copy of your data in a digital format, and where applicable request transfer of your data to another provider.
• Correction: Request correction of inaccurate or incomplete personal information.
• Erasure: Request deletion of your personal data, subject to lawful grounds for retention.
• Withdrawal of Consent: Revoke permissions for Health or Contact data in your device settings (note: core functionality may be impacted).
• Lodge a Complaint: Contact the NDPC (Nigeria) or your local Data Protection Authority (EU/UK).

To exercise these rights, contact us using the details in Section 12. We may request reasonable verification to confirm identity before fulfilling a request.

9. DATA SECURITY

We implement technical and organizational safeguards designed to protect your information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

By way of example, we use industry-standard AES-256 encryption for data at rest and TLS/SSL encryption for data in transit. We restrict access to personal data to authorized personnel, contractors, and service providers who need access to perform their roles, and who are subject to confidentiality and security obligations.

No method of transmission over the internet or method of electronic storage is 100% secure. Accordingly, while we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

10. INTERNATIONAL DATA TRANSFERS

Pedivo is a global service. Your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that are different from those in your jurisdiction.

Where required by law, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms to protect cross-border transfers. We also implement additional technical and organizational measures where appropriate to ensure continued protection of your data.

11. CHILDREN’S PRIVACY

Pedivo is not intended for users under 13 years of age. In jurisdictions where a higher age threshold applies (such as 16 in certain regions), we do not intend the Services for users below that threshold. If we learn that we have collected personal data from a child under the applicable age threshold, we will take steps to delete such data promptly.

12. CONTACT INFORMATION

For privacy-related questions, to exercise your rights, or to contact our Data Protection Officer, you may reach us using the details below. We aim to respond within reasonable timeframes and as required by applicable law.

If you are located in Nigeria, you may also lodge a complaint with the Nigeria Data Protection Commission (NDPC). If you are located in the EU/UK, you may contact your local supervisory authority.