Privacy Policy

Back to Home

1. Introduction

At CandyMate ("we," "us," or "our"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, the "Services").

CandyMate is owned and operated by oddopi, a sole proprietorship based in Bangladesh.

We encourage you to read this Privacy Policy carefully to understand our practices regarding your personal data. By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We collect and process different types of information to provide and improve our Services.

2.1 Information You Provide to Us

Account Information: When you create an account, we collect:

• Basic profile information (name, email address & password)
• Additional demographic details (country, date of birth)
• Contact information (mobile number)
• Profile picture (optional)

Digital Assets and Content: We store and process:

• Items in your Calendar called "Slot"
• Bookmarks and saved links
• Files and documents you upload
• Notes and personal reminders
• Shopping lists and task items
• Any other content you choose to create, upload, or store

Communication Information:

• Support requests and related communications
• Feedback and survey responses
• Communications with other users (if applicable)

Payment Information:

• If you subscribe to premium features, we collect payment details through our secure payment processors, who may collect credit card numbers, billing addresses, and other financial information necessary for processing payments

Preferences:

• Your app settings and preferences
• Notification and communication preferences
• Display and interface customizations

2.2 Information We Collect Automatically

Device Information:

• Device type, model, and operating system
• Unique device identifiers
• IP address
• Browser type and version
• Mobile network information
• Time zone setting

Usage Data:

• How you interact with our Services
• Features you use and time spent on different sections
• Interaction with notifications
• Performance data and error logs
• Navigation patterns and clickstream data

Location Information:

• General location (derived from IP address or time zone settings)
• Precise location (only if you grant permission and where relevant to app functionality)

2.3 Information from Third Parties

If you connect third-party services to CandyMate, we may receive information from those services, such as:

• Calendar data from connected calendar services
• Contact information from integrated address books
• File data from cloud storage services you connect
• Information from social media accounts (if you choose to link them)

3. How We Use Your Information

We use your information for various purposes, including:

3.1 Providing and Improving the Services

• Creating and managing your account
• Delivering the core functionality of CandyMate
• Customizing your experience based on your preferences
• Processing transactions and fulfilling subscriptions
• Analyzing usage patterns to improve our features and user experience
• Troubleshooting issues and providing technical support
• Developing new features and services

3.2 Communication and Support

• Responding to your inquiries and support requests
• Sending service-related communications (account verification, updates, security alerts)
• Providing notifications about your activities within the app (e.g., reminders, task due dates)
• Sending product updates, newsletters, and marketing communications (where permitted)
• Conducting surveys and collecting feedback

3.3 Security and Protection

• Verifying your identity and preventing unauthorized access
• Detecting and preventing fraudulent activities
• Monitoring and analyzing usage patterns for security purposes
• Enforcing our Terms of Service
• Protecting our rights, property, and safety (and those of our users)

3.4 Research and Analytics

• Generating aggregated, non-identifying analytics to understand user behavior
• Conducting research to improve our Services
• Creating internal reports on user trends and service performance
• Testing and developing new features

4. Legal Bases for Processing

If you are in the European Economic Area (EEA), United Kingdom, or regions where similar laws apply, we rely on the following legal bases for processing your personal data:

Contractual Necessity: Processing necessary to provide the Services you have requested and to fulfill our obligations under the Terms of Service.

Legitimate Interests: Processing that serves our legitimate business interests, such as:

• Improving and personalizing our Services
• Marketing our Services to potential and existing users
• Protecting the security of our Services and users
• Analyzing how our Services are used

Consent: Processing based on your specific consent, which you can withdraw at any time, such as:

• Sending marketing communications
• Processing precise location data
• Using certain cookies and similar technologies

Legal Obligation: Processing necessary to comply with our legal obligations, such as:

• Responding to legal requests and court orders
• Complying with tax and accounting requirements
• Fulfilling our obligations under data protection law

5. Cookies and Similar Technologies

5.1 What We Use

We use various tracking technologies to enhance your experience and collect data about your activities:

Cookies: Small data files stored on your device that help us recognize you and remember your preferences.

Local Storage: Browser-based storage that helps us improve performance and maintain your settings.

Pixels and Beacons: Small graphics that allow us to monitor user behavior and track conversion rates.

Session Replay Tools: Technologies that help us understand how users interact with our Services to improve usability.

5.2 Categories of Cookies

Essential Cookies: Required for basic functionality (authentication, security, remembering preferences).

Analytical/Performance Cookies: Help us understand how visitors interact with our Services by collecting anonymous information.

Functionality Cookies: Allow our Services to remember choices you make to provide enhanced functionality.

5.3 Your Cookie Choices

You can manage cookies through your browser settings, including blocking or deleting them. However, if you block essential cookies, some parts of our Services may not function properly.

When you first visit our Services, you will be presented with a cookie banner, if applicable, that allows you to accept or decline non-essential cookies.

6. How We Share Your Information

We value your privacy and do not sell your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

6.1 Service Providers

We share information with third-party service providers who help us operate, provide, improve, and promote our Services, such as:

• Cloud storage providers
• Payment processors
• Customer support services
• Analytics providers
• Email service providers
• Hosting services

These service providers are authorized to use your personal information only as necessary to provide services to us and are contractually obligated to maintain appropriate security measures.

6.2 Third-Party Integrations

If you choose to connect third-party services to your CandyMate account (such as Google Calendar, cloud storage, or social media accounts), we may share information with these services as necessary to enable the integration. These exchanges are governed by the privacy policies of those third parties.

6.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests from public authorities (such as court orders, subpoenas, or government requests).

6.4 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Services of any change in ownership or uses of your personal information.

6.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

6.6 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for market research, industry analysis, research, demographic profiling, and other similar purposes.

7. Data Transfers and Storage

7.1 International Transfers

Your information may be transferred to, stored, and processed in countries other than the one in which you reside. These countries may have data protection laws that differ from those in your country.

When we transfer your personal data internationally, we implement appropriate safeguards in accordance with applicable data protection laws, which may include:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules
• Adequacy decisions by relevant authorities
• Other legally approved mechanisms

7.2 Data Storage Security

We store your data on secure servers using industry-standard encryption techniques. Our primary data centers are located in Singapore.

8. Your Privacy Rights and Choices

Depending on your location, you may have various rights regarding your personal information:

8.1 Access and Portability

You have the right to:

• Access the personal information we hold about you
• Receive a copy of your personal information in a structured, commonly used, machine-readable format
• Transmit your data to another service provider where technically feasible

8.2 Correction and Deletion

You can:

• Update or correct inaccurate or incomplete personal information
• Request deletion of your personal information (subject to certain exceptions)
• Deactivate or delete your account through your account settings

8.3 Restriction and Objection

You may have the right to:

• Restrict or object to certain processing of your personal information
• Object to processing for direct marketing purposes
• Withdraw consent where processing is based on your consent

8.4 Communication Preferences

You can manage your communication preferences by:

• Adjusting notification settings within the app
• Using the unsubscribe link in marketing emails
• Contacting our support team

8.5 How to Exercise Your Rights

To exercise your rights:

• Use the relevant controls in your account settings
• Submit a request through our support form available in the App Menu (see the CandyMate Help to understand about how to find the Support Function).

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before fulfilling your request.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• End-to-end encryption for sensitive personal data
• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and penetration testing
• Employee training on data protection and security
• Physical and environmental safeguards for our servers

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to notifying you of any data breach as required by law.

10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Information: We retain your account information until you delete your account. After account deletion, we may retain certain information in anonymized or aggregated form.

Usage Data: We generally retain usage data for a shorter period, typically not more than 24 months.

Backup Data: For disaster recovery purposes, we maintain backups that may contain personal information for up to 30 days after deletion from active systems.

Legal Requirements: We may retain certain information for longer periods if required for legal, tax, accounting, or regulatory purposes.

When we no longer need personal information, we securely delete or anonymize it.

11. Children's Privacy

Our Services are not directed to children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@mycandymate.com. If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

12. Region-Specific Disclosures

12.1 California Privacy Rights

If you are a California resident, you have specific rights under California law:

CCPA/CPRA Rights:

• Right to know what personal information we collect and disclose
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt-out of the sale or sharing of personal information
• Right to limit use and disclosure of sensitive personal information
• Right to non-discrimination for exercising your rights

To exercise these rights, contact us at privacy@mycandymate.com or call our toll-free number at [phone number].

Shine the Light Law: California residents may request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

12.2 European Economic Area, UK, and Similar Jurisdictions

If you are in the EEA, UK, or regions with similar privacy laws, you have the rights outlined in Section 8, as well as:

• The right to lodge a complaint with a supervisory authority
• The right not to be subject to automated decision-making, including profiling, which produces legal or similarly significant effects

For data subject requests or complaints, contact our Data Protection Officer at dpo@mycandymate.com.

12.3 Other Regions

We comply with local privacy laws in all regions where we operate. Please contact us for specific information related to your jurisdiction.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons.

For material changes:

• We will notify you via email and/or a prominent notice on our Services
• We will update the "Last Updated" date at the top of this Privacy Policy
• Where required by law, we may seek your explicit consent to the changes

We encourage you to review this Privacy Policy periodically for any changes. Non-material changes will be effective immediately upon posting of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or feedback about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@mycandymate.com

Postal Address:
oddopi
Dhaka, Bangladesh

Data Protection Officer:
dpo@mycandymate.com

General Support:
support@mycandymate.com

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to lodge a complaint with the data protection authority in your country.

Thank you for trusting CandyMate with your personal information. We are committed to protecting your privacy and providing you with a secure and personalized experience.