Privacy Policy – Invoer Fitness Activity Analysis Mobile Application

1. Who we are

The Application is a mobile solution developed by Invoer that analyzes your fitness activity data from Garmin to provide personalized feedback and training suggestions using artificial intelligence (AI) features.

If you have any questions about this Policy, you can contact us at: E-mail: paulo.rodrigues@invoer.com.br | Phone: +55 81 99755-0859

2. Data we collect

We may collect and process the following categories of data:

2.1 Account and identification data

Name or nickname, e-mail address, and registration information required to use the Application.

2.2 Garmin activity data

When you connect your Garmin account to the Application, we receive, through the Garmin API, your fitness activity data, such as (depending on the permissions you authorize): workout information (type of activity, duration, distance, pace, etc.), physiological and performance data (for example: heart rate, estimated calories, cadence, among others), dates and times of activities, and other metrics made available by Garmin and authorized by you.

2.3 Technical data

Device model, operating system, device and application identifiers, and error logs and Application usage data.

3. How we obtain the data

Your activity data is obtained exclusively when you: (1) Create an account or log in to the Application; (2) Choose to connect your Garmin account to the Application; (3) Grant the necessary permissions so that the Application can access your data through the Garmin API.

You can revoke this authorization at any time in your Garmin account settings or in the Application settings (when available).

4. How we use your data

We use your data for the following purposes: (1) Basic operation of the Application - Allow you to register and log in, synchronize activity data from your Garmin account; (2) Artificial Intelligence (AI) analysis - Process your activity data through AWS Bedrock AI, generate analyses, insights and personalized feedback about your performance; (3) Creation of personalized training plans - Use your past activity data to suggest training plans tailored to your profile, goals and workout history; (4) Service improvement - Understand how the Application is used, improve features, usability, performance and security; (5) User communication - Send notices about the service, important changes to this Policy or to the Terms of Use, respond to questions and support requests.

We do not use your activity data for direct marketing purposes without your specific consent.

5. Use of AI (AWS Bedrock)

Fitness activity data obtained from Garmin may be sent to AI services provided by Amazon Web Services (AWS), specifically AWS Bedrock, for the following purposes: Analyze your activity history, generate textual feedback on your performance, and suggest personalized training plans based on your data.

In these cases: AWS acts as an infrastructure and data processing provider on our behalf; we do not authorize AWS to use your data to train general-purpose models for third parties outside the scope of the service; we take measures to send only the information necessary to generate the analyses.

6. Data sharing

We do not sell your personal data.

We may share your data only in the following situations: (1) Service providers (processors) - Hosting and infrastructure providers (such as AWS); authentication, usage analytics and error monitoring services. These third parties process your data only according to our instructions and for the purposes described in this Policy. (2) Compliance with legal obligations - When necessary to comply with laws, court orders or requests from competent authorities. (3) Protection situations - To protect your rights, our security, the security of other users, or to prevent fraud and abuse.

7. Legal basis for processing

The processing of your personal data is carried out on the following legal bases, as applicable: Performance of a contract (to enable your use of the Application and the services provided); Consent (for connecting to the Garmin API and accessing fitness activity data, as well as any optional communications); Legitimate interest (to improve the service, ensure security and prevent abuse, when compatible with your rights); Compliance with legal or regulatory obligations, when required.

If you are subject to the Brazilian General Data Protection Law (LGPD) or similar legislation, your rights and guarantees under the law will be respected.

8. Your data protection rights

Subject to applicable law, you may exercise the following rights: Confirm whether we process your personal data; Access your personal data; Correct incomplete, inaccurate or outdated data; Request anonymization, blocking or deletion of unnecessary or excessive data; Request deletion of personal data processed based on consent; Revoke consent for the use of Garmin activity data; Request information about third parties with whom we share your data; Request data portability, where applicable.

To exercise your rights, please contact us at: paulo.rodrigues@invoer.com.br

9. Data security and storage

We adopt reasonable technical and organizational security measures to protect your data against unauthorized access, loss, misuse or alteration. Such measures may include: Transmission of data using secure protocols (for example, HTTPS); Restricted access controls for authorized staff and service providers; Storage of data on servers with appropriate security standards.

Despite our efforts, no system is 100% secure, and we cannot guarantee absolute security of the information.

10. International data transfers

Your data may be stored and processed on servers located outside your country, for example, in Amazon Web Services (AWS) data centers. In such cases, we will take steps to ensure that any international data transfers comply with applicable data protection laws and guarantee an adequate level of protection.

11. Data retention

We will retain your personal data only for as long as necessary to: Fulfill the purposes described in this Policy; Comply with legal and regulatory obligations; Resolve disputes and enforce our rights.

You may request deletion of your account and associated data, subject to any legal retention obligations.

12. Children and minors

The Application is not intended for children under 16 years of age, and we do not knowingly collect personal data from children in this age group.

If we become aware that data from children under 16 have been collected inadvertently, we will take reasonable steps to delete such data as soon as possible.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do so, we will change the "Last updated" date at the top of this document. In case of material changes, we may notify you through the Application or by e-mail.

We recommend that you review this Policy periodically to stay informed about how your data is processed.

14. Contact

If you have any questions, comments or requests regarding this Privacy Policy or the processing of your personal data, please contact us: E-mail: paulo.rodrigues@invoer.com.br | Phone: +55 81 99755-0859