META FLOW LTD.

Privacy Policy

Last Revised: August 26th , 2019

MetaFlow Ltd. (“Meta Flow”, “Company” “we”or “us”) are committed to protect the privacy of the users of our website located at lumen.me (the “Website”) and of the users of the Lumen device (the “Lumen Device”) and of the services we provide in connection with use of the Lumen Device through the Lumen mobile application (respectively“User(s)” or “you”; the “Lumen Services” and the “LumenApp”), in compliance with applicable privacy and personal data laws and regulations. The Website, the Lumen Device, the LumenServices and the Lumen App shall be together referred to hereunder as the “Services”This Privacy Policy (the “Privacy Policy”) is intended to describe our practices regarding the information we may collect from you when you use the Services, the manners in which we may use such information, and the options and rights available to you.This Privacy Policy supplements, and should be read in conjunction with our Terms of Use (the “TOU”), which provides additional information on the Services. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our TOU.
1. Your Consent (PLEASE READ CAREFULLY!)
BY ENTERING, CONNECTING TO, ACCESSING OR USING THE SERVICES (ORANY PART THEREOF), YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY, INCLUDING THE COLLECTION AND PROCESSING OF YOUR PERSONAL AND HEALTH INFORMATION (AS DEFINED BELOW).

IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS AND/OR USE THE SERVICE IN ANY MANNER WHATSOEVER.

IMPORTANT:

‍PLEASE NOTE: YOU ARE NOT OBLIGATED TO PROVIDE US WITH ANY PERSONALOR HEALTH INFORMATION. YOU HEREBY ACKNOWLEDGE AND AGREE THAT YOU ARE PROVIDINGUS WITH SUCH INFORMATION AT YOUR OWN FREE WILL, FOR THE PURPOSES DESCRIBED INSECTION ‎4 BELOW, AND THAT WE MAY USE, PROCESS AND RETAIN SUCH PERSONAL ORHEALTH INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY AND SUBJECT TO ANYAPPLICABLE LAWS AND REGULATIONS.
2. Types of information we may collect from our Users
We may collect three types of data and information from our Users:

i. Personal Information, which is information that identifies an individual or may with reasonable effort identify an individual, either alone or in combination with other information, all unless anonymized. Such as name, email, address, location and date of birth. Some technical parameters may also be considered as Personal Information, such as IP address and UDID (Unique Device Identifier), and;

ii. Health, Wellness and Nutrition Related Information (“Health Information”), which is Personal Information that corresponds to a measurement of your physical/mental objective an/or subjective state and nutrition data, such as height, weight, sleep habits, food, caffeine and water intake, heart rate, breath data, real-time assessment of carbohydrate availability and metabolic fuel use as measured via use of the Lumen Device and through the Lumen App, as well as body activity data, such as types of exercise, number of steps, speed and distance and any Personal Information we derive from such information; and

‍iii. Non-personalInformation, which is non-identifying and without reference to the identity of any User, such as technical data that is necessary for the performance of the Service, for example app analytics, taps and inputs, Wi-Fi network information, operating system, mobile device type, Lumen Device technical information, browser and keyboard language, the 'click-stream' and activities on the Service, and the period of time the Service were used and related timestamps.

For the avoidance of doubt, any Non-personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists. In this context it is important to note that Health Information is included within the category of PersonalInformation for the purposes of this Agreement.
3. How do we collect information?
We collect personal information from you and any devices (including mobile devices) you use when you: use or access ourServices, register for an account with us, provide us information on a web form or other text field, update or add information to your account, or through correspondence you and we conduct with each other.

More specifically we collect and use the following categories and types of information:

3.1.   Personal information you provide us when you use our ServicesGenerally, this category refers to any information, data or content you actively and voluntarily create or provide through our Services such as: Contact information such as your name, email and physical addresses, or telephone number that you provide through the Services when you fill our online form or register for an account with us or when you update your accounts details. Information you provide during a transaction you perform through the Services, or other transaction-based content that you generate related to such transaction. Other content that you generate, or your actions in your use of your account (such as adding items to your shopping cart, adding items to your saved items list etc. Health Information and any other information you provide us in the scope of your use of the Lumen Services, the Lumen App and the Lumen Device, such as breath samples, daily diet, exercise routine, emotional and mental state, perceived sense of viability, as well as ongoing feedbacks that you provide us regarding your satisfaction from the diet plans, the difficulty to follow-up with the plans, etc. The contents of your interaction with our customer support or sales departments, which may include text/video/audio recording and transcripts of such communications including information you enter in our “Contact Us” online form or any similar input. Financial information (such as credit card or bank account numbers) that you provide us in the scope of transactions you make through theServices, which is processed by our third party services providers as further detailed below and to which we have no access. Shipping, delivery, postage, billing and other information used to transact and deliver through the Services, as well as, where applicable, information required to clear customs (such as Tax ID or other identification numbers). 3.2.   Personal information we collect automatically when you use our ServicesIn other words, we are aware of your usage of the Services and Website and may gather, collect and record the information relating to such usage, including by using our third party service providers as detailed in Section ‎‎5 (sharing information with third parties) below, and by using “cookies” and other tracking technologies, as further detailed in Section ‎13 (Third PartyServices/Software, Cookies and Other Tracking Technology) below. We collect information about your interaction with and use of our Services, including in certain cases about your impressions of and reactions to our advertisements, and information related to our communications with you. This is information we receive from devices (including mobile devices) and software you use when you access our Services. This information could include the following: mobile device geo-location, mobile devices motion, Device ID or unique identifier, device type, ID for advertising, unique device token, operating system, information regarding your clicks and “clicks stream”, views and engagement with our advertisement andServices, information concerning your traffic to and from the Website, your referral URL to and from our Website, ad data, your IP address, your web login information, and location information as can be derived from your IP address. For more information about our use of these technologies, and how to control them, see our Cookies Policy. We collect and process Personal Information which is derived from other Personal Information we collect or obtain from you. This means that we process Personal Information in order to provide you with the output of our Lumen Services such as recommendations, suggested analysis and other insights we may offer through use of the Lumen Services.  Please take into consideration that certain portions of such above mentioned information may also be collected from your device or software, when the Lumen App is running in the background, i.e. when it has been launched but not used.   Please keep in mind - that most mobile devices and auxiliary software, allow you to control or disable the use of certain collectable information including location services, by any application, in the device's settings menu 3.3.   Personal information collected from third parties. When using the Lumen Services you may choose to connect your Account with certain other third party accounts you hold with such third party applications and platforms (such as Apple Health Kit, Android Fit, etc.), and thereby to provide us with access to information available on such accounts. Social Media - We allow you to share information with social platforms, or use social platforms to create your account or to connect your account with the respective social platforms. Those social platforms may give us automatic access to certain personal information retained by them about you (e.g., content viewed by you, content liked by you, your public profile other profiles you are associated with, and information about the advertisements you have been shown or have clicked on, etc.). You control the personal information you allow us to have access to through the privacy settings on the applicable social platforms and the permissions you give us when you grant us access to the personal information retained by the respective social platforms about you. We may also collect personal information concerning you, from third parties who have assured us that they have obtained your consent for such provision of information or that you have freely and publicly provided. For example, we may collect and use demographic and other information that is publicly available in an applicable jurisdiction, additional contact information, credit/check information, and information from credit bureaus, as allowed by applicable national laws. By associating your Account with your social platform account or other third party accounts and authorizing us to have access to information maintained by such third party accounts, you agree that we can collect, use and retain such information in accordance with this Privacy Policy.We will not collect any Personal and Health Information from you or related to you without your explicit approval, which is obtained, inter-alia, through your active acceptance of the TOU and this Privacy Policy.  PLEASE NOTE - If you give us personal information about someone else, you must do so only with that person’s express authorization. You should inform them how we collect, use, disclose, and retain their personal information according to this Privacy Policy before you provide us with their personal information.
4. The Purposes and Legal Basis of the Collection, Processing and use of Information
4.1.   Legal Basis for useWe collect, process and use your Personal Information, which is adequate, relevant and limited to what is necessary in relation to the purposes described in this Privacy Policy, based at least on one of the following legal grounds: In Performing an agreement with you: We collect and process your Personal Information in order to provide you with the Service, following your acceptance of this Privacy Policy and pursuant to the Terms of Use; to maintain and improve our Services; to develop new services and features for our Users; and to personalize the Services in order for you to get a better user experience. With your consent: We ask for your consent and approval to collect and process your Personal Information including specifically anyHealth Information for the purposes set forth in this Privacy Policy and you have the right to withdraw your consent at any time. Legitimate interest: We process your Personal Information for our legitimate interests while applying appropriate safeguards that protect your privacy. This means that we process your information for things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our Services, protecting against harm to the rights, property or safety of our properties, or  our users, or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; defending legal claim made by you or on your behalf against us, in order to comply and/or fulfil our obligation under applicable laws, regulation, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request, as well as our TOU. 4.2. Purpose of use We may use the Personal Information that we collect about you for the following purposes: To provide, operate and improve the Services. To verify the identity of our Users·       To personalize the Services and content provided to you, to customize and improve your use experience of the Services, and to enable you to retrieve your information. To be able to contact Users for the purpose of providing them with technical assistance, support, handle requests and complaints and collect feedback; To send you updates, notices, notifications, and additional communications regarding the Services. To study and analyze the information on an aggregated, statistical basis to discover patterns and anomalies, to study complications and treatment methods and improvements, and other health related research and development; To enable us to further develop, customize and improve the Service based on Users’ common preferences, uses, third party services, features and functionalities, statistical and research purposes, attributes and anonymized data etc.; To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities; To display or send to you marketing and advertising material and general and personalized content and advertisement via the Services, the Website, email, postal mail, telephone, mobile devices and/or when you visit other sites. To perform functions or services as otherwise described to you at the time of collection; To comply with any applicable rule or regulation, to protect our legal interests and/or respond to or defend against (actual or potential) legal proceedings against us or our affiliates.
5. Sharing Information with Third Parties
MetaFlow will not share or otherwise allow access to any Personal or Health Information it collects to any third party, except in the following cases: (a) Law enforcement, legal proceedings, and as authorized by law: We may disclosePersonal Information to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) Protecting Rights and Safety: We may share Personal Information to enforce thisPrivacy Policy and/or the TOU, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; to respond to claims that any content available on the Service or the Site violates the rights of third-parties; or otherwise if we believe in good faith that this will help protect the rights, property or personal safety of MetaFlow, any of our Users, or any member of the general public. (c) OurAffiliated Companies: We may share Personal Information internally with our family of companies for the purposes described in this Privacy Policy. In addition, when MetaFlow or any of our affiliated companies is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets, we may share Personal Information with the parties involved in such event. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have via e-mail and/or prominent notice on our website or Services;(d) ThirdParty Services: We are partnering with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own.  Such ThirdParty Service Providers may have access to, or process on our behalf Personal and Health Information which we collect, hold, use, analyze, process and/or manage. These ServicesProviders include hosting, database and server co-location services (e.g. Amazon Web Services), data analytics services (e.g. Google Analytics), session replay records for app analytic purposes such as crashes, functionality and usability (e.g. MixPanel), and our business, legal and financial advisors (collectively, "Third Party Service Providers"). We remain responsible for any PersonalInformation processing done by Third Party Service Provider on our behalf not in accordance with the terms hereof, except for events outside of its reasonable control and except for such Third Party Service Providers with whom you have a direct contractual relationship.
6. Storage, Transfer and Retention of your Information
Information regarding the Users will be maintained, processed and stored by us and our authorized affiliates and service providers in the United States, EU and inIsrael, and as necessary, in secured cloud storage, provided by our third party service provider. While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your Personal Information on the our behalf are each committed to keep it protected and secured, pursuant to thisPrivacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction. Specifically, each of our services providers who stores or processes your Personal Information either,(i) assured us that it provides adequate safeguards to protect your rights to privacy, (ii) holds and processes such information on our behalf in a jurisdiction which has been determined to ensure an adequate level protection by the EU Commission, or (ii) if in the US, is certified under the EU-USPrivacy shield framework. By providing your information, you expressly consent to the place of storage and transfer described above, including transfers outside of the jurisdiction in which the information was provided. We retain the Personal Information we collect only for as long as legitimately needed and to the extent required for the achievement of the purposes listed under Section 4 including without limitation, as reasonably necessary to comply with our legal obligations and/or protect our legitimate interests. We then either delete from our systems or anonymize it without further notice to you. If you are under a limited Subscription plan, your access rights to the Lumen Services shall expire upon expiration of your Subscription and your Account shall be deactivated, unless you renew your Subscription by completing payment to MetaFlow, of the then applicable Subscription Fees. Unless you notify us of your request to delete your Account as specified in Section ‎7 below, we may maintain your inactive Account including all data and reports therein, in order to allow you to reactivate theAccount if you choose to renew your Subscription at a later stage.
7. Your Rights: Deletion, Withdrawal of Consent, modification or obtaining a copy of Personal Information
If the law applicable to you grants you such rights, you may ask to access, correct, or delete your personal information that is stored in our systems or that we otherwise control. You may also ask for our confirmation as to whether or not we process your personal information or ask to withdraw any consent you have previously provided to MetaFlow in connection with our use and processing of your Personal Information.Exercising such rights of deletion and/or withdrawing such consent may result in our inability to provide you with our Services and in such event, we may notify you of termination of our engagement with you or otherwise cease providing you with our Services.Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any personalInformation the accuracy of which you contest while we verify the status of that data.Subject the limitations in law, you may also be entitled to obtain the Personal Information you directly provided us in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party.If you wish to exercise any of these rights or withdraw your consent, please contact us at: support@lumen.me. When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your PersonalInformation, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates, or as we are otherwise permitted under such law applicable to you. To find out whether these rights apply to you and on any other privacy related matter, you can contact your local data protection authority if you have concerns regarding your rights under local law.
8. Minors
To open an Account on our Services, you must be over the age of eighteen (18). Without relieving you of your responsibility to comply with the TOU and the terms hereof we reserve the right (without obligation) to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using our Services.In the event that it comes to our knowledge that a person under the age of eighteen (18) is using our Services, not in accordance with the above mentioned terms, we will prohibit and block such User from accessing our Services and will make all efforts to promptly delete anyPersonal Information (as such term is defined in herein with regard to suchUser).
9. Local Storage and Third Party Software/Service, Cookies and other Tracking Technology
When you access or use the Service, we may use industry-wide technologies which temporarily store certain information on the Lumen Device and/or your smartphone, your computer or other mobile device (“Local Storage”)and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless. The LocalStorage used by the Service is created per session and is removed as your session ends, provided that you have completed your attempt to upload HealthInformation to the Meta Flow Platform and until such completion the information shall remain on Local Storage. We also use certain monitoring and tracking technologies, including ones offered by third party service providers in order to collect and process Personal Information we specified above. These technologies are used in order to maintain, provide and improve our Services on an ongoing basis, in order to provide a better experience to our Users and to provide our customers and potential customers with more relevant advertisements of our Services. For example, these technologies enable us to: (i) keep track of and apply our customer's and potential customers’ Lumen Services and Website preferences and authenticated sessions, (ii) better secure our Services by detecting abnormal behaviors, (iii) identify technical issues and improve the overall performance of our Services, (iv) monitor and analyze our ads’ performance(v) create and monitor analytics relating to use of our Services, and (v)deliver to you targeted advertisements that are more tailored to you based on your browsing activities and inferred interests. Cookies: A cookie is a small datafile that is downloaded and stored on your computer or mobile device when you visit our Website. Learn more about cookies here: www.allaboutcookies.org. Pixel Tags: Pixel tags (also commonly known as web beacons) are transparent images, iFrames, or Java Script placed on our Website or our advertisements and emails, that our third party service providers use to understand how the Website, such advertisements and emails are interacted with.To learn more about our use of Cookies and other tracking technology that we use please see our CookiePolicy. Some of these tracking technologies are provided to us by our Third Party Services Providers who collect and process personal information on our behalf. These Third Party ServicesProviders may have direct contractual relationship with you (such as Google andFacebook). Additionally the services provided to us by such Third PartyServices Providers may entail collection and processing of personal information by such Third Party Services Providers, in a scope which is broader than thescope of personal information we are eventually provided with by such ThirdParty Services Providers. This means that sometimes these Third Party ServicesProviders have more access to your personal information than we do. For example, our payment gateway service provider has access to your financial information under strict terms, while we do not receive such access at all in order to better protect your rights. To the extent you have direct contractual relationship with any of our Third Party Services Providers, any rights you may have with respect to your information, collected by such Third Party ServicesProviders, shall be governed by such contractual relationship.  Otherwise the terms of this Privacy Policy shall fully apply. In this context you should note that we may use Google Analytics, Facebook, Twitter and LinkedIn’s functionality of re-marketing through their tracking cookies and pixel-based retargeting services. This means that if you provided your consent to Google, Facebook, Twitter or LinkedIn (the “Social Ad Platforms”) to be provided with personalized commercial offers, you may be served with ads (including advertisements of third parties) based on your access to the Services orWebsite, outside of the Services and Website and across the internet. In such event the Social Ad Platforms, will place cookies on your web browser and use such cookies to serve you ads based on past visits to our Services andWebsite.   Please visit the Social Ad Platforms Privacy policy to find out how they use such information: Google Adwords: https://policies.google.com/technologies/ads Facebook: https://www.facebook.com/about/privacy/. Twitter: https://business.twitter.com/en/help/ads-policies/other-policy-requirements/policies-for-conversion-tracking-and-tailored-audiences.html    LinkedIn: https://www.linkedin.com/legal/cookie-policy If you wish to opt-out of such re-targeting and tracking functionality of the Social Ad Platforms, you may do so at the following links:·       Google Adwords: https://adssettings.google.co.il/authenticated Facebook: https://www.facebook.com/settings/?tab=ads Twitter: https://help.twitter.com/en/safety-and-security/privacy-controls-for-tailored-ads LinkedIn: https://www.linkedin.com/help/linkedin/answer/34318?query=opt-out%20pixel  PLEASE NOTE – such tracking and targeting by Social Ad Platforms, is provided pursuant to your engagement with such Social Ad Platforms and the actual nature and scope of Personal Information collection and processing performed by such Social Ad Platforms is not transparent to us. If you would like to learn more or make further inquiries with respect to such nature or scope please refer to each of such Social Ad Platforms directly.In addition, if you wish that we do not use your personal information we obtain through use of cookies and pixel tags for the purpose of serving you personalized relevant ads, please send us an e-mail to support@lumen.me and we will respond within a reasonable timeframe and in accordance with applicable laws.Learn more about your choices and how to opt-out of tracking technologies: In order to delete or block any tracking technologies, please refer to the “Help” area on your internet browser for further instructions, or learn more by visiting our CookiePolicy. You may also opt out of third party tracking technologies by following the relevant instructions provided by each such third party in its privacy policy or by visiting www.youronlinechoices.eu, http://optout.networkadvertising.org/?c=1 or http://www.aboutads.info/choices/. Please note however that deleting any of our tracking technologies or disabling future tracking technologies may prevent you from accessing certain areas or features of our Services, or may otherwise adversely affect your user experience. Please also note that we do not respond to the ‘Do Not Track’ setting on your browser as the protocol and form for such setting has not yet been generally accepted.
10. Direct Marketing
By registering to our Services and/or providing us with your e-mail address or any other contact information(including without limitation through any form on our Website), you expressly agree to receive promotional content, messages or calls from Meta Flow or our partners (acting on our behalf). Accordingly, we or our affiliated representatives, shall be permitted to call you or send you promotional content or messages by e-mail, SMS, direct text messages, marketing calls and similar forms of communication.If you wish not to receive such promotional messages or calls, you may withdraw your consent by sending a written notice toMeta Flow by email to the following address: support@lumen.me or by pressing the “Unsubscribe” link contained in the promotional communications you receive. Please note that we may also contact you with important information regarding your use of our Services and/or Website. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, payment issues, service maintenance, etc. You will not be able to opt-out of receiving such service messages.
11. How We Protect Personal Information
We maintain administrative, technical and physical safeguards designed to protect Personal and Health Information we obtain through MetaFlow's Services, against accidental, unlawful or unauthorized destruction, loss, alternation, access, disclosure or use. OurServices, or parts thereof, are hosted on AMAZON LAWS, which provides advanced security features. Meta Flow employs industry standard security procedures, including secured transmission protocols, SSL and advanced authentication.  However, we do not and cannot guarantee that unauthorized access will never occur.We urge you to use the strongest password combination available on your mobile device and employ reasonable physical security means to protect unauthorized access.
12. Changes to the Privacy Policy
Meta Flow reserves the right to change thisPrivacy Policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes of this Privacy Policy on the Service and/or we will send you an e-mail regarding such changes to the e-mail address that is registered with your Account. Such substantial changes will take effect seven (7) days after such notice was provided on any of the above-mentioned methods. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Service or the Site after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.
13. Notice of Electronic Disclosure
Subject to and in accordance with the terms hereof, PHI may be stored, processed, conveyed, and in some instances, disclosed in an electronic format. MetaFlow will provide you with a written notice and request a separate authorization in the event of electronic disclosure as authorized or required by state or federal law.
14. General Information
Depending on your primary place of residency, this Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the following governing laws specified below, and any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in the following locations: a) If your primary residence is in the USA, the governing law and the exclusive jurisdiction shall be the laws of the state of New York and the city of NewYork (respectively); b) if your primary residence is in Europe, the governing law and the exclusive jurisdiction shall be the laws of England and Wales and the city of London(respectively); c) If your primary residence is in Israel or in any other territory not mentioned in a) or b) above, the governing law and the exclusive jurisdiction shall be the laws of the State of Israel and the city of Tel Aviv.  This Privacy Policy was written in English and may be translated into other languages for your convenience. If a translated (non-English) version of this Privacy Policy conflicts in any way with the English version, the provisions of the English version shall prevail.
15. Have Any Questions?
If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email at: support@lumen.me and we will make an effort to reply within a reasonable timeframe. By contacting MetaFlow you warrant and agree that you are free to do so, and that you do not provide MetaFlow with information, which violate any third-party intellectual rights (the “Information”). Without degrading from the aforesaid, all rights, including intellectual property, arising from your communication with us will be owned by MetaFlow and will be considered as MetaFlow’s confidential material.  It is clarified that any use of the Information, will be done in MetaFlow’s sole discretion, and Meta Flow is not obligated to use all or part of this Information.