Shift Robotics APP Privacy Policy (Global)

Important Notice: This Privacy Policy applies to global users and governs the collection, use, storage, protection of users' personal information/personal data, and users' rights related thereto by Shift Robotics,Inc. ("SHIFT"). This Policy is independent from the Shift Robotics APP User Agreement (Global) and has equal legal effect. Please read and understand all content carefully, especially clauses highlighted in bold concerning users' personal information security and core rights. By clicking "I have read and agree", you consent to SHIFT processing your personal information in accordance with this Policy. If you do not agree, please do not use this APP or related services.

1. Introduction and Scope of Application

This Policy is formulated in accordance with globally applicable data protection rules, EU GDPR, U.S. COPPA, and applicable data protection laws and regulations in users' regions to protect users' personal information and privacy rights and regulate information processing activities.

This Policy applies to the Shift Robotics APP developed and operated by SHIFT and services related to the supporting Moonwalkers smart devices, and applies to all global users of this APP.

"Personal Information" (also referred to as "Personal Data") in this Policy means all information recorded electronically or otherwise relating to an identified or identifiable natural person, including but not limited to personal profile, device information, and motion data. "User Data" means all data actively provided, generated, or transmitted from Moonwalkers to the APP during your use of the APP and related services, including but not limited to personal information, device operation data, and motion data.

SHIFT is committed to processing personal information in compliance with the principles of lawfulness, fairness, necessity, good faith, and data minimization. SHIFT only collects personal information necessary to provide services, uses such information only within the necessary scope, stores it only for the necessary period, and shall not process it beyond the scope, purpose, or period. SHIFT will not illegally sell, disclose, or provide users' personal information to third parties without authorization.

User Note: This Policy may be revised due to updates of laws and regulations, service optimization, or adjustments to data processing methods. The revised version will be posted in a prominent position in the APP. Please review and accept the updated Policy in a timely manner. If you do not agree with the updated Policy, please stop using this APP and related services.

2. Lawful Bases for Data Processing

SHIFT processes personal information strictly based on lawful bases prescribed by applicable local data protection laws, including the following circumstances:

  1. Necessary for the conclusion or performance of the service contract between you and SHIFT;
  2. Your voluntary, explicit, specific, and revocable consent;
  3. Necessary for the pursuit of legitimate interests, which do not override your personal information rights and fundamental rights;
  4. Necessary to comply with legal obligations under applicable data protection laws.

3. Scope of Personal Information Collected by SHIFT

SHIFT only collects the minimum information necessary to provide services and does not collect information irrelevant to services. The specific scope of collection is as follows:

  1. Information you provide voluntarily:
    • Registration and account information: email address, account name, password (Apple/Google third-party login is supported; collection of mobile phone numbers is not mandatory).
    • Personal profile: shoe size, height, weight, birthday, nickname (all optional and filled in voluntarily).
  2. Device operation and motion data read by the APP via Bluetooth:

    Including left shoe battery level, right shoe battery level, component temperature, motion mode, firmware version, step count, travel distance, time saved (compared with conventional walking), carbon emission reduction, cadence, step length, gait cycle duration, speed, power output data, etc.

  3. Saved data read by the APP via network:

    Personal profile, motion data, and device operation records that you actively synchronize to your local device or cloud servers.

  4. Automatically collected device and log information:

    Device model, operating system, Bluetooth version, network status, login time, operation records, function usage records, etc.

  5. No collection of sensitive information:

    This APP does not collect sensitive personal information such as race, ethnicity, religious beliefs, political opinions, health information, biometric data, or genetic data.

Important Note: Motion data and device operation data collected by this APP are used solely for service provision, safe operation and function optimization. Such processing complies with the principles of data minimization and purpose limitation.

4. Cookie and Similar Technologies Statement

  1. To ensure stable connection between the APP and Moonwalkers, and to implement device management, status synchronization, security authentication, service optimization, and troubleshooting, SHIFT may use Cookie, local storage, device identifiers, log files, SDK standard identifiers, and similar technologies to record necessary information including login status, device information, service configuration, usage preferences, and operation logs.
  2. SHIFT complies with the principles of lawfulness, fairness, necessity, and data minimization. SHIFT only collects information necessary for service provision and security protection. SHIFT will not collect sensitive personal information through the above technologies, and will not use Cookie or similar technologies for any purposes beyond those described in this Privacy Policy.
  3. You may independently clear cached data through device system settings or APP privacy settings. Clearing such data may only affect auxiliary functions or services relying on cookies and similar technologies such as automatic login and preference memory, and will not affect the use of core functions of the APP and Moonwalkers.
  4. If SHIFT adjusts the usage scope, purpose, or third-party cooperation scenarios of Cookie and similar technologies in the future, SHIFT will update this Privacy Policy in a timely manner and obtain your explicit consent in accordance with applicable laws to ensure you fully enjoy the right to know and control over personal information processing.

5. Use of Personal Information by SHIFT

SHIFT uses personal information only within the minimum scope necessary to achieve service purposes and will not use it beyond the authorized scope or purpose. Specific usage scenarios include:

  1. Providing you with core services such as device connection, parameter configuration, data monitoring, motion analysis, and device management;
  2. Providing you with usage guidance, troubleshooting, version updates, firmware upgrades, and after-sales support;
  3. Optimizing the functions, performance, compatibility, and user experience of the APP and Moonwalkers;
  4. Ensuring the secure and stable operation of services, conducting security protection, risk control, and troubleshooting;
  5. Other purposes permitted by applicable laws or with your consent.

Without your explicit consent, SHIFT will not use personal information for unauthorized marketing, promotion, or other unrelated purposes.

6. Storage and Retention Period of Personal Information

  1. Storage method:

    Your personal information is stored only on your local device or cloud servers within your region. This complies with data localization requirements. No cross-border data transfer is conducted.

  2. Retention period:

    SHIFT retains personal information only for the shortest period necessary to achieve service purposes. Upon expiration, such information will be deleted or anonymized in accordance with applicable laws:

    • Account information: deleted or anonymized within 30 working days after account deregistration; you may submit a deregistration request via "Settings – Delete Account" in the APP.
    • Motion data, device operation data, and personal profile: deleted or anonymized within 30 working days after account deregistration.
    • Device and log information: retained for 6 months after service termination, then automatically deleted or anonymized.
    • If mandatory provisions of applicable laws and regulations apply, such provisions shall prevail.
  3. Storage security:

    SHIFT adopts technical and management measures including transmission encryption, storage encryption, least privilege control, access control, risk monitoring, and security inspections to prevent information leakage, tampering, loss, and unauthorized access.

User Note: Local data on your device is under your own custody. Data loss may occur if you change devices or uninstall the APP without backup. Cloud data will be deleted in accordance with this Policy after account deregistration and cannot be recovered.

7. Restrictions on Sharing, Transfer, and Disclosure of Personal Information

SHIFT does not share, transfer, or disclose your personal information to any third party in principle, except in the following necessary circumstances:

  1. Obtaining your explicit consent;
  2. Complying with mandatory requirements of applicable laws, judicial authorities or administrative agencies;
  3. Providing to affiliates controlled by SHIFT or under common control with SHIFT: limited to the minimum necessary personal information solely for the purpose of providing, operating, maintaining and optimizing services related to the APP and Moonwalkers. Affiliates shall comply with this Privacy Policy and applicable data protection laws, adopt equivalent security measures and fulfill confidentiality obligations. Such information processing does not involve cross-border transfer and shall not exceed the authorized scope;
  4. Providing the minimum necessary information to third parties providing technical support, server, customer service, or other services solely for service purposes, provided that such third parties comply with this Policy, sign data protection agreements, and fulfill confidentiality obligations, and shall not re-entrust or process beyond the authorized scope;
  5. Necessary to protect legitimate rights and interests, respond to urgent security risks, and prevent further damage.

SHIFT will not illegally sell or provide users' personal information to third parties.

User Note: If you consent to sharing, SHIFT will require third parties to process personal information within the authorized scope and fulfill confidentiality obligations by signing data protection agreements, adopting security measures, and supervising performance. You should also carefully review third parties' data protection practices to jointly prevent privacy risks.

8. Protection of Personal Information by SHIFT

  1. Technical safeguards: adopting full-process protection measures including transmission encryption, storage encryption, identity authentication, intrusion detection and security inspections;
  2. Management safeguards: establishment of data security governance mechanisms, implementation of least privilege control, regular security assessments, and vulnerability remediation;
  3. Security incident response: in the event of personal information leakage, tampering, loss, or other security incidents, SHIFT will immediately activate an emergency plan, notify users, and report to regulatory authorities in accordance with applicable local laws;
  4. User responsibilities: you shall properly keep your account and password, not disclose them to third parties, avoid using the APP in insecure network environments, and update the APP version in a timely manner to jointly safeguard information security.
User Note: If you discover any leakage, tampering, loss of personal information, or abnormal operations, please contact SHIFT immediately through customer service channels. SHIFT will verify promptly and take disposal measures in accordance with applicable laws to protect your information security.

9. Users' Rights and Obligations Regarding Personal Information

9.1 Users' legal rights

You legally enjoy the following personal information rights, and may exercise them by submitting a request through the in-APP portal or customer service email:

  1. Right of access: you may access your registration data, motion data, device operation data, information collection records, etc., at any time;
  2. Right of copy: you may request to copy and obtain your personal information;
  3. Right to rectification: you may request correction or update of your personal information if it is found to be incorrect, invalid, or incomplete;
  4. Right to erasure: you may request deletion of personal information when processing is completed, no longer necessary, you deregister your account, or you withdraw consent;
  5. Right to restrict processing: you have the right to restrict or object to SHIFT processing your personal information;
  6. Right to withdraw consent: you may turn off Bluetooth, network, or related permissions at any time to withdraw authorization for information collection and use;
  7. Right to data portability: you may request export of your personal information;
  8. Right to complain: you have the right to file a complaint with the data protection authority in your region.

The exercise of the above rights is free of charge in principle. SHIFT will respond to your legitimate request within 30 days; for EU/EEA users, SHIFT will respond within 30 days in principle, and may extend the period in accordance with applicable laws for complex requests, but the maximum extension shall not exceed 90 days, and SHIFT will notify you of the reason for extension in a timely manner.

9.2 Users' obligations

  1. Properly keep your account, password, verification code, and login device; do not disclose, lend, transfer, or sell your account and related credentials to others;
  2. Use APP services legally; do not illegally obtain, tamper with, delete, or disclose your own or others' personal information;
  3. Provide necessary cooperation when SHIFT conducts identity verification, security authentication, and compliance inspections;
  4. Comply with applicable laws and regulations and the provisions of this Policy, and do not commit acts that infringe upon the legitimate rights and interests of SHIFT or other users.
User Note: You need to complete identity verification to exercise your rights related to personal information. Withdrawal of consent or deletion of personal information may result in the inability to use some services normally.

10. Protection of Minors' Personal Information

  1. EU/EEA users: Minors under the age of 16 may use the services only with the explicit and verifiable consent of their guardian. SHIFT will make reasonable efforts to verify the guardian's identity.
  2. U.S. users: SHIFT does not knowingly collect personal information from minors under the age of 13. If processing is necessary, SHIFT will obtain verifiable written or electronic consent from the guardian in accordance with applicable laws before processing.
  3. Other regions: Comply with the age requirement prescribed by local laws. Guardians shall bear supervision responsibility for minors' use of services, account security and personal data protection.
  4. Guardians may request to access, correct, or delete minors' personal information from SHIFT in accordance with applicable laws, and SHIFT will cooperate accordingly.
User Note: Guardians shall properly manage minors' usage behavior and supervise the protection of minors' personal information to jointly prevent privacy and security risks.

11. Updates to the Privacy Policy

  1. SHIFT may revise this Privacy Policy due to updates of laws and regulations, regulatory requirements, service adjustments, function optimization, or other reasons.
  2. Revised content will be posted in a prominent position on the APP homepage 7 days in advance. Material changes affecting users' personal information rights or data processing rules will be posted 30 days in advance with highlighted prompts.
  3. The revised Policy shall take effect upon the expiration of the notice period. Your continued use of the APP and related services constitutes acceptance of the revised Policy. If you do not agree, you shall immediately stop using the services and delete your account.

12. How to Contact SHIFT

If you have questions, complaints, suggestions regarding this Privacy Policy, or need to exercise your personal information rights, please contact SHIFT via Email: support@shiftrobotics.io

Registered Address: Shift Robotics 1826 Kramer Ln. Austin, TX, 78758., America.

SHIFT will respond and reply within 30 days upon receiving your feedback.

13. General Provisions

Matters not covered by this Policy shall be governed by applicable laws and regulations in your region. If any clause of this Policy conflicts with local laws and regulations, such laws and regulations shall prevail.

If any clause of this Policy is deemed invalid, revocable, or unenforceable, it shall not affect the legal effect of the remaining clauses.

This Policy is interpreted by SHIFT in accordance with the principles of fairness, lawfulness, and reasonableness.

Effective Date: July 11, 2023

Last Updated: July 11, 2023