Privacy Policy

Last updated: February 16, 2026

This Privacy Policy explains how Acteamity Limited ("Acteamity", "we", "us", "our") collects, uses, stores, and protects personal data when you use our mobile application, website, and related services (the "Service").

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and applicable data protection laws.

---

1. Who We Are

Acteamity Limited provides a digital platform that enables employers to encourage and reimburse employees for verified fitness and wellbeing activities.

For most personal data processed through the Service, Acteamity acts as a Data Controller.

In limited cases, when providing reporting services to employers, Acteamity acts as a Data Processor.

---

2. Who Can Use the Service

The Service is available only to users who receive a registration code from their employer.

The Service is intended for adults aged 16 and over. We do not knowingly process data relating to children.

---

3. Information We Collect

We collect only the data necessary to operate the Service.

3.1 Account Information

• Name
• Email address
• Employer affiliation
• User role

3.2 Activity and Fitness Data

When you connect a supported fitness platform, we may collect:

• Step counts
• Distance travelled
• Activity duration
• Exercise sessions
• Related performance metrics

This data is obtained through authorised integrations and is used solely for verification and reward calculation.

We do not collect medical records, diagnoses, or clinical health information.

3.3 Technical Information

• Device type and operating system
• IP address
• App version
• Usage and error logs

3.4 Reward Information

• Tokens or points earned
• Participation history
• Summary performance records

---

4. How We Use Your Information

We use your personal data to:

• Provide and operate the Service
• Verify physical activity
• Calculate rewards and tokens
• Display progress within the app
• Maintain platform security
• Prevent fraud and misuse
• Provide customer support
• Improve our products and services
• Meet legal and regulatory obligations

We do not sell personal data.

---

5. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract performance – to deliver the Service
• Consent – for fitness platform integrations
• Legitimate interests – platform security and improvement
• Legal obligations – accounting and compliance

You may withdraw your consent at any time by deleting your account.

---

6. Health and Special Category Data

Fitness activity data may be considered special category data under data protection law.

We process this data only:

• With your explicit consent
• For verification and reward calculation
• Using data minimisation principles
• Without medical interpretation

Employers do not receive detailed activity records. They receive only summary information, such as total tokens earned over defined periods.

---

7. Sharing of Information

We may share personal data with:

• Cloud infrastructure providers
• Analytics and monitoring providers
• Technical service partners
• Authorised employer administrators (limited data only)

All partners are bound by data protection agreements.

We do not share data with advertisers, data brokers, or third parties for their own marketing purposes.

---

8. International Data Transfers

Our primary data hosting is located in the United Kingdom and the European Economic Area.

If data is transferred internationally, we use approved legal safeguards such as standard contractual clauses.

---

9. Data Retention

We retain personal data:

• While your account remains active
• As required for legal or accounting purposes
• Until deletion is requested

When you delete your account, personal data is deleted or anonymised unless retention is required by law.

---

10. Security

We use appropriate technical and organisational measures to protect your data, including:

• Encrypted connections
• Secure data storage
• Role-based access controls
• Two-factor authentication for administrative and employer accounts
• Access logging and monitoring
• Regular security reviews

Access to user information by employer administrators is restricted and monitored.

---

11. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate information
• Request deletion
• Restrict processing
• Object to processing
• Receive a copy of your data
• Withdraw consent

Requests can be sent to: anton.gurevich@acteamity.com

---

12. Automated Processing

We use automated systems to calculate activity verification and rewards.

These systems do not make decisions that have legal or similarly significant effects on users.

---

13. Communications

We send service-related messages such as account notices and system updates.

Marketing communications are sent only where permitted and with appropriate consent.

---

14. Relationship with Employers

Acteamity operates a hybrid data protection model:

• Acteamity is responsible for platform and activity data
• Employers are responsible for payroll and employment decisions
• Employers receive only limited performance summaries

Employer access to user data is provided exclusively through a secure employer portal. Access is protected by authentication controls, including two-factor authentication, and all access is logged for security and compliance purposes.

Employers do not control or access detailed health or fitness records.

---

15. Changes to This Policy

We may update this Privacy Policy from time to time.

If significant changes are made, users will be notified through the Service or by email.

---

16. Contact Us

If you have questions about this Privacy Policy or your data, contact: