Privacy Policy

Language Disclaimer

Any translation of this Privacy Policy from the Ukrainian language is provided solely for convenience. In the event of any discrepancies or conflicts between the Ukrainian version of the Privacy Policy, available at https://plyn.care/policy, and any translation hereof, the Ukrainian version shall prevail and govern.

This Privacy Policy (hereinafter — the “Policy”) sets out how personal data of Users of the PLYN mobile application, the website https://plyn.care, and related digital services (hereinafter collectively — the “Service”) is collected, used, stored, and protected.

Data Controller. The data controller is Limited Liability Company “LINKLAND” (USREOU code 45071805), address: 02002, Ukraine, Kyiv, Yevhena Sverstiuka Street, 11zh, Office 102 (hereinafter — the “Company”, “we”). For personal data inquiries, please contact: privacy@plyn.care.

This Policy applies to all Users of the Service regardless of their location and governs the processing of personal data within the scope provided by applicable law, including the laws of Ukraine, Regulation (EU) 2016/679 (GDPR), and other mandatory data protection provisions.

This Policy forms an integral part of the User Agreement.

By using the Service, creating an account, or otherwise interacting with the Service, you confirm that you have read this Policy and agree to the processing of your personal data in accordance with it.

If you do not agree with the terms of this Policy, please discontinue use of the Service.

1. CATEGORIES OF PERSONAL DATA WE COLLECT

We may collect and process Users’ personal data to the extent necessary for the provision and improvement of the Service, its security, fulfillment of legal obligations, and communication with Users.

Depending on how you use the Service, we may process the following categories of personal data:

1.1. Data Provided Directly by the User

1.1.1. Identification and Contact Data

Including, without limitation:

name or username;

email address;

other contact details voluntarily provided by the User when using the Service or contacting support.

1.1.2. Account Registration Data

Data required for creating and maintaining an account within the Service, including user identifiers and technical account attributes.

1.1.3. Commercial Information

Information related to subscription processing and use of paid Service features, including subscription type, duration, and status. The Company declares that it does not receive, process, or store full payment instrument details (card number, expiry date, CVV/CVC code). All payments are made through secure third-party gateways (App Store, Google Play, etc.). The Company retains only the transaction identifier, date, amount, and payment status, solely for tax compliance and financial dispute resolution purposes, for the periods required by Ukrainian law.

1.1.4. User-Generated Data

Information that the User voluntarily creates or stores within the Service, including, without limitation, notes, self-reflection entries, comments, or other materials where such functionality is available.

Well-being Data. Some data you voluntarily enter or generate while using the Service (e.g., journal entries, mood ratings, stress levels, goals, responses to tests/surveys) may, in certain jurisdictions, be considered health data or other “special categories” of personal data. We process such data only with your explicit consent (where required by law), and you may withdraw your consent at any time (see Section 4).

By providing data about your mood, emotional state, or stress level within the Service, you provide your explicit and voluntary consent to the processing of such health-related data for the purpose of delivering the Service functionality. You have the right to withdraw this consent at any time by deleting the relevant data or your account.

1.1.5. Communications

The content of inquiries, messages, or requests submitted by the User to the Company via email, feedback forms, or other communication channels.

1.2. Data Received from Third Parties

1.2.1. Apple ID or Google Account Data

When using the Service through the Apple App Store or Google Play, the Company may receive a limited amount of information from the relevant App Store, including a unique account identifier, country or region, and technical data necessary for providing access to the Service and verifying subscription status. The Company does not have access to Users’ passwords or full payment details.

1.3. Data Collected Automatically During Use of the Service

1.3.1. Service Usage Data

Information about the User’s actions within the Service, including, without limitation, interactions with features, Content views, session times and durations, and general usage events.

1.3.2. Device Technical Data

Including, without limitation:

device type;

operating system and version;

interface language;

IP address or other network identifiers;

device identifiers.

1.3.3. Advertising Identifiers

Mobile device advertising identifiers (e.g., IDFA or AAID), which may be used for analytics and marketing purposes only with the User’s consent, where such consent is required by law or operating system settings.

1.3.4. Cookies and Similar Technologies

We may use cookies, SDKs, and other similar technologies to ensure the operation of the Service, analytics, feature improvement, and, where appropriate settings and consents are in place, for marketing purposes. Further details on the use of such technologies are set out in this Policy. The User may manage the use of such technologies through their device or browser settings, as well as through the Service’s own settings (where available).

2. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA

The Company processes Users’ personal data exclusively for specific, lawful, and transparent purposes, and only to the extent necessary to achieve such purposes. Processing is carried out in accordance with applicable law, including Regulation (EU) 2016/679 (GDPR).

2.1. Provision and Operation of the Service

We process personal data for:

creating and administering an account;

providing access to Service features and Content;

personalizing the Service experience within its functional scope;

ensuring stable and secure operation of the Service.

Legal basis: performance of a contract with the User (Article 6(1)(b) GDPR).

2.2. Communication with Users

We may use personal data for:

responding to support inquiries;

sending service notifications (e.g., security alerts, changes to the Service, updates to the Terms or this Policy);

account recovery.

Legal basis: performance of a contract or our legitimate interest in the proper functioning of the Service (Article 6(1)(b), 6(1)(f) GDPR).

2.3. Analytics and Service Improvement

We analyze use of the Service in order to:

understand how Users interact with the Service;

improve functionality, usability, and quality;

develop new features and capabilities.

Legal basis: the Company’s legitimate interest in developing and optimizing the Service (Article 6(1)(f) GDPR), or User consent — where such consent is mandatory.

2.4. Marketing Communications

We may send Users informational and marketing messages (e.g., emails) only where a valid legal basis exists. The User has the right to opt out of such communications at any time.

Legal basis: User consent or the Company’s legitimate interest — in cases expressly permitted by law (Article 6(1)(a), 6(1)(f) GDPR).

2.5. Advertising and Performance Measurement

Where the User has provided consent, we may use limited technical and advertising data to:

display relevant advertising;

measure the effectiveness of advertising campaigns.

Legal basis: User consent, or the Company’s legitimate interest — exclusively within the limits permitted by applicable e-privacy law.

2.6. Fulfillment of Legal Obligations

We process personal data to:

comply with tax, accounting, and other mandatory legal requirements;

fulfil lawful requests from public authorities.

Legal basis: fulfillment of legal obligations (Article 6(1)(c) GDPR).

2.7. Protection of Legitimate Rights and Interests

Personal data may be processed for:

fraud prevention;

enforcement of the Terms of Use;

protection of the rights, interests, and security of the Company and Users.

Legal basis: the Company’s legitimate interest (Article 6(1)(f) GDPR).

3. PARTIES TO WHOM WE MAY DISCLOSE PERSONAL DATA

We may disclose Users’ personal data to third parties only to the extent necessary to achieve the purposes set out in this Policy and subject to compliance with applicable data protection law.

3.1. Service Providers (Data Processors)

We engage third-party service providers who process personal data on our behalf and in accordance with our instructions. Such providers assist us, in particular, with:

hosting and infrastructure maintenance;

analytics and Service performance monitoring;

technical event and error processing;

sending notifications and alerts;

marketing and analytics tools.

Such providers may include, without limitation, cloud service providers, analytics platforms, monitoring services, and advertising technology providers (e.g., Google, Apple, Meta, and others).

We enter into data processing agreements or other legal arrangements with such parties that provide for adequate personal data protection measures.

3.2. Public Authorities and Law Enforcement

We may disclose personal data where necessary:

to comply with legal obligations;

in response to lawful requests from courts, law enforcement, or regulatory authorities;

to protect our rights, security, property, or legitimate interests, as well as those of others.

3.3. Corporate Transactions

In the event of a reorganization, merger, asset sale, or other corporate transaction, Users’ personal data may be transferred to the relevant third parties as part of such operations, subject to compliance with data protection law.

3.4. Affiliates

We may share personal data with our affiliated companies within the corporate group for the purposes set out in this Policy, subject to appropriate data protection measures.

3.5. Data Transfers under US Law (CCPA/CPRA)

For Users to whom California law applies, the transfer of personal data to service providers is carried out in accordance with CCPA/CPRA requirements and does not constitute a “sale” of personal data within the meaning of such law.

3.6. The Company does not transfer personal data to third parties for their own purposes, except as expressly provided in this Privacy Policy or required by applicable law.

4. EXERCISING USERS’ RIGHTS

4.1. General Data Protection Rights

You have the following rights with respect to your personal data under applicable data protection law:

Right of Access, Rectification, and Update

You have the right to obtain confirmation of whether we are processing your personal data, to access such data, and to request its correction or update if it is inaccurate or outdated.

Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data in cases provided for by law. In some circumstances, we may be required to retain certain data for a legally defined period (e.g., for financial or tax reasons).

Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data in cases defined by law.

Right to Object

You have the right to object to the processing of your personal data, including for direct marketing purposes.

Right to Data Portability

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where technically feasible.

Right to Withdraw Consent

Where processing of personal data is based on your consent, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority.

4.2. Exercising Your Rights

To exercise any of the above rights, you may contact us at: privacy@plyn.care

We may request additional information to verify your identity for the purpose of protecting your personal data from unauthorized access.

4.3. Authorized Representative

You may exercise your rights through an authorized representative, subject to providing adequate confirmation of their authority in accordance with applicable law.

4.4. Additional Rights for California Residents (CCPA / CPRA)

If you are a California resident, you may have additional rights under CCPA / CPRA, including:

the right to know what categories of personal data we collect, use, and disclose;

the right to opt out of the sale or sharing of personal data (where applicable by law);

the right not to be discriminated against for exercising your rights.

We do not sell Users’ personal data within the meaning of the CCPA. Requests regarding CCPA rights may be submitted using the contact details provided above.

5. AGE RESTRICTIONS

The Service is not intended for use by individuals under the age of 18 or any other minimum age established by applicable law in the User’s country of residence, except where such individuals have been granted appropriate consent by their parents, adoptive parents, guardians, or other legal representatives, and use of the Service takes place under the supervision of such legal representatives.

If you become aware that a person under the age of 18 has provided us with their personal data without the required consent of a legal representative, please notify us at: privacy@plyn.care

Upon receiving such notice, we will take reasonable steps to delete the relevant personal data as promptly as possible.

6. INTERNATIONAL TRANSFERS OF PERSONAL DATA

We may transfer Users’ personal data to countries other than the User’s country of residence for the purposes of providing, supporting, and fulfilling the goals described in this Privacy Policy.

Where personal data is transferred to countries that may offer a different level of data protection from that provided under the laws of the European Union or other applicable law, we ensure appropriate safeguards for such data. In particular, we apply or may apply standard contractual clauses or other lawful protection mechanisms in accordance with applicable data protection law.

7. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The current version of the Privacy Policy is always available within the Service.

In the event of any changes, we will notify you by posting the updated Privacy Policy within the Service or by other available means. Where possible, we may also provide additional notice of such changes through the Service interface.

Your continued use of the Service following the entry into force of an updated Privacy Policy constitutes your acceptance of such changes.

8. DATA RETENTION

We retain your personal data for the period necessary to achieve the purposes for which it was collected and processed in accordance with this Privacy Policy and our Terms of Use (including for the purpose of providing you with the Service), including for the duration of your account with the Service.

Once the applicable processing purposes have been achieved, or upon discontinuation of use of the Service, your personal data will be deleted or anonymized, unless otherwise required by applicable law.

We may also retain and use your personal data to the extent and for the period required to fulfill our legal obligations, resolve disputes, enforce our agreements, and protect our legitimate interests.

For example, in accordance with accounting and tax law requirements, we are obliged to retain certain categories of data (including commercial or payment information) for statutory periods. In such cases, the relevant portion of data may be retained even after your deletion request has been fulfilled — solely to the extent and for the period required by law.

9. CONTACT US

You may contact us at any time with questions regarding this Privacy Policy, its previous versions, or our personal data processing practices and procedures.

All inquiries relating to your account or personal data should be sent to: privacy@plyn.care