Logo

Privacy Policy

Introduction

We respect your privacy and are committed to protecting your personal data. With this Privacy Policy (“Policy”), we explain how HubX Yazılım Hizmetleri Anonim Şirketi (“HubX”) collects and processes your information and personal data, the protection and privacy, and data security measures implemented, including your rights.

This Policy is applicable on Lean's app, website and social media platforms owned by Lean (collectively “Lean / Services / App”).

Your access and use of Lean is governed by this Privacy Policy and Terms of Use (“Terms”). The Terms apply to the definitions within this Policy and the provisions not included in this Policy. We recommend you to review the Terms of Use to be informed about the definitions, functions and features of Lean.

By accessing or using Lean, you agree to the collection and use of information and personal data in accordance with this Policy, and that you have reviewed and understood the processing of your information and personal data, including your rights. If you do not agree with the Terms or Privacy Policy, please do not use the Website, and/or the Services offered by Lean.

Collection of Information and Processing Purposes

We may collect the following information and personal data when you access Lean, or otherwise utilize (“use”) the App, and/or the Services. We process personal data under specific lawful bases, which may include performance of a contract, compliance with a legal obligation, your consent, or our legitimate interests. Below is a breakdown of the categories of personal data we collect and how they are processed:

1. Personal Information and Contact Information

  • Google Account or Apple ID (whichever you preferred to download the app), E-mail address

This information is used to create Lean profile, calorie and exercise tracking history and to communicate with you through or about Lean, updates or your requests.

  • Preferred exercise, gender, weight, height, birthday, diet type, average age group

This information is used to help create a personalized profile, set realistic goals, and provide more accurate calorie and nutrition tracking.

2. Technical Data

  • IP address, logs, device type and name, operating system, type and date of subscription.

These data are processed for the purpose of ensuring the functionality of the app, crash and error detection, conducting technical analysis, carrying out the activity in accordance with the legislation and technical data security.

3. Customer Transaction

  • Subscription plan, billing cycle.

This data is processed for the purpose of determining the customer's subscription plan, providing and improving the services and membership plans. No credit card information is collected by us.

4. The Information Disclosed by Users

Within the scope of the data minimization principle adopted in accordance with the GDPR, Lean takes care not to process any data other than the above and is unnecessary for the application. Data that is not included in the app but shared through contact or other means is deemed to be disclosed by users. These are also protected within the scope of relevant legislation and adequate data protection measures.

Age Restriction: Lean has an age restriction as it is not intended for Users under the age of 16. If you are under 16 years of age, please do not use or access the App and Website at any time or in any manner. By using the App and Website, you affirm that you are over the age of 16.

Sharing of Information

Your personal data will not be sold, traded, or otherwise transferred to third parties for commercial purposes. Your data may be transferred for the reasons explained below:

  • Service Providers: We may share your personal information with our third-party service providers who use that information to help us provide our Services. This includes service providers that provide us with IT support, hosting, payment processing, customer service, and cloud services. This includes cloud providers (Google, CloudFlare), data analytics providers (Facebook, Google, Appsflyer, Firebase); payment processing providers (Stripe).
  • Business and Communication Partners: We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information to business partners with whom we jointly offer products or services. This includes service providers (Firebase).
  • Advertising and Analytics Partners: We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as "interest-based advertising" or "personalized advertising." This includes measurement partners (Firebase, Clarity, Cookie-Script).
  • APIs/SDKs: We may use third-party application program interfaces (APIs) and software development kits (SDKs) as part of the functionality of our Services. You may contact our support team for further information.
  • Law Enforcement and Public Authorities: We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others' rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

Anonymized Data: We may use anonymized data for analytical purposes. Anonymized data is processed in such a way that it can no longer be attributed to a specific individual, ensuring your privacy is maintained. Please review the Data Destruction and Anonymization heading for the process.

Microsoft Clarity: We use Microsoft Clarity to analyze user interactions and improve our app’s functionality and user experience. Clarity collects interaction data such as clicks, scrolling, and mouse movements for analytics purposes only and not for advertising or profiling. By using the app, you acknowledge such processing for analytics.

Storage of Information

We are committed to ensuring that your personal data is stored securely and in compliance with applicable laws and regulations.

Retention Period: We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, and in accordance with the legal storage periods established by relevant regulations. Once the retention period has expired, we will take appropriate measures to securely dispose of or anonymize your data.

Access Control: Access to your personal data is restricted to authorized personnel who require this information to perform their job responsibilities. We implement strict access controls and security measures to safeguard your data from unauthorized access, use, or disclosure.

Data Destruction and Anonymization: When personal data is no longer necessary or the retention period has expired, we will either securely delete or destroy the data to prevent unauthorized access or retrieval, or we will anonymize the data. Anonymization involves processing the data in such a way that it can no longer be attributed to you, ensuring that it can be used for analytical or research purposes without compromising your privacy. Once data is anonymized, it is irreversibly altered and cannot be traced back to any individual.

Security Measures

We take the security of your personal data very seriously and implement measures to ensure protection as of the General Data Protection Regulation (GDPR). Our key principles include:

  • Safety Measures: Personal data is processed within the company only by authorized personnel, in a way that is not publicly accessible, and verification or additional confidentiality declarations required in processing special data categories if available.
  • Access Controls: Access to personal data is restricted to authorized personnel only, ensuring that only those who need to access your information can do so.
  • Regular Security Audits: We conduct regular audits and assessments of our security practices to identify and address potential vulnerabilities.
  • Data Minimization: We only collect and retain personal data that is necessary for the purposes specified.
  • Incident Response Plan: We have established an incident response plan to quickly address any potential data breaches or security incidents.

While we strive to maintain a secure digital environment, yet no digital environment can be fully secure, we encourage users to take their own precautions when accessing and using the app, including utilizing relevant antivirus software, implementing a secure firewall, accessing the app over a safe Wi-Fi connection, and ensuring that the device used to access the app is secure and up to date.

In the event of any potential data breach or security incident, users are encouraged to inform HubX immediately. We will analyze the situation to determine if there is a security problem and take necessary measures to mitigate any risks. Your security and privacy are our top priorities, and we are committed to maintaining adequate standards of data protection as required by relevant legislation.

Corporate Affiliates and Sale of Business

We reserve the right to transfer information to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of Lean or any of its Corporate Affiliates. Please note that Corporate Affiliate means any person or entity which directly or indirectly controls, is controlled by or is under common control with Lean, whether by ownership or otherwise. Any information relating to you that we provide to our Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this Privacy Policy.

Rights Under GDPR

The General Data Protection Regulation No. 2016/679 (GDPR) establishes a comprehensive framework for the protection of personal data within the European Union and the European Economic Area. Under GDPR, users have the following rights regarding their personal data as data subjects:

  • Right to Access: Obtain confirmation and access to personal data being processed.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal data under certain conditions.
  • Right to Restrict Processing: Request limitation of data processing in specific situations.
  • Right to Data Portability: Receive personal data in a machine-readable format and transfer it to another controller.
  • Right to Object: Object to the processing of personal data, especially for direct marketing.
  • Rights Related to Automated Decision-Making: Not to be subject to decisions based solely on automated processing, unless certain conditions apply.

To exercise these rights, users must send an email or petition clearly stating the right they wish to enforce, along with their name and accurate contact details. A response will be provided within the legal time period.

Updates to Privacy Policy

We reserve the right to update this privacy policy at any time to reflect changes in our practices, legal obligations, or operational needs. Users are encouraged to review this policy regularly to stay informed about how we protect their personal data and to understand their rights and responsibilities. The revision date is stated in the introduction of the policy. Any updates will take effect immediately upon posting. If users do not agree with the amendments, they should discontinue using the app. Continued use of the app after such updates constitutes acceptance of the revised policy.

Contact

This privacy policy constitutes the entire understanding between you and us regarding the collection, use, and protection of your personal data. If you have any questions or concerns regarding this policy or our data practices, please contact us via [email protected]

HubX Yazılım Hizmetleri Anonim Şirketi
Çınarlı Mahallesi, Ankara Asfaltı Caddesi, No:15 Kat:41 D:411 Konak / İzmir
[email protected]

Last Update: December 2025