Privacy Policy: VIBE App

LUCID, Inc.
PRIVACY POLICY for VIBE App
Last Update: July 16th 2021
1. ABOUT THIS DOCUMENT
LUCID Inc. (“LUCID”, “us,“ “we,” or “our”) is committed to data and privacy protection in connection with the use of our applications (“App(s)”) and other products, services and features thereof (collectively, the “Services”).
This Privacy Policy (“Policy”) has been put together to provide our users (“Users” or “you”) with information about the privacy practices of our Services. We understand the importance of the information you are trusting us with and want to be transparent about how we handle it.
Please read the following carefully to understand our practices regarding how we will collect, use and disclose your personal information. By using our App you acknowledge that you have read, understood and agreed to be bound to all the terms of this Privacy Policy.  
This Privacy Policy may be updated from time-to-time at our sole discretion. You can determine when this Privacy Policy was last updated by referring to the “Last Updated” date at the top of this page.  
Please note that this Privacy Policy only applies to the processing of personal data carried out by LUCID as a data controller. The Personal Information Protection and Electronic Document Act (PIPEDA) and the App Store privacy guidelines have been taken into account in the drafting of this Privacy Policy.
2. HOW OUR APP WORKS
VIBE hosts a number of features but the core of the product is to use music and psychoacoustics to help users manage their personal mental wellbeing. Each time Users log in to the VIBE App and selects one of our core music interventions ("Calm, Focus, Energize and Sleep") they will be asked to enter self-assessment scores based on how they are feeling. These results enable our machine learning algorithm to provide users with curated music personalized for their mental state and optimized to reach their goal state. As an additional option, biometric data acquired through wearable devices can be used for additional measurements to improve the accuracy of the machine learning system.
3. INFORMATION WE COLLECT
A. USER ACCOUNTSThrough our Services, you will be required to register a User Account. A User Account is stored information that we keep on individual Users that details their music preferences, responses, and interactions. Data stored with User Accounts include:     ●Unique User ID     ●Email Address     ●Age     ●Gender identity    ●Baseline profile survey (STOMP, STAI-Trait, Big 5 Personality Trait)​    ●Biometric data acquired through wearable devices (optional)    ●Emotional and cognitive self-assessment data*
*These include the following self-assessment tools: Arousal / Valence GridSUDS (Subjective Units of Discomfort) - AnxietyPOMS (Profile of mood states) ​B. USER INFORMATION When you access our App, create a User Account, or otherwise use our Services, we may ask for certain identifiable information that can be used to identify you (herein called “User Information”). We do not collect any financial or payment information as User Information. You can elect to provide only some of the User Information requested and at any time, you may decide to remove some of the User Information that you previously provided. However, if you decline to provide any of the above information, you may not be able to register for, access, or otherwise use certain benefits of the Services, which may be conditioned upon certain eligibility requirements, such as age and the assessment needed for a personalized experience.
C. HEALTH DATAIn order to provide a fully personalized user experience, our machine learning requires emotional and cognitive self-assessment at the beginning and end of the experience, as well as biometric information provided through wearable devices (optional). This data is used to feed our system’s algorithms in providing a better overall experience while providing the user with feedback at the end of the experience (all collected data will be shown on the ‘results’ page of the user experience).
UPDATING & CORRECTING INFORMATION You may change, request access to or delete any of your User Information or Health Data by emailing us at info@thelucidproject.ca. Please indicate your name, email address, and what information you would like to update when you contact us.
4. HOW WE USE INFORMATION
We use the information we collect for the following purposes:
TO PROVIDE AND MAINTAIN THE SERVICESFirst and foremost, we use personal data to offer the Services to you. For example, we need user assessment data to understand your current mood and/or physiological state. We also need a baseline profile to personalize your experience further based on the general trends of your mood states. This allows our algorithms to provide you with curated musical solutions personalized to your current state and your personal goal. ​​TO IMPROVE THE SERVICESWe use the information we collect from you to continuously train our algorithms to get better and better at serving you an optimal user experience. We may also process aggregated information to use as an indicator of possible improvements to make on our Services. When possible, we will do this using only aggregated data that is non-identifiable. Non-Identifiable Information is information that does not identify a specific user. ​​RESEARCH​Anonymized data may be used used for research surrounding validation of product and for research & development processes. This data is aggregated and all identifiable user information is separated from these records in these instances,

5. SHARING YOUR PERSONAL INFORMATION
We do not share personal information with third parties outside of our organization unless one of the following circumstances applies:
FOR RELEASE REQUIRED BY LAWWe may process and transfer personal information and any other information available to us in order to investigate, prevent or take action regarding illegal activities, or as otherwise required by law. Where possible, we will inform Users about such transfer and processing.
WITH YOUR EXPLICIT CONSENTWe may share personal information with third parties outside LUCID’s organization for other reasons than the ones mentioned before, when we have the User’s explicit consent to do so. The User has the right to withdraw this consent at all times.
ANONYMIZED DATAWe may disclose aggregated information that does not include personal information and we may disclose non-identifying information and Log Data to third parties for industry analysis and condultationd. Any information or Log Data shared in these contexts will not contain personal user information (only annonymized health data). The limitations and requirements in this Privacy Policy concerning personal information do not apply to non-identifying Information.
NO RELEASE FOR MARKETING PURPOSES LUCID will not share, sell, rent, trade, or disclose personal information to any third party for marketing or commercial purposes, unless you have granted us permission in writing to do so.
6. DATA RETENTION
We will retain User Information and Biometric Data for as long as your User Account is active or as long as needed to provide you with the Services. If you wish to cancel your User Account or request that we no longer use your information to provide you with any services, you may delete your User Account by contacting us at info@thelucidproject.ca.
We may retain and use personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will endeavour to delete personal information as quickly as practicable upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist for a period after deletion.
In addition, we do not delete from our servers files containing non-identifying information that you have in common with other Users. Without your request to delete your information, we will retain personal information for a minimum of one year. We will destroy or anonymize your personal information within three years after it is no longer required to provide the Services.

7. INFORMATION SECURITY
The security of your information is very important to us. We use commercially reasonable security standards to protect the information collected and maintained through the Services and take appropriate measures to protect against any unauthorized access to personal information.
We have put in place appropriate physical, managerial and technical procedures to safeguard and secure the information we store. Access to personal information stored on our servers or servers operated by Service Providers on our behalf is restricted to authorized personnel, including LUCID employees. Any individuals having access to the information stored on such servers are bound by confidentiality agreements.
However, no data transmission over the Internet is completely secure. As such, we cannot guarantee the security of any information you provide to us or guarantee that information may not be accessed, disclosed, altered, or destroyed by unauthorized persons.
8. YOUR RIGHTS
RIGHT TO ACCESS YOUR PERSONAL DATAYou have the right to access your personal data that we use, collect or disclose. You may do this by contacting us.
RIGHT TO WITHDRAW CONSENTYou have the right to withdraw consent at any time. There is implied consent when you browse the site and expressed consent is given through a sign-on wrap when you give your email. Withdrawing your consent may result in less access to our Services. The withdrawal of consent does not affect the collection, use, and disclosure of the personal information prior to the request for withdrawal.
RIGHT TO UPDATE INFORMATIONYou have the right to correct untrue personal data collected by us. Change to information may be done through your user account you had created.
RIGHT TO ERASURE AND OBJECTION TO DATAYou have the right to erase your data from our systems. We will comply with the request unless we have legitimate grounds not to. You may also object to our collection, use, and disclosure if it is out of the scope for the purpose of our Services or for legal compliance. If we do not have legitimate grounds to collect, use, or disclose your personal data, we will cease collection, use, and disclosure upon your objection.
MINOR’S RIGHTS TO DATAUsers under the age of 18 or under the minimum age based on your jurisdiction are not permitted to create accounts without parental consent that is in accordance with applicable laws. If it has come to the attention that we have collected, used, or disclosed any personal data of minors under the relevant minimum age without parental consent, we will proceed to delete the information as soon as possible. If you believe your child has personal information on our Services and you would like it removed, please contact us for deletion of such data.

HOW TO ACCESS THESE RIGHTS

In order to address the rights as stated above please contact our email. You should include the following information: your full name, company name (if applicable), address, and phone number. We may request additional information to identify you for your privacy interest. We have the right to deny requests that are unreasonable, repetitive, or manifestly invalid.
9. OUR CONTACT INFORMATION
If there are any concerns, questions or suggestions for this Privacy Policy or for your personal information, please contact us at info@thelucidproject.ca. For privacy complaints or inquiries, please address your email to our Data Security & Privacy Officer: Aaron Labbé.
LUCID Inc.Attn: Legal Department (Privacy Policy) 112 Adelaide Street EastToronto, ON M5C 1K9Canada