Flex Privacy Policy

This Privacy Policy ("Policy") describes how we collect, share, and use your personal information, as well as how to exercise your privacy rights and choices.

1. Scope

This Policy applies to Flex's platform, including the related mobile applications, products, websites, technology, software, and services (collectively, "Services"). Please also read our Terms of Service ("Terms"), which set out the terms governing the Services. As used in this Policy, the words "Flex," "us," "our," or "we" mean Hyena Inc., the entity providing the Services to you. Under this Policy, Flex acts as a data controller or "business" for the personal information we process. This means we decide how to collect and process personal information.

For individuals in the United States, please also refer to our Notice For Individuals Residing In Certain US States below. Washington State and Nevada residents should also see our Consumer Health Data notice below.

2. Information We Collect

Information You Provide

Account Information: We collect account information such as your name and email address. You create your account by signing in with a Third-Party Account (such as Google or Apple); see "Third-Party Accounts" below.

Profile Information: We collect information you provide about yourself, such as your photo (avatar and background image), gender, age range, and your riding goal preferences (such as distance, calorie, time, or elevation targets).

Support Information: We collect the information you provide in connection with requests for support, such as when you contact us at flex@hyenatek.com.

Information From Using the Services

Content You Share: We collect content you share through the Services, such as routes, photos, posts, and comments.

Activity Data: We collect Activity Data when you record or upload a ride to Flex. Recording a ride requires a connected e-bike, so Activity Data always includes data reported by your bike. "Activity Data" is information about your rides, such as date, time, duration, distance, elevation gain and loss, estimated calorie expenditure (derived from device-reported power data), estimated CO₂ saved (calculated from distance), and precise geolocation (GPS) information, together with data measured by your connected e-bike, such as speed, cadence, rider (pedaling) power, battery level, remaining range, motor assistance level, and bike connection status. Activity Data can also include health data, such as heart rate, if you connect a compatible heart rate sensor (see "Information From Other Sources" below).

Location Information: We collect location information when you use the Services. For our core features to function (e.g., GPS ride tracking and routes), you must grant us permission through your device to track your device's precise location. You can stop sharing precise location at any time with your device settings.

Usage Information: We collect information from your use of the Services, such as the activities you view, the likes and comments you give and receive, weekly goals and quests, your participation in in-app campaigns (such as our Eco tree-planting campaigns), and actions you take such as logging in or viewing other users' activities.

Device Information: We collect technical information from the mobile device used to access the Services. This includes device and network information, log files, and analytics information.

Cookies, Analytics, and Third-Party Technologies: We collect and use information through analytics technologies. In the native app, we use analytics SDKs rather than cookies; on our web pages (such as shared activity pages and our Help Center), we also use cookies and similar technologies. Please see the Cookies and Similar Tracking Technologies section below.

Information From Other Sources

Connected Devices: You may choose to connect an optional accessory, such as a compatible heart rate sensor, and we will collect the data it reports (such as heart rate). If we collect health information from a connected device (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.

We are developing integrations with Apple Health and Strava. (These integrations are not yet available and will be enabled in a future release.) When you choose to connect them, each works one-way, sending your data out of Flex at your direction: with Apple Health, you will be able to write your Flex ride data to Apple Health (controlled through your device's Health permissions); with Strava, you will be able to sync your Flex rides to your Strava account. We only share data through these integrations at your direction, and you can disconnect them at any time in your settings.

Third-Party Accounts: You can sign up and log in to the Services using accounts with other businesses, such as Google or Apple ("Third-Party Accounts"). If you access the Services through Third-Party Accounts, we will collect information such as your name, email address, profile information, and preferences. To control the information we receive from Third-Party Accounts, you must use the privacy controls in your Third-Party Account.

Service Providers: We may collect information through our service providers, such as when we collect your feedback through surveys.

Other Users: We may collect information about you from other Flex users, such as when they like or comment on your activities.

3. How We Use Your Information

To Provide the Services

Create and Update Your Account: We process information, such as your Account Information and Profile Information, to create and update your account.

Record Your Activities and Analyze Your Performance: We process your Activity Data and other information to help you record and analyze your performance. For example, we may compare your past efforts or help you set goals for training.

Enable GPS-Based Activities: We use your Location Information to enable GPS-based activity tracking and certain map-related features, such as visualizing your routes.

Customize Your Experience: We use information to personalize your experience. For example, we may suggest other users to follow based on shared interests, such as riding the same e-bike model.

Interact with Other Users: We facilitate interactions with other users, such as finding and following other users, and liking and commenting on activities.

Enable Eco Campaigns: We process your information, including your name, email address, and the e-bike associated with your account, to determine your eligibility for in-app eco campaigns and to complete contributions you choose to make.

Provide AI Features: We use, and may develop, machine learning ("ML") and artificial intelligence (including large language models) ("AI") to provide features that enhance your experience and improve the Services ("AI Features"). We currently expect AI Features to include generating conversational summaries of your riding progress toward your own self-set weekly goals, translating posts and comments, and assisting our content reporting and moderation processes. To provide these features, and depending on your privacy controls and sharing permissions, we may process personal information you provide or generate, such as your Activity Data and ride history. We will describe new AI Features here as they become available.

Visualize Your Activities: We use your Activity Data to present summaries, statistics, and charts of your rides and performance.

Send You Notifications: We send you in-app and push notifications related to your use of the Services. For example, we notify you when another user likes or comments on your activity or follows you, when another rider with the same e-bike model joins Flex, with a recap of your previous week's riding, and with updates on your weekly goal or quest progress. You can manage notifications in your device and app settings.

Contact You About the Services: We may contact you about material changes to our Terms, when investigating alleged violations of our Terms, or with customer support messages. We may also reach out to invite you to take part in surveys or research about the Services. Participation is voluntary, and you can decline or opt out at any time.

To Assist You with a Request

We use information to provide support in response to your requests and comments. Depending on your request, this may require us to access your account (for example, to troubleshoot or replicate a reported issue).

To Analyze and Improve Our Services

Analytics: We use information to measure traffic and usage trends, understand how visitors interact with content, and make improvements. This may include the use of cookies and other tracking technologies, as described in the Cookies and Similar Tracking Technologies section.

Services Improvement: We use information to conduct research, and to analyze, develop, troubleshoot, increase functionality, and otherwise improve the Services.

AI Development: We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Flex or our service providers. We use aggregated, de-identified information for AI Features where possible for their purpose.

To Protect You, Others, and the Services

We aim to protect users, enforce our Terms of Service and Community Standards, and promote safety. We use automated tools, device information, log files, and other information for these purposes. For example, we seek to detect misuse and bad actors, and to remove content that violates our Terms, such as hate speech or spam. We reserve the right to review accounts and user actions to ensure compliance with our Terms, and we can suspend or terminate accounts as a result. We may also process your information when we believe it is necessary to prevent serious harm.

Reporting, Hiding, and Blocking: The Services let you hide or report an activity or comment, and block or report another user. When you submit a report, we process the report, the reported content or account, and related account information to review it against our Terms and Community Standards; reports are kept anonymous to the reported party. If a report about an activity or comment is upheld, we remove that content. If a report about a user is upheld, we may suspend that user's access to social features, meaning they can no longer view or take part in social activities, although they can still record and view their own rides as private, personal records. When you block another user, we apply the block so that you and that user can no longer see each other or each other's social activity. If you are in the EU, you may have additional rights regarding our content moderation decisions under the EU Digital Services Act, as described in our Terms of Service and Community Standards.

To enhance safety and privacy for our younger users, we use your age range to help confirm that a user is old enough to use Flex, and to help provide an age-appropriate experience.

To Manage Legal and Regulatory Obligations

We may use information to manage or respond to demands or obligations related to the law, government entities, or other regulatory bodies with respect to the Services.

4. How We Share Your Information

We may share your information as follows:

Information Visible to Others

Your information may be visible to other Flex users and the public, subject to your privacy controls. Each activity you record has a visibility setting that is either "Anyone" (public — viewable by Flex users and the public, including search engine results) or "Only me" (private).

If you are 18 years or older, your activities are set by default to "Anyone." If you are 16 or 17 years old, your activities are set by default to "Only me" (private), and your profile is configured for a high-privacy, age-appropriate experience. You can change your default visibility at any time in your settings, and you can set the visibility for each individual activity when you save it.

Subject to your visibility settings, your information — including parts of your profile, username, photos, information and content you share (including precise location, such as where you ride), users you follow and who follow you, your Activity Data, the devices you use, and likes and comments you give and receive — may be viewable on Flex or to non-registered users.

When an activity is set to "Anyone," others can see the route you rode, including its precise GPS path. To help protect sensitive locations such as your home or workplace, you can hide the start and end portions of your routes by adjusting the hidden range under Settings → Map Visibility. This setting applies to the map others see; it does not change the underlying data we hold.

Service Providers

We may share your information with third parties to support, improve, promote, and secure the Services. These service providers only have access to the information necessary to perform specified functions on our behalf. We require them to protect and secure your information. For example, we use OneSignal to deliver push notifications; Amplitude, Firebase Analytics, and Segment to perform analytics; Firebase Crashlytics and Firebase Performance Monitoring to diagnose crashes and monitor the technical performance and reliability of the app; and Mapbox to provide maps, render and display your routes, calculate elevation, and convert location coordinates into place names (geocoding).

Third-Party Services

You can choose to share your information and content with third-party apps or services that integrate with the Services, such as a connected tracking device or a fitness service like Apple Health or Strava (see "Information From Other Sources" above). When you enable such an integration, we share only the data needed for that integration and only at your direction — for example, syncing your Flex ride data to your Apple Health or Strava account. Information you share with these third parties is subject to their own terms and policies, and you can disconnect the integration at any time in your settings.

If you choose to use a Third-Party Account to log in to Flex, we share only the information necessary for login and security purposes. The Services also let you share your information (including Activity Data) outside Flex — for example, via text, email, or social media applications like Instagram. If you choose to do so, please be aware that anything you share to another platform or social network may be viewable on that platform, may include your location information, and will be governed by that platform's own terms and policies rather than this Policy.

Eco Campaign Providers

Flex offers in-app eco campaigns, such as tree-planting campaigns, that you can join using rewards you earn in the app. When you choose to contribute to a campaign, we share your name and email address with the campaign's fulfillment provider (for example, a tree-planting organization such as Tree-Nation) so it can complete your contribution and create a record of it in your name. Information shared with these providers is subject to their own terms and policies. We share this information only when you choose to contribute.

Partners

We may disclose information with partners, such as those sponsoring or organizing an event that you participate in, when you agree or direct us to share such information. We may also share aggregated or deidentified information with third parties for purposes such as to help our partners understand more about users, including the people who use their products and services.

Acquirers of Our Business or Assets

If Flex becomes involved in a business combination, acquisition, securities offering, bankruptcy, reorganization, dissolution, or other similar transaction, we may share or transfer your information in connection with such transaction.

Legal Requirements and Prevention of Harm

We may preserve and share your information with third parties, including law enforcement, public or governmental agencies, or private litigants, within or outside your country of residence, if we determine that the law compels or reasonably requires such disclosure. This may include responding to court orders, warrants, subpoenas, or other legal or regulatory process, or disclosures that are otherwise permitted by law.

We may also retain, preserve or disclose your information if we determine it is reasonably necessary or appropriate to: (1) prevent death, serious bodily injury, or other significant harm; (2) address issues of national security or other issues of public importance; (3) prevent or detect violations of our Terms or fraud or abuse of Flex or its users; or (4) protect our operations or our property or other legal rights, including in connection with actual or potential litigation.

5. Cookies and Similar Tracking Technologies

The Flex mobile app is a native application and does not use cookies. The app does, however, use analytics software development kits ("SDKs") to understand how the app is used and to improve it. We use Amplitude and Firebase Analytics, routed through our Segment customer-data platform.

We also operate web pages that work alongside the app, and these use cookies and similar tracking technologies:

• Shared activity pages: Flex lets you share an activity — your own or another user's public activity — as a web link. Anyone who opens that link views the activity on a Flex web page. (The page displays a specific activity identified by its link; our website is not designed for general browsing of activities.)
• Help Center: We provide a web-based Help Center, which is linked from within the app.

On these web pages, we and our analytics providers use cookies, SDKs, and similar technologies — including Amplitude and Firebase Analytics, routed through Segment — to understand and improve how the pages are used and to perform analytics. We use these technologies for security, to understand and improve your experience, and to perform analytics. Although this information is processed by third-party analytics providers acting on our behalf, we do not sell it or use it to serve you third-party targeted advertising.

Our web pages may also cause third-party services — for example, services used to deliver web fonts or other page resources — to set their own cookies. These cookies are set and controlled by those third parties and are governed by their own privacy policies.

For visitors from the European Economic Area (EEA) and the United Kingdom: Non-essential analytics technologies (such as usage analytics) will not be activated until you have provided your consent via our cookie consent banner. You may withdraw your consent at any time by clicking "Cookie Settings" at the bottom of the page.

6. Your Privacy Rights and Choices

We provide a variety of privacy controls to manage your information. We encourage our users to adjust their controls to align with their desired experience.

Below are privacy rights that may be available to you under applicable laws depending on where you live and subject to potential limitations and exceptions. If you need further assistance exercising your rights, please use the Contact Us information below.

Access and Portability: You may have the right to know, and request access to, the personal information we collect, use, share, or otherwise process about you, and to receive a copy of it in a structured, commonly used, and machine-readable format. You can access much of your information at any time by logging into your account. You can also export a copy of your data from within the app under Settings → Export Data. After you make a request, we prepare your export and email a download link to the address associated with your account, typically within seven days. The export is provided in a structured, machine-readable format (JSON) and includes your data — such as your profile, your rides and their routes and GPS data, your bike pairings, your goals and rewards, the posts, comments, and likes you have created, and your photos. If you are unable to access the app, you can also request a copy of your data using the Contact Us information below.

Rectify or Correct: You may have the right to correct inaccurate information. You may correct, amend, or update Profile Information or Account Information at any time by adjusting that information in your account settings.

Restrict or Delete: You may have the right to restrict or delete personal information. You can restrict or delete much of your information through your account — for example, deleting content such as photos you have posted, or removing individual activities from view.

You can delete your entire account at any time in the app under Settings → Delete Account. Deleting your account permanently removes your account and associated personal data, including your profile, your rides and their routes and precise GPS data, your bike pairings, your goals and rewards, your photos, and the posts, comments, and likes you have created. We also request the service providers that process data on our behalf (such as our push-notification and analytics providers) to delete the associated data they hold. If you signed in with Apple or Google, we revoke or disconnect that sign-in connection as part of the deletion. Once deleted, we cannot reinstate your data, including your account and activities. Following your request, it may take up to 45 days to complete deletion across our systems and system logs. If you are unable to access the app — for example, because you have uninstalled it — you can also request account deletion using the Contact Us information below.

A limited set of data may be retained after account deletion, as described in "Retention of Information" below: anonymized and aggregated statistics that can no longer be linked to you; copies held in routine backups, which are overwritten on a rolling basis; records we are required to keep for legal, security, or fraud-prevention purposes; and a minimal record of the deletion request itself, kept to evidence that we honored it. We do not keep your name, email, profile, photos, or GPS data for these purposes.

We do not have control over content you have shared directly or publicly with others, such as photos on other social media platforms, or that others may have copied. Search engine results may also display your public profile until the search engine refreshes its cache.

Revoke Consent: To the extent we rely on your consent to engage in certain processing, you may have the right to withdraw that consent at any time. You can withdraw consent in your settings — for example, by disconnecting a heart rate sensor to stop the collection of heart rate data, or by disconnecting an integration such as Apple Health or Strava to stop Flex from sending your data to that service. Please note that the withdrawal of your consent will not affect processing carried out before you withdrew it, including data already shared with a connected service. For example, activities will still display information (such as heart rate) based on the consent provided at that time.

Automated Decision-Making: We sometimes use AI Features and automated decision-making to analyze your personal information, as described above. But we do not use these technologies for decisions that have legal or similarly significant effects on you.

7. Children's Privacy

Our Services are not intended for, nor directed to, children under 16 years of age, and we do not knowingly collect personal information from anybody under 16 years of age. If you are under 16 years of age, do not use the Services.

We provide additional privacy and safety protections for users under 18 years of age. For users who are 16 or 17 years old, we apply high-privacy settings by default: activities (and the precise location data they contain) are set to private ("Only me") by default, and we provide an age-appropriate experience consistent with applicable children's privacy standards, including the UK Age Appropriate Design Code. These users may change their default visibility in settings or set visibility per activity when saving.

8. Additional Important Privacy Information

How We Protect Information

We implement measures to manage your information securely and consistently with this Policy. We maintain administrative, technical, and physical safeguards in accordance with appropriate industry standards that are designed to protect against unauthorized use, disclosure, or access to personal information.

Retention of Information

We retain information as long as needed to provide the Services, subject to our legal obligations. We generally keep information associated with your account until you delete it or we no longer need the information to provide the Services. In making these determinations, we consider the amount, nature, and sensitivity of the personal information, the purposes for which we process it, whether we can achieve those purposes through other means, and applicable legal requirements.

After you delete your account, we retain only the limited categories described under "Restrict or Delete" above — anonymized and aggregated statistics that can no longer be linked to you, copies held in routine backups that are overwritten on a rolling basis, records we are required to keep for legal, security, or fraud-prevention purposes, and a minimal deletion-request record — and we keep each only as long as needed for its purpose. Some of our diagnostic and analytics service providers also delete or expire the data they hold on their own retention schedules; deletion across all systems is therefore not always instantaneous.

Notice for Individuals in the EEA, UK, Switzerland and Other Regions

Below is additional information in accordance with data protection laws in the European Economic Area ("EEA"), the United Kingdom ("UK"), Switzerland, and other relevant jurisdictions.

Data Controller: If you are in the EEA or UK, the data controller for your personal information is:

Hyena Inc. No.25, Jingke N. Rd., Nantun Dist., Taichung City 408, Taiwan (R.O.C.) flex@hyenatek.com

EU Representative (GDPR Article 27): We have appointed a representative in the European Union who can be contacted on data protection matters at:

art-27-rep-hyenatec@rickert.law

UK Representative (UK GDPR Article 27): We have appointed a representative in the United Kingdom who can be contacted on data protection matters at:

art-27-rep-hyenatec@rickert.law

Data Subject Rights: Please see Your Privacy Rights and Choices above for a list of rights we provide to you, as well as how to exercise them. In addition, you have the right to object to, and seek restriction of, our processing of your personal information based on our legitimate interests or the performance of a task carried out in the public interest. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where necessary for legal reasons. You also have the right to object to processing of your information for direct marketing at any time; note that Flex does not currently send marketing newsletters, and the only emails we send relate to your account, your support requests, or required updates to our Terms, this Policy, or our Community Standards. You may also have the right to complain to your local data protection supervisory authority.

Legal Bases: Certain data protection laws (such as those in the EEA, the UK, and Switzerland) require us to identify a valid legal reason (called a "legal basis") before we collect, use, share or otherwise process your personal information. Common legal bases include:

• Contract: When processing personal information is necessary to perform our contract with you (our Terms) or to take steps at your request before entering into a contract.
• Consent: When you've given us permission to use your information for a specific reason. You have the right to withdraw your consent at any time.
• Legitimate interests: When we use your information in ways that are expected and that do not unfairly affect your rights.
• Legal obligation: When we're required to process your information by law.
• Vital interests: When processing is needed to protect someone's life or safety.

We rely on these legal bases for our main processing activities as follows:

• Providing the Services — creating and managing your account, recording your activities, enabling GPS-based features, facilitating interactions with other users, and sending you service-related notifications: Contract.
• Processing health data (such as heart rate from a connected sensor) and other special category data: your explicit consent, which you may withdraw at any time.
• Processing precise geolocation for core ride-tracking features: Contract, supported by the device-level location permission you grant.
• Improving and securing the Services, analytics, troubleshooting, developing AI Features, and protecting users and our platform: Legitimate interests (or Consent where required, such as for non-essential analytics technologies on our web pages).
• Meeting legal and regulatory obligations and responding to lawful requests: Legal obligation, and where necessary Vital interests to protect someone's safety.

Cross Border Data Transfers: We are based in Taiwan and process personal information on cloud infrastructure located in the United States. Our primary data stores are hosted on Google Firebase (multi-region nam7, with data centers in Iowa and Northern Virginia, United States) and Amazon Web Services (region us-east-1, Northern Virginia, United States). As the data controller, Hyena Inc. is established in Taiwan, and our staff in Taiwan access personal information to operate, maintain, support, and develop the Services. If you are located outside of the United States and choose to use the Services or provide information to us, you acknowledge and understand that your information will be transferred to, processed, and stored in the United States and Taiwan.

Whenever we transfer personal information internationally, we use legal mechanisms, such as the European Commission's Standard Contractual Clauses ("SCCs"), to ensure the protection of your personal information in accordance with applicable data protection law. Our transfer of personal information to Amazon Web Services is governed by the AWS GDPR Data Processing Addendum, which incorporates the SCCs and applies automatically under the AWS Service Terms. Our transfer of personal information to Google Firebase is governed by the Google Cloud / Firebase Data Processing Terms, which incorporate the SCCs and which we have accepted for the Flex project. Access to this information by our own staff in Taiwan is carried out by us in our capacity as the data controller, and this processing remains subject to the GDPR, including through our appointed EU and UK representatives. If you have further questions about this or would like to request copies of the applicable safeguards used to transfer your information internationally, please contact us.

9. Notice For Individuals Residing In Certain US States

Residents of certain US states, such as California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, and other states to the extent they enact similar privacy laws, may have additional rights under your corresponding state laws (collectively, "US State Privacy Laws").

Categories of Personal Information Collected, and Disclosed: Our Policy describes how we collect, use, and disclose your personal information.

Data Subject Rights: Only you or someone legally authorized to act on your behalf may make a request related to your personal information. Please see Your Privacy Rights and Choices for a list of rights we provide to you, as well as how to exercise them. We describe below additional rights that may be available to you under US State Privacy Laws.

• No Sale or Sharing for Targeted Advertising: We do not sell your personal information, and we do not share your personal information for cross-context behavioral (targeted) advertising. Because we do not engage in these activities, no opt-out is required; however, if our practices change, we will update this Policy and provide an opt-out mechanism. Do Not Track ("DNT") is a privacy preference you can set in your web browser. Because our native app does not use a browser, DNT does not apply to it; for our web pages, we do not currently respond to DNT signals.
• Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than with your consent to provide the Services, or as otherwise permitted by law.
• Non-Discrimination: We will not discriminate against you for exercising any of your US State Privacy Law rights.
• Appeal: You may have the right to appeal our decision regarding a request related to your privacy rights.

Authorized Agents: You may appoint an authorized agent to exercise any of your privacy rights on your behalf. To verify that your authorized agent acts on your behalf, we will ask for proof from your agent and may require that you also verify your identity.

10. Consumer Health Data (Washington and Nevada Residents)

If you are a resident of Washington State or Nevada, applicable state consumer health data privacy laws — including the Washington My Health MY Data Act (SHB 1155, effective 2024) and the Nevada Health Data Privacy Act (SB 370, effective 2023) — provide you with additional rights regarding consumer health data we collect.

Consumer Health Data We Collect: When you choose to connect a compatible heart rate sensor and enable heart rate tracking, we collect heart rate readings during your rides. This data constitutes "consumer health data" under applicable state laws. Heart rate collection is entirely optional and requires you to connect a third-party sensor device; we do not collect heart rate data unless you take this action.

How We Use Your Health Data: We use your heart rate data solely to display performance summaries and statistics for your rides and to help you analyze your training. We do not use heart rate data for advertising, we do not sell it, and we do not disclose it to third parties without your prior consent.

Authorization: By connecting a compatible heart rate sensor through the Services, you authorize us to collect and process your heart rate data as described above. You may withdraw this authorization at any time by disconnecting your heart rate sensor in your device settings or by removing it from your account settings.

Your Rights Regarding Consumer Health Data:

• Access: You may request a copy of the consumer health data we hold about you. You can access this information through Settings → Export Data in the app, which includes heart rate data associated with your recorded rides. You may also contact us using the information in the Contact Us section.
• Confirm: You may request that we confirm whether we are collecting or disclosing your consumer health data, and with whom.
• Withdraw authorization: You may disconnect your heart rate sensor at any time to stop future collection. Heart rate data already associated with recorded rides will remain until you delete those activities or your account.
• Delete: You may delete individual ride activities (including their associated heart rate data) from within the app. You may also delete your entire account and all associated data — including heart rate data — under Settings → Delete Account. If you are unable to access the app, you may request deletion by contacting us.

Contact: For questions or to exercise your rights regarding consumer health data, please contact us at flex@hyenatek.com.

Appeal: If we deny your request regarding consumer health data, you may appeal by contacting us at flex@hyenatek.com. If your appeal is unsuccessful, you may raise a concern with the Washington State Attorney General at www.atg.wa.gov/file-complaint or the Nevada State Attorney General at ag.nv.gov.

11. Privacy Policy Updates

Flex reserves the right to modify this Policy at any time. If we make changes to this Policy, we will post the revised policy and its effective date on our website. If we make changes we deem to be material, we will provide prominent, advance notice. If you object to any changes to this Policy, you should stop using the Services and delete your account.

12. Contact Us

If you have questions about our privacy practices, this Policy, or would like to contact us, you can reach us at:

Hyena Inc. No.25, Jingke N. Rd., Nantun Dist., Taichung City 408, Taiwan (R.O.C.) flex@hyenatek.com

For EU/EEA and UK data protection inquiries, you may also contact our EU and UK Representative at art-27-rep-hyenatec@rickert.law.