Privacy Policy

For the purposes of this Notice, the data controller is Robin Health S.r.l., VAT number and Tax Code 13677690961, with registered office in Milan (MI), Via Angelo della Pergola n. 7, 20159 ("Data Controller").

Any User request relating to the Processing carried out by the Data Controller and concerning their Personal Data (including the exercise of the rights referred to in point 7 below) should be addressed to Robin Health S.r.l. by mail to the registered office, or by email to the following address: privacy@robin.health.

The Data Controller processes the following categories of Users' personal data (collectively, "Personal Data"):

1. Personal Data provided directly by the User: these include information that the User chooses to share spontaneously with the Data Controller during registration and use of the App, including:
   1. Identification and contact data: name, surname, email address, telephone number (optional). If the User registers or logs in using third-party credentials (Google, Facebook or Apple), the Data Controller receives from the relevant provider the identification and contact data necessary for authentication;
   2. Health Data: weight, height, body mass index (BMI), body circumferences, blood pressure, physical activity levels and other parameters indicated by the User (such as blood test values or other conditions provided spontaneously by the User), as well as data concerning the User's mood and state of mind recorded by the User, including for the purpose of generating the Weekly Report;
   3. Data relating to eating habits: information on foods consumed, meal times, food preferences, dietary restrictions, food allergies or intolerances (if indicated by the User);
   4. Uploaded content: photographs, textual descriptions and voice recordings of meals. Voice recordings are processed solely for the purpose of transcription and nutritional analysis and are not retained by the Data Controller after such processing;
   5. Data relating to physical activity: type of activity performed, duration, intensity, estimated calories;
   6. Information on medications: name of medications, dosage, frequency of intake, symptoms (if indicated by the User).
2. Personal Data collected automatically: these include data whose collection occurs automatically during use of the App, including:
   1. App usage data: features used, frequency and duration of use, interactions with the App;
   2. Device data: device type, operating system, App version, unique device identifiers, IP address;
   3. Geolocation data: only if the User has expressly consented to access to their location through device settings and only when using the App;
   4. Data collected through cookies and similar technologies: click here to view our Cookie Policy.
3. Personal Data from wearable devices and other applications: if the User decides to synchronize the App with wearable devices or other applications for health and physical activity monitoring, the Data Controller may receive data relating to:
   1. Physical activity: steps, distance traveled, calories burned;
   2. Physiological parameters: heart rate, blood oxygen levels, sleep quality;
   3. Other data: depending on the type of device or synchronized application.
4. Data relating to the Subscription and use of the Plus Services: in the event of a Subscription to the Plus Services, the Data Controller processes data relating to the type of Plan subscribed, the status of the Subscription, the dates of activation, renewal and any cancellation, any use of the Trial Period, as well as the transaction identifiers communicated by the Store.

The Data Controller does not collect or process data relating to the User's payment method, such as card number or bank details, which are processed exclusively by the Store (Apple App Store or Google Play Store) in accordance with the relevant privacy notice.

Health Data (as defined in art. 4, par. 15 of the GDPR) collected through the App is processed only with the explicit consent of the User.

The processing of Personal Data is carried out both with manual and computer tools, in compliance with the security measures provided for by current legislation. Personal Data is processed exclusively by authorized personnel and by third parties specifically appointed by the Data Controller (as better indicated in point 3 below), in compliance with the principles of correctness, lawfulness, transparency, data minimization, accuracy, storage limitation, integrity and confidentiality.

The App and the related Services are reserved exclusively for natural persons who have reached the age of eighteen, in compliance with the Terms and Conditions of use. The Data Controller does not knowingly collect Personal Data of minors. Should the Data Controller become aware that it has processed the Personal Data of a minor in the absence of legal grounds, it will promptly delete such data without undue delay.

Users' Personal Data will be processed exclusively by the Data Controller's employees and collaborators – expressly appointed as persons authorized to process data pursuant to art. 29 of the GDPR and 2-quaterdecies of the Privacy Code – or by companies and professionals – expressly appointed as data processors pursuant to art. 28 of the GDPR or operating as autonomous data controllers – which the Data Controller uses for the specific purposes referred to in this Notice.

In particular, Users' Personal Data may be communicated to the following categories of recipients:

1. Authorized personnel of the Data Controller: employees and collaborators of the Data Controller who need to access Personal Data for the performance of their duties, duly authorized and instructed in matters of personal data protection;
2. Technology service providers: third parties who provide technological services to the Data Controller (for example, hosting services, cloud services, App development and maintenance services, artificial intelligence services, app usage analytics and measurement services, communication delivery services, technical assistance services) and who act as data processors, duly appointed pursuant to art. 28 of the GDPR;
3. Store Operators: with reference solely to Subscriptions to the Plus Services, Apple Distribution International Limited and Google Ireland Limited, which respectively operate the Apple App Store and the Google Play Store, act as autonomous data controllers in relation to the management of the payment process, automatic renewal and any refund requests, in accordance with their respective privacy notices;
4. Professionals and consultants: lawyers, accountants, consultants and other professionals used by the Data Controller for operational, fiscal and/or legal needs;
5. Public authorities: the Data Controller may be required to communicate Personal Data to public authorities, such as law enforcement or judicial authorities, in case of legitimate requests and in compliance with applicable laws.

The Personal Data of data subjects will never be disseminated, that is, knowledge of them will not be given to unspecified subjects, in any form, including through their simple making available or consultation.

In compliance with the principles of lawfulness, correctness, transparency, adequacy, relevance and necessity referred to in art. 5, par. 1, of the GDPR, the Data Controller will process your Personal Data for the following purposes:

1. Allow registration and access to the App [contract performance].

   This purpose includes the processing of Personal Data necessary to create and manage the User's Account, authenticate the User during access to the App, and manage profile preferences and settings. The legal basis for this processing is the performance of the contract to which the User is a party (art. 6, par. 1, lett. b) of the GDPR). Failure to provide the data necessary for this purpose will result in the impossibility of registering and using the App.

2. Provide the services requested through the App [contract performance/consent].

   This purpose includes the processing of Personal Data necessary to provide the User with all the functionalities of the App, as described in the Terms and Conditions of use, including:

   1. Registration and analysis of food through photographs;
   2. Acquisition of food data through textual descriptions;
   3. Acquisition of nutritional information relating to foods through scanning of barcodes and labels;
   4. Synchronization with wearable devices and other applications for wellness monitoring;
   5. Access to informational material on nutrition, physical activity and general wellness;
   6. Sending notifications and reminders relating to meal registration, medication intake or physical activity execution;
   7. Registration and monitoring of personal parameters;
   8. Analysis of trends relating to nutrition, physical activity and other health parameters monitored by the User;
   9. Functionalities that allow the User to share their data with healthcare professionals of their choice. By activating sharing, the User enables the designated professional to access, through a dedicated interface, the User's data recorded in the App, including food logs, biometric parameters and data relating to medication intake, for the entire duration of the sharing. The User may revoke sharing at any time, with immediate effect on the professional's access. The healthcare professional accessing the data so shared acts as an autonomous data controller for the purposes of care, assistance or consultancy that pertain to them;
   10. Physical activity monitoring.

   The legal basis for this processing is the performance of the contract to which the User is a party (art. 6, par. 1, lett. b) of the GDPR). Regarding Health Data, the legal basis is the explicit consent of the User (art. 9, par. 2, lett. a) of the GDPR). Failure to provide the data necessary for this purpose will result in the impossibility of using the specific functionalities of the App for which such data is required.

3. Management of Plus Services Subscriptions [contract performance].

   This purpose includes the processing of Personal Data necessary to perform the Plus Services Subscription contract, including the activation and management of the subscribed Plan, the management of the Trial Period, automatic renewal, cancellation and the purchase restore functionality, as well as the enablement and delivery of the Programs and the Weekly Report. The legal basis for this processing is the performance of the contract to which the User is a party (art. 6, par. 1, lett. b) of the GDPR) and, limited to Health Data processed in the context of such Services, the explicit consent of the User (art. 9, par. 2, lett. a) of the GDPR). Failure to provide the data necessary for this purpose will result in the impossibility of subscribing to and using the Plus Services.

4. Improve the App and optimize its functionalities [legitimate interest].

   This purpose includes the processing of Personal Data to analyze the use of the App, identify trends and preferences of Users, improve existing functionalities, develop new functionalities and optimize App performance and usability. The legal basis for this processing is the legitimate interest of the Data Controller (art. 6, par. 1, lett. f) of the GDPR) to improve its services and offer a personalized experience to Users. In evaluating the balance between its legitimate interest and the User's rights and freedoms, the Data Controller has considered that: (i) the processing of data for this purpose has a limited impact on the User's privacy, as it is predominantly based on aggregated and analytical data; (ii) the improvement and personalization of the App brings direct benefits to the User in terms of user experience; (iii) the reasonable expectations of the User include that the App is continuously improved and adapted to their needs.

   The User has the right to object at any time to this processing following the indications referred to in point 7 of this Notice.

5. Respond to assistance and support requests [legitimate interest].

   This purpose includes the processing of Personal Data necessary to provide technical assistance to the User, resolve technical problems, respond to questions or complaints, and offer support in using the App. The legal basis for this processing is the legitimate interest of the Data Controller (art. 6, par. 1, lett. f) of the GDPR) to ensure the proper functioning of the App and User satisfaction. In evaluating the balance between its legitimate interest and the User's rights and freedoms, the Data Controller has considered that: (i) the User has a direct interest in receiving assistance and support; (ii) the processing is limited to data strictly necessary to provide the requested support; (iii) the reasonable expectations of the User include the possibility of receiving assistance in case of problems or questions.

   The User has the right to object at any time to this processing following the indications referred to in point 7 of this Notice.

6. Send informative and/or promotional communications (newsletters) [consent].

   This purpose includes the processing of contact data (specifically, the email address) for sending periodic informative and/or promotional communications regarding the App's features, updates in the health and wellness sector, events, or the Data Controller's commercial initiatives. The legal basis for this processing is the User's consent (art. 6, par. 1, lett. a) of the GDPR). Providing data for this purpose is entirely optional. Failure to provide consent, or its subsequent withdrawal, will in no way affect the possibility of using the other services offered by the App, but will only result in the impossibility of receiving the aforementioned informative/promotional communications. The User may withdraw their consent at any time by accessing their profile settings or through the methods indicated at the bottom of each communication.

7. Comply with obligations imposed by law [compliance with a legal obligation].

   This purpose includes the processing of Personal Data necessary to comply with legal obligations, regulations, national or Community regulations, or requests from competent authorities. The legal basis for this processing is compliance with a legal obligation to which the Data Controller is subject (art. 6, par. 1, lett. c) of the GDPR). Failure to provide the data necessary for this purpose could result in the Data Controller's inability to fulfill its legal obligations.

8. Protect the Data Controller's rights [legitimate interest].

   This purpose includes the processing of Personal Data necessary to protect the rights and legitimate interests of the Data Controller, including fraud prevention, the exercise or defense of rights in court, the security of computer systems, and the protection of Users' data. The legal basis for this processing is the legitimate interest of the Data Controller (art. 6, par. 1, lett. f) of the GDPR) to protect its rights and interests. In fact, it constitutes a legitimate interest of the data controller to pursue means of recourse to ensure compliance with its contractual rights or to demonstrate that it has fulfilled the obligations arising from the contract with the data subject or imposed on the data controller by law. This legitimate interest, in turn, finds its foundation in the constitutionally protected right to defense.

   The User has the right to object at any time to this processing following the indications referred to in point 7 of this Notice.

9. Profiling for personalized suggestions [consent].

   This purpose includes the processing of Personal Data to create a User profile based on their eating habits, physical activity, biometric parameters and preferences, in order to provide personalized suggestions. The legal basis for this processing is the consent of the User (art. 6, par. 1, lett. a) of the GDPR and, for Health Data, art. 9, par. 2, lett. a) of the GDPR). Consent is provided through an unambiguous positive action at the time of registration or subsequently in the App settings. The User can revoke their consent at any time without prejudice to the lawfulness of processing based on consent given before revocation, following the indications referred to in point 7 of this Notice. Failure to consent or its revocation will result in the impossibility of receiving personalized suggestions, but will not prejudice the possibility of using the other functionalities of the App.

10. Conduct scientific research and statistical analysis in the nutrition, wellness, and health sectors [legitimate interest/consent]

    This purpose includes the processing of Personal Data collected through the App to the extent strictly necessary to produce aggregated or anonymized datasets that no longer allow for the identification of Users, even indirectly. These datasets may be used by the Data Controller and, where applicable, shared with selected research partners for the conduct of scientific studies and research, for the production of statistics on wellness and eating habits, as well as for the publication of results in an anonymous and aggregated form. For Personal Data not belonging to special categories, the legal basis for this processing is the Data Controller's legitimate interest (art. 6, par. 1, lett. f) of the GDPR) in carrying out research and development activities in the nutrition and wellness sector, also for the purpose of improving the quality and reliability of the services offered. In balancing its legitimate interest against the User's rights and freedoms, the Data Controller has considered that: research is conducted using aggregated or anonymized data as soon as possible; processing in identifiable or pseudonymized form is limited to the time strictly necessary for aggregation and anonymization operations. Regarding Health Data, the condition of lawfulness for the processing is represented by the explicit consent already provided by the User for the use of the App, pursuant to art. 9, par. 2, lett. a) of the GDPR, without prejudice to the fact that further processing for the production of aggregated or anonymized data for scientific research purposes is considered compatible with the initial purposes of using the App, in accordance with Recital 50 of the GDPR.

The User's Personal Data will be kept for the time strictly necessary to pursue the purposes for which they were collected, in compliance with the principles of minimization and storage limitation referred to in art. 5, par. 1, lett. e) of the GDPR.

Specifically, the User's Personal Data will be kept for the following periods:

1. Personal Data necessary for registration and access to the App:

   Personal Data collected for registration and access to the App will be kept for the entire duration of the contractual relationship, i.e. until deletion of the Account by the User or deactivation of the same by the Data Controller in the cases provided for by the Terms and Conditions of use. Following deletion of the Account, data will be kept for an additional period of 24 months for purposes of protecting the Data Controller's rights, unless retention for a longer period is required to comply with legal obligations or for the protection of rights in court.

2. Personal Data necessary to provide the services requested through the App:

   Personal Data collected to provide the services requested through the App, including Health Data, will be kept for the entire duration of the contractual relationship and for a maximum period of 24 months from deletion of the Account, unless retention for a longer period is necessary to comply with legal obligations or for the protection of rights in court.

3. Personal Data relating to the Subscription and use of the Plus Services:

   Data relating to the Subscription is kept for the entire duration of the Subscription and, subsequently, for the period necessary to comply with the accounting and tax obligations to which the Data Controller is subject, equal to 10 years, as well as for the protection of the Data Controller's rights in court, within the limits of the applicable statutory limitation periods. The Weekly Reports generated and the data relating to activated Programs remain stored in the User's Account in accordance with the terms set out in letter b) above.

4. Personal Data processed to improve and personalize the App:

   Personal Data processed to improve and personalize the App will be kept for a maximum period of 12 months from collection, after which it will be anonymized and kept in aggregate form for statistical and analysis purposes.

5. Personal Data processed to respond to assistance and support requests:

   Personal Data processed to respond to assistance and support requests will be kept for a maximum period of 24 months from resolution of the request, unless retention for a longer period is necessary for the protection of rights in court.

6. Personal Data processed to comply with legal obligations:

   Personal Data processed to comply with legal obligations will be kept for the period of time provided for by the specific applicable legislation.

7. Personal Data processed to protect the Data Controller's rights:

   Personal Data processed to protect the Data Controller's rights will be kept for the time necessary to pursue this purpose, and in any case no longer than the limitation periods provided for by law for the rights in protection of which the processing is carried out.

8. Personal Data processed for profiling and personalized suggestions:

   Personal Data processed for automated profiling and personalized suggestions will be kept until revocation of consent by the User and, in any case, for a period not exceeding 12 months from the last active use of the App by the User.

At the end of the aforementioned periods, Personal Data will be deleted or rendered anonymous, without prejudice to further retention necessary to comply with regulatory obligations or to allow the Data Controller to ascertain, exercise or defend a right in court.

For the provision of the App and the related Services, the Data Controller relies on certain providers that may process the User's Personal Data outside the European Union, in particular in the United States. In such cases, the Data Controller guarantees that all transfers are subject to the guarantees referred to in art. 45 of the GDPR (adequacy decisions) and/or to the appropriate safeguards described in art. 46 of the GDPR (standard contractual clauses approved by the European Commission, binding corporate rules, codes of conduct, certifications).

The User can request more information on the transfer of their Personal Data and on the safeguards adopted by contacting the Data Controller at the contact details indicated in point 1 of this Notice.

We inform you that, pursuant to and for the effects of the GDPR, for the periods referred to in article 5 of this Notice, you have the right to:

1. ask the Data Controller for access to Personal Data and information on related processing and possible copy in electronic format, except for specific different requests (art. 15 of the GDPR);
2. ask for rectification and/or integration of Personal Data, without unjustified delay (art. 16 of the GDPR);
3. for specific reasons (for example, unlawful processing, absence of the purpose of processing), ask for erasure of Personal Data, without unjustified delay (art. 17 of the GDPR);
4. when specific cases occur (for example, inaccuracy of Personal Data, unlawfulness of processing, exercise of a right in court), ask for restriction of processing (art. 18 of the GDPR);
5. in case of automated processing, receive Personal Data in readable format, for the purpose of communicating them to a third party, or, where technically feasible, ask for transmission of Personal Data by the Data Controller directly to such third party (so-called right to portability of Personal Data – art. 20 of the GDPR);
6. object at any time to the processing of Personal Data that has the Data Controller's legitimate interest as its legal basis (art. 21 of the GDPR). In case of exercise of the right to object, the Data Controller will refrain from further processing Personal Data, unless it demonstrates the existence of legitimate and compelling reasons for processing that prevail over the interests, rights and fundamental freedoms of the data subject, or for the ascertainment, exercise or defense of a right in court;
7. revoke consent at any time, limited to cases where processing is based on consent for one or more specific purposes, without prejudice to the lawfulness of processing based on consent given before revocation (pursuant to art. 13, par. 2, lett. c) of the GDPR);
8. be informed by the Data Controller, without unjustified delay, of any violations or unauthorized access by third parties to its systems containing Personal Data (so-called data breach – art. 34 of the GDPR);
9. lodge a complaint with the supervisory authority of the EU country where you habitually reside, work or where you believe the violation of your rights has occurred (art. 77 of the GDPR).

For further information regarding the terms and conditions for exercising your rights, you can consult the text of the GDPR published on the website of the Italian Data Protection Authority (www.garanteprivacy.it), or contact the Data Controller in the forms provided for in point 1 of this Notice.

Pursuant to art. 12 of the GDPR, the Data Controller will provide data subjects with information about actions taken in relation to a request for exercise of rights without unjustified delay and, in any case, within 1 (one) month of receiving the request. This term may be extended up to 3 (three) months in cases of particular complexity. The Data Controller, in this latter case, will inform data subjects of the extension and the reasons for the delay within 1 (one) month of receiving the request. If the data subject has submitted a request by electronic means, the information will be provided to them, where possible, by electronic means, unless they indicate otherwise.

This Notice may be subject to modifications and updates, including in consideration of any regulatory changes or evolution of services offered through the App. Changes will be communicated to Users through in-app notifications or other communication channels provided for by the Terms and Conditions of use. Updated versions of the Notice will be published in the App with indication of the date of the last update. Users are invited to periodically consult this page to verify any updates or modifications.

Last updated: May 27, 2026