Privacy Policy
This SoonBody Privacy Policy (the “Privacy Policy“) strives to protect user privacy and information when using any system or being in contractual relationship between Moonway LLC as a service provider and any natural person as a service user.
BY USING THIS WEBSITE https://green-diet-soonbody.com/ (the “Website”), SoonBody progressive Web App (the “PWA”) OR ANY OTHER SYSTEM / ONLINE ECOSYSTEM USED BY Moonway LLC TO PROVIDE YOU SERVICES (collectively - the “System“), YOU AGREE TO THE PRIVACY POLICY, WHICH MAY GET UPDATED WITHOUT PRIOR NOTIFICATION.
1.1 Moonway LLC is a legal entity, incorporated under the laws of the State of Delaware, USA, legal entity file No. 6719444, address 8 The Green, Suite B, Dover, DE 19901, USA (the “Company” / “us” / “we”). The Company is the authorized seller and Merchant of Record for the Services. The System is powered by a proprietary platform owned and technically managed by our affiliated technical operator (the "Platform Owner").
1.2 Any person using Company’s services / systems is considered to be a client of the Company (the “Client” / “You”).
1.3 The Company and the Client are legally bound by the Terms of Service (the “Agreement”) which governs the contractual relationship between the Company as a service provider and the Client, any natural person, as a service user, or a user of System prior to / without logging-in / creating an account (Account).
1.3.1 The Company provides a comprehensive digital wellness platform, SoonBody, which utilizes data-driven insights to deliver personalized weight management and lifestyle improvement programs. These Services include, but are not limited to, individualized weight-loss and fitness guidance, structured meal plans, behavioral coaching, and progress-tracking tools (the “Services”), accessible via the System as indicated in this Agreement. In order to generate these tailored programs and provide more accurate and personalized recommendations, You may choose to provide certain lifestyle, nutrition, and physical activity data through an onboarding questionnaire. This information is processed solely to deliver the requested wellness programs and related Services; We do not require You to provide sensitive medical information, and any data submission is entirely voluntary and based on your free choice to achieve your desired wellness goals through our System.
1.3.2 The latest version of Agreement shall be available at Terms of Service
1.4 This Privacy Policy shall be applicable and interpreted in line with Agreement. The definitions set out in the Agreement shall be applicable to this Privacy Policy.
1.5 You can contact the Company by filling a question box on the Website in the “Contact us” section, as well as by sending us an email or inquiry to the mailing address at [email protected]. For the matters regarding this Privacy Policy, as well as regarding any privacy matter, we recommend contacting the Company via email, by sending Your inquiry to [email protected]
1.6 The Company shall have the right to unilaterally modify and / or update the Privacy Policy at any time without notice. The continuous use of the Services / System by the Client shall be deemed as acceptance of Privacy Policy in the last and most updated version. Any Client shall periodically check and assess the Privacy Policy. Any updated version of this Agreement comes in force at the moment it is published at the System.
1.7 There is the latest version of the Privacy Policy
1.8 By agreeing to the Agreement as per the rules set forth in the Agreement, You are automatically agreeing to the Privacy Policy. For the avoidance of doubt, You acknowledge understanding that by using System in any way prior to creating an Account (Clause 2 of the Agreement) or without logging-in to the System (for example, when browsing the Website), You are also bound by this Privacy Policy and Your data / information may be collected by the Company automatically.
1.9 If You disagree to be bound by the Privacy Policy in any scope or way, You must not use or must immediately cease Your use of the Services, System or any part of it, as well as its features and functionalities.
1.10 The Company values the trust that You place in the Company when using Services / System. For this reason, privacy and data security are extremely important to the Company. It is very important to the Company that You feel safe when You visit our System and use our Services, as well as in all other business transactions with the Company. As soon as You use Company’s System / Services, You entrust Company with the processing of Your personal data. The Company wants to offer You the best possible experience with the System to ensure that You can enjoy using Services now and in the future. That is why the Company wants to understand user behaviour on the System in order to continuously improve it. The processing of Your personal data is therefore not only necessary for the provision of Services, but also to improve user-friendliness. Therefore, in this Privacy Policy You are informed which personal data the Company collects from/about You, how the Company processes it and to whom the Company passes it on in detail. In addition, the Company informs you about the precautions it takes to protect Your personal data, what rights You have in this context and who You can contact regarding data protection issues.
1.11 In the light of the above, the Company strives to protect Your privacy and obliges to process Your personal data in accordance with the following rules and principles:
1.11.1 Processing shall be performed lawfully, fairly, and in a transparent manner.
1.11.2 Personal data must be adequate and limited to what is necessary in relation to the purpose for which it is processed.
1.11.3 Personal data shall be accurate and, where necessary, kept up to date.
1.12 This Privacy Policy is prepared in accordance with applicable United States federal and state privacy laws, including but not limited to the California Consumer Privacy Act (the “CCPA”).
1.13 With regard to the terms used in this Privacy Policy, such as “Personal Information,” “Consumer,” “Business Purpose,” and “Service Provider,” we refer to the definitions set forth in the CCPA and other applicable US state privacy statutes. Any reference to “Processing” shall be understood as the collection, use, storage, or disclosure of information as defined under these applicable laws.
2.1 This Privacy Policy applies to all persons who use the System / Services or otherwise interacts with the Company (e.g. business partners, interested parties, service providers, etc.). Generally, those persons who are hereinafter referred to as “Client” or “You”.
2.2 The Company’s System and Services are not meant for anyone under the legal age. Only people of legal age are allowed to use System, Services and register for an Account. The Company therefore do not knowingly collect personal data from minors. So, if You are under 18 years of age / under legal age under the laws imperatively applicable to You, please do not use the System / Services and do not provide us with any personal data.
3.1 For the purposes of the CCPA and other applicable US privacy laws, the Company is a “Business” (the entity that determines the purposes and means of processing Consumers' Personal Information).
3.2 This Privacy Policy applies to the collection and processing of Personal Information by the Company from the Client (You) residing within the United States. You acknowledge that the Company may utilize infrastructure, global affiliates, or service providers located in various jurisdictions to perform the Services.
3.3 If You have any questions regarding the processing of Your personal data and the exercise of Your rights under the GDPR, You can contact our team: [email protected]
3.4 To protect Your privacy and security, the Company requires a verifiable client request for certain inquiries. We may require additional identification data from You to ensure that Personal Information is only disclosed to the authorized Client.
3.5 Obligations of the Company:
3.5.1 Data Hosting and Transfers. The Company manages Personal Information primarily within the United States. However, your information may be stored or processed in any country where we or our service providers maintain facilities. By using the System, you understand that your information may be transferred to and maintained on computers located outside of your state or country.
3.5.2 Data Protection. The Company shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information, designed to protect Personal Information from unauthorized access, destruction, use, modification, or disclosure.
3.5.3 Data Breach Notification. In the event of a security breach involving unauthorized access to unencrypted Personal Information, the Company shall comply with applicable US state data breach notification laws. Notifications will be made as expeditiously as possible and without unreasonable delay, consistent with the legitimate needs of law enforcement.
3.5.4 Data Retention. The Company shall not retain Personal Information for longer than is reasonably necessary for each disclosed business purpose. Following this period, the Company shall securely delete or de-identify the information.
3.5.5 Sensitive Personal Information. In general, the Company does not process "Sensitive Personal Information" (such as social security numbers or precise geolocation). If you choose to provide such data, the Company will only process it to provide the Services. You have the right to limit the use of your Sensitive Personal Information.
4.1 Sources of Collection. The Company collects Personal Information from You in the course of providing the Services, when You use the System, contact us for support, or as a result of Your direct relationship with any of our personnel. We also collect information automatically via cookies and tracking technologies when you interact with the System.
4.2 Categories of Personal Information Collected. In the preceding 12 months, the Company has collected and may continue to collect the following categories of Personal Information:
4.2.1 Identifiers and Contact Data. When creating a new user Account or communicating with the Company, we process basic details such as Your name, alias, and contact information (e.g., email address).
4.2.2 Commercial and Order Data. In the context of ordering Services, we process information relating to the specific subscription plan or service You are seeking, as well as records of products or services purchased or considered.
4.2.3 Financial Data. For the purpose of processing payments, subscriptions, and refunds, we (or our third-party payment processors or other third-parties) process payment details, including transaction IDs, payment methods, and truncated credit card information.
4.2.4 Internet or Other Electronic Network Activity (Log Data). During Your use of the System, we automatically collect data including, but not limited to: IP address, traffic data, transaction timestamps, computer or mobile device information, operating system, browser type, device type, and unique device identification numbers.
4.2.4.1 Usage Information: We track the frequency, time, and length of visits, as well as page interaction data and crash reports.
4.2.4.2 Cookies and Analytics: We collect data via cookies and services such as Google Analytics, which may include access dates/times and unique device identifiers. This data may be used in an aggregate or de-identified format.
4.2.5 Advertising and Marketing Data. If You visit the System or our social media sites, we may process statistical and marketing data, including: visitor counts, click-through rates, target group demographics, and consumer behavior/preferences derived from cookies and similar technologies (e.g., pixels, ClearGIFs).
4.2.6 Photo, video and audio data. When we attend or organize events or fairs or conduct interviews with people, or You visit our offices or our meetings and events, or You conduct video / phone conversations or other communication with our team, we may take photos and other recordings of such events / communication and process photo, video and audio data, as well as data on time, location, participant list, etc. However, we will always inform You separately about any such recordings by photographic or video images and / or audio recordings.
4.2.7 Hiring data. If You apply for a job on the System, social media (for example, via LinkedIn), we may process data that is necessary for the recruitment process, for example: contact details, curriculum vitae, qualifications, police clearance certificate, credit report, national identity documents such as passport, driver's license and the data from all of these documents, links to Your portfolio or social media platforms, etc.
5.1 Operational and Contractual Purposes. The Company processes Personal Information to fulfill our contractual obligations to You under the Agreement, including:
5.2 Consent-Based Processing. In certain circumstances, we may ask for Your express consent to process Your Personal Information for specific purposes not otherwise covered by this Privacy Policy.
5.3 Legal Compliance and Fraud Prevention. We process Personal Information to comply with our legal obligations and protect the integrity of the System:
5.4 Publicly Available Information. The Company may process Personal Information that You have voluntarily made public (for example, information shared on public social media profiles or public forums), in accordance with applicable law.
6.1 The Company maintains a presence on various social media platforms to communicate with active and potential Clients and to share news regarding Services. When You access these platforms, the terms of service and privacy policies of those specific operators apply. You acknowledge that these platforms may process Your data in jurisdictions with different legal frameworks than Your own.
6.2 Third-Party Tracking. As part of the technical processes of various social media platforms (e.g., Meta, Google, X), these providers may identify if You are logged into Your social media account while visiting the System. This data is collected by the social media platforms and assigned to Your social media accounts, regardless of whether You interact with our specific content on those platforms. To prevent this association, You should log out of Your social media accounts before using the System.
6.3 Disclaimer of Liability. The activities, data collection, and processing practices of social media companies are not controlled by the Company. We do not accept any liability for any damage or loss You may suffer resulting from the use of Your data by these third-party operators.
6.4. Direct Communication. The Company only processes Personal Information from social media users when they communicate directly with us via such platforms (e.g., direct messages, likes, comments, or customer inquiries). In these instances, the Company is responsible only for the processing of data that we directly receive and record. All other background data processing [email protected] is the exclusive responsibility of the platform provider.
6.5 Opt-Out and Rights. For detailed information on how social media providers process Your data and Your options for objecting (opting out), please refer to the respective privacy policies of those providers. Requests for information or the exercise of privacy rights regarding data held by social media operators must be directed to the providers themselves.
6.6 Social Media Accounts. The Company utilizes the following accounts to engage with You:
6.6.1 Facebook account – accessible using this link: ________ We use Page Insights function to process statistic data from users on Facebook (https://www.facebook.com/legal/terms/page_controller_addendum). More information about data collected by Facebook and Your preferences is available here: https://www.facebook.com/privacy/center/
6.6.2 Instagram account – accessible using this link: ______
More information about data collected by Instagram and Your preferences is available here: https://help.instagram.com/155833707900388
6.7 Updates to Accounts. The list of social media accounts is non-exhaustive and subject to change. The Company provides links to third-party privacy policies for Your convenience only; we do not guarantee that these third-party links are up-to-date or valid.
6.8 Verification. You should always verify that a social media account is officially operated by the Company before revealing any Personal Information.
6.9 Security and Anti-Phishing. You acknowledge that SMS, messaging apps, and email services are susceptible to spoofing and phishing attacks. Always use the secure communication tools within the System or contact us directly at [email protected] if You are unsure of the authenticity of any communication. The Company is not responsible for any loss or unauthorized access resulting from spoofing, phishing, or other fraudulent third-party attacks.
7.1 Depending on Your state of residence, You may be entitled to the following rights regarding Your Personal Information:
7.1.1 Right to Know and Access. You have the right to request that the Company disclose certain information to You about our collection and use of Your Personal Information over the past 12 months. Once we receive and confirm Your verifiable client request, we will disclose to You:
7.1.1.1 The categories of Personal Information we collected about You.
7.1.1.2 The categories of sources for the Personal Information we collected about You.
7.1.1.3 Our business or commercial purpose for collecting or sharing that Personal Information.
7.1.1.4 The categories of third parties with whom we disclose that Personal Information.
7.1.1.5 The specific pieces of Personal Information we collected about You
7.1.2 Right to Delete. You have the right to request that the Company delete any of Your Personal Information that we collected from You and retained, subject to certain exceptions (such as if the data is necessary to complete a transaction, detect security incidents, or comply with a legal obligation).
7.1.3 Right to Correct. You have the right to request that the Company correct inaccurate Personal Information that we maintain about You, taking into account the nature of the Personal Information and the purposes of the processing.
7.1.4 Right to Opt-Out of Sale or Sharing. You have the right to direct the Company not to "sell" Your Personal Information for monetary value or "share" Your Personal Information for cross-context behavioral advertising or targeted advertising purposes.
7.1.4.1 While the Company does not sell Personal Information for monetary payment, our use of third-party advertising and analytics cookies may constitute "sharing" or "processing for targeted advertising" under certain state laws. You may exercise Your opt-out rights through our cookie management tool or by sending a request to [email protected]
7.1.5 Right to Limit Use of Sensitive Personal Information. If the Company processes "Sensitive Personal Information" (as defined by state law), You have the right to request that we limit our use of such information to that which is necessary to perform the Services.
7.1.6 Right to Non-Discrimination. We will not discriminate against You for exercising any of Your privacy rights. Unless permitted by law, we will not deny You goods or services, charge You different prices, or provide a different level of quality of services.
7.1.7 Right to Withdraw Consent. Where processing is based on Your express consent (e.g., for direct marketing), You have the right to withdraw that consent at any time.
7.1.7.1 Withdrawal can be managed via the settings in Your Account or by emailing [email protected]
7.1.7.2 Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
7.2 Verification Process. To exercise the rights described above, please submit a verifiable client request to the Company via email: [email protected] or on Website through the "Contact us" section.
Only You, or a person registered with the appropriate state authority that You authorize to act on Your behalf, may make a verifiable client request related to Your Personal Information. We cannot respond to Your request if we cannot verify Your identity or authority to make the request.
7.3 Response Timing and Format. We endeavor to respond to a verifiable client request within 30 days of its receipt. If we require more time (up to 90 days), we will inform You of the reason and extension period in writing.
7.4 In the United States, privacy rights are enforced by state and federal authorities. If You believe Your rights have been violated, You may have the right to lodge a complaint with the Federal Trade Commission (FTC) or the Attorney General of Your state of residence:
7.4.1. Universal Opt-Out Mechanisms. Our System is in process to be configured to automatically detect and honor Global Privacy Control (GPC) signals. If our System detects that your browser is transmitting a GPC signal, we will treat this as a valid request to opt-out of the 'sharing' of your personal information for targeted advertising for that browser.
7.5. If the Company declines to take action on Your request to exercise a privacy right, You may have the right to appeal our decision depending on Your jurisdiction of residence. To initiate an appeal, please contact us at [email protected] within 45 days of receiving our notice of denial. We will respond to Your appeal in writing within the period required by applicable law, providing a detailed explanation of our decision and, where required, information on how to contact the relevant regulatory authority or Attorney General to lodge a further complaint.
7.6. Although the System is intended for use within the United States, if you are visiting from the European Economic Area (EEA) or other regions with laws governing data collection and use, please note that your Personal Information is being processed by the Business and its global affiliates in accordance with this Policy. We provide all users, regardless of location, the ability to exercise the rights of access, correction, and deletion as described in this Section.
8.1 Commitment to Security. The security of Your Personal Information is of paramount importance to the Company. We maintain a comprehensive information security program consisting of administrative, technical, and physical safeguards designed to protect Personal Information from unauthorized access, destruction, use, modification, or disclosure.
8.2 Technical and Organizational Measures. To ensure a level of security appropriate to the risk, the Company has implemented the following measures:
8.2.1 Staff training.
8.2.2 SSL encryption on the System from which we transfer personal data.
8.2.3 Ensuring the confidentiality, integrity, availability and resilience of the System and Services.
8.2.4 Use of encrypted systems.
8.2.5 Pseudonymization and anonymization of personal data.
8.2.6 Entry, access and transfer control for our offices and systems.
8.2.7 Measures of quick restoring of the personal data availability in the event of a physical or technical incident.
8.2.8 Measures for privacy by design and default on our platform such as preventing user enumeration.
8.2.9 Implementation of procedures for the regular review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the security of processing, e.g. our bug bounty program.
8.2.10 Internal IT security practices and monitoring, internal communication and fast response approach.
8.2.11 Incident-response management.
8.3 To facilitate our global operations and provide the Services, the Company may transfer, store, and process Your Personal Information in jurisdictions other than Your country or state of residence. These jurisdictions may have data protection laws that differ from those in Your home territory.
8.3.1 By using the System and providing Your Personal Information, You acknowledge and consent to this international transfer and processing.
8.3.2 The Company takes steps designed to ensure that Your Personal Information receives an adequate level of protection in the jurisdictions where it is processed, regardless of the local standards of data protection.
8.4 When we transfer Personal Information across borders or to third-party partners, we implement appropriate safeguards designed to ensure that Your data remains protected in accordance with this Privacy Policy. These measures include, where applicable, entering into data processing agreements that incorporate standard contractual clauses or similar legal frameworks approved by relevant regulatory authorities to ensure a level of data protection consistent with applicable legal requirements.
8.4.1 Subject to applicable legal requirements, we ensure that any recipient of Your Personal Information is contractually obligated to provide at least the same level of privacy protection as is required by this Privacy Policy and applicable US law.
8.4.2 We conduct due diligence on our service providers to verify that they maintain reasonable security practices appropriate to the nature of the information we entrust to them.
9.1 General Principles. The Company will only disclose Your Personal Information to the extent described in this Privacy Policy or as specifically instructed by You at the time of collection. The Company does not sell Your Personal Information to third parties for monetary compensation.
9.2 Internal Disclosure. Within the Company, access to Your Personal Information is restricted to those employees, departments, or contractors who require the information to fulfill our contractual and legal obligations. This includes teams responsible for account management, technical support, and the maintenance and improvement of the Services.
9.3 Service Providers. We disclose Personal Information to third-party Service Providers that perform functions on our behalf. These include, but are not limited to:
All such Service Providers are contractually prohibited from retaining, using, or disclosing Your Personal Information for any purpose other than the specific business purpose specified in their contract with the Company.
9.4 Affiliates and Distribution Partners. To facilitate our day-to-day business operations and provide the Services, the Company may share Personal Information with our parent companies, global affiliates, and distribution partners. When we share information within our corporate group, we ensure that such information is protected by internal data sharing agreements that meet the standards set forth in this Policy.
9.5 Legal and Safety Disclosures. We may disclose Your Personal Information to third parties (i) if we are required to do so by law, regulation, or legal process (such as a subpoena or court order); (ii) to respond to requests from government agencies or law enforcement authorities; (iii) if we believe disclosure is necessary to prevent physical harm or financial loss; or (iv) in connection with an investigation of suspected or actual fraudulent or illegal activity.
9.6 Business Transfers. In the event that the Company is involved in a merger, acquisition, reorganization, or sale of assets, Your Personal Information may be transferred as part of that transaction. We will provide notice before Your Personal Information is transferred and becomes subject to a different privacy policy.
9.7 Requested Transfers. The Company may transmit Your Personal Information to another person or entity at Your specific request and with Your express consent, or as necessary to fulfill a contract You have entered into with us.
10.1 Unless otherwise indicated in the notice / consent form, the Company shall keep Your personal information only for as long as necessary to:
10.1.1 To provide You with the Services You have ordered and to ensure proper use of System / Account.
10.1.2 To comply with laws, including mandatory data collection periods.
10.1.3 To support a claim or defence in court or to act in other judicial proceeding.
10.2 Identification and Account data shall be retained for the duration of Your relationship with the Company and thereafter for a period necessary to comply with legal obligations, resolve disputes, and enforce our legal agreements, unless a shorter period is required by applicable law.
11.1 The System operating now and in the future use cookies.
11.2 Insofar as those cookies are not strictly necessary for the provision of the System and Services, we will ask You to consent to our use of cookies when You first visit the System.
11.3 Cookies
11.3.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and stored by the browser. The identifier is then sent back to the server every time the browser requests a page from the server.
11.3.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiration date, unless deleted by the user before the expiration date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
11.3.3 Cookies may not contain any information that identifies a user personally, but personal data that we store about You may be linked to the information stored in and obtained from cookies.
11.4. We use cookies and similar tracking technologies to enhance your experience, ensure the security of our System, and analyze our performance. These technologies fall into the following functional categories:
11.4.1 We use Necessary Cookies to enable core System functionality, such as secure user login, page navigation, and access to your valuation reports. The System cannot function properly without these. Additionally, we use cookies as a security element to protect user accounts, prevent the fraudulent use of login credentials, and secure our Services generally.
11.4.2 We use Preference Cookies to remember information that changes the way the System behaves or looks, such as your preferred language, regional settings, or display preferences. These help us provide a more tailored experience.
11.4.3 We utilize Statistic Cookies to help us understand how users interact with our System by collecting and reporting information anonymously. This allows us to measure and improve the performance of our image recognition and valuation services.
11.4.4 We and our service providers (e.g., Google Analytics, Facebook Pixel) may use Marketing Cookies to track visitors across websites. The intent is to display advertisements that are relevant and engaging for the individual user.
11.4.5 We use cookies to record and honor your preferences regarding the use of non-essential cookies.
11.5 Managing cookies. Most browsers allow you to reject and delete cookies through their settings. For your convenience, up-to-date guides for major browsers are provided below:
11.5.1 https://support.google.com/chrome/answer/95647 (Chrome).
11.5.2 https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox).
11.5.3 https://help.opera.com/en/latest/security-and-privacy (Opera).
11.5.4 https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer).
11.5.5 https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari).
11.5.6 https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
11.6 Cookies preferences. You can manage Your preferences relating to the use of cookies on our System.
11.7 Service provider. The Company may use a third party service provider for handling cookies.
12. You can contact us via the “Contact us” section, by email sending Your inquiry to [email protected] or by sending us letter to our registered address