1. Introduction
This Privacy Policy explains how JAB Productions PTE. LTD. (trading as Sokkai, "we", "us", or "our") collects, stores, uses, and shares personal data when you use the Sokkai mobile application (the "App") and the sokkai.com website (the "Website"), including all subdomains, products, and services (together, the "Services").
JAB Productions PTE. LTD. is a company incorporated in Singapore and is the registered data controller of the Services.
Sokkai is an AI-powered, all-in-one wellness platform designed for women. The Services include personalised fitness planning, nutrition guidance, menstrual cycle tracking, wellness data monitoring, and access to an AI-powered wellness information assistant.
We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the App. The latest version will always be available on our Website and in the App.
2. Personal Data We Collect From You
We collect personal data about you when you use the Services. This data may come directly from you, be collected automatically, or be received from third parties.
2.1 Personal Data You Provide to Us Directly
Account and General Information
When you register for or use the Services, we collect:
- name (first name or preferred name — optional)
- email address
- date of birth (month and year) or age
- password
- location (country and time zone)
- preferred language
- sex or gender (which may be inferred from your use of the Services)
Wellness Data
When using the Services, you may enter personal data that constitutes special category data (also referred to as sensitive personal data) under applicable law, including:
- weight, height, and BMI
- body temperature
- menstrual cycle details, including cycle length, flow, and period dates
- physical and mental wellness symptoms
- mood, stress levels, and emotional wellbeing
- sleep duration and quality
- energy levels
- daily fitness activity and workout completion
- nutritional intake and dietary information
- conditions, injuries, and medications (entered at onboarding or updated at any time)
- questions submitted to the AI wellness information assistant
Third-Party Services and Wearables
With your permission, Sokkai may connect to third-party services such as Apple HealthKit and Google Health Connect. This allows us to import your wellness and activity data automatically. Imported data may include:
- fitness activities and exercise data
- weight, height, and BMI
- calories burned
- heart rate and resting heart rate
- steps taken and distance travelled
- sleep patterns
- body temperature
Importing data from third-party services is subject to the privacy policies of those services. If you use a wearable device to connect to Sokkai, please also review that device provider's privacy policy.
2.2 Personal Data We Collect Automatically
When you use the Services, we may automatically collect:
Device Information
- device model and operating system version
- unique device identifiers
- enabled device accessibility features
- mobile operator and network information
- device storage information
Location Information
- IP address (used to determine approximate location only)
- country and time zone
- information about your mobile service provider
We do not collect your precise or exact location.
Usage Data
- frequency of use of the Services
- features and areas of the App you access or use
- payment transaction information (excluding full payment card details)
- engagement with specific features and content
We may use cookies and similar technologies to collect some of this information. Please refer to our Cookie Policy for further details.
2.3 Data Received From External Sources
We may receive personal data about you from third parties, including data enrichment providers, analytics partners, and marketing platforms, to enhance your existing data, personalise your experience, and support analytics.
3. How We Use Your Personal Data
We process your personal data on one or more of the following legal bases:
- Consent — you give us explicit permission to process your wellness data in order to provide the Services, including generating personalised fitness and nutrition plans and providing access to the AI wellness information assistant
- Contract — we process data necessary to fulfil our contractual obligations to you, including account management and subscription administration
- Legitimate Interest — we process data where we have a legitimate business interest, having assessed that this does not override your rights
- Legal Obligation — we may process data where required to comply with applicable laws and regulations
3.1 Purposes and Legal Bases
| Purpose of Processing | Legal Basis | Example |
|---|---|---|
| To provide the core Services, including AI-generated personalised fitness plans, nutrition plans, cycle tracking, wellness insights, and the AI wellness information assistant, using data you provide, your cycle and wellness data, and information from connected third-party services. | Consent | We use your cycle, energy, sleep, and wellness data to generate a personalised daily workout and nutrition plan. |
| To send personalised recommendations, cycle notifications, and product offers via email or push notification. | Consent | We notify you when your next cycle phase is approaching and suggest plan adjustments. |
| To process transactions and manage your subscription, including sending confirmations, reminders, and invoices. | Contract | We send a push notification when your subscription is about to expire. |
| To respond to your support requests, questions, and complaints. | Legitimate Interest | We use your name and email to respond to a support ticket. |
| To send technical notices, security alerts, and service updates. | Legitimate Interest | We notify you to update the App to access the latest features. |
| To monitor and analyse trends, usage, and performance of the Services. | Legitimate Interest | We review App usage activity to fix issues and improve your experience. |
| To detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities. | Legitimate Interest / Legal Obligation | We use device and usage data to identify unusual activity patterns. |
| To enable participation in surveys, research studies, and promotions. | Consent | With your consent, we may use survey responses for product improvement and research. |
| To promote the Services by improving advertising campaign performance. | Consent | We use technical identifiers (not wellness data) to understand which advertising is effective. |
| To comply with legal obligations, respond to legal proceedings, and assert or defend legal claims. | Legal Obligation / Legitimate Interest | We may retain data where required by applicable law or court order. |
3.2 Principles of Processing
Data minimisation and purpose limitation: we only process personal data for the specific purposes for which it was collected or for which you have given your authorisation.
No sale of personal data: we do not sell, rent, or otherwise transfer your personal data for monetary or equivalent consideration. We will only share your personal data as set out in this Privacy Policy. We will not use information from Apple HealthKit or Google Health Connect for advertising or sell it to advertising platforms, data brokers, or resellers.
AI wellness information assistant: the AI wellness information assistant within Sokkai is an informational tool only. It does not provide medical advice, diagnosis, or treatment. Users should consult a qualified healthcare professional for medical concerns. All AI-generated outputs include a wellness disclaimer.
4. Your Privacy Rights
Regardless of where you live, Sokkai is committed to providing you with the privacy rights afforded under the GDPR, which is widely regarded as the highest global standard for data protection. Only you, or a person you have authorised, may make a request in relation to your personal data.
4.1 Your Rights
Right of Access
You have the right to know what personal data we hold about you and to receive a copy of it, including in a structured, commonly used, and machine-readable format.
Right to Rectification
If you believe that personal data we hold about you is inaccurate or incomplete, you may request that we correct or update it.
Right to Erasure
You may request that we delete your personal data at any time (the "right to be forgotten"). Please note that deleting certain data may affect your ability to use features that depend on historical information.
Right to Restriction of Processing
You may request that we restrict the processing of your personal data in certain circumstances, for example while we verify the accuracy of data you have disputed.
Right to Data Portability
You may request your personal data in a format that allows you to transfer it to another service provider.
Right to Object
You may object to the processing of your personal data where we rely on legitimate interests as our legal basis, including for direct marketing purposes.
Right to Withdraw Consent
Where we rely on your consent to process personal data (including wellness data), you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
Right to Lodge a Complaint
You may lodge a complaint with a relevant data protection authority. In Singapore, this is the Personal Data Protection Commission (PDPC). If you are located in the EEA, you may also contact your local supervisory authority.
4.2 How to Exercise Your Rights
To exercise any of your rights, please contact us by:
- emailing our support team at support@sokkai.com
- emailing our Data Protection Officer at dpo@sokkai.com
- submitting a request through the account settings section of the App
We will respond to your request within one calendar month. In certain cases (for example, complete deletion of data from backup systems) it may take up to 90 days. We will inform you of any delay and the reason for it.
We may need to verify your identity before processing your request, typically by confirming the email address associated with your account.
We reserve the right to refuse requests that are clearly unfounded or excessive, or to charge a reasonable fee in such circumstances.
5. Third-Party Data Processing
We will not share your personal data with third parties except as described in this Privacy Policy.
5.1 Service Providers (Data Processors)
We work with third-party companies ("processors") that process personal data on our behalf in order to operate the Services. We enter into data processing agreements with all processors and remain responsible for their compliance with this Privacy Policy and applicable law.
The following table sets out our key processors:
| Category | Processor | Data Collected | Purpose |
|---|---|---|---|
| Infrastructure & Security | Amazon Web Services, Inc. | All personal data | Cloud hosting and storage of all personal data |
| Infrastructure & Security | Cloudflare, Inc. | All personal data | Security, DDoS protection, and content delivery |
| Infrastructure & Security | Auth0, Inc. (Okta) | Email, IP address, name | Authentication and authorisation services |
| AI Engine | Anthropic, PBC or OpenAI, Inc. | Wellness context data, query content | Powering the AI fitness, nutrition, and wellness information assistant features |
| Email Communications | SendGrid, Inc. (Twilio) | Email address | Transactional and marketing email delivery |
| Push Notifications | Firebase (Google LLC) | Device identifiers, subscription status, app usage data | Push notification delivery and campaign analytics |
| Payments | Stripe, Inc. | Payment and banking information, personal identifiers | Payment processing for web subscriptions |
| Payments | Apple, Inc. | Payment and banking information, personal identifiers | In-App purchase processing (iOS) |
| Payments | Google LLC | Payment and banking information, personal identifiers | In-App purchase processing (Android) |
| Analytics | Mixpanel, Inc. or Amplitude, Inc. | App usage data, device information | Product analytics and user behaviour analysis |
| Customer Support | Zendesk, Inc. | Email address, support query content | Customer support ticket management |
| Food & Nutrition Data | Edamam, LLC or Open Food Facts | Food search queries | Calorie and nutritional information database |
5.2 Marketing and Advertising Partners
With your explicit consent, we may share limited, non-wellness technical data with marketing and analytics platforms to understand the performance of our advertising and to promote the Services. We do not share wellness data with any marketing or advertising partner under any circumstances.
Technical data that may be shared with marketing partners includes:
- device advertising identifiers (e.g. IDFA, Google Advertising ID)
- IP address (for approximate location only)
- app usage events (e.g. app launch, subscription status)
- age group
You may withdraw your consent to marketing data sharing at any time by adjusting your device settings or your consent preferences within the App.
5.3 Gym and Wellness Partners
Sokkai may partner with gyms, fitness studios, and wellness organisations to distribute the Services to their members. In such arrangements:
- the partner may share a limited identifier (such as a customer ID or email address) with Sokkai solely to validate your access to the Services
- Sokkai will not share your wellness data with any gym or wellness partner
- the partner may receive limited confirmation of your activity status (for example, that you have been active in the App) solely for the purpose of managing the partnership arrangement
- you should review the privacy policy of the relevant partner for information about how they process your data
5.4 Aggregated and Anonymised Data
We may aggregate, anonymise, or de-identify your personal data so that it cannot reasonably be used to identify you. Such anonymised data may be shared with third parties, including research institutions, for statistical and scientific purposes. We will seek your separate consent before including you in any specific identified research study.
5.5 Legal Disclosures
We may disclose your personal data in the following limited circumstances:
- in response to a valid legal process, including court orders, subpoenas, or requests from law enforcement or regulatory authorities
- where necessary to protect the security or integrity of the Services or the safety of any user
- to assert or defend legal rights or claims
- in connection with a business merger, acquisition, or reorganisation, provided that the acquirer agrees to honour the terms of this Privacy Policy
6. Retention of Your Personal Data
We retain your personal data for as long as necessary to provide the Services and to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by applicable law.
6.1 Account Deactivation and Deletion Requests
You may deactivate your account at any time through the App's settings or by contacting us. We will process your deletion request within one calendar month. Complete deletion from backup systems may take up to 90 days.
Once the deletion process has begun, it cannot be reversed. Your personal identifiers are immediately unlinked from your wellness and usage data at the point your deletion request is confirmed.
6.2 Inactive Accounts
If you delete the App or your account becomes inactive, we will retain your personal data for a period of three years in case you choose to reactivate the Services. After three years of inactivity, your personal data will be permanently deleted. You may request earlier deletion at any time.
6.3 Legal Retention Obligations
Notwithstanding the above, we may retain certain personal data where required or permitted by applicable law, including for the purposes of:
- complying with legal or regulatory obligations
- resolving disputes and enforcing our agreements
- archiving for public interest, scientific, or historical research purposes
6.4 Deletion Methods
We use industry-standard technical methods to securely and permanently delete personal data from our systems, including issuing deletion instructions to all relevant processors.
7. Security of Your Personal Data
We implement appropriate technical and organisational measures to protect your personal data from loss, theft, misuse, unauthorised access, disclosure, alteration, and destruction. Given the sensitive nature of the wellness data we process, we apply heightened security standards.
7.1 Technical Security Measures
- encryption of all personal data in transit (TLS 1.3 or higher) and at rest (AES-256 or equivalent)
- regular vulnerability scanning and penetration testing
- data integrity protection controls
- access controls limiting employee access to personal data to what is necessary for their role
- regular data protection impact assessments
- monitoring and alerting systems for security incidents
7.2 Organisational Security Measures
- data processing agreements with all third-party processors
- employee training on data protection and security obligations
- strict accountability policies governing employee access to personal data
- privacy assessments conducted in the event of any proposed merger, acquisition, or material change to data processing activities
7.3 Security Breaches
In the event of a personal data breach, we will notify affected users and, where required by law, the relevant supervisory authority. We will take prompt remedial action in accordance with applicable law, which may include logging users out of all devices and resetting passwords.
While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
8. International Data Transfers
JAB Productions PTE. LTD. is incorporated in Singapore. Some of our processors and partners are located in other countries. When we transfer your personal data outside Singapore or outside the EEA, we ensure that appropriate safeguards are in place, including:
- standard contractual clauses approved by the relevant supervisory authority
- adequacy decisions where applicable
- binding corporate rules or equivalent mechanisms
By using the Services, you acknowledge that your personal data may be transferred to and processed in countries other than your country of residence. We will always ensure such transfers are compliant with applicable data protection law.
9. Children's Privacy
The Services are intended for users aged 13 and above. Users in the European Economic Area, the United Kingdom, and Canada must be at least 16 years old to use the Services without parental or guardian consent.
We do not knowingly collect personal data from children under the applicable minimum age without verified parental or guardian consent. If we become aware that we have collected personal data from a child below the applicable minimum age without appropriate consent, we will promptly delete that data.
If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us at privacy@sokkai.com.
10. Changes to This Privacy Policy
We review this Privacy Policy at least once per year and update it as needed to reflect changes in our practices, Services, or applicable law.
If we make material changes to this Privacy Policy, we will notify you by:
- sending an email to the address associated with your account
- displaying a prominent notice within the App
The updated Privacy Policy will be effective as of the date indicated at the top of the document. Your continued use of the Services after the effective date constitutes your acceptance of the updated Policy. We encourage you to review this Policy periodically.
11. Contact Us and Data Protection Officer
If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:
JAB Productions PTE. LTD. (trading as Sokkai)
160 Robinson Road, #14-04 Singapore Business Federation Centre, Singapore 068914
General enquiries: support@sokkai.com
Data Protection Officer: dpo@sokkai.com
Privacy enquiries: privacy@sokkai.com
Website: www.sokkai.com
Our Data Protection Officer is responsible for overseeing questions in relation to this Privacy Policy and our compliance with applicable data protection law.
You have the right to make a complaint at any time to your local data protection authority. In Singapore, this is the Personal Data Protection Commission (PDPC), which can be contacted at www.pdpc.gov.sg. We would, however, appreciate the chance to address your concerns before you approach the PDPC, so please contact us in the first instance.
— End of Privacy Policy —