1. Introduction

The Wellness Company, Inc. ("The Wellness Company", "we", "our", "us") respects and values the privacy of all customers and users of our products and services. This Privacy Policy explains the type of personal information we collect and how we use, disclose, and protect that information.

This policy applies to all of our consumer applications, websites, and related services (collectively, the "Services"), including:

• Tempo — personalized healthspan and AI health coaching (jointempo.app)

• GoPolar — cold plunge and sauna tracker (gopolar.app)

• SunSeek — sun exposure and circadian rhythm guidance (sunseek.app)

• Posture AI — camera-based posture analysis and improvement (postureai.app)

Each individual app may also publish a product-specific privacy notice that supplements this corporate Privacy Policy with details about that app's data flows. Where there is any inconsistency, the product-specific notice controls for that app.

By using our Services, you consent to the collection and use of your personal information as described in this Privacy Policy.

2. What Information We Collect

When you use our Services, we may collect the following categories of information.

Information you provide to us

This may include your name, email address, phone number, profile information, health goals and preferences, and any other information you submit when you register or interact with the Services.

Health and wellness data (with your permission)

Depending on which app you use, we may collect:

• Apple Health and connected wearable data — Tempo, GoPolar and SunSeek may request access to certain data from Apple Health or connected wearable devices (e.g., Apple Watch, Oura, Garmin) when you grant permission. This may include activity, sleep, heart rate, workouts, and other categories you explicitly permit. You can modify these permissions at any time in your device settings.

• Self-reported health information — symptoms, habits, meals, goals, skin type, and similar information that you choose to provide.

• User-uploaded artifacts — for Tempo, photographs or PDFs of bloodwork results, food photos, and body-scan photos that you choose to upload. For Posture AI, posture photographs that you capture for analysis.

• Cold plunge and sauna session data — for GoPolar, session start/end times, optional duration and temperature, and (if you choose to attach one) the location of the session.

• Sun exposure data — for SunSeek, your skin type (Fitzpatrick scale), sun-exposure goals, daily sun-exposure session logs, and (with permission) general location used to compute UV index and sunrise/sunset.

Apple HealthKit data

If you grant a HealthKit permission, we read only the categories you explicitly approve at the iOS level. HealthKit data is processed in accordance with Apple's HealthKit guidelines and is used solely to provide and improve the relevant app's functionality. We do not use HealthKit data for advertising or share it with third parties for their own purposes.

Usage data

We collect information about how you use the Services, such as features accessed, interactions within each app, and the time, frequency, and duration of usage.

Technical data

This may include device type, operating system, app version, and diagnostic information to help us improve the stability and performance of the Services.

Location data

We do not collect precise location data unless an app feature (for example, SunSeek's UV/sunrise calculations or GoPolar's optional "attach location" feature) requires it and you grant location permission at the iOS level. Some features may also rely on general regional data (e.g., time zone) to support functionality such as circadian-rhythm recommendations. General regional information never identifies your precise location.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Services.

• Personalize your experience, including daily health insights, recommendations, healthspan scoring, posture reports, sun-exposure timing, and cold-plunge/sauna tracking.

• Analyze user trends, engagement, and app performance in an aggregated or de-identified form.

• Communicate with you about updates, support, promotions, and product news we believe may be relevant.

• Process transactions and send related confirmations or receipts.

• Detect, investigate, and prevent fraudulent activity or misuse of the Services.

• Protect the rights and property of The Wellness Company and its users.

The Wellness Company does not sell your personal information, and we do not use your identifiable personal or health data to train artificial-intelligence or machine-learning models.

4. How We Share Your Information

We share personal information only as described below.

Service providers (sub-processors)

We use trusted third-party service providers to operate the Services. These providers act on our behalf and are contractually required to handle personal information consistent with this Privacy Policy. They include, without limitation, providers of cloud database and authentication (Supabase), large language model APIs (OpenAI, Google), AI memory (Mem0), product analytics and feature flags (PostHog), error and crash reporting (Sentry), performance monitoring (Datadog), subscription management (RevenueCat, Apple App Store), push notifications (OneSignal), and paywall optimization (Superwall).

Third-party AI providers act only as data processors for our requests; provider-side training on data we send is disabled under our applicable provider terms.

Legal and protective disclosures

We may disclose personal information when required to do so by law or where we believe in good faith that disclosure is necessary to comply with a legal obligation, protect the rights or safety of our users or the public, investigate fraud or misuse, or enforce our agreements.

Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice before personal information is transferred and becomes subject to a different privacy policy.

No sale of personal information

We do not sell personal information, and we do not share personal information with third parties for those third parties' own marketing or advertising purposes.

5. Your Rights and Choices

Depending on your region, you may have certain rights regarding your personal information. These may include the right to:

• Access the personal information we hold about you.

• Correct or update your information.

• Request deletion of your information.

• Restrict or object to certain types of processing.

• Withdraw consent for Apple Health, wearable, location, camera, or other device-level data access at any time via your iOS device settings.

• Port your information to another service, where required by applicable law.

You may also delete your account and associated data directly within each app, or by contacting us using the details below.

We will respond to verifiable requests in accordance with applicable privacy laws, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's Law 25, the EU and UK General Data Protection Regulation (GDPR), and U.S. state privacy laws such as the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), where applicable.

6. Data Retention

We retain your personal information only as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law or needed to resolve disputes or enforce our agreements.

If you delete your account, we will delete or anonymize your personal data within a reasonable timeframe, in accordance with applicable laws.

7. Security

We implement administrative, technical, and physical safeguards to protect your personal information, including:

• Row-level security on our application database so each user can only access their own data when authenticated.

• Server-side handling of all third-party API keys, so secrets are never stored on your device.

• Encryption in transit for all data transmitted between your device and our servers, and encryption at rest for personal data stored in our database.

• Permission-gated device access — Apple HealthKit, Garmin OAuth, camera, photo library, location, and push notifications each require an explicit iOS-level permission from you.

• Restricted-access engineering practices — closed-source repository, role-based access to production systems, and written confidentiality and IP-assignment agreements with every contributor.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security.

8. Children's Privacy

The Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete it as quickly as possible. If you believe that a child under 13 may have provided us with personal information, please contact us using the details below.

9. International Data Transfers

The Wellness Company is incorporated in Ontario, Canada. Personal information we collect may be stored and processed in Canada, the United States, or any other country in which our service providers maintain facilities. When we transfer personal information across borders, we take steps to ensure your information receives an adequate level of protection consistent with applicable law.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If changes are made, we will revise the "Last updated" date at the top of this policy, and in some cases, provide additional notice (such as an in-app message or email). Material changes will take effect at least 30 days after we post the updated policy.