Wellth Privacy Notice

The personal information we collect depends on how you interact with Wellth, the features you use, the devices and services you connect, the studies or programs you join, and the choices you make.

If you connect a wearable, fitness, or activity provider to Wellth, we may collect the categories of information that provider makes available to us with your permission. Depending on the provider, your permissions, and the feature you use, this may include workout and activity records, timestamps, activity type, duration, distance, heart rate, calories, route or location-related data, device or source information, sleep-related data, and other metrics or metadata.

We may use this information to:

• sync your activity into Wellth;
• verify eligibility, participation, completion, or compliance with study or reward rules;
• administer payments, rewards, or incentives;
• personalize opportunities, prompts, or check-ins;
• detect fraud, abuse, or duplicate submissions;
• troubleshoot syncing and product issues; and
• operate and improve the specific Wellth experiences you request.

The data available to Wellth depends on the permissions you grant and the capabilities of the connected platform.

If you authorize Apple Health or HealthKit, Wellth may read the specific data categories you choose to share with us. We use Apple Health or HealthKit data only to provide the health, fitness, motion, rewards, study, and related Wellth features you request, including syncing activities, verifying participation, tracking progress, administering rewards or incentives, supporting research participation, and operating the Wellth experience you choose to use.

We do not use Apple Health or HealthKit data for advertising, marketing, or unrelated data-mining purposes. We do not disclose Apple Health or HealthKit data to advertising platforms, data brokers, or information resellers.

If you choose to participate in a sponsored study, research program, or partner experience that involves Apple Health or HealthKit data, we may disclose the specific data described in the applicable consent or authorization to the sponsor, research organization, clinical partner, or other party identified there, for the purposes described there and only as permitted by applicable law and platform rules.

You can stop future Apple Health or HealthKit data sharing by changing your permissions in Apple Health or your device settings and by disconnecting the integration inside Wellth.

If you connect other platforms, such as Strava, Garmin, or similar services, Wellth may collect the categories of data that you authorize those platforms to share with us. We use that information only for the purposes described in this Privacy Notice, the permissions you grant, the specific Wellth features you request, and any additional disclosures or consents presented to you in connection with a study or sponsored program.

If you revoke access to a connected platform, we will stop collecting new data through that connection after the revocation is recognized by the relevant systems. Subject to applicable law and limited operational exceptions, we will also honor valid deletion requests for connected-platform data that we no longer need to retain.

We and our service providers may use cookies, pixels, local storage, SDKs, mobile advertising identifiers, and similar technologies to operate the Services, remember settings, analyze usage, improve performance, measure campaigns, prevent fraud, and support analytics.

Depending on your location and the technologies involved, some disclosures of identifier, device, usage, or similar data to analytics or advertising partners may be treated as a "sale," "sharing," or targeted advertising activity under applicable law. Where required by law, we will provide applicable notices, choices, or opt-out rights.

We do not use consumer health data, wearable activity data, or Apple Health or HealthKit data for targeted advertising.

We may use personal information for the following purposes:

• to create, maintain, authenticate, and secure your account;
• to provide, operate, support, personalize, and improve the Services;
• to connect and manage wearable and third-party integrations;
• to verify activity, administer rewards, review submissions, and process payments or incentives;
• to determine eligibility for studies, programs, or opportunities;
• to communicate with you about the Services, updates, opportunities, support matters, and required notices;
• to detect, investigate, and prevent fraud, abuse, security incidents, and other prohibited activity;
• to conduct internal analytics, product development, testing, and research;
• to comply with legal obligations and enforce our agreements and policies; and
• to operate our business, including auditing, reporting, accounting, and planning.

If you choose to participate in a sponsored study, research program, clinical program, or partner experience, we may also use your information as described in the applicable consent, authorization, or program materials.

We may create, use, disclose, license, or otherwise commercialize de-identified, aggregated, or otherwise anonymized information where permitted by law. We will not attempt to reidentify de-identified information except as permitted by law.

De-identified or aggregated information may be used for analytics, benchmarking, reporting, product development, research, or commercial purposes.

We may disclose personal information as follows:

• service providers and processors that help us host, secure, operate, analyze, support, communicate, pay, or administer the Services;
• business and research partners involved in a co-branded experience, sponsored study, partner program, or other experience you choose to join;
• professional advisors such as auditors, insurers, outside counsel, consultants, and accountants;
• government authorities, regulators, and law enforcement where required by law or valid legal process;
• corporate transaction parties in connection with a merger, acquisition, financing, asset sale, bankruptcy, restructuring, or similar transaction; and
• other parties with your consent or at your direction.

If you participate in a sponsored study, research program, or clinical partner experience, we may disclose the personal information described in the applicable consent, authorization, or program materials to the identified sponsor, site, research organization, clinical partner, or service provider involved in that program.

We do not disclose wearable, fitness, or health-related data to advertising platforms, data brokers, or information resellers.

We retain personal information for as long as reasonably necessary to provide the Services, administer rewards and studies, fulfill contractual and legal obligations, resolve disputes, protect the integrity of the Services, prevent fraud, enforce our agreements, and support legitimate business needs.

Retention periods may vary based on the nature and sensitivity of the information, the feature or program involved, whether you remain an active user, applicable legal requirements, and whether the information is needed for study integrity, auditing, tax, accounting, or dispute-resolution purposes.

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, and disclosure. No system is completely secure, and we encourage you to protect your credentials and device access.

Depending on where you live and how you use Wellth, you may have choices or rights regarding your personal information, including rights to:

• access, correct, or delete certain information;
• disconnect connected devices or services;
• withdraw permissions you have granted to connected platforms;
• opt out of promotional emails or messages;
• limit certain cookies or tracking technologies; and
• opt out of certain forms of targeted advertising, sales, or sharing where available by law.

You may also have rights relating to sensitive data processing, portability, appeal, or withdrawal of consent under applicable law.

If you are a California resident, you may have rights under the California Consumer Privacy Act and related laws, including rights to know, access, correct, delete, or opt out of certain forms of data sharing or targeted advertising, subject to exceptions and verification requirements.

Certain information we collect may constitute consumer health data under applicable law. Please see our Wellth Consumer Health Data Privacy Notice for additional disclosures about our collection, use, sharing, and handling of consumer health data and the rights available to certain consumers.

Wellth is not directed to children, and we do not knowingly collect personal information from children in violation of applicable law. If you believe a child has provided personal information to us in violation of applicable law, please contact us.

We may update this Privacy Notice from time to time to reflect changes in our Services, data practices, or applicable law. When we do, we will revise the "Last updated" date and provide any additional notice required by law.

If you have questions about this Privacy Notice or our privacy practices, please contact us at:

Kyma Neuro, Inc.
New York, NY 10016
privacy@kymaneuro.com