HOLORA LTD.

PRIVACY POLICY

INTRODUCTION, SCOPE & PRIVACY COMMITMENT

1.1 Introduction

Holora Ltd. („Holora“, „Company“, „we“, „our“, or „us“) respects the privacy of individuals who use our products, services, websites, applications, marketplaces, artificial intelligence systems, wearable integrations, enterprise solutions, educational services, social features, and related technologies (collectively, the „Platform“).

This Privacy Policy explains how Holora collects, uses, processes, stores, protects, transfers, shares, and manages information relating to individuals who access or use the Platform.

By accessing or using the Platform, Users acknowledge that they have read and understood this Privacy Policy.

1.2 Our Privacy Philosophy

Holora was built on the belief that technology should help people better understand themselves.

The Platform exists to help individuals better understand their:

• Health
• Fitness
• Recovery
• Nutrition
• Performance
• Lifestyle habits
• Long-term wellbeing

To accomplish this, Holora processes information that allows artificial intelligence systems and qualified professionals to provide more personalized guidance.

Our privacy philosophy is based upon six principles:

User First

Information exists to benefit the User.

Transparency

Users should understand how their information is collected and used.

Control

Users should maintain meaningful control over their information.

Security

Information should be protected through reasonable technical and organizational safeguards.

Purpose Limitation

Information should only be used for legitimate purposes connected to Platform functionality.

No Sale of Health Data

Holora does not sell health-related information, biometric information, recovery information, training information, nutrition information, or wearable information to advertisers, data brokers, or unrelated third parties.

1.3 Scope

This Privacy Policy applies to:

Digital Services

• Holora mobile applications
• Holora websites
• Holora web applications
• Holora dashboards
• Holora APIs

AI Systems

• AI recommendations
• AI coaching tools
• AI analysis systems
• AI-generated reports
• AI-generated insights

Marketplace Services

• Trainer services
• Nutrition services
• Recovery services
• Creator services
• Educational services

Community Features

• Messaging
• Communities
• Social interactions
• Comments
• Groups
• Events

Enterprise Services

• Corporate wellness programs
• Hotel integrations
• Gym integrations
• Enterprise services
• Commercial partnerships

Wearables & Connected Technologies

• Apple Health integrations
• Health Connect integrations
• Garmin integrations
• Fitbit integrations
• WHOOP integrations
• Oura integrations
• Future wearable technologies

1.4 Data Controller

For purposes of applicable privacy laws, Holora Performance Ltd. acts as the Data Controller regarding information processed through the Platform unless otherwise specified.

Company Information:

Holora Ltd.
Republic of Cyprus

Where enterprise agreements specify different arrangements, those agreements may supplement this Privacy Policy.

1.5 Compliance Framework

Holora intends to operate in accordance with applicable privacy and data protection laws including, where applicable:

European Union

• GDPR

United Kingdom

• UK GDPR
• Data Protection Act

United States

• CCPA
• CPRA
• Applicable state privacy laws

International Requirements

• Consumer protection laws
• Data security laws
• Digital platform regulations
• Future privacy regulations

Nothing within this Privacy Policy limits rights that cannot legally be waived under applicable law.

1.6 Relationship To Other Policies

This Privacy Policy should be read together with:

• Terms of Service
• AI Policy
• Community Guidelines
• Marketplace Terms
• Payment & Refund Policy
• Cookie Policy
• Child Safety Policy

Where inconsistencies arise, the document specifically governing the relevant issue shall control.

1.7 Future Technologies

This Privacy Policy applies not only to current technologies but also to future Holora technologies including:

• Advanced AI systems
• Wearables
• Biometric technologies
• Sensors
• Recovery systems
• Performance systems
• Future Human Performance technologies

unless separate policies are introduced.

1.8 Changes To This Policy

Holora may modify this Privacy Policy periodically.

Material changes may be communicated through:

• Platform notices
• Email communications
• In-app notifications
• Website updates

where required by applicable law.

Continued use of the Platform following updates constitutes acknowledgment of the revised Privacy Policy.

1.9 Contact Information

Questions regarding privacy may be directed through official Holora privacy and support channels.

2. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

2.1 Overview

To operate the Platform, provide personalized services, facilitate marketplace interactions, generate AI insights, and support user goals, Holora may collect various categories of information.

The information collected depends upon:

• Features used
• Services requested
• Connected devices
• Marketplace participation
• AI usage
• User preferences
• Applicable legal requirements

Not all categories of information are collected from every User.

2.2 Information You Provide Directly

Users may voluntarily provide information including:

Identity Information

• First name
• Last name
• Username
• Display name
• Profile photograph

Contact Information

• Email address
• Contact details
• Communication preferences

Account Information

• Login credentials
• Security information
• Authentication settings

Profile Information

• Gender
• Age range
• Date of birth
• Language preferences
• Country
• Region
• Time zone

Professional Information

For Professionals, Creators, Trainers, Nutritionists, and Service Providers:

• Certifications
• Qualifications
• Licenses
• Professional experience
• Education
• Biography
• Areas of specialization

2.3 Health & Performance Information

Because Holora is designed to support health, fitness, recovery, and human performance, Users may voluntarily provide health-related and performance-related information.

This information may include:

Training Information

• Exercises performed
• Workouts completed
• Training schedules
• Training history
• Performance metrics
• Exercise preferences
• Fitness assessments

Recovery Information

• Recovery logs
• Recovery habits
• Recovery scores
• Recovery routines
• Stress information
• Rest day information

Nutrition Information

• Food intake
• Meal logs
• Macro tracking
• Calorie tracking
• Dietary preferences
• Nutrition goals
• Meal plans

Hydration Information

• Water intake
• Hydration goals
• Hydration tracking

Wellness Information

• Lifestyle habits
• Wellness activities
• Self-reported wellbeing information

2.4 Goal Information

Users may provide information regarding goals such as:

• Weight management
• Fat loss
• Muscle gain
• Strength development
• Sports performance
• Athletic development
• Recovery goals
• Longevity goals
• Wellness goals
• Lifestyle goals

This information allows Holora to personalize recommendations and experiences.

2.5 Sleep Information

Users may voluntarily provide or connect systems that provide:

• Sleep duration
• Sleep quality
• Sleep schedules
• Sleep patterns
• Sleep recovery information

Sleep information is used solely to support Platform functionality and personalized recommendations.

2.6 Biometric Information

Where available through connected devices or user submissions, Holora may process biometric-related information including:

• Heart rate
• Heart rate variability
• Activity measurements
• Recovery measurements
• Movement information
• Physiological metrics
• Sensor-generated wellness information

Such information is processed solely for Platform functionality and user-requested services.

2.7 Body Measurement Information

Users may voluntarily record:

• Weight
• Height
• Body measurements
• Progress photographs
• Performance benchmarks

Users remain solely responsible for information they choose to submit.

2.8 Marketplace Information

Where Users participate in Marketplace activities, Holora may collect:

Booking Information

• Appointments
• Sessions
• Consultations
• Event registrations

Service Information

• Purchased services
• Completed services
• Service history

Professional Interactions

• Trainer interactions
• Nutritionist interactions
• Recovery specialist interactions
• Coach interactions

2.9 Communication Information

Holora may process communications occurring through:

• Messaging systems
• Marketplace communications
• Community features
• Support channels
• Feedback systems
• Event systems

This information is processed to operate and secure Platform services.

2.10 User-Generated Content

Users may voluntarily submit:

• Posts
• Comments
• Reviews
• Ratings
• Messages
• Images
• Videos
• Audio recordings
• Documents
• Community contributions

Users remain responsible for the content they choose to share.

2.11 AI Interaction Information

Holora may process information generated through interactions with AI systems including:

• Questions
• Prompts
• Requests
• AI conversations
• AI-generated outputs
• AI recommendations
• AI-generated reports

This information may be used to provide requested AI functionality and improve user experiences.

2.12 Connected Device Information

Where Users connect external devices or services, Holora may receive information from:

Wearables

• Smart watches
• Smart rings
• Fitness trackers
• Sensors

Connected Platforms

• Apple Health
• Health Connect
• Garmin
• Fitbit
• WHOOP
• Oura
• Other approved integrations

The scope of information received depends upon permissions granted by the User.

2.13 Device Information

Holora may automatically collect:

• Device type
• Device model
• Operating system
• Browser type
• Application version
• Network information
• Language settings
• Device identifiers

This information supports security, performance, troubleshooting, and service delivery.

2.14 Usage Information

Holora may automatically collect information relating to Platform usage including:

• Pages viewed
• Features used
• Session duration
• Navigation activity
• Search activity
• Engagement activity
• Interaction history

2.15 Location Information

Depending upon user settings and permissions, Holora may process:

• Country
• Region
• Time zone
• Approximate location

Holora does not require precise location information for normal Platform use unless specifically required by a feature.

2.16 Payment Information

Payment transactions may be processed through:

• Stripe
• Apple
• Google
• Other approved payment providers

Holora does not store:

• Full credit card numbers
• Security codes
• Complete payment credentials

Holora may receive limited transaction information including:

• Payment status
• Subscription status
• Billing information
• Transaction identifiers

2.17 Customer Support Information

Users may voluntarily provide information through:

• Support tickets
• Email communications
• Feedback submissions
• Help requests

This information may be processed to provide support services.

2.18 Enterprise Information

Where Platform access occurs through Enterprise Services, Holora may process:

• Organization identifiers
• Enterprise program participation
• Corporate wellness participation
• Enterprise account information

Subject to applicable privacy requirements.

2.19 Information From Third Parties

Holora may receive information from:

• Connected services
• Enterprise partners
• Service providers
• Authentication providers
• Marketplace participants

where authorized by Users or permitted by applicable law.

2.20 Information Generated By Holora

Holora may generate information including:

• Readiness Scores
• Recovery Scores
• Performance Scores
• Progress reports
• Trend analyses
• AI-generated insights
• Recommendations

Such information is generated using Platform systems and user-provided information.

2.21 Aggregated & De-Identified Information

Holora may create:

• Aggregated information
• Statistical information
• Anonymous information
• De-identified information

that cannot reasonably identify individual Users.

Such information may be used for:

• Research
• Analytics
• Product improvement
• Reporting
• Business operations

subject to applicable laws.

2.22 Special Category Data

Certain information processed by Holora may be considered:

• Health information
• Biometric information
• Wellness information
• Special Category Personal Data

under applicable laws including GDPR.

Holora processes such information only where a lawful basis exists and appropriate safeguards are implemented.

2.23 Information We Do Not Intentionally Collect

Holora does not intentionally collect:

• Children’s information from individuals under 18
• Government identification documents unless required
• Financial account credentials
• Full payment card information

except where required by law or specific services.

2.24 Future Information Categories

As Holora evolves, additional categories of information may be collected in connection with:

• Future AI systems
• Wearables
• Sensors
• Human Performance technologies
• Enterprise services
• Future Platform features

Users will be informed through updates to this Privacy Policy where required.

 

3. SOURCES OF INFORMATION & HOW INFORMATION IS COLLECTED

3.1 Overview

Holora collects information from multiple sources in order to provide Platform functionality, personalized experiences, AI-powered insights, Marketplace services, security protections, and enterprise services.

Information may be collected:

• Directly from Users
• Automatically through Platform usage
• Through connected devices
• Through wearable integrations
• Through Marketplace interactions
• Through AI interactions
• Through enterprise programs
• Through authorized third parties

Not all collection methods apply to every User.

3.2 Information Provided Directly By Users

Users may voluntarily provide information when they:

• Create accounts
• Complete profiles
• Set goals
• Log workouts
• Track nutrition
• Track hydration
• Track recovery
• Upload content
• Send messages
• Participate in communities
• Contact support
• Engage Professionals
• Purchase services

Users control the information they choose to submit.

3.3 Information Generated Through Platform Usage

Certain information is generated automatically through normal Platform use.

Examples include:

Usage Data

• Pages visited
• Features used
• Buttons clicked
• Navigation paths
• Session activity

Engagement Data

• Content viewed
• Videos watched
• Courses completed
• Community participation
• Marketplace interactions

Performance Data

• Progress tracking
• Goal progression
• Activity history
• Training history

3.4 Information Collected Through AI Interactions

When Users interact with Holora AI systems, information may be collected from:

• User questions
• User prompts
• User requests
• AI conversations
• AI-generated reports
• AI-generated recommendations

This information may be used to:

• Deliver AI functionality
• Improve AI experiences
• Generate personalized recommendations
• Improve Platform services

subject to applicable legal requirements.

3.5 Information Received From Connected Devices

Users may authorize Holora to receive information from connected technologies.

Examples include:

Smart Watches

• Activity information
• Recovery information
• Wellness information

Smart Rings

• Sleep information
• Recovery information
• Physiological information

Fitness Trackers

• Activity metrics
• Movement information
• Performance information

Other Sensors

• Recovery measurements
• Training measurements
• Wellness measurements

Only information authorized by the User may be accessed.

3.6 Information Received From Health Integrations

Holora may integrate with:

• Apple Health
• Health Connect
• Garmin
• Fitbit
• WHOOP
• Oura
• Polar
• Suunto
• Other approved services

Information received depends entirely upon:

• User permissions
• Connected services
• Device capabilities

Users may disconnect integrations at any time through applicable settings.

3.7 Information Received From Professionals

Where Users engage Marketplace Professionals, information may be provided by:

• Trainers
• Coaches
• Nutritionists
• Recovery specialists
• Educators
• Service providers

Examples include:

• Training plans
• Nutrition plans
• Progress updates
• Consultation records
• Service notes

This information is collected solely to facilitate requested services.

3.8 Information Received From Enterprise Programs

Where Users participate in:

• Corporate wellness programs
• Hotel wellness programs
• Gym partnerships
• Enterprise programs

Holora may receive information relating to program participation.

Enterprise partners do not automatically receive individual health information.

Any information sharing is subject to applicable laws and user permissions.

3.9 Information Received Through Customer Support

When Users contact Holora, information may be collected through:

• Email communications
• Support tickets
• Help requests
• Feedback forms
• Customer service interactions

This information assists Holora in providing support and improving services.

3.10 Information From Payment Providers

Holora may receive limited transaction information from:

• Stripe
• Apple
• Google
• Other authorized processors

Examples include:

• Transaction identifiers
• Payment status
• Subscription status
• Billing confirmations

Holora does not receive complete payment card credentials.

3.11 Information From Authentication Services

Where supported, Users may utilize authentication providers.

Information received may include:

• Authentication identifiers
• Account verification information
• Basic profile information

subject to permissions granted by the User.

3.12 Information From Cookies & Similar Technologies

Holora may collect information using:

• Cookies
• Pixels
• Local storage
• Session technologies
• Security technologies
• Preference technologies

These technologies help:

• Maintain sessions
• Remember preferences
• Improve functionality
• Detect fraud
• Improve security

Additional details may be described within the Cookie Policy.

3.13 Analytics Information

Holora may use analytics technologies to understand:

• Feature performance
• User engagement
• Platform stability
• Technical issues
• User journeys

Analytics information helps improve Platform services.

3.14 Security Information

Holora may collect information necessary to:

• Detect fraud
• Prevent abuse
• Investigate violations
• Protect users
• Maintain platform integrity

Examples include:

• Login information
• Device information
• Authentication events
• Security logs

3.15 Publicly Available Information

In limited circumstances, Holora may process information that Users voluntarily make publicly available through:

• Public profiles
• Community contributions
• Public comments
• Public content

Such information may be visible to other Users.

3.16 Information From Service Providers

Holora may receive operational information from authorized providers supporting:

• Infrastructure
• Hosting
• Security
• Analytics
• Customer support
• Communications

Only information necessary for legitimate business purposes may be processed.

3.17 Information Generated Through Scoring Systems

Holora may generate proprietary metrics including:

• Readiness Scores
• Recovery Scores
• Performance Scores
• Goal Progress Scores
• Wellness Scores
• Future proprietary metrics

These scores are generated using information already available to the Platform.

3.18 Information Generated Through AI Analysis

AI systems may generate:

• Recommendations
• Insights
• Summaries
• Trend analyses
• Progress evaluations
• Educational outputs

These outputs are created using Platform information and user-authorized data sources.

3.19 Information We Do Not Collect Without Permission

Holora does not intentionally access:

• Device health information
• Wearable information
• Connected platform information
• Location information

without appropriate authorization where required.

3.20 User Choice

Users maintain meaningful control over:

• Information submitted
• Connected devices
• Marketplace participation
• Professional engagement
• AI interactions
• Integration permissions

Certain Platform features may require specific information in order to function.

3.21 Future Sources

As Holora evolves, information may be collected from future technologies including:

• Advanced AI systems
• Future wearables
• Recovery technologies
• Performance technologies
• Enterprise technologies
• Human Performance technologies

Users will be informed of material changes where required by law.

 

4. PURPOSES OF PROCESSING & LEGAL BASES FOR PROCESSING

4.1 Overview

Holora processes personal information only where a lawful basis exists and where such processing is reasonably necessary to:

• Operate the Platform
• Deliver requested services
• Facilitate Marketplace interactions
• Provide AI-powered experiences
• Support user goals
• Maintain security
• Prevent fraud
• Comply with legal obligations

The lawful basis may vary depending on the type of information and the purpose of processing.

4.2 Contract Performance

Holora processes information where necessary to perform services requested by the User.

Examples include:

Account Management

• Creating accounts
• Managing accounts
• Authenticating users
• Maintaining profiles

Service Delivery

• Delivering subscriptions
• Providing Marketplace services
• Providing AI functionality
• Providing educational services

Feature Functionality

• Tracking workouts
• Tracking nutrition
• Tracking recovery
• Tracking hydration
• Tracking goals

Without such processing, many Platform features cannot function.

4.3 User Consent

Certain processing activities occur based upon User consent.

Examples may include:

Health Information

• Health-related tracking
• Wellness tracking
• Recovery tracking

Wearable Integrations

• Apple Health
• Health Connect
• Garmin
• Fitbit
• WHOOP
• Oura

Marketing Communications

• Promotional emails
• Marketing notifications
• Optional communications

Future Features

• Advanced AI services
• Future wearable integrations
• Future Human Performance technologies

Users may withdraw consent where applicable.

Withdrawal does not affect prior lawful processing.

4.4 Legitimate Interests

Holora may process information where necessary for legitimate business interests that do not override user rights and freedoms.

Examples include:

Platform Improvement

• Product development
• Service optimization
• User experience improvements

Security

• Account protection
• Fraud prevention
• Abuse prevention
• Threat detection

Business Operations

• Reporting
• Analytics
• Customer support
• Service monitoring

Platform Integrity

• Community moderation
• Marketplace safety
• Enforcement activities

4.5 Legal Obligations

Holora may process information where required to comply with legal obligations.

Examples include:

• Regulatory requirements
• Tax obligations
• Financial reporting obligations
• Law enforcement requests
• Court orders
• Government requests
• Compliance requirements

4.6 Protection Of Vital Interests

In limited circumstances, processing may occur where necessary to protect the vital interests of individuals.

Examples may include:

• Safety investigations
• Emergency situations
• Security incidents

where legally appropriate.

4.7 Health Information Processing

Health-related information may be processed for purposes including:

Personalization

• Personalized recommendations
• Goal-based recommendations
• Educational insights

Progress Tracking

• Progress measurement
• Performance analysis
• Recovery analysis

Professional Guidance

• Trainer support
• Nutrition support
• Recovery support

where requested by the User.

AI Functionality

• Recommendation generation
• Progress analysis
• Performance insights

Health-related processing occurs solely to support user-requested functionality and services.

4.8 Wearable Information Processing

Wearable information may be processed to:

• Display metrics
• Track progress
• Generate recommendations
• Produce reports
• Support AI functionality

Wearable information is processed only when Users choose to connect supported devices.

4.9 Marketplace Processing

Information may be processed to facilitate:

Professional Discovery

• Trainer matching
• Nutritionist matching
• Service discovery

Service Delivery

• Bookings
• Communications
• Program delivery
• Consultations

Marketplace Administration

• Reviews
• Ratings
• Transaction records

4.10 AI Processing

Holora may process information through AI systems to:

Analyze Information

• Training data
• Nutrition data
• Recovery data
• Goal data

Generate Outputs

• Recommendations
• Insights
• Reports
• Progress evaluations

Improve Experiences

• Personalization
• Educational content
• User guidance

AI processing is intended to help Users better understand their data and progress.

4.11 Communications

Information may be processed to:

• Deliver notifications
• Send reminders
• Provide service updates
• Respond to support requests
• Facilitate messaging

4.12 Customer Support

Information may be processed to:

• Investigate issues
• Respond to requests
• Improve services
• Resolve disputes

4.13 Security & Fraud Prevention

Information may be processed to:

Protect Users

• Prevent abuse
• Prevent fraud
• Detect suspicious activity

Protect The Platform

• Maintain security
• Investigate violations
• Enforce policies

Protect Marketplace Participants

• Reduce fraudulent behavior
• Improve trust and safety

4.14 Analytics & Reporting

Information may be processed to:

• Understand Platform usage
• Improve features
• Measure performance
• Analyze trends

Where possible, Holora may use aggregated or de-identified information for analytics purposes.

4.15 Enterprise Programs

Information may be processed to facilitate:

• Corporate wellness programs
• Hotel wellness programs
• Gym integrations
• Enterprise services

Enterprise processing remains subject to applicable privacy requirements.

4.16 Legal Claims & Dispute Resolution

Information may be processed where necessary to:

• Defend legal claims
• Investigate disputes
• Enforce agreements
• Protect legal rights

4.17 Regulatory Compliance

Information may be processed to comply with:

• GDPR
• UK GDPR
• CCPA
• CPRA
• Tax regulations
• Financial regulations
• Consumer protection laws

and other applicable legal obligations.

4.18 Research & Product Development

Holora may use aggregated, anonymous, or de-identified information to:

• Improve products
• Develop new services
• Improve AI systems
• Improve user experiences

Holora does not use identifiable health information for unrelated commercial exploitation.

4.19 Future Technologies

Information may be processed in connection with future:

• AI systems
• Wearables
• Recovery technologies
• Performance technologies
• Human Performance technologies

where consistent with this Privacy Policy and applicable laws.

4.20 Special Category Data Under GDPR

Where information constitutes:

• Health information
• Biometric information
• Wellness information

under GDPR, Holora shall process such information only where an appropriate legal basis and required safeguards exist.

4.21 Data Minimization

Holora seeks to process only information reasonably necessary to:

• Deliver services
• Support users
• Improve functionality
• Maintain compliance

Holora strives to avoid collecting unnecessary information.

4.22 Purpose Limitation

Information shall be processed only for purposes reasonably related to:

• Platform operation
• Service delivery
• User-requested functionality
• Legal obligations

unless additional consent or legal authority exists.

4.23 Future Processing Activities

If Holora introduces materially different processing activities in the future, Users will be informed through updated privacy notices where required by law.

5. SPECIAL CATEGORY DATA, HEALTH DATA, BIOMETRIC DATA & WEARABLE DATA PROCESSING

5.1 Overview

Holora is designed to help individuals better understand their health, fitness, recovery, nutrition, performance, and wellbeing.

As a result, Holora may process information that may be considered:

• Health Data
• Wellness Data
• Performance Data
• Recovery Data
• Biometric Data
• Special Category Personal Data

under applicable privacy laws including GDPR.

Holora recognizes the sensitive nature of this information and applies additional safeguards designed to protect it.

5.2 Special Category Personal Data

Under certain privacy laws, including GDPR, some information processed by Holora may be classified as:

Special Category Data

including information relating to:

• Physical health
• Fitness status
• Recovery status
• Wellness information
• Sleep information
• Physiological information
• Biometric information
• Lifestyle information

where such information can reveal aspects of an individual’s health or wellbeing.

5.3 Why Holora Processes Health Data

Holora processes health-related information solely to support the User’s requested services and goals.

Examples include:

Goal Achievement

Helping Users work toward:

• Weight loss goals
• Muscle gain goals
• Recovery goals
• Longevity goals
• Athletic goals
• Wellness goals

Progress Understanding

Helping Users understand:

• What their data means
• How their habits affect outcomes
• What actions may move them closer to goals

Personalized Guidance

Providing:

• AI recommendations
• Educational insights
• Progress reports
• Trainer-supported guidance

5.4 Types Of Health Data We May Process

Depending on Platform usage, Holora may process:

Training Data

• Workouts completed
• Exercises performed
• Exercise frequency
• Training intensity
• Training history

Nutrition Data

• Food intake
• Meal tracking
• Macronutrient tracking
• Calorie tracking
• Dietary preferences

Recovery Data

• Recovery scores
• Recovery logs
• Recovery habits
• Recovery activities

Hydration Data

• Water intake
• Hydration goals
• Hydration tracking

Sleep Data

• Sleep duration
• Sleep quality
• Sleep schedules
• Recovery-related sleep information

Goal Data

• Desired outcomes
• Goal timelines
• Progress targets

5.5 Biometric Information

Where supported through connected technologies, Holora may process biometric-related information including:

• Heart rate
• Heart rate variability
• Sleep measurements
• Recovery measurements
• Activity measurements
• Movement metrics
• Sensor-generated wellness metrics

Holora processes such information solely to provide user-requested functionality.

5.6 Wearable Data Processing

Users may choose to connect supported wearable systems.

Examples include:

• Apple Health
• Health Connect
• Garmin
• Fitbit
• WHOOP
• Oura
• Future approved integrations

Information obtained from connected systems depends entirely upon permissions granted by the User.

5.7 User Control Of Wearable Data

Users maintain control over wearable integrations.

Users may:

• Connect devices
• Disconnect devices
• Revoke permissions
• Limit access
• Remove integrations

through available settings and supported provider controls.

5.8 AI Analysis Of Health Data

One of Holora’s core functions is helping Users understand information that would otherwise appear as isolated numbers.

Health-related information may be analyzed by AI systems to:

Identify Trends

• Recovery trends
• Performance trends
• Habit trends

Generate Insights

• Progress summaries
• Educational explanations
• Personalized recommendations

Support Goal Achievement

• Weekly guidance
• Lifestyle recommendations
• Training suggestions
• Recovery suggestions

Holora’s AI is intended to help Users better understand information.

AI does not provide medical advice.

5.9 Human Professional Access

A core feature of Holora is connecting Users with Professionals around the world.

Where authorized by the User, Professionals may access relevant information including:

Trainers

• Training information
• Goal information
• Progress information

Nutritionists

• Nutrition information
• Goal information
• Progress information

Recovery Specialists

• Recovery information
• Recovery trends
• Goal information

This access exists solely to support services requested by the User.

5.10 User Authorization

Professionals do not automatically receive access to all User information.

Access is limited to information reasonably necessary to provide requested services.

Users maintain control over whether they engage Professionals.

5.11 No Sale Of Health Information

Holora does not sell:

• Health data
• Recovery data
• Nutrition data
• Training data
• Wearable data
• Biometric data

to:

• Advertisers
• Data brokers
• Marketing networks
• Unrelated third parties

This commitment is fundamental to the Holora platform.

5.12 No Third-Party Advertising Profiles Based On Health Data

Holora does not use health-related information to build advertising profiles for unrelated third-party advertising purposes.

Health information exists to support User experiences and requested services.

5.13 Aggregated Health Information

Holora may generate:

• Aggregated reports
• Statistical reports
• Anonymous datasets
• De-identified datasets

for:

• Product improvement
• Analytics
• Research
• Service development

provided such information cannot reasonably identify individual Users.

5.14 Enterprise Programs & Health Data

Where Users participate in:

• Corporate wellness programs
• Hotel wellness programs
• Gym partnerships
• Enterprise programs

Holora does not automatically provide individual health information to participating organizations.

Enterprise clients generally receive only:

• Aggregated information
• Anonymous information
• Program-level reporting

unless additional legal authority or User authorization exists.

5.15 Sensitive Information Safeguards

Holora implements safeguards designed to protect sensitive information including:

• Access controls
• Authentication systems
• Permission controls
• Security monitoring
• Administrative safeguards
• Technical safeguards

Access is limited to individuals and systems with legitimate operational requirements.

5.16 Health Data Retention

Health-related information may be retained for as long as reasonably necessary to:

• Provide services
• Maintain user accounts
• Support progress tracking
• Fulfill legal obligations
• Resolve disputes
• Prevent fraud

Retention periods may vary based on legal requirements and user actions.

Detailed retention schedules are described in a later section of this Privacy Policy.

5.17 Deletion Requests

Where legally applicable, Users may request deletion of health-related information.

Certain information may be retained where necessary to:

• Comply with laws
• Defend legal claims
• Maintain security
• Prevent fraud

5.18 Accuracy Of Health Information

Users remain responsible for ensuring information they provide is accurate.

Incorrect information may affect:

• AI recommendations
• Reports
• Insights
• Professional guidance

Holora cannot guarantee outcomes where submitted information is inaccurate.

5.19 Future Wearable Technologies

This section applies to future Holora technologies including:

• Smart rings
• Smart bands
• Recovery devices
• Sensor technologies
• Biometric technologies
• Human Performance technologies

unless superseded by separate privacy notices.

5.20 Special Category Data Compliance

Where required by law, Holora processes Special Category Data only where:

• Appropriate legal bases exist
• Appropriate safeguards exist
• Necessary permissions exist
• Regulatory requirements are satisfied

5.21 Privacy By Design

Holora seeks to incorporate privacy considerations into:

• Platform architecture
• Product development
• AI systems
• Marketplace systems
• Wearable integrations

from the earliest stages of development whenever reasonably practicable.

5.22 User Benefit Principle

Holora’s philosophy is that health-related information should serve the User.

Health, recovery, nutrition, training, and performance information are processed to help Users better understand themselves, make more informed decisions, and receive more personalized guidance from both artificial intelligence systems and qualified Professionals.

 

6. HOW WE SHARE INFORMATION, SERVICE PROVIDERS, TRAINERS, MARKETPLACE PARTICIPANTS, ENTERPRISE CLIENTS & INTERNATIONAL TRANSFERS

6.1 Overview

Holora does not sell User health information.

Holora shares information only where reasonably necessary to:

• Provide requested services
• Operate the Platform
• Facilitate Marketplace interactions
• Enable AI functionality
• Maintain security
• Comply with legal obligations
• Support enterprise services
• Improve Platform experiences

The scope of information shared depends upon the specific service being used.

6.2 Sharing With Trainers & Professionals

One of Holora’s core features is enabling Users to work with Professionals globally.

Where a User chooses to engage a Professional, Holora may share information reasonably necessary to facilitate the requested service.

Examples may include:

Training Services

• Training history
• Workout information
• Performance information
• Goal information
• Progress information

Nutrition Services

• Nutrition information
• Dietary preferences
• Goal information
• Progress information

Recovery Services

• Recovery information
• Recovery trends
• Recovery scores
• Goal information

Professionals receive access only where required to provide requested services.

6.3 Professionals Are Independent

Professionals using the Platform are independent third parties.

Professionals are not:

• Employees
• Agents
• Representatives
• Partners

of Holora.

Professionals are responsible for their own privacy, regulatory, legal, and professional obligations.

6.4 User Control Over Professional Access

Users control whether they:

• Engage Professionals
• Share information with Professionals
• Continue professional relationships

Certain services may require information sharing in order to function.

Without necessary information, Professionals may be unable to provide requested services.

6.5 Sharing With Marketplace Participants

Holora may share limited information between Marketplace participants where necessary to:

• Complete bookings
• Facilitate communications
• Deliver purchased services
• Resolve disputes
• Maintain Marketplace functionality

Only information reasonably necessary for the requested transaction will be shared.

6.6 Sharing With Service Providers

Holora may utilize third-party service providers supporting:

Infrastructure

• Cloud hosting
• Data storage
• Platform operations

Security

• Authentication
• Threat detection
• Fraud prevention

Communications

• Email delivery
• Notifications
• Messaging services

Analytics

• Product analytics
• Operational analytics
• Performance monitoring

Customer Support

• Ticketing systems
• Support platforms

Service providers receive access only to information reasonably necessary to perform their contracted services.

6.7 Cloud Infrastructure Providers

Holora may utilize infrastructure providers including:

• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Microsoft Azure
• Future approved infrastructure providers

Infrastructure providers act as service providers and do not receive ownership rights in User information.

6.8 Payment Providers

Holora may share limited transaction-related information with:

• Stripe
• Apple
• Google
• Banking providers
• Future payment providers

for purposes including:

• Payment processing
• Subscription management
• Fraud prevention
• Billing administration

Holora does not share health-related information with payment providers except where operationally necessary and legally permitted.

6.9 Sharing With AI Service Providers

Holora may utilize AI technologies and AI infrastructure providers to support:

• AI recommendations
• AI analysis
• AI-generated reports
• AI-generated educational content

Where third-party AI systems are utilized, Holora seeks to implement contractual and technical safeguards designed to protect User information.

6.10 Sharing Within Holora

Information may be accessed by authorized Holora personnel where reasonably necessary to:

• Operate services
• Provide support
• Investigate issues
• Maintain security
• Improve functionality

Access is limited according to business need and role-based permissions.

6.11 Enterprise Programs

Where Users participate in:

• Corporate wellness programs
• Hotel wellness programs
• Gym partnerships
• Enterprise services

Holora may provide limited reporting to participating organizations.

6.12 Enterprise Reporting Restrictions

Unless expressly authorized by the User or otherwise legally permitted, enterprise clients generally receive:

Aggregated Information

Examples:

• Participation rates
• Program engagement
• Anonymous trends

Anonymous Information

Examples:

• Population-level statistics
• Program effectiveness indicators

Enterprise clients generally do not receive individual health records.

6.13 No Employer Access To Personal Health Records

Employers participating in enterprise programs do not automatically receive access to:

• Training logs
• Nutrition logs
• Recovery logs
• Sleep data
• Wearable data
• Health records

unless:

• The User authorizes sharing; or
• Applicable law permits or requires such sharing.

This protection is fundamental to Holora’s privacy framework.

6.14 Legal Compliance Disclosures

Holora may disclose information where required by:

• Court orders
• Subpoenas
• Regulatory authorities
• Government agencies
• Law enforcement requests

where disclosure is legally required or legally permitted.

6.15 Protection Of Rights

Holora may disclose information where reasonably necessary to:

• Protect Users
• Protect Professionals
• Protect the Platform
• Prevent fraud
• Investigate misconduct
• Enforce agreements

6.16 Business Transfers

Information may be transferred in connection with:

• Mergers
• Acquisitions
• Investments
• Corporate reorganizations
• Asset sales
• Financing transactions

subject to applicable privacy obligations.

Successor entities shall be required to honor applicable privacy commitments.

6.17 Professional Disputes

Where disputes arise between Users and Professionals, Holora may disclose relevant information where reasonably necessary to:

• Investigate complaints
• Resolve disputes
• Enforce Marketplace policies
• Protect legal rights

6.18 Security Incidents

Holora may disclose information where necessary to:

• Investigate security incidents
• Respond to cyber threats
• Prevent fraud
• Protect Platform integrity

6.19 International Data Transfers

Holora operates internationally.

Information may be transferred to countries where:

• Users reside
• Professionals operate
• Service providers operate
• Infrastructure providers operate
• Enterprise clients operate

6.20 International Safeguards

Where required by law, Holora may utilize safeguards including:

Contractual Safeguards

• Standard Contractual Clauses
• Data Processing Agreements
• Contractual privacy commitments

Technical Safeguards

• Access controls
• Encryption
• Security monitoring

Organizational Safeguards

• Privacy policies
• Security procedures
• Internal controls

6.21 Transfers Outside The European Economic Area

Where information is transferred outside the EEA, Holora seeks to implement safeguards designed to provide appropriate protection consistent with applicable legal requirements.

6.22 Transfers Outside The United Kingdom

Where information is transferred outside the United Kingdom, Holora seeks to implement safeguards designed to satisfy applicable UK data protection requirements.

6.23 Data Localization

Certain information may be stored in different jurisdictions depending upon:

• Infrastructure architecture
• Service providers
• Operational requirements
• Legal requirements

Holora may modify infrastructure arrangements over time.

6.24 Future Service Providers

Holora may engage future service providers supporting:

• AI systems
• Wearables
• Recovery technologies
• Human Performance technologies
• Enterprise services

subject to appropriate contractual protections where required.

6.25 No Sale Of Health Information

Regardless of future business expansion, Holora’s position remains:

Holora does not sell:

• Health data
• Recovery data
• Nutrition data
• Sleep data
• Wearable data
• Biometric data

to advertisers, data brokers, or unrelated third parties.

6.26 Transparency Commitment

Holora strives to be transparent regarding how information is shared and will update this Privacy Policy when material changes occur.

 7. DATA RETENTION, DELETION, ARCHIVING, ACCOUNT CLOSURE & DATA LIFECYCLE MANAGEMENT

7.1 Overview

Holora retains information only for as long as reasonably necessary to:

• Provide Platform services
• Maintain user accounts
• Deliver requested functionality
• Support AI systems
• Facilitate Marketplace services
• Protect users
• Prevent fraud
• Resolve disputes
• Comply with legal obligations
• Enforce agreements

Retention periods may vary depending on the type of information involved.

7.2 Retention Principles

Holora applies the following principles:

Purpose Limitation

Information should not be retained longer than necessary.

Security

Retained information should remain protected.

Compliance

Retention should satisfy legal obligations.

User Control

Users should have meaningful control over information where legally permitted.

Business Continuity

Certain records may need to be retained to support operational integrity and legal compliance.

7.3 Active Account Data

Information associated with active accounts may be retained while the account remains active.

Examples include:

• Account information
• Profile information
• Preferences
• Goal information
• Platform settings

This information supports normal Platform functionality.

7.4 Training Information Retention

Training information may include:

• Workouts
• Exercise history
• Training programs
• Progress logs
• Performance records

Retention Period:

Generally retained while the account remains active.

Users may delete specific records where functionality permits.

7.5 Nutrition Information Retention

Nutrition information may include:

• Food logs
• Meal tracking
• Macro tracking
• Nutrition plans

Retention Period:

Generally retained while the account remains active unless deleted by the User.

7.6 Recovery Information Retention

Recovery information may include:

• Recovery scores
• Recovery logs
• Sleep information
• Recovery history

Retention Period:

Generally retained while the account remains active.

7.7 Hydration Information Retention

Hydration records may be retained while necessary to provide tracking functionality and historical reporting.

7.8 Goal Information Retention

Goal-related information may be retained to support:

• Progress reporting
• Historical analysis
• AI recommendations

while the account remains active.

7.9 Wearable Data Retention

Wearable information may include:

• Activity information
• Recovery information
• Sleep information
• Sensor-generated information

Retention Period:

Generally retained while the User maintains connected services and active accounts unless deleted or legally required to be retained.

7.10 AI Interaction Data Retention

AI-related information may include:

• Questions
• Prompts
• Requests
• Generated reports
• Generated insights

Retention Period:

Retained only as reasonably necessary to:

• Deliver services
• Improve functionality
• Maintain security
• Comply with legal obligations

7.11 Marketplace Records

Marketplace records may include:

• Bookings
• Consultations
• Purchases
• Service history
• Professional interactions

Retention Period:

May be retained after completion of services to:

• Maintain records
• Resolve disputes
• Prevent fraud
• Comply with legal obligations

7.12 Communications Retention

Communications may include:

• Messages
• Marketplace communications
• Support communications
• Community communications

Retention Period:

Retained only as reasonably necessary for:

• Service delivery
• Security
• Dispute resolution
• Legal compliance

7.13 Support Records

Customer support information may be retained for up to seven (7) years following resolution of a support matter, unless a different retention period is required by law.

7.14 Transaction Records

Transaction-related information may be retained for up to ten (10) years where necessary for:

• Tax obligations
• Financial reporting
• Regulatory compliance
• Fraud prevention

Actual retention periods may vary by jurisdiction.

7.15 Subscription Records

Subscription records may be retained after cancellation where necessary to:

• Maintain financial records
• Resolve disputes
• Comply with legal obligations

7.16 Security Logs

Security-related information may include:

• Authentication records
• Access logs
• Device logs
• Security event records

Retention Period:

Generally retained between twelve (12) and thirty-six (36) months unless longer retention is required for security or legal purposes.

7.17 Fraud Prevention Records

Information relating to fraud investigations, abuse investigations, policy violations, and security incidents may be retained for longer periods where reasonably necessary to:

• Protect users
• Protect the Platform
• Defend legal claims
• Prevent recurring abuse

7.18 Enterprise Program Records

Enterprise-related records may be retained according to:

• Enterprise agreements
• Regulatory requirements
• Business obligations

where applicable.

7.19 Aggregated & Anonymous Information

Aggregated, anonymous, and de-identified information may be retained indefinitely where such information can no longer reasonably identify an individual.

7.20 Account Deletion Requests

Users may request deletion of their accounts subject to applicable laws and operational requirements.

Account deletion may result in:

• Loss of access
• Removal of profile information
• Removal of certain content
• Removal of Platform functionality

7.21 Information That May Be Retained After Deletion

Certain information may be retained following deletion requests where necessary to:

Legal Compliance

• Tax obligations
• Regulatory obligations
• Financial obligations

Security

• Fraud prevention
• Security investigations

Legal Claims

• Defending legal rights
• Resolving disputes

Platform Integrity

• Preventing abuse
• Maintaining records

7.22 Deletion Processing

Deletion requests may require time to process.

Information may remain temporarily in:

• Backup systems
• Disaster recovery systems
• Security systems

until normal deletion cycles occur.

7.23 Backup Systems

Holora may maintain backups for:

• Business continuity
• Disaster recovery
• Security purposes

Backups are protected through reasonable security measures.

Backup deletion may occur according to operational schedules.

7.24 Legal Holds

Where required by law, investigation, litigation, or regulatory obligations, Holora may suspend deletion activities relating to specific information.

7.25 Archiving

Certain information may be archived where necessary to:

• Preserve records
• Maintain compliance
• Support investigations
• Protect legal rights

Archived information remains subject to security controls.

7.26 Data Lifecycle Management

Holora seeks to manage information throughout its lifecycle through:

Collection

Only information reasonably necessary for Platform purposes.

Storage

Protected through security controls.

Use

Limited to authorized purposes.

Retention

Maintained only as necessary.

Deletion

Removed when no longer required.

7.27 User Requests

Users may submit requests relating to:

• Access
• Correction
• Deletion
• Restriction
• Portability

subject to applicable legal requirements.

7.28 Future Technologies

Retention practices described in this section apply to future technologies including:

• AI systems
• Wearables
• Recovery technologies
• Human Performance technologies

unless supplemented by future policies.

7.29 Retention Schedule Summary

Category	Typical Retention
Account Information	Duration of account
Training Information	Duration of account
Nutrition Information	Duration of account
Recovery Information	Duration of account
Goal Information	Duration of account
Wearable Information	Duration of account
AI Interactions	As reasonably necessary
Communications	As reasonably necessary
Support Records	Up to 7 years
Transaction Records	Up to 10 years
Security Logs	12–36 months
Fraud Records	As reasonably necessary
Anonymous Data	Indefinitely

Actual retention periods may vary depending upon legal requirements and operational needs.

7.30 Transparency Commitment

Holora is committed to transparency regarding retention practices and will update this section where material changes occur.

 

8. USER RIGHTS, GDPR RIGHTS, UK GDPR RIGHTS, CALIFORNIA RIGHTS, ACCESS REQUESTS, DELETION REQUESTS & REGULATORY RIGHTS MANAGEMENT

8.1 Overview

Holora believes Users should maintain meaningful control over their personal information.

Depending upon applicable laws and jurisdiction, Users may possess privacy rights relating to:

• Access
• Correction
• Deletion
• Restriction
• Portability
• Objection
• Consent withdrawal
• Complaint submission

Certain rights may be limited where:

• Legal obligations apply
• Fraud prevention is necessary
• Security requirements exist
• Rights of others would be impacted

8.2 Right Of Access

Subject to applicable laws, Users may request confirmation regarding whether Holora processes personal information relating to them.

Users may also request information regarding:

• Categories of information processed
• Sources of information
• Purposes of processing
• Categories of recipients
• Retention practices
• Applicable rights

Where legally required, Holora may provide a copy of personal information associated with the request.

8.3 Right To Correction

Users may request correction of information that is:

• Inaccurate
• Incomplete
• Outdated

Holora may request supporting information where reasonably necessary to verify requested corrections.

8.4 Right To Deletion

Users may request deletion of personal information where applicable laws provide such rights.

Deletion requests may apply to:

• Account information
• Profile information
• Health information
• Marketplace information
• Communications
• Other personal information

Deletion rights are not absolute.

Certain information may be retained where legally permitted or required.

8.5 Circumstances Where Information May Be Retained

Holora may decline deletion requests where information is necessary to:

Comply With Laws

• Tax requirements
• Financial regulations
• Regulatory obligations

Defend Legal Rights

• Legal claims
• Investigations
• Dispute resolution

Protect Security

• Fraud prevention
• Abuse prevention
• Platform integrity

Protect Others

• Rights of other Users
• Rights of Professionals
• Rights of Enterprise Clients

8.6 Right To Restrict Processing

Where legally applicable, Users may request restriction of certain processing activities.

Examples may include situations where:

• Accuracy is contested
• Processing is disputed
• Legal claims are involved

During restriction periods, certain Platform functionality may become unavailable.

8.7 Right To Object

Users may object to processing activities based upon:

• Legitimate interests
• Direct marketing
• Certain profiling activities

Holora will evaluate objections in accordance with applicable legal requirements.

8.8 Right To Data Portability

Where legally applicable, Users may request a copy of certain personal information in a structured, commonly used, and machine-readable format.

Portability rights generally apply to information:

• Provided by the User
• Processed by automated means
• Processed based upon consent or contract

8.9 Right To Withdraw Consent

Where processing relies upon consent, Users may withdraw consent at any time.

Withdrawal may affect:

• Wearable integrations
• Marketing communications
• Certain AI features
• Future optional features

Withdrawal does not affect processing conducted before consent was withdrawn.

8.10 Right To Marketing Opt-Out

Users may opt out of marketing communications.

Users may continue receiving:

• Security notices
• Transactional communications
• Service notifications
• Legal notices

where necessary.

8.11 Right To Lodge Complaints

Users may lodge complaints with:

• Data protection authorities
• Privacy regulators
• Supervisory authorities

where permitted by applicable law.

Holora encourages Users to contact Holora first so concerns may be addressed directly whenever possible.

8.12 GDPR Rights

For Users located within the European Economic Area, GDPR may provide rights including:

• Access
• Rectification
• Erasure
• Restriction
• Portability
• Objection
• Complaint rights

subject to applicable legal limitations.

8.13 UK GDPR Rights

For Users located within the United Kingdom, UK GDPR may provide rights including:

• Access
• Rectification
• Erasure
• Restriction
• Portability
• Objection
• Complaint rights

subject to applicable legal limitations.

8.14 California Privacy Rights

Eligible California residents may possess rights under:

• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)

subject to applicable requirements.

8.15 California Access Rights

Eligible California residents may request information regarding:

• Categories of personal information collected
• Categories of sources
• Business purposes for collection
• Categories of recipients

during applicable periods.

8.16 California Deletion Rights

Eligible California residents may request deletion of personal information subject to applicable legal exceptions.

8.17 California Correction Rights

Eligible California residents may request correction of inaccurate personal information.

8.18 California Sensitive Information Rights

Where applicable, California residents may possess rights relating to certain categories of sensitive personal information.

Holora does not sell health-related information.

8.19 California Non-Discrimination

Holora will not discriminate against Users for exercising privacy rights.

However, certain services may require specific information to function.

Where information is necessary for service delivery, certain functionality may become unavailable if information is removed.

8.20 Verification Requirements

Before fulfilling certain requests, Holora may verify identity to protect:

• User information
• Account security
• Privacy rights

Verification methods may include:

• Account authentication
• Email verification
• Additional identity checks

where reasonably necessary.

8.21 Authorized Representatives

Where permitted by law, Users may authorize representatives to submit requests on their behalf.

Holora may require verification of:

• User identity
• Representative authority

before fulfilling requests.

8.22 Request Submission Methods

Requests may generally be submitted through:

• Account settings
• Support channels
• Privacy contact channels
• Future privacy management tools

Holora may modify submission methods over time.

8.23 Response Timeframes

Holora seeks to respond to requests within timeframes required by applicable laws.

Response periods may vary depending upon:

• Request complexity
• Jurisdiction
• Verification requirements
• Applicable regulations

8.24 Excessive Requests

Where permitted by law, Holora may:

• Refuse requests
• Charge reasonable fees
• Request clarification

for repetitive, excessive, abusive, or manifestly unfounded requests.

8.25 Marketplace Information Requests

Requests involving Marketplace information may require consideration of:

• Professional rights
• User rights
• Legal obligations
• Platform integrity

before information is disclosed.

8.26 Enterprise Program Requests

Users participating in Enterprise Services retain privacy rights described within this Privacy Policy.

Enterprise participation does not remove individual privacy rights.

8.27 AI-Related Requests

Users may submit requests relating to information processed through AI systems where applicable under relevant privacy laws.

Certain AI-generated outputs may be retained where necessary for:

• Security
• Compliance
• Service delivery
• Platform integrity

8.28 Security Limitations

Privacy rights may be limited where disclosure would:

• Compromise security
• Reveal trade secrets
• Reveal intellectual property
• Harm other Users
• Enable fraud

to the extent permitted by applicable law.

8.29 Future Rights

As privacy laws evolve, Users may receive additional rights under future:

• Privacy laws
• AI regulations
• Consumer protection laws
• Digital platform regulations

Holora may update this Privacy Policy accordingly.

8.30 Transparency Commitment

Holora is committed to respecting applicable privacy rights and maintaining transparent processes for handling User requests.

9. SECURITY MEASURES, ENCRYPTION, ACCESS CONTROLS, INCIDENT RESPONSE, CYBERSECURITY & DATA PROTECTION PROGRAM

9.1 Overview

Holora recognizes that Users entrust the Platform with information relating to:

• Health
• Fitness
• Recovery
• Nutrition
• Performance
• Marketplace activities
• Communications
• AI interactions

Protecting this information is a core responsibility.

Holora maintains administrative, technical, organizational, and physical safeguards designed to protect information against:

• Unauthorized access
• Unauthorized disclosure
• Unauthorized modification
• Unauthorized destruction
• Accidental loss
• Misuse

No security program can guarantee absolute security.

9.2 Security Philosophy

Holora’s security program is guided by the following principles:

Confidentiality

Information should be accessible only to authorized parties.

Integrity

Information should remain accurate and protected against unauthorized alteration.

Availability

Services should remain reasonably available to authorized Users.

Accountability

Access to information should be traceable and auditable where appropriate.

Least Privilege

Access should be limited to individuals requiring information to perform authorized functions.

9.3 Security Governance

Holora maintains security practices designed to:

• Protect Users
• Protect Professionals
• Protect Enterprise Clients
• Protect Platform operations
• Protect AI systems
• Protect Marketplace functionality

Security controls may evolve over time as technologies and threats change.

9.4 Encryption

Where appropriate, Holora may utilize encryption technologies including:

Data In Transit

Encryption during transmission between:

• Mobile applications
• Websites
• APIs
• Infrastructure systems
• Connected services

Data At Rest

Encryption of information stored within supported systems and infrastructure.

Encryption practices may vary depending upon:

• Information type
• Infrastructure provider
• System architecture
• Security requirements

9.5 Access Controls

Holora maintains access management processes designed to limit information access to authorized personnel.

Access may be restricted based upon:

Role

• Support personnel
• Technical personnel
• Security personnel
• Operations personnel

Business Need

Access is granted only where reasonably necessary to perform legitimate business functions.

Permission Levels

Different information categories may be subject to different access restrictions.

9.6 Authentication Controls

Holora may implement authentication measures including:

• Password protection
• Multi-factor authentication
• Session controls
• Identity verification
• Device verification

Users are responsible for maintaining the confidentiality of account credentials.

9.7 Security Monitoring

Holora may utilize monitoring technologies designed to:

• Detect threats
• Detect abuse
• Detect fraud
• Detect unauthorized access
• Detect suspicious behavior

Monitoring activities may be automated, manual, or a combination of both.

9.8 Logging & Audit Controls

Holora may maintain logs relating to:

• Authentication activity
• Access activity
• Security events
• Administrative actions
• Platform activity

Logs may be used for:

• Security investigations
• Fraud prevention
• Incident response
• Compliance purposes

9.9 Vulnerability Management

Holora may implement processes designed to:

• Identify vulnerabilities
• Assess vulnerabilities
• Prioritize remediation
• Improve platform security

Security reviews may occur periodically as part of ongoing security operations.

9.10 Infrastructure Security

Holora may utilize infrastructure providers that maintain security programs designed to protect:

• Data centers
• Networks
• Storage systems
• Cloud services

Examples may include:

• Amazon Web Services (AWS)
• Google Cloud Platform
• Microsoft Azure

or future approved providers.

9.11 Network Security

Holora may implement network protections including:

• Traffic filtering
• Network monitoring
• Access restrictions
• Security controls

to help protect Platform infrastructure.

9.12 Application Security

Holora may implement security measures within applications including:

• Authentication controls
• Session management
• Access restrictions
• Security testing
• Security reviews

Security controls may evolve over time.

9.13 AI Security

Holora may implement safeguards designed to protect:

• AI systems
• AI models
• AI-generated outputs
• AI infrastructure

from misuse, abuse, manipulation, or unauthorized access.

9.14 Marketplace Security

Holora may implement safeguards designed to protect Marketplace participants including:

• Identity verification processes
• Fraud detection systems
• Abuse detection systems
• Transaction monitoring

Holora cannot guarantee that all fraudulent activity will be prevented.

9.15 Payment Security

Payment processing is performed through authorized payment providers.

Holora generally does not store:

• Full credit card numbers
• Payment security codes
• Complete payment credentials

Payment providers maintain separate security programs and compliance obligations.

9.16 Employee & Contractor Access

Personnel with access to information may be subject to:

• Confidentiality obligations
• Security requirements
• Access restrictions
• Internal policies

Access may be revoked when no longer necessary.

9.17 Service Provider Security

Holora seeks to engage service providers that maintain appropriate security practices.

Service providers may be subject to:

• Contractual obligations
• Confidentiality obligations
• Security requirements

where appropriate.

9.18 Incident Response Program

Holora may maintain incident response procedures designed to:

• Detect incidents
• Investigate incidents
• Contain incidents
• Mitigate incidents
• Recover from incidents

Response procedures may vary depending upon the nature and severity of the incident.

9.19 Security Incident Notifications

Where required by applicable law, Holora may provide notifications relating to security incidents involving personal information.

Notification timing and content may depend upon:

• Legal requirements
• Regulatory requirements
• Security considerations

9.20 Business Continuity & Disaster Recovery

Holora may maintain business continuity and disaster recovery measures designed to support:

• Service restoration
• Data recovery
• Operational resilience

Recovery capabilities may vary by system and service.

9.21 User Responsibilities

Users play an important role in maintaining security.

Users should:

• Use strong passwords
• Protect account credentials
• Maintain device security
• Avoid sharing credentials
• Report suspicious activity

Holora cannot protect information where Users compromise account security.

9.22 No Security Guarantee

Despite security efforts, no system can guarantee:

• Absolute security
• Perfect protection
• Continuous protection

Cybersecurity risks exist across all digital platforms.

Users acknowledge these inherent risks.

9.23 Fraud Prevention

Holora may process information for purposes including:

• Fraud detection
• Abuse prevention
• Account protection
• Security investigations

Fraud prevention measures may include automated systems.

9.24 Regulatory Compliance

Security practices may be designed to support compliance with applicable requirements including:

• GDPR
• UK GDPR
• CCPA
• CPRA
• Consumer protection laws
• Security regulations

where applicable.

9.25 Security Testing

Holora may conduct:

• Security reviews
• Risk assessments
• Vulnerability assessments
• Penetration testing
• Security audits

internally or through authorized third parties.

9.26 Data Minimization As Security

Holora recognizes that one of the strongest security controls is limiting unnecessary information collection.

Accordingly, Holora seeks to collect only information reasonably necessary to provide services.

9.27 Future Technologies

This section applies to future technologies including:

• AI systems
• Wearables
• Biometric technologies
• Human Performance technologies
• Enterprise services

unless superseded by future policies.

9.28 Security Program Evolution

Cybersecurity threats evolve continuously.

Holora reserves the right to:

• Modify security controls
• Enhance security measures
• Introduce new protections
• Retire outdated protections

without prior notice where necessary to maintain security.

9.29 Shared Responsibility

Security is a shared responsibility between:

• Holora
• Users
• Professionals
• Enterprise Clients
• Service Providers

Each party remains responsible for security obligations under its control.

9.30 Transparency Commitment

Holora is committed to maintaining reasonable security practices and continuously improving protections designed to safeguard User information.

 

10. COOKIES, TRACKING TECHNOLOGIES, ANALYTICS, ADVERTISING TECHNOLOGIES, DEVICE TECHNOLOGIES & CONSENT MANAGEMENT

10.1 Overview

Holora uses cookies and similar technologies to:

• Operate the Platform
• Improve user experiences
• Maintain security
• Remember preferences
• Measure performance
• Analyze usage
• Support functionality

Holora seeks to use such technologies responsibly and transparently.

Where required by applicable law, Holora will obtain consent before deploying certain categories of cookies or tracking technologies.

10.2 What Are Cookies

Cookies are small text files stored on a device when visiting a website or using certain digital services.

Cookies may:

• Remember settings
• Maintain sessions
• Improve functionality
• Support security
• Analyze usage

Cookies generally do not provide direct access to devices.

10.3 Similar Technologies

Holora may also utilize technologies including:

• Local storage
• Session storage
• Software development kits (SDKs)
• Pixels
• Web beacons
• Device identifiers
• Authentication tokens
• Future tracking technologies

These technologies may perform functions similar to cookies.

10.4 Categories Of Technologies Used

Holora may use the following categories:

Essential Technologies

Necessary for Platform operation.

Functional Technologies

Enhance user experiences.

Analytics Technologies

Help understand Platform usage.

Performance Technologies

Help optimize services.

Security Technologies

Protect users and systems.

Consent Technologies

Record user privacy preferences.

10.5 Strictly Necessary Technologies

Certain technologies are essential to:

• Account login
• Authentication
• Security
• Session management
• Fraud prevention
• Platform functionality

These technologies generally cannot be disabled without affecting service operation.

10.6 Functional Technologies

Functional technologies may be used to remember:

• Language preferences
• Regional settings
• User preferences
• Accessibility settings
• Interface settings

These technologies improve user experiences.

10.7 Analytics Technologies

Holora may use analytics technologies to understand:

• Feature usage
• User engagement
• Platform performance
• Error rates
• Navigation patterns

Analytics information helps improve Platform functionality.

10.8 Performance Technologies

Performance technologies may be used to:

• Improve loading times
• Improve responsiveness
• Optimize infrastructure
• Improve reliability

These technologies support Platform operations.

10.9 Security Technologies

Security technologies may be used to:

• Detect fraud
• Prevent abuse
• Identify suspicious activity
• Protect accounts
• Protect infrastructure

Such technologies are considered important for user protection.

10.10 Authentication Technologies

Authentication technologies may be used to:

• Verify identity
• Maintain sessions
• Prevent unauthorized access
• Support account security

Without these technologies, account functionality may not operate properly.

10.11 Device Technologies

Holora may use device-related technologies to understand:

• Device type
• Operating system
• Browser type
• App version
• Platform compatibility

This information helps ensure proper functionality across devices.

10.12 Mobile Application Technologies

Mobile applications may utilize technologies including:

• Device identifiers
• Push notification tokens
• Authentication tokens
• Security identifiers

to support app functionality.

10.13 Push Notifications

Users may receive notifications relating to:

• Training reminders
• Recovery reminders
• Goal progress
• Platform updates
• Marketplace activity
• Security alerts

Users may control notification preferences through available settings.

10.14 Analytics Providers

Holora may utilize analytics providers to better understand Platform performance.

Analytics providers may process information relating to:

• Usage activity
• Device activity
• Engagement patterns
• Platform performance

Holora seeks to utilize providers that maintain appropriate privacy and security practices.

10.15 No Sale Through Cookies

Holora does not use cookies or tracking technologies to sell health-related information.

Health-related information remains subject to the protections described elsewhere in this Privacy Policy.

10.16 Advertising Technologies

Holora may use limited advertising technologies for:

• Marketing effectiveness
• Campaign measurement
• Platform growth

However:

• Health information
• Recovery information
• Wearable information
• Biometric information

are not sold through advertising technologies.

10.17 Marketing Communications

Where permitted by law and user preferences, Holora may use information to:

• Send updates
• Share educational content
• Announce new features
• Provide promotional information

Users may opt out of marketing communications.

10.18 Consent Management

Where required by law, Holora may provide consent management tools allowing Users to:

• Grant consent
• Withdraw consent
• Modify preferences
• Review settings

Consent choices may vary by jurisdiction.

10.19 Consent Records

Holora may maintain records of consent decisions where required by law.

Examples may include:

• Consent status
• Preference selections
• Consent timestamps

for compliance purposes.

10.20 Withdrawal Of Consent

Users may withdraw consent at any time where consent serves as the legal basis for processing.

Withdrawal does not affect processing conducted prior to withdrawal.

10.21 Browser Controls

Many browsers allow Users to:

• Block cookies
• Delete cookies
• Manage cookie settings

Blocking certain technologies may impact Platform functionality.

10.22 Mobile Device Controls

Mobile operating systems may provide controls relating to:

• Notifications
• Permissions
• Device identifiers
• Tracking permissions

Users may manage such settings through device controls.

10.23 Do Not Track Signals

Certain browsers may transmit „Do Not Track“ signals.

Because industry standards continue to evolve, Holora may not respond uniformly to all such signals.

Holora will continue monitoring developments in this area.

10.24 Regional Requirements

Cookie practices may vary depending upon:

• User location
• Applicable laws
• Regulatory requirements

Holora seeks to comply with applicable requirements including:

• GDPR
• UK GDPR
• ePrivacy requirements
• CCPA
• CPRA

where applicable.

10.25 Future Technologies

This section applies to future technologies including:

• AI technologies
• Wearables
• Connected devices
• Human Performance technologies
• Emerging digital technologies

that perform similar functions.

10.26 Standalone Cookie Policy

Holora may publish a separate Cookie Policy providing additional details regarding:

• Technology categories
• Specific providers
• Retention periods
• Consent options

The Cookie Policy shall supplement this Privacy Policy.

10.27 Transparency Commitment

Holora is committed to transparency regarding tracking technologies and will update this section as technologies and regulatory requirements evolve.

 

11. ARTIFICIAL INTELLIGENCE, AUTOMATED DECISION-MAKING, PROFILING, PERSONALIZATION, RECOMMENDATIONS & HUMAN REVIEW

11.1 Overview

Artificial Intelligence („AI“) is a core component of the Holora platform.

Holora uses AI systems to help Users better understand information relating to:

• Training
• Nutrition
• Recovery
• Hydration
• Sleep
• Wellness
• Performance
• Goal progression

The purpose of AI within Holora is not merely to display information, but to help Users understand what information means and how it may relate to their goals.

11.2 Holora AI Philosophy

Many platforms present information without explanation.

Holora’s AI is designed to help Users understand:

• What their information means
• Which habits influence outcomes
• Which behaviors support goals
• Which opportunities for improvement may exist

AI exists to support informed decision-making, not replace it.

11.3 Purposes Of AI Processing

Holora may use AI systems for purposes including:

Personalization

• Personalized experiences
• Personalized content
• Personalized recommendations

Progress Analysis

• Goal tracking
• Trend analysis
• Progress evaluation

Educational Guidance

• Explanations
• Summaries
• Educational content
• Learning support

Reporting

• Weekly reports
• Progress reports
• Wellness summaries
• Recovery summaries

Recommendation Generation

• Training recommendations
• Nutrition recommendations
• Recovery recommendations
• Lifestyle recommendations

11.4 Information Used By AI Systems

AI systems may process information including:

Training Information

• Workouts
• Exercise history
• Performance history

Nutrition Information

• Food intake
• Nutrition tracking
• Macronutrient information

Recovery Information

• Recovery metrics
• Recovery history
• Sleep information

Goal Information

• Desired outcomes
• Progress targets
• User objectives

Wearable Information

• Activity data
• Recovery data
• Sensor-generated information

where connected by the User.

11.5 AI Recommendations

AI systems may generate:

• Insights
• Suggestions
• Recommendations
• Explanations
• Educational content
• Goal guidance

These outputs are intended to help Users better understand available information.

11.6 AI Is Not Medical Advice

Holora AI does not provide:

• Medical advice
• Medical diagnosis
• Medical treatment
• Healthcare services
• Clinical assessments
• Emergency services

AI-generated outputs should never be interpreted as medical advice.

Users should consult qualified healthcare professionals regarding medical concerns.

11.7 AI Is Not A Professional

Holora AI is not:

• A doctor
• A healthcare provider
• A therapist
• A psychologist
• A dietitian
• A lawyer
• A financial advisor

AI is a technology tool designed to support educational and informational experiences.

11.8 AI Limitations

Users acknowledge that AI systems may:

• Make mistakes
• Produce incomplete information
• Produce inaccurate information
• Misinterpret inputs
• Generate unexpected outputs

AI systems are not perfect and should be used with appropriate judgment.

11.9 Human Decision-Making

Users remain responsible for:

• Health decisions
• Fitness decisions
• Nutrition decisions
• Recovery decisions
• Lifestyle decisions

AI recommendations are intended to support decision-making, not replace it.

11.10 Human Professional Involvement

One of Holora’s core differentiators is combining:

Artificial Intelligence

with

Human Expertise

including:

• Trainers
• Nutritionists
• Recovery specialists
• Educators
• Performance professionals

Users may choose to work with Professionals in addition to AI systems.

11.11 AI & Professional Collaboration

Where authorized by Users, Professionals may utilize Platform information to provide personalized guidance.

AI-generated information may be:

• Reviewed
• Supplemented
• Expanded
• Modified

by independent Professionals.

Holora does not require Professionals to follow AI-generated outputs.

11.12 Automated Processing

Holora may use automated processing to:

• Analyze trends
• Generate recommendations
• Create summaries
• Produce reports
• Personalize experiences

Automated processing helps scale personalized experiences across the Platform.

11.13 Profiling

Holora may create profiles relating to:

• Training habits
• Recovery habits
• Nutrition habits
• Goal progression
• Platform engagement

for purposes including:

• Personalization
• Recommendations
• User experience improvements

Such profiling is intended to benefit Users and improve Platform functionality.

11.14 Personalization

Holora may personalize:

• Content
• Recommendations
• Educational materials
• AI outputs
• User experiences

based on information available to the Platform.

11.15 Recommendation Systems

Recommendation systems may consider:

• User goals
• Training history
• Recovery trends
• Nutrition information
• Platform activity

to provide more relevant experiences.

11.16 AI Learning & Improvement

Holora may use information to improve:

• AI performance
• AI accuracy
• AI functionality
• User experiences

subject to applicable privacy requirements and safeguards.

11.17 AI Service Providers

Holora may utilize third-party AI infrastructure providers.

Where third-party providers are utilized, Holora seeks to implement:

• Contractual safeguards
• Security safeguards
• Privacy safeguards

designed to protect User information.

11.18 Human Review

Certain activities may involve human review where reasonably necessary for:

• Customer support
• Safety
• Security
• Fraud prevention
• Quality assurance
• Legal compliance

Human review may occur in accordance with applicable laws and internal controls.

11.19 AI Security

Holora may implement safeguards designed to protect:

• AI models
• AI infrastructure
• AI-generated information
• AI systems

against misuse, abuse, manipulation, or unauthorized access.

11.20 AI Transparency

Holora seeks to provide transparency regarding:

• AI usage
• AI capabilities
• AI limitations
• AI processing activities

through Platform disclosures and legal documentation.

11.21 User Controls

Users may control aspects of AI usage through available Platform settings and service choices.

Certain Platform functionality may require AI processing in order to operate.

11.22 No Solely Automated Medical Decisions

Holora does not use AI systems to make medical diagnoses or medical treatment decisions.

AI systems are intended for educational, informational, motivational, and wellness-related purposes only.

11.23 Future AI Technologies

This section applies to:

• Current AI systems
• Future AI systems
• Machine learning technologies
• Predictive systems
• Human Performance technologies

unless superseded by future policies.

11.24 Regulatory Compliance

Holora intends to monitor and adapt to applicable AI regulations including:

• EU AI Act
• UK AI guidance
• US AI regulations
• Future international AI regulations

where applicable.

11.25 User Benefit Principle

Holora’s AI exists to help Users better understand themselves.

The objective is not simply to present data, but to transform information into understanding, guidance, and actionable insights that may help Users move closer to their goals.

11.26 No Guarantee Of Outcomes

AI-generated recommendations do not guarantee:

• Health outcomes
• Fitness outcomes
• Recovery outcomes
• Performance outcomes
• Wellness outcomes

Individual results depend upon numerous factors beyond Holora’s control.

11.27 Transparency Commitment

Holora is committed to responsible AI use and will continue refining its AI governance framework as technologies and regulations evolve.

12. ENTERPRISE PROGRAMS, CORPORATE WELLNESS, HOTEL PARTNERSHIPS, GYM PARTNERSHIPS & ORGANIZATIONAL DATA PROCESSING

12.1 Overview

Holora may provide services to organizations including:

• Employers
• Corporations
• Enterprise clients
• Hotels
• Resorts
• Health clubs
• Gyms
• Sports organizations
• Educational institutions
• Wellness providers

Enterprise services are designed to improve access to wellness, performance, recovery, education, and professional expertise while maintaining individual privacy protections.

12.2 Enterprise Privacy Principle

Participation in an Enterprise Program does not eliminate or reduce individual privacy rights.

Users participating in:

• Corporate wellness programs
• Hotel wellness programs
• Gym partnerships
• Enterprise services

remain entitled to privacy protections described throughout this Privacy Policy.

12.3 Individual Ownership Of Personal Information

Personal information belongs to the individual User.

Participation in an Enterprise Program does not transfer ownership of personal information to:

• Employers
• Hotels
• Gyms
• Enterprise clients
• Program sponsors
• Commercial partners

12.4 Enterprise Services

Enterprise services may include:

Corporate Wellness

• Employee wellness initiatives
• Wellness education
• Health challenges
• Performance programs

Hospitality Programs

• Hotel wellness services
• Resort wellness services
• Guest wellbeing programs

Fitness Partnerships

• Gym integrations
• Club integrations
• Member engagement programs

Enterprise Solutions

• Reporting tools
• Administrative dashboards
• Program analytics

12.5 Information Processed Through Enterprise Programs

Depending upon the program, Holora may process:

• Account information
• Participation information
• Program engagement information
• Activity information
• Wellness information
• Goal information

subject to applicable permissions and legal requirements.

12.6 Enterprise Reporting

Enterprise clients may receive reporting relating to program performance.

Such reporting may include:

Participation Metrics

• Enrollment numbers
• Participation rates
• Program engagement

Usage Metrics

• Activity levels
• Program completion rates
• Content engagement

Trend Information

• Aggregate trends
• Anonymous trends
• Population-level insights

12.7 No Automatic Access To Individual Health Data

Enterprise clients do not automatically receive access to:

• Workout history
• Nutrition logs
• Recovery logs
• Sleep information
• Hydration logs
• Wearable information
• Biometric information
• Health-related records

unless:

• The User specifically authorizes sharing;
• Applicable law permits sharing; or
• Applicable law requires sharing.

This restriction is a fundamental principle of Holora’s privacy framework.

12.8 Employer Privacy Protection

Employers generally will not receive:

• Individual fitness records
• Individual recovery records
• Individual nutrition records
• Individual wearable data
• Individual AI reports

without appropriate authorization or legal authority.

Holora seeks to maintain a separation between employee wellness participation and employer visibility into personal health information.

12.9 Hotel Privacy Protection

Hotels and hospitality providers generally will not receive:

• Individual health information
• Individual wearable information
• Individual recovery information
• Individual AI insights

except where necessary to provide requested services and legally permitted.

12.10 Gym Privacy Protection

Gyms and fitness facilities generally will not receive unrestricted access to:

• User health information
• User wearable information
• User recovery information

unless the User authorizes such access.

12.11 Enterprise Administrators

Enterprise administrators may receive access to limited administrative information necessary to:

• Manage programs
• Monitor participation
• Support operations

Access rights may be restricted according to role and business need.

12.12 Aggregated Reporting

Holora may provide aggregated reporting including:

• Program participation
• Program engagement
• Anonymous wellness trends
• Anonymous performance trends

Aggregated reporting is designed to prevent identification of individual participants.

12.13 De-Identified Information

Holora may provide de-identified information where:

• Personal identifiers have been removed;
• Re-identification is not reasonably possible; and
• Applicable laws permit such use.

12.14 Enterprise Data Processing Agreements

Certain enterprise clients may enter into:

• Data Processing Agreements (DPAs)
• Security Agreements
• Compliance Agreements
• Enterprise Contracts

where required by law or business requirements.

Such agreements may supplement this Privacy Policy.

12.15 Enterprise Security Requirements

Enterprise services may be subject to additional:

• Security reviews
• Compliance requirements
• Access controls
• Contractual safeguards

depending upon client requirements.

12.16 Enterprise Compliance

Holora may support enterprise compliance obligations relating to:

• Privacy
• Security
• Data protection
• Wellness programs

subject to applicable laws and contractual commitments.

12.17 Enterprise User Rights

Participation in an enterprise program does not remove rights relating to:

• Access
• Correction
• Deletion
• Restriction
• Portability
• Objection

where such rights exist under applicable laws.

12.18 Professional Services Within Enterprise Programs

Enterprise programs may include access to:

• Trainers
• Nutritionists
• Recovery specialists
• Educators
• Wellness professionals

Information shared with Professionals remains subject to user authorization and service requirements.

12.19 AI Within Enterprise Programs

AI functionality may be used within enterprise programs to:

• Generate insights
• Create reports
• Improve personalization
• Support wellness initiatives

AI systems remain subject to the protections described elsewhere in this Privacy Policy.

12.20 International Enterprise Programs

Enterprise clients may operate internationally.

Information may be processed across multiple jurisdictions consistent with:

• Applicable laws
• Contractual safeguards
• Data protection requirements

12.21 Business Transfers Affecting Enterprise Clients

Enterprise-related information may be transferred in connection with:

• Acquisitions
• Mergers
• Reorganizations
• Corporate transactions

subject to applicable legal protections.

12.22 Future Enterprise Services

This section applies to future:

• Corporate wellness programs
• Hotel wellness programs
• Enterprise solutions
• Organizational services
• Human Performance programs

unless superseded by future policies.

12.23 No Employment Decisions

Holora information should not be used by employers to make:

• Hiring decisions
• Firing decisions
• Promotion decisions
• Compensation decisions

unless independently authorized and legally permissible.

Holora does not design its services for employment decision-making.

12.24 Transparency Commitment

Holora is committed to maintaining privacy protections for individuals participating in enterprise programs and seeks to ensure that organizational participation does not compromise individual privacy rights.

13. INTERNATIONAL DATA TRANSFERS, GDPR COMPLIANCE, UK GDPR COMPLIANCE, CCPA/CPRA COMPLIANCE, CROSS-BORDER PROCESSING & REGULATORY FRAMEWORKS

13.1 Overview

Holora is a global platform designed to connect Users, Professionals, educators, content creators, enterprise partners, and technology systems across multiple countries and regions.

As a result, personal information may be processed, stored, transferred, accessed, or managed across international borders.

Holora seeks to implement appropriate safeguards designed to protect personal information regardless of where it is processed.

13.2 Global Operations

Holora may operate internationally through:

• Employees
• Contractors
• Service providers
• Infrastructure providers
• Marketplace Professionals
• Enterprise partners
• Technology partners

located in various jurisdictions.

Information may therefore be processed outside a User’s country of residence.

13.3 Cross-Border Processing

Personal information may be transferred between countries for purposes including:

Platform Operations

• Account management
• Service delivery
• Technical support

Infrastructure Operations

• Cloud hosting
• Data storage
• Backup systems

Security Operations

• Fraud prevention
• Threat monitoring
• Incident response

Marketplace Operations

• Professional services
• User communications
• Service delivery

AI Operations

• AI processing
• AI recommendations
• AI infrastructure

13.4 Data Hosting Locations

Holora may host information through infrastructure providers including:

• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Microsoft Azure
• Future approved providers

Actual hosting locations may change over time based on:

• Operational needs
• Regulatory requirements
• Infrastructure architecture
• Security considerations

13.5 European Economic Area (EEA)

For Users located within the European Economic Area, Holora seeks to process personal information in accordance with:

GDPR

Regulation (EU) 2016/679

and applicable European privacy requirements.

13.6 GDPR Principles

Where GDPR applies, Holora seeks to process information in accordance with principles including:

Lawfulness

Processing must have an appropriate legal basis.

Fairness

Processing should be conducted fairly.

Transparency

Users should understand how information is used.

Purpose Limitation

Information should only be used for legitimate purposes.

Data Minimization

Only necessary information should be processed.

Accuracy

Reasonable efforts should be made to maintain accurate information.

Storage Limitation

Information should not be retained longer than necessary.

Integrity & Confidentiality

Information should be protected through appropriate safeguards.

13.7 GDPR Rights

EEA Users may possess rights including:

• Access
• Rectification
• Erasure
• Restriction
• Portability
• Objection
• Complaint rights

subject to applicable legal limitations.

13.8 Special Category Data Under GDPR

Certain information processed by Holora may constitute:

Special Category Personal Data

including:

• Health information
• Wellness information
• Recovery information
• Biometric information

Where GDPR applies, Holora seeks to process such information only where:

• Appropriate legal bases exist;
• Necessary safeguards exist; and
• Applicable legal requirements are satisfied.

13.9 UK GDPR Compliance

For Users located within the United Kingdom, Holora seeks to comply with:

• UK GDPR
• Data Protection Act 2018
• Applicable UK privacy regulations

where applicable.

13.10 United Kingdom Transfers

Where information is transferred outside the United Kingdom, Holora seeks to implement safeguards designed to satisfy applicable UK requirements.

13.11 Switzerland

Where applicable, Holora seeks to respect relevant Swiss privacy requirements and international transfer requirements.

13.12 California Privacy Rights

For eligible California residents, Holora seeks to comply with:

• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)

where applicable.

13.13 California Consumer Rights

Eligible California residents may possess rights relating to:

• Access
• Correction
• Deletion
• Disclosure
• Non-discrimination

subject to applicable legal limitations.

13.14 No Sale Of Health Information

Regardless of jurisdiction, Holora does not sell:

• Health information
• Recovery information
• Nutrition information
• Sleep information
• Wearable information
• Biometric information

to advertisers, data brokers, or unrelated third parties.

This commitment applies globally.

13.15 International Transfer Mechanisms

Where required by law, Holora may utilize transfer mechanisms including:

Contractual Measures

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements
• International Data Transfer Agreements

Organizational Measures

• Privacy controls
• Security controls
• Internal policies

Technical Measures

• Encryption
• Access controls
• Authentication systems

13.16 Service Provider Transfers

Information may be transferred to service providers supporting:

• Infrastructure
• Security
• Communications
• Analytics
• AI services
• Customer support

Such providers may be located in jurisdictions different from the User’s location.

13.17 Marketplace Transfers

Where Users engage Professionals located in different countries, information may be transferred internationally in order to facilitate requested services.

Users acknowledge that global professional engagement is a core feature of the Platform.

13.18 Enterprise Transfers

Enterprise clients operating across multiple jurisdictions may require international information processing.

Holora seeks to ensure that such processing remains subject to applicable legal protections.

13.19 Regulatory Requests

Information may be disclosed to:

• Courts
• Regulators
• Government authorities
• Law enforcement agencies

where legally required or legally permitted.

13.20 Data Localization

Certain jurisdictions may impose data localization requirements.

Holora reserves the right to modify infrastructure and processing arrangements in order to comply with:

• Regulatory requirements
• Security requirements
• Legal obligations

13.21 Future International Expansion

As Holora expands internationally, additional processing locations may be introduced.

Users acknowledge that international growth may require information to be processed in additional jurisdictions.

13.22 Regulatory Cooperation

Holora may cooperate with:

• Data protection authorities
• Privacy regulators
• Consumer protection authorities
• Law enforcement agencies

where legally required.

13.23 Future Regulatory Frameworks

Holora intends to monitor and adapt to emerging frameworks including:

Privacy Regulations

• Future GDPR developments
• Future UK privacy laws
• Future US privacy laws

AI Regulations

• EU AI Act
• UK AI guidance
• Future AI regulations

Digital Platform Regulations

• Consumer protection regulations
• Platform accountability regulations
• Data governance regulations

13.24 International User Responsibility

Users remain responsible for ensuring that their use of the Platform complies with applicable laws in their jurisdiction.

13.25 Transparency Commitment

Holora is committed to transparency regarding international processing activities and will update this Privacy Policy when material changes occur.

 

 

 

14. CHILDREN’S PRIVACY, AGE RESTRICTIONS, YOUTH PROTECTION, SAFETY MEASURES & MINOR SAFEGUARDS

14.1 Overview

Holora is designed for adults and is intended for individuals who are at least eighteen (18) years of age.

Holora recognizes the importance of protecting children and young persons online and is committed to maintaining appropriate safeguards designed to protect minors from unauthorized access to the Platform.

14.2 Minimum Age Requirement

Users must be at least eighteen (18) years old to:

• Create an account
• Use the Platform
• Purchase services
• Participate in Marketplace activities
• Engage Professionals
• Use AI functionality
• Access community features

unless Holora expressly introduces a separate youth program governed by additional safeguards.

14.3 No Knowing Collection Of Children’s Information

Holora does not knowingly collect personal information from children under eighteen (18) years of age.

Holora does not intentionally:

• Market services to children
• Solicit information from children
• Create profiles of children
• Collect health information from children

through the standard Platform.

14.4 Account Verification

Holora may implement measures designed to verify that Users satisfy minimum age requirements.

Verification measures may include:

• Date of birth collection
• Account verification procedures
• Identity verification processes
• Additional compliance checks

where appropriate.

14.5 Discovery Of Minor Accounts

If Holora becomes aware that an account belongs to a person under the minimum age requirement, Holora may:

• Suspend the account
• Restrict access
• Remove content
• Delete the account
• Request additional verification

without prior notice.

14.6 Removal Of Children’s Information

Where Holora becomes aware that personal information has been collected from a child in violation of applicable requirements, Holora will take reasonable steps to:

• Investigate the matter
• Remove the information where appropriate
• Restrict future access

subject to legal obligations and operational requirements.

14.7 Parent & Guardian Requests

Parents or legal guardians who believe a child has provided information to Holora may contact Holora through official privacy channels.

Where appropriate and legally permitted, Holora may:

• Review the request
• Investigate the account
• Remove information
• Restrict access

following reasonable verification procedures.

14.8 Community Safety

Holora prohibits any activity involving:

• Child exploitation
• Child abuse
• Grooming
• Sexualization of minors
• Harmful conduct involving minors
• Illegal interactions involving minors

Violations may result in:

• Immediate account termination
• Reporting to authorities
• Legal action

where appropriate.

14.9 Marketplace Safety

Professionals using the Platform may not knowingly provide services to individuals under the minimum age requirement through the standard Platform unless expressly authorized by Holora under separate youth-specific programs.

14.10 Future Youth Programs

If Holora introduces programs designed for younger individuals in the future, such programs may be governed by:

• Additional privacy notices
• Additional parental consent requirements
• Additional safety protections
• Additional regulatory safeguards

14.11 International Child Privacy Compliance

Holora seeks to comply with applicable requirements relating to minors including:

• GDPR child protections
• UK GDPR child protections
• COPPA (where applicable)
• Future child safety regulations

where relevant.

14.12 Safety Monitoring

Holora may implement measures designed to identify:

• Suspected underage accounts
• Child safety risks
• Community safety concerns
• Violations involving minors

subject to applicable laws and privacy obligations.

14.13 Educational Content

Any educational information available through the Platform is intended for adults unless specifically designated otherwise.

14.14 No Employment Of Minors Through Marketplace

Marketplace services are intended for adult Users and adult Professionals.

Minors may not create Professional accounts or offer services through the Platform.

14.15 Transparency Commitment

Holora is committed to protecting children and maintaining age-appropriate safeguards consistent with applicable legal requirements.

END OF PART 14

PRIVACY POLICY V3

15. CONTACT INFORMATION, COMPLAINTS, DATA PROTECTION REQUESTS, REGULATORY COMMUNICATIONS & FINAL PROVISIONS

15.1 Overview

Holora is committed to transparency, accountability, and responsible handling of personal information.

Users may contact Holora regarding:

• Privacy concerns
• Data protection requests
• Security concerns
• Regulatory inquiries
• Rights requests
• Compliance matters

through official communication channels.

15.2 Privacy Requests

Users may submit requests relating to:

• Access
• Correction
• Deletion
• Restriction
• Portability
• Objection
• Consent withdrawal

subject to applicable laws.

15.3 Identity Verification

To protect privacy and security, Holora may require verification before fulfilling certain requests.

Verification procedures may vary depending on:

• Request type
• Risk level
• Applicable law
• Information involved

15.4 Regulatory Complaints

Users may have the right to contact:

• Data protection authorities
• Privacy regulators
• Consumer protection authorities

within their jurisdiction.

Holora encourages Users to contact Holora first so concerns may be addressed directly whenever possible.

15.5 Data Protection Officer

Where required by applicable law, Holora may appoint a Data Protection Officer („DPO“) or equivalent privacy contact.

Relevant contact information may be published through official channels.

15.6 Security Communications

Users should promptly report:

• Unauthorized access
• Account compromise
• Security concerns
• Suspected fraud

through official support channels.

15.7 Updates To This Privacy Policy

Holora may update this Privacy Policy periodically to reflect:

• Legal developments
• Regulatory requirements
• Platform changes
• New technologies
• New services

Material updates may be communicated through:

• Email
• Platform notifications
• Website notices
• In-app communications

where required.

15.8 Continued Use

Where permitted by law, continued use of the Platform following publication of an updated Privacy Policy constitutes acknowledgment of the revised version.

15.9 Severability

If any provision of this Privacy Policy is determined to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.

15.10 No Waiver

Failure to enforce any provision of this Privacy Policy shall not constitute a waiver of that provision or any other provision.

15.11 Governing Relationship

This Privacy Policy supplements:

• Terms of Service
• Marketplace Terms
• AI Policy
• Cookie Policy
• Community Guidelines
• Payment & Refund Policy

Where inconsistencies arise, the document most directly governing the issue shall control.

15.12 Future Technologies

This Privacy Policy applies to current and future Holora technologies including:

• AI systems
• Wearables
• Smart rings
• Smart bands
• Sensors
• Recovery technologies
• Human Performance technologies
• Enterprise technologies

unless superseded by separate privacy notices.

15.13 Privacy Commitment

Holora was built around a simple principle:

People should have access to better understanding of their health, recovery, performance, nutrition, and wellbeing without sacrificing ownership of their personal information.

The purpose of data within Holora is to help Users better understand themselves, receive meaningful guidance, and access global expertise through both artificial intelligence and human Professionals.

Holora’s objective is not to sell health information.

Holora’s objective is to help Users move closer to their goals through understanding, education, guidance, and responsible use of technology.

15.14 Effective Date

This Privacy Policy becomes effective on the date published by Holora Performance Ltd. and remains effective until replaced by an updated version.