Fitlog Privacy Policy.

Y7 Technology LLC ("we," "our," or "us") operates Fitlog, an AI-powered fitness and nutrition tracking application. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Service. This Privacy Policy complies with: • Japan's Act on the Protection of Personal Information (APPI) • European Union General Data Protection Regulation (GDPR) • California Consumer Privacy Act (CCPA) • Other applicable privacy laws worldwide

Y7 Technology LLC Representative: Yudai Sasaki Address: Shibuya Dogenzaka Tokyu Building 2F-C, 1-10-8 Dogenzaka, Shibuya-ku, Tokyo 150-0043, Japan Email: support@y7technology.com For EU users: We are the data controller responsible for your personal data. For California users: We are the business as defined under CCPA.

Account Information • Name, email address, phone number • Date of birth, gender • Profile photo (optional) • Account credentials Health and Fitness Data • Weight, height, body measurements • Body fat percentage, muscle mass, BMI • Food intake and meal photos • Nutritional data (calories, macronutrients) • Activity logs and exercise data • Sleep patterns (if tracked) • Health goals and preferences Device and Technical Data • Device type, operating system • IP address, browser type • App usage data and interactions • Cookie and similar technologies • Location data (if enabled) Payment Information • Subscription information • Transaction history • Purchase receipts (managed by App Store / Google Play) Third-Party Integration Data • Data from Apple Health, Google Fit, or other connected apps • Smart scale and fitness device data • Social media profile information (if you connect social accounts) Communications • Customer support messages • Feedback and survey responses • Email correspondence

Service Provision • Creating and managing your account • Providing AI-powered food recognition and nutritional analysis • Tracking your fitness and health progress • Generating personalized insights and recommendations • Syncing data with third-party health apps and devices Service Improvement • Analyzing usage patterns to improve features • Training and improving AI models for food recognition accuracy • Testing new features and functionality • Conducting research and analytics (using aggregated, anonymized data) Communication • Sending service updates and notifications • Responding to customer support inquiries • Sending marketing communications (with your consent) • Requesting feedback and conducting surveys Security and Legal • Preventing fraud and abuse • Ensuring platform security • Complying with legal obligations • Enforcing our Terms of Service • Protecting user safety Payment Processing • Processing subscription payments • Managing billing and invoices • Detecting and preventing payment fraud

For EU users, we process your data based on: Consent • Marketing communications • Optional data collection (e.g., profile photos) • Third-party integrations Contract Performance • Providing the Fitlog service • Account management • Payment processing Legitimate Interests • Service improvement and analytics • Security and fraud prevention • Internal research and development Legal Obligation • Compliance with tax and accounting requirements • Responding to legal requests

Service Providers • Cloud hosting providers (data storage and processing) • AI and machine learning infrastructure providers • Email and communication services • Analytics providers • Customer support tools • App Store and Google Play (for in-app purchase processing) These providers are contractually obligated to protect your data and use it only for specified purposes. Third-Party Integrations (with your explicit consent) • Apple Health, Google Fit, and other health platforms • Smart device manufacturers (scales, fitness trackers) • Social media platforms (if you choose to share) Legal Requirements • Court orders, subpoenas, or legal processes • Government or regulatory requests • Protection of our rights and safety • Prevention of fraud or illegal activities Business Transfers In case of merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to this Privacy Policy. Aggregated Data We may share anonymized, aggregated data that cannot identify you personally with research institutions, public health organizations, and business partners. We do NOT sell your personal health data to third parties.

Technical Safeguards • Encryption in transit (TLS/SSL) • Encryption at rest for sensitive data • Secure authentication mechanisms • Regular security audits and penetration testing • Firewall and intrusion detection systems Organizational Measures • Employee training on data protection • Access controls and authentication • Data minimization principles • Regular security policy reviews • Incident response procedures However, no system is 100% secure. You are responsible for: • Maintaining account credential confidentiality • Using strong, unique passwords • Enabling two-factor authentication (if available) • Reporting suspicious activity immediately

We retain your data for as long as necessary to provide the Service and comply with legal obligations. Active Accounts • Data retained while your account is active • You can delete specific data entries at any time within the app Deleted Accounts • After account deletion, most data is removed within 30 days • Some data may be retained longer for legal compliance (e.g., transaction records for tax purposes) • Anonymized, aggregated data may be retained indefinitely for research Backup Systems • Deleted data may persist in backup systems for up to 90 days You can request complete data deletion by contacting support@y7technology.com.

General Rights (All Users) • Access: Request a copy of your personal data • Correction: Update inaccurate or incomplete information • Deletion: Request deletion ("right to be forgotten") • Data Portability: Receive your data in a structured, machine-readable format • Objection: Object to certain data processing activities To exercise these rights: support@y7technology.com GDPR Rights (EU Users) • Withdraw consent at any time • Restrict processing • Lodge a complaint with your local supervisory authority • Object to automated decision-making and profiling CCPA Rights (California Users) • Know what personal information is collected • Know if personal information is sold or disclosed • Say no to the sale of personal information (we do NOT sell personal data) • Request deletion • Non-discrimination for exercising privacy rights APPI Rights (Japanese Users) • Disclosure of personal information • Correction, addition, or deletion • Suspension of use or deletion • Suspension of provision to third parties

Types of Cookies Essential • Required for basic Service functionality • Cannot be disabled Performance • Analyze how you use the Service • Help improve performance • Can be disabled in settings Functional • Remember your preferences • Enhance user experience • Can be disabled in settings Marketing • Track your interests for advertising • Require explicit consent • Can be disabled Managing Cookies You can control cookies through browser settings, app settings, or the cookie consent banner. Disabling certain cookies may limit Service functionality.

Your data may be transferred and processed in countries other than your own, including Japan, the United States, and EU member states. For EU Users We ensure adequate protection through: • EU Standard Contractual Clauses (SCCs) • GDPR-compliant data transfer mechanisms • Ensuring service providers meet EU data protection standards For All Users We implement appropriate safeguards to ensure your data receives adequate protection regardless of where it is processed.

Fitlog is not intended for children under 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@y7technology.com, and we will delete it promptly.

The Service may contain links to third-party websites, apps, or services. We are not responsible for their privacy practices. Please review their privacy policies before providing any information.

We may update this Privacy Policy from time to time. Changes will be effective: • Immediately for non-material changes • 30 days after notice for material changes We will notify you of significant changes via: • Email to your registered address • In-app notification • Notice on our website Your continued use after changes constitutes acceptance of the updated Privacy Policy.

For privacy-related questions, requests, or complaints: Email: support@y7technology.com Company: Y7 Technology LLC Data Protection Officer: Yudai Sasaki Address: Shibuya Dogenzaka Tokyu Building 2F-C, 1-10-8 Dogenzaka, Shibuya-ku, Tokyo 150-0043, Japan Response Time • 30 days (GDPR requirement for EU users) • 45 days (CCPA requirement for California users) • Reasonable time frame for other jurisdictions