MindTune

Y7 Technology LLC ("we," "our," or "us") operates MindTune, an AI-powered mindfulness meditation application. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Service. This Privacy Policy complies with: • Japan's Act on the Protection of Personal Information (APPI) • European Union General Data Protection Regulation (GDPR) • California Consumer Privacy Act (CCPA) • Other applicable privacy laws worldwide

Y7 Technology LLC Representative: Yudai Sasaki Address: Shibuya Dogenzaka Tokyu Building 2F-C, 1-10-8 Dogenzaka, Shibuya-ku, Tokyo 150-0043, Japan Email: support@y7technology.com For EU users: We are the data controller responsible for your personal data. For California users: We are the business as defined under CCPA.

3.1 Account Information • Name, email address, phone number • Date of birth, gender • Profile photo (optional) • Account credentials 3.2 Mental Health and Mindfulness Data • Mood and emotional state information • Stress levels and anxiety indicators • Focus and concentration metrics • Sleep quality and patterns • Meditation session history and preferences • Mindfulness goals and progress • Daily check-in responses 3.3 Biometric Data (if connected) • Heart rate and heart rate variability • Breathing patterns • Body temperature (from connected devices) • Movement and activity data 3.4 Device and Technical Data • Device type, operating system • IP address, browser type • App usage data and interactions • Cookie and similar technologies • Location data (if enabled) 3.5 Audio Data • Meditation session selections • Audio preference settings (voice, soundscapes, binaural beats) • Downloaded session data 3.6 Payment Information • Subscription information • Transaction history • Purchase receipts (managed by App Store/Google Play) 3.7 Third-Party Integration Data • Data from Apple Health, Google Fit, or other connected apps • Wearable device data (smartwatches, fitness trackers) • Social media profile information (if you connect social accounts) 3.8 Communications • Customer support messages • Feedback and survey responses • Email correspondence • Community interactions (if applicable)

We use your information for: 4.1 Service Provision • Creating and managing your account • Providing AI-powered personalized meditation recommendations • Analyzing your mental and emotional state to suggest optimal sessions • Tracking your mindfulness progress and achievements • Generating personalized insights and reports • Syncing data with third-party health apps and devices • Facilitating community features and challenges 4.2 Service Improvement • Analyzing usage patterns to improve features • Training and improving AI models for mood detection and session recommendations • Testing new meditation content and features • Conducting research on mindfulness effectiveness (using aggregated, anonymized data) • Improving audio quality and content variety 4.3 Communication • Sending meditation reminders and motivational notifications • Providing progress updates and achievement celebrations • Responding to customer support inquiries • Sending marketing communications (with your consent) • Requesting feedback and conducting surveys • Sharing mindfulness tips and educational content 4.4 Security and Legal • Preventing fraud and abuse • Ensuring platform security • Complying with legal obligations • Enforcing our Terms of Service • Protecting user safety and well-being 4.5 Payment Processing • Processing subscription payments • Managing billing and invoices • Detecting and preventing payment fraud

For EU users, we process your data based on: Consent • Marketing communications • Optional data collection (e.g., profile photos, biometric data) • Third-party integrations • Community features Contract Performance • Providing the MindTune service • Account management • Payment processing • Delivering personalized meditation sessions Legitimate Interests • Service improvement and analytics • Security and fraud prevention • Internal research and development • Improving AI recommendation algorithms Legal Obligation • Compliance with tax and accounting requirements • Responding to legal requests • Protecting user safety

We share your information with: 6.1 Service Providers • Cloud hosting providers (data storage and processing) • AI and machine learning infrastructure providers • Audio content delivery networks • Email and communication services • Analytics providers • Customer support tools • App Store and Google Play (for in-app purchase processing) These providers are contractually obligated to protect your data and use it only for specified purposes. 6.2 Third-Party Integrations With your explicit consent: • Apple Health, Google Fit, and other health platforms • Wearable device manufacturers (smartwatches, fitness trackers) • Social media platforms (if you choose to share achievements) 6.3 Legal Requirements We may disclose data when required by law: • Court orders, subpoenas, or legal processes • Government or regulatory requests • Protection of our rights and safety • Prevention of fraud or illegal activities 6.4 Business Transfers In case of merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to this Privacy Policy. 6.5 Aggregated Data We may share anonymized, aggregated data that cannot identify you personally with: • Research institutions studying mindfulness effectiveness • Mental health organizations • Business partners 6.6 Community Features If you participate in community features: • Your username and profile (if public) • Achievement badges and streaks (if you choose to share) • Public posts and interactions We do NOT sell your personal mental health data to third parties.

We implement industry-standard security measures: Technical Safeguards • Encryption in transit (TLS/SSL) • Encryption at rest for sensitive mental health data • Secure authentication mechanisms • Regular security audits and penetration testing • Firewall and intrusion detection systems Organizational Measures • Employee training on data protection and mental health privacy • Access controls and authentication • Data minimization principles • Regular security policy reviews • Incident response procedures Mental Health Data Protection • Sensitive mental health data receives additional protection • Strict access controls for mental health information • Regular audits of data access logs • Compliance with healthcare data protection standards However, no system is 100% secure. You are responsible for: • Maintaining account credential confidentiality • Using strong, unique passwords • Enabling two-factor authentication (if available) • Reporting suspicious activity immediately

We retain your data for as long as necessary to provide the Service and comply with legal obligations: Active Accounts • Data is retained while your account is active • You can delete specific entries at any time within the app • Session history can be managed through app settings Deleted Accounts • After account deletion, most data is removed within 30 days • Some data may be retained longer for legal compliance (e.g., transaction records for tax purposes) • Anonymized, aggregated research data may be retained indefinitely • Mental health data is prioritized for deletion Backup Systems • Deleted data may persist in backup systems for up to 90 days You can request complete data deletion by contacting support@y7technology.com

Depending on your location, you have the following rights: 9.1 General Rights (All Users) • Access: Request a copy of your personal data • Correction: Update inaccurate or incomplete information • Deletion: Request deletion of your data ("right to be forgotten") • Data Portability: Receive your data in a structured, machine-readable format • Objection: Object to certain data processing activities To exercise these rights, contact us at support@y7technology.com 9.2 GDPR Rights (EU Users) • Right to withdraw consent at any time • Right to restrict processing • Right to lodge a complaint with your local supervisory authority • Right to object to automated decision-making and profiling EU Supervisory Authority: You can contact your local data protection authority 9.3 CCPA Rights (California Users) • Right to know what personal information is collected • Right to know if personal information is sold or disclosed • Right to say no to the sale of personal information (Note: We do NOT sell personal data) • Right to deletion • Right to non-discrimination for exercising privacy rights California users: Contact us at support@y7technology.com 9.4 APPI Rights (Japanese Users) • Right to disclosure of personal information • Right to correction, addition, or deletion • Right to suspension of use or deletion • Right to suspension of provision to third parties

We recognize the highly sensitive nature of mental health and emotional data. We take extra precautions: Special Protections • Mental health data is encrypted with additional security layers • Access is strictly limited to authorized personnel only • We conduct regular audits of mental health data access • AI processing of mental health data happens in secure, isolated environments Your Control • You can delete individual mood check-ins and session data at any time • You can export your mental health data for personal use • You can opt out of sharing data for research purposes • You have complete control over what data is shared with community features Ethical AI Use • AI recommendations are designed to support, not replace, professional mental health care • We do not make medical diagnoses or treatment recommendations • We provide resources for professional help when needed • We continuously monitor AI outputs for potential harm

We use cookies and similar technologies: Types of Cookies Essential Cookies • Required for basic Service functionality • Cannot be disabled Performance Cookies • Analyze how you use the Service • Help improve performance • Can be disabled in settings Functional Cookies • Remember your preferences (language, meditation preferences) • Enhance user experience • Can be disabled in settings Marketing Cookies • Track your interests for advertising • Require explicit consent • Can be disabled Managing Cookies You can control cookies through: • Browser settings • App settings (mobile) • Cookie consent banner Note: Disabling certain cookies may limit Service functionality.

Your data may be transferred and processed in countries other than your own, including Japan, United States, and EU member states. For EU Users We ensure adequate protection through: • EU Standard Contractual Clauses (SCCs) • GDPR-compliant data transfer mechanisms • Ensuring service providers meet EU data protection standards For All Users We implement appropriate safeguards to ensure your data receives adequate protection regardless of where it is processed.

MindTune is not intended for children under 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@y7technology.com, and we will delete it promptly.

The Service may contain links to third-party websites, apps, or services. We are not responsible for their privacy practices. Please review their privacy policies before providing any information.

We may update this Privacy Policy from time to time. Changes will be effective: • Immediately for non-material changes • 30 days after notice for material changes We will notify you of significant changes via: • Email to your registered address • In-app notification • Notice on our website Your continued use after changes constitutes acceptance of the updated Privacy Policy.

For privacy-related questions, requests, or complaints, please contact us: Email: support@y7technology.com Company: Y7 Technology LLC Data Protection Officer: Yudai Sasaki Address: Shibuya Dogenzaka Tokyu Building 2F-C, 1-10-8 Dogenzaka, Shibuya-ku, Tokyo 150-0043, Japan Response Time We will respond to your request within: • 30 days (GDPR requirement for EU users) • 45 days (CCPA requirement for California users) • Reasonable time frame for other jurisdictions