Y7 Technology

Y7 Technology LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy applies to all services provided by Y7 Technology, including Fitlog and MindTune. This Privacy Policy complies with: • Japan's Act on the Protection of Personal Information (APPI) • European Union General Data Protection Regulation (GDPR) • California Consumer Privacy Act (CCPA) • Other applicable privacy laws worldwide

Y7 Technology LLC Representative: Yudai Sasaki Address: Shibuya Dogenzaka Tokyu Building 2F-C, 1-10-8 Dogenzaka, Shibuya-ku, Tokyo 150-0043, Japan Email: support@y7technology.com For EU users: We are the data controller responsible for your personal data. For California users: We are the business as defined under CCPA. For Japanese users: We are the business operator under APPI.

This Privacy Policy provides a general overview of how Y7 Technology collects and processes personal data across all our services. For detailed, service-specific information, please refer to: Fitlog - AI-Powered Fitness & Nutrition Tracking → Detailed Privacy Policy: /fitlog/privacy → Terms of Service: /fitlog/terms MindTune - AI-Powered Mindfulness Meditation → Detailed Privacy Policy: /mindtune/privacy → Terms of Service: /mindtune/terms Service-specific policies provide additional details about: • Data collected unique to each service • How specific features use your data • Service-specific third-party integrations • Additional rights and options

We collect information that you provide directly, information collected automatically, and information from third parties. 4.1 Information You Provide • Account information (name, email, phone number) • Profile information (photo, preferences, bio) • Subscription information • Communications (support messages, feedback) • User-generated content (reviews, posts, photos) 4.2 Automatically Collected Information • Device information (device type, OS, browser) • Usage data (pages visited, features used, time spent) • Location data (when you enable location services) • Cookies and tracking technologies • IP address and network information 4.3 Service-Specific Data Fitlog: • Health and fitness data (weight, body metrics, meals) • Food photos and nutritional information • Exercise and activity logs • Health app integrations (Apple Health, etc.) MindTune: • Mental health and mindfulness data • Meditation sessions and duration • Mood and emotional state tracking • Progress tracking For complete details, see service-specific privacy policies.

We use your information for: Service Provision • Creating and managing your account • Providing requested services and features • Processing transactions and payments • Customer support and communication • Sending service notifications Service Improvement • Analyzing usage patterns • Testing and developing new features • Personalizing user experience • Conducting research and analytics Safety and Security • Preventing fraud and abuse • Verifying user identities • Protecting against illegal activity • Ensuring platform security • Investigating safety incidents Legal Compliance • Complying with legal obligations • Responding to legal requests • Enforcing our terms of service • Protecting our rights and property Marketing (with consent) • Sending promotional communications • Sharing news and updates • Conducting surveys

For EU users, we process your data based on: Consent • Marketing communications • Optional data collection • Third-party integrations • Location services (where not necessary for service provision) Contract Performance • Providing our services • Account management • Payment processing • Customer support Legitimate Interests • Service improvement and analytics • Fraud prevention and security • Internal research and development • Direct marketing to existing customers Legal Obligation • Tax and accounting compliance • Responding to legal requests • Identity verification (for certain services) • Anti-money laundering compliance You can withdraw consent at any time.

We share your information in the following circumstances: 7.1 Service Providers • Cloud hosting and storage providers • Platform payment systems (App Store, Google Play) • Email and communication services • Analytics providers • Customer support tools • Identity verification services These providers are contractually obligated to protect your data and use it only for specified purposes. 7.2 Legal Requirements We may disclose data when required by law: • Court orders or legal processes • Law enforcement requests • Protection of rights and safety • Prevention of fraud or illegal activities 7.3 Business Transfers In case of merger, acquisition, or sale, your data may be transferred to the acquiring entity. 7.4 With Your Consent • Social media sharing • Third-party integrations you authorize • Other purposes you approve We do NOT sell your personal information to third parties.

We implement comprehensive security measures to protect your data: Technical Safeguards • Encryption in transit (TLS/SSL) • Encryption at rest for sensitive data • Secure authentication systems • Regular security audits • Firewall and intrusion detection • Secure data centers Organizational Measures • Employee training on data protection • Access controls (need-to-know basis) • Background checks for employees • Incident response procedures • Regular policy reviews Payment Security • Secure in-app purchase processing • Payment processing managed by App Store and Google Play • We do not directly handle payment card information However, no system is 100% secure. You are responsible for: • Keeping your account credentials secure • Using strong, unique passwords • Reporting suspicious activity

We retain your data for as long as necessary to provide services and comply with legal obligations. Active Accounts • Data retained while your account is active • You can modify or delete data in account settings Deleted Accounts • Most data deleted within 30 days • Some data retained longer for legal compliance: - Transaction records: 7 years (tax requirements) - Identity verification: As required by law - Dispute-related data: Until resolution Backup Systems • Deleted data may persist in backups for up to 90 days Legal Hold • Data retained if required for legal proceedings You can request data deletion by contacting support@y7technology.com

Depending on your location, you have the following rights: 10.1 General Rights (All Users) • Access: Request a copy of your personal data • Correction: Update inaccurate information • Deletion: Request deletion ("right to be forgotten") • Data Portability: Receive data in machine-readable format • Objection: Object to certain processing activities • Restriction: Request limitation of processing To exercise these rights: support@y7technology.com 10.2 GDPR Rights (EU Users) • Withdraw consent at any time • Lodge complaint with supervisory authority • Object to automated decision-making EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en 10.3 CCPA Rights (California Users) • Know what personal information is collected • Know if information is sold (Note: We do NOT sell) • Request deletion • Non-discrimination for exercising rights California residents can designate authorized agents. 10.4 Japan APPI Rights • Disclosure of personal information • Correction, addition, or deletion • Suspension of use • Suspension of third-party provision 10.5 Response Time • 30 days for EU users (GDPR) • 45 days for California users (CCPA) • Reasonable timeframe for other jurisdictions

We use cookies and similar technologies to improve your experience. Types of Cookies Essential Cookies • Required for basic functionality • Cannot be disabled Performance Cookies • Analytics and usage statistics • Can be disabled in settings Functional Cookies • Remember preferences (language, currency) • Can be disabled Marketing Cookies • Advertising and retargeting • Require explicit consent Managing Cookies • Browser settings • App settings (mobile) • Cookie consent preferences Note: Disabling certain cookies may limit functionality.

Your data may be transferred and processed in countries other than your own, including Japan, United States, and EU member states. For EU Users We ensure adequate protection through: • EU Standard Contractual Clauses (SCCs) • GDPR-compliant transfer mechanisms • Adequacy decisions where applicable • Ensuring providers meet EU standards For All Users We implement appropriate safeguards: • Contractual protections • Security measures for data in transit and at rest • Regular compliance assessments Data Storage Locations • Primary servers: Japan • Backup servers: Multiple geographic locations • Payment processing: App Store and Google Play

Our services are not intended for users under 18 years old (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@y7technology.com. We will: • Investigate the claim • Delete the information if verified • Terminate the account Parents and Guardians: If you discover your child has created an account, please contact us immediately for removal.

Our services may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of these third parties. Third-Party Services We Use • Payment processing: App Store and Google Play • Cloud hosting: Various providers • Analytics: Google Analytics (where applicable) • Email services: Various providers Please review their privacy policies before providing any information. When using third-party integrations: • Apple Health, Google Fit (for Fitlog) • Social media platforms • Maps and navigation services These services have their own terms and privacy policies.

We may update this Privacy Policy from time to time to reflect: • Changes in our practices • New features or services • Legal or regulatory requirements • User feedback Changes will be effective: • Immediately for non-material changes • 30 days after notice for material changes We will notify you of significant changes via: • Email to your registered address • In-app notification • Prominent notice on our website • Update to "Last Updated" date Your Rights After Changes • Review the updated policy • Withdraw consent for certain processing • Close your account if you disagree • Continued use constitutes acceptance We encourage you to review this Privacy Policy periodically.

For privacy-related questions, requests, or complaints: Email: support@y7technology.com Company: Y7 Technology LLC Data Protection Officer: Yudai Sasaki Address: Shibuya Dogenzaka Tokyu Building 2F-C, 1-10-8 Dogenzaka, Shibuya-ku, Tokyo 150-0043, Japan Response Time • 30 days (GDPR - EU users) • 45 days (CCPA - California users) • Reasonable timeframe (other jurisdictions) You may also contact: • Your local data protection authority (EU users) • California Attorney General (California users) • Personal Information Protection Commission (Japanese users) How to Submit Requests 1. Email: support@y7technology.com 2. Subject: "Privacy Request" 3. Specify request type (access, deletion, etc.) 4. Provide identity verification information 5. Allow up to 30-45 days for response