PRIVACY
POLICY

Effective Date: May 12, 2025  |  Last Updated: May 12, 2025

PLEASE READ THIS PRIVACY POLICY ("Policy") CAREFULLY AND IN ITS ENTIRETY BEFORE ACCESSING, BROWSING, REGISTERING FOR, OR OTHERWISE USING ANY SERVICES, PLATFORMS, APPLICATIONS, DIGITAL PROPERTIES, OR OTHER OFFERINGS OPERATED, MAINTAINED, OR MADE AVAILABLE BY MIREE LLC. This Policy constitutes a legally binding, enforceable agreement between you, the individual or entity accessing the Services ("Data Subject," "Consumer," "User," or "you"), and Miree LLC, a duly organized and validly existing limited liability company ("Company," "Data Controller," "we," "us," or "our"), governing in comprehensive detail the collection, receipt, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, transmission, restriction, erasure, destruction, monetization, and all other forms of processing of your Personal Data (as defined herein) in connection with your access to or utilization of the Company's website, client-facing portal, individualized coaching programs, subscription-based digital content, downloadable products, electronic mail communications, and all ancillary and associated offerings (collectively, the "Services"). This Policy is incorporated by reference into the Company's Terms of Service and all other agreements governing the relationship between the Data Subject and the Company.

BY ACCESSING THE SERVICES, CREATING AN ACCOUNT, SUBMITTING AN APPLICATION, CLICKING ANY AFFIRMATIVE CONSENT BUTTON, OR OTHERWISE INDICATING YOUR ASSENT THROUGH ANY ELECTRONIC OR PHYSICAL MEANS, YOU REPRESENT AND WARRANT THAT YOU HAVE READ, FULLY UNDERSTOOD, AND IRREVOCABLY AGREE TO BE BOUND BY THIS POLICY IN ITS ENTIRETY, INCLUDING ALL PROVISIONS REGARDING THE SALE AND COMMERCIAL TRANSFER OF YOUR PERSONAL DATA AS SET FORTH HEREIN. IF YOU DO NOT AGREE WITH ANY PROVISION OF THIS POLICY, YOU ARE NOT PERMITTED TO ACCESS OR USE THE SERVICES AND MUST IMMEDIATELY DISCONTINUE ALL SUCH ACCESS AND USE. YOUR CONTINUED USE OF THE SERVICES FOLLOWING THE POSTING OF ANY AMENDMENT TO THIS POLICY SHALL CONSTITUTE YOUR BINDING ACCEPTANCE OF SUCH AMENDMENT WITHOUT FURTHER ACTION ON THE PART OF THE COMPANY.

1. IDENTITY, ORGANIZATIONAL STATUS, AND CONTACT PARTICULARS OF THE DATA CONTROLLER

The entity responsible for the collection, processing, storage, use, monetization, and all other forms of handling of Personal Data obtained through or in connection with the Services is Miree LLC, a duly organized, validly existing, and in good standing limited liability company ("Company"), which owns, operates, and administers the commercial fitness coaching, digital content, and personal development enterprise operating under the trade name Sean Miree Fitness. For the purposes of applicable data protection and privacy legislation, the Company functions as the primary Data Controller with respect to all Personal Data collected directly from Data Subjects through the Services, and as a Data Controller or Co-Controller, as applicable, with respect to Personal Data disclosed to or shared with Third-Party Commercial Partners pursuant to this Policy.

The Company's processing activities are subject to, and the Company endeavors to conduct such activities in compliance with, applicable federal and state privacy statutes, including without limitation the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"), the CAN-SPAM Act of 2003, the Telephone Consumer Protection Act ("TCPA") to the extent applicable, and any other federal, state, territorial, or local statutes, regulations, rules, ordinances, or binding guidance documents pertaining to the collection, use, retention, disclosure, or sale of personal information that may be enacted, promulgated, or amended from time to time. The Company's compliance with any particular statutory framework does not constitute a waiver of any rights or defenses available to the Company under any other applicable law.

The Company has designated a privacy contact responsible for overseeing data protection compliance and receiving verifiable consumer requests. All communications pertaining to the exercise of Data Subject rights, privacy inquiries, data complaints, opt-out requests, and related matters shall be directed exclusively to the designated contact as set forth herein. The Company shall not be bound by or required to respond to privacy-related communications received through channels or addresses other than those designated below.

2. SCOPE, APPLICABILITY, AND TERRITORIAL REACH OF THIS POLICY

This Policy applies in its entirety to all natural persons who access, browse, register for, submit information to, or otherwise interact with the Services in any capacity, including without limitation prospective applicants, registered account holders, active coaching clients, newsletter subscribers, digital product purchasers, and casual website visitors (each, individually and collectively, a "Data Subject"). This Policy applies regardless of the geographic location from which the Data Subject accesses the Services, subject to the additional rights and protections afforded to residents of particular jurisdictions as specifically identified herein.

This Policy governs all Personal Data collected by the Company through: (i) the Company's primary website and all associated subdomains and landing pages; (ii) the Company's client-facing portal and account management interface; (iii) electronic mail communications initiated by or directed to the Data Subject; (iv) coaching application and intake submission forms; (v) periodic client check-in submission interfaces; (vi) digital product download or delivery mechanisms; (vii) email newsletter subscription and list management systems; and (viii) any other touchpoint, channel, platform, or medium through which the Company collects, receives, or otherwise obtains Personal Data from or about Data Subjects, whether in digital, electronic, or written form.

This Policy does not govern Personal Data collected by third parties operating their own independent platforms, including without limitation social media networks, payment processors, or advertising platforms, even where such platforms are accessed through links, integrations, or embedded elements appearing on the Company's digital properties. Data Subjects are solely responsible for reviewing and understanding the privacy practices of any such third-party platforms.

3. DEFINITIONS AND INTERPRETIVE PROVISIONS

For purposes of this Policy, the following terms shall have the meanings ascribed to them below, unless the context expressly requires otherwise. These definitions are intended to be interpreted broadly and in a manner consistent with applicable data protection law, and shall not be construed to limit the scope of the Company's rights or the Data Subject's obligations in any manner not expressly provided for herein.

• "Personal Data" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person or household, including without limitation name, postal address, electronic mail address, telephone number, internet protocol address, account credentials, financial account information, physiological and health-adjacent data, behavioral data, commercial information, employment information, inferences drawn from any of the foregoing to create a profile about a person, and any other data falling within the definition of "personal information" as set forth in the CCPA/CPRA or analogous applicable statute.
• "Processing" means any operation or set of operations performed upon Personal Data, whether or not by automated means, including but not limited to collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, destruction, sale, licensing, and monetization.
• "Third-Party Commercial Partner" means any natural person, corporation, limited liability company, partnership, association, or other legal entity not under the direct ownership or operational control of the Company to whom the Company discloses, sells, licenses, rents, transfers, or otherwise makes available Personal Data for monetary or other valuable consideration, or for such entity's own independent commercial or marketing purposes.
• "Sensitive Personal Data" means a subset of Personal Data comprising categories of data that are accorded heightened protection under applicable law, including without limitation: precise geolocation data; racial or ethnic origin; religious or philosophical beliefs; genetic data; biometric data processed for the purpose of uniquely identifying a natural person; data concerning health or physical condition; data concerning a natural person's sex life or sexual orientation; and the contents of electronic mail, postal mail, or text messages.
• "Verifiable Consumer Request" means a request submitted by a Data Subject or a person authorized to act on a Data Subject's behalf, through which the Data Subject's identity can be reasonably verified by the Company using commercially practicable means, for the purpose of exercising any right conferred by applicable privacy law.
• "Services" means the totality of the Company's digital properties, coaching programs, digital products, communications, and all ancillary offerings, as more fully described in the preamble of this Policy.
• "Sale" means the selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, of a Data Subject's Personal Data to a Third-Party Commercial Partner for monetary or other valuable consideration.

References in this Policy to any statute, regulation, or legal provision shall be deemed to include references to any amendment, modification, or successor provision thereto as may be enacted from time to time. The singular shall include the plural and vice versa. Headings are for convenience only and shall not affect the interpretation of this Policy. Any reference to "including" or "includes" shall be construed as "including without limitation" unless expressly stated otherwise.

4. CATEGORIES OF PERSONAL DATA COLLECTED, SOURCES OF COLLECTION, AND LAWFUL BASIS FOR PROCESSING

The Company collects, receives, and otherwise obtains Personal Data from and about Data Subjects through a variety of direct and indirect sources, including information provided voluntarily by the Data Subject, information generated automatically through the Data Subject's interaction with the Services, and information received from Third-Party Commercial Partners and other external sources. The following non-exhaustive, illustrative enumeration describes the principal categories of Personal Data currently collected by the Company, the primary sources and contexts of collection, and the corresponding lawful basis upon which such processing is predicated under applicable data protection legislation. The Company reserves the right to collect additional categories of Personal Data not enumerated herein, subject to the notification requirements imposed by applicable law.

• Identifiers and Account Registration Data — comprising, without limitation, given name, surname, electronic mail address, username, and hashed or encrypted authentication credentials (password), collected directly from the Data Subject at the time of voluntary account creation or client portal registration. This data is necessary for the creation and maintenance of the Data Subject's user account and for authentication of access to the Services. Lawful basis: performance of a pre-contractual or contractual relationship; consent of the Data Subject.
• Coaching Application and Intake Data — comprising, without limitation, full legal name, electronic mail address, telephone number (including mobile or cellular numbers capable of receiving text message communications), chronological age, self-reported training history and fitness experience classification, stated physical fitness objectives and goals, program or service preference selections, referral source or attribution data, and any narrative or open-ended goal descriptions, personal history disclosures, or other qualitative information voluntarily submitted by the Data Subject through the Company's coaching application intake form. Lawful basis: pre-contractual measures undertaken at the request of the Data Subject; legitimate interests of the Company in assessing applicant suitability; consent of the Data Subject.
• Health-Adjacent, Biometric-Proximate, and Behavioral Progress Data — comprising, without limitation, self-reported body weight measurements and compositional assessments, daily or weekly caloric consumption figures, macronutrient intake data, frequency and volume of completed training sessions, subjective self-assessments of perceived energy levels, sleep duration and quality, psychological stress levels and mental wellness indicators, and any additional notes, observations, questions, or qualitative disclosures submitted by the Data Subject through the Company's client progress check-in submission interface. The Company acknowledges that this category of data may constitute Sensitive Personal Data under applicable law to the extent it relates to the Data Subject's physical health or physiological condition. Lawful basis: explicit and informed consent of the Data Subject; performance of the coaching services contract.
• Electronic Communications Data — comprising the full content, substance, metadata, and transmission records of electronic messages, inquiries, and communications transmitted by the Data Subject through the Company's client portal messaging infrastructure, electronic mail, or other digital communication channels supported by the Services. Lawful basis: performance of the Services contract; legitimate interests of the Company in maintaining accurate records of coach-client communications.
• Device, Technical, and Usage Data — comprising, to the extent automatically collected through the Data Subject's interaction with the Services, internet protocol (IP) address, browser type and version, operating system and platform, device identifiers, referring uniform resource locator (URL), pages visited within the Services, time and date of access, session duration, clickstream data, and other technical telemetry generated through standard web server logging and analytics mechanisms. Lawful basis: legitimate interests of the Company in understanding usage patterns and improving the Services.
• Referral, Attribution, and Source Data — comprising voluntarily provided information regarding the source, platform, or channel through which the Data Subject first became aware of or was referred to the Company or its Services, including without limitation social media platform names, referral client names, and search terms. Lawful basis: legitimate interests of the Company in evaluating marketing effectiveness and audience reach.
• Consent Records and Compliance Documentation — comprising documentary records of the Data Subject's affirmative consent to, or rejection of, marketing communications and data processing activities, including the date, time, and method of consent or withdrawal, IP-level data where technically available, and any form interaction metadata generated at the time of consent capture. Lawful basis: compliance with legal obligations; legitimate interests of the Company in maintaining auditable consent records.

The Company does not directly collect, process, or store financial account numbers, payment card numbers, bank account information, or other financial instruments. To the extent the Data Subject makes a purchase through the Services, all payment processing functions are performed exclusively by independent third-party payment processors, each of which operates pursuant to its own applicable privacy policy, data security standards, and regulatory compliance framework, including without limitation PCI-DSS compliance obligations. The Company expressly disclaims any responsibility or liability for the data processing practices of such third-party payment processors, and the Data Subject is encouraged to review the applicable privacy disclosures of any such processor prior to initiating a financial transaction.

5. PURPOSES OF PROCESSING AND LEGITIMATE INTERESTS ASSESSMENT

The Company processes Personal Data collected from or about Data Subjects for the following specific, explicit, and legitimate purposes, each of which is undertaken pursuant to one or more recognized lawful bases under applicable data protection law. The Company has assessed the necessity and proportionality of each processing activity in relation to the purpose pursued, and has determined that such processing does not override the fundamental rights and freedoms of Data Subjects where legitimate interests serve as the lawful basis. The following enumeration of purposes is illustrative and non-exhaustive; the Company may process Personal Data for additional purposes where such processing is consistent with the original purposes disclosed herein, where required by law, or where the Data Subject's consent to such additional processing has been obtained:

• Receiving, evaluating, adjudicating, and administering coaching program applications, including automated and manual assessment of applicant eligibility, suitability for enrollment, and alignment with the Company's program offerings, and communicating the results of such assessment to applicants;
• Provisioning, administering, operating, maintaining, troubleshooting, and continually developing, improving, and optimizing the Services, including the client-facing portal, digital product delivery infrastructure, electronic mail communications systems, and all associated technical and operational components;
• Facilitating, managing, and documenting ongoing coach-client communications, progress monitoring, periodic check-in data collection and analysis, individualized program customization and delivery, and accountability follow-up in furtherance of the coaching relationship;
• Transmitting commercial electronic communications, marketing materials, training content, nutritional guidance, promotional offers, and program announcements to Data Subjects who have provided affirmative, verifiable opt-in consent in accordance with applicable law, and managing subscription preferences and unsubscribe requests in connection therewith;
• Engaging in the monetization of Personal Data through sale, licensing, transfer, commercial disclosure, and other forms of commercial exploitation in favor of Third-Party Commercial Partners, as more fully described in Section 14 of this Policy;
• Fulfilling all applicable legal, regulatory, contractual, and fiduciary obligations of the Company, including without limitation record retention requirements under applicable tax law, document preservation obligations in connection with actual or reasonably anticipated litigation, and compliance with governmental or regulatory authority inquiries or investigations;
• Detecting, investigating, preventing, and remediating actual or suspected fraudulent transactions, unauthorized account access, identity theft, abuse of the Services, violations of the Company's Terms of Service, and other harmful or illegal activities directed at the Company, its clients, or third parties;
• Maintaining the integrity, security, availability, and confidentiality of the Services and the data processed therein, including through implementation of access controls, encryption, monitoring, audit logging, and incident response procedures;
• Enforcing the Company's Terms of Service, this Policy, intellectual property rights, contractual rights and obligations, and all other legal rights of the Company arising from the Data Subject's use of the Services;
• Conducting internal research, data analytics, business intelligence, and performance measurement activities to inform the Company's strategic and operational decision-making.

6. COMMERCIAL ELECTRONIC COMMUNICATIONS, PROMOTIONAL SOLICITATIONS, AND CONSENT MANAGEMENT

Pursuant to the CAN-SPAM Act of 2003, the Telephone Consumer Protection Act, and other applicable commercial communications statutes, the Company's transmission of commercial electronic mail communications to Data Subjects is predicated upon the Data Subject's affirmative, freely given, specific, informed, and unambiguous consent, as evidenced by the Data Subject's deliberate selection of the promotional opt-in mechanism presented on the Company's account registration form, coaching application intake form, or any other subscription interface operated by the Company from time to time. The act of submitting such forms without affirmatively selecting the promotional opt-in mechanism shall not, in and of itself, constitute consent to receipt of commercial electronic communications.

Where valid consent has been obtained, the Company and its duly authorized Third-Party Commercial Partners are hereby authorized to transmit commercial electronic communications to the Data Subject's provided electronic mail address and, where a telephone number has been provided and consent to telephone or text-message communications has been obtained, to such telephone number. Such communications may include, without limitation: evidence-based training methodology content and fitness guidance; nutritional planning information and guidance; program announcements, updates, and promotional offers originating from the Company; subscriber-exclusive content, early access materials, and loyalty benefits; promotional materials, sponsored content, and commercial solicitations originating from or on behalf of Third-Party Commercial Partners operating in the fitness, nutrition, health and wellness, lifestyle, and related commercial sectors; and event announcements, competition-related content, and behind-the-scenes coaching and preparation materials.

A Data Subject who has previously consented to receipt of commercial electronic communications retains the right to withdraw such consent and opt out of further commercial communications at any time, without prejudice to the lawfulness of any processing conducted prior to the receipt of such withdrawal, and without detriment to the Data Subject's access to non-commercial, service-related communications necessitated by an active coaching engagement or contractual relationship with the Company. Withdrawal of consent to marketing communications may be effectuated by: (i) utilizing the unsubscribe mechanism or opt-out hyperlink included in the footer of each commercial electronic communication transmitted by the Company; or (ii) submitting a written, unequivocal revocation request to the Company's designated privacy contact at seansteticinquiry@gmail.com, with the subject line "Unsubscribe — Marketing Communications." The Company shall process all such withdrawal requests within the timeframe required by applicable law, and in no event later than ten (10) business days from receipt of a valid and verifiable withdrawal request.

The withdrawal of consent to commercial electronic communications shall not affect the Data Subject's obligations under any existing coaching services agreement, nor shall it entitle the Data Subject to any refund, credit, or adjustment of fees paid in connection with the Services.

7. DATA STORAGE, INFRASTRUCTURE, RETENTION SCHEDULES, AND SECURITY STANDARDS

The Company employs a combination of client-side browser storage, electronic mail systems, and such other data storage infrastructure as may be utilized by the Company or its sub-processors from time to time in connection with the operation of the Services. Certain discrete categories of Personal Data — including without limitation coaching application records, periodic progress check-in submissions, portal-based messaging content, and client dashboard interaction data — are stored and maintained within the client-side browser storage mechanism known as the Web Storage API's localStorage interface, which causes such data to persist on the Data Subject's local computing device within the originating browser environment. Data stored through this mechanism remains accessible only within that browser and on that device, and is subject to the Data Subject's own device security posture, access controls, and browser configuration settings. The Company does not warrant, represent, or guarantee the security, integrity, or confidentiality of data stored through client-side browser mechanisms against unauthorized access, interception, or exfiltration attributable to vulnerabilities in the Data Subject's own device, operating system, browser software, or network environment.

Electronic communications transmitted between the Data Subject and the Company, as well as supplemental Personal Data provided directly to the Company through any channel, shall be retained within the Company's designated electronic mail management systems and internal records infrastructure for a retention period commensurate with the purposes for which such data was originally collected and as required or permitted by applicable law. The Company has established internal data retention schedules governing the maximum and minimum periods for which each category of Personal Data shall be retained, taking into account the operational necessity of the data, applicable statutory limitation periods, regulatory record-keeping mandates, and the Company's legitimate business interests. Upon expiration of the applicable retention period, Personal Data shall be securely deleted, anonymized, or otherwise disposed of in a manner consistent with applicable data security standards, except to the extent that retention of such data is required by law or is necessary for the establishment, exercise, or defense of legal claims.

The Company implements and maintains a comprehensive set of administrative, technical, organizational, and physical safeguards designed to protect Personal Data against unauthorized or unlawful access, accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or any other form of unauthorized processing. Such safeguards include, without limitation, access control mechanisms, role-based permission structures, encryption of data in transit and, where technically feasible, at rest, periodic security assessments, employee and contractor confidentiality obligations, and incident response and breach notification procedures. Notwithstanding the foregoing, the Data Subject acknowledges and expressly agrees that no method of electronic transmission, digital storage, or data protection is wholly impervious to breach, circumvention, or unauthorized access, and the Company expressly disclaims any representation, warranty, or guarantee of absolute, unconditional security with respect to any Personal Data processed in connection with the Services. THE DATA SUBJECT ASSUMES ALL RISK ASSOCIATED WITH THE TRANSMISSION OF PERSONAL DATA VIA INTERNET-BASED COMMUNICATION CHANNELS AND ACKNOWLEDGES THAT SUCH TRANSMISSION IS UNDERTAKEN AT THE DATA SUBJECT'S OWN RISK.

8. INTERNATIONAL TRANSFERS OF PERSONAL DATA

The Company is headquartered in and primarily operates within the United States of America. Personal Data collected from Data Subjects located outside the United States — including Data Subjects located within the European Economic Area, the United Kingdom, Canada, or any other jurisdiction with data transfer restrictions — may be transferred to, stored in, and processed within the United States or other jurisdictions where the Company's service providers and Third-Party Commercial Partners operate, which jurisdictions may not afford the same level of data protection as the Data Subject's jurisdiction of residence.

By submitting Personal Data through the Services, Data Subjects located outside the United States expressly consent to the transfer of their Personal Data to the United States and to such other jurisdictions as may be necessary for the Company's processing activities, and acknowledge that such transfer is being made with full awareness of the potentially different data protection standards applicable in the receiving jurisdiction. Where required by applicable law, the Company shall implement appropriate safeguards for the transfer of Personal Data to third countries, including without limitation the use of standard contractual clauses approved by the relevant regulatory authority, adequacy decisions, or such other lawful transfer mechanisms as may be available under applicable law. The Company makes no representation that the Services are appropriate or lawfully accessible from all geographic locations, and Data Subjects who access the Services from jurisdictions outside the United States do so at their own initiative and are solely responsible for compliance with applicable local laws.

9. PROCESSING OF PERSONAL DATA PERTAINING TO MINORS AND AGE VERIFICATION

The Services are directed exclusively toward, and intended for use solely by, individuals who have attained at minimum the age of thirteen (13) years, and in certain jurisdictions the applicable age of majority or the age of digital consent as prescribed by local law. The Company does not knowingly, intentionally, or willfully solicit, collect, receive, process, retain, or disclose Personal Data from or about individuals who have not attained the age of thirteen (13) years. In jurisdictions where the age of digital consent is established at a higher threshold than thirteen (13) years — including without limitation certain member states of the European Union and the United Kingdom, where the applicable age may be sixteen (16) years — the Company does not knowingly collect Personal Data from individuals below such higher applicable threshold without verifiable parental or legal guardian consent.

The Company relies upon Data Subjects to accurately represent their age at the time of registration, application, or any other interaction with the Services. The Company does not currently implement age-verification technologies beyond reliance on the Data Subject's own representation. In the event that the Company discovers, or is credibly notified by a parent, legal guardian, or regulatory authority, that Personal Data has been collected from or about an individual who has not attained the applicable minimum age threshold, the Company shall promptly take all commercially reasonable measures to: (i) delete or de-identify such Personal Data from its active records and systems; (ii) cease any ongoing processing of such Personal Data; (iii) notify any Third-Party Commercial Partners to whom such Personal Data may have been disclosed, directing them to delete or de-identify such data from their records to the extent required by applicable law; and (iv) implement such additional safeguards as may be necessary to prevent recurrence. Parents or legal guardians with knowledge or reasonable belief that their minor child has submitted Personal Data to the Company without appropriate consent are directed to contact the Company's designated privacy contact at seansteticinquiry@gmail.com immediately upon discovery of such submission.

10. THIRD-PARTY PLATFORMS, EXTERNAL HYPERLINKS, EMBEDDED CONTENT, AND DISCLAIMER OF LIABILITY

The Company's digital properties may contain, display, or reference hyperlinks, buttons, widgets, embedded content frames, social media integration features, and other interactive elements that reference, connect to, or facilitate navigation to third-party websites, social media platforms, applications, digital tools, and online services — including without limitation Meta Platforms, Inc. (operators of Instagram and Facebook), ByteDance Ltd. (operators of TikTok), Alphabet Inc. (operators of Google and YouTube), and such other third-party platforms and services as may be linked to or integrated with the Services from time to time — none of which are owned, operated, developed, maintained, endorsed, sponsored, or controlled by the Company.

The inclusion of any hyperlink, integration, embed, or reference to a third-party platform within the Company's digital properties shall not be construed as an endorsement, sponsorship, affiliation, partnership, recommendation, or approval by the Company of such third-party platform, its operators, its content, its products or services, or its data handling practices. The Company exercises no control over, and assumes no responsibility or liability whatsoever for, the privacy policies, terms of service, accessibility standards, data collection and processing practices, security measures, accuracy, legality, or any other aspect of third-party platforms accessible through or referenced by the Services. The Company's Privacy Policy does not govern, and the Company's data protection obligations do not extend to, any Personal Data that the Data Subject may voluntarily or inadvertently provide to any third-party platform through any channel, including through social media platforms, advertising networks, or analytics providers that may observe the Data Subject's interaction with the Services through third-party tracking technologies. Data Subjects are expressly encouraged and strongly advised to independently review the applicable privacy disclosures, terms of service, and data processing practices of any third-party platform before submitting Personal Data thereto or engaging with such platform's features or services.

11. DATA SUBJECT RIGHTS, ENTITLEMENTS, AND PROCEDURES FOR THE EXERCISE THEREOF

Subject to the limitations, conditions, and exceptions imposed by applicable data protection law, and upon submission of a Verifiable Consumer Request through which the Data Subject's identity can be reasonably authenticated, Data Subjects may possess and be entitled to exercise one or more of the following rights with respect to Personal Data processed by the Company. The availability and scope of any particular right may vary depending upon the Data Subject's jurisdiction of residence, the category of data in question, and the applicable lawful basis upon which the relevant processing is predicated. The Company shall assess each request on its individual merits in accordance with applicable law and shall communicate its determination to the requesting Data Subject within the timeframes prescribed herein:

• Right of Access and Right to Know (CCPA § 1798.110) — the right to submit a Verifiable Consumer Request seeking disclosure of: (a) the specific categories of Personal Data the Company has collected concerning the Data Subject; (b) the categories of sources from which such Personal Data was collected; (c) the business or commercial purpose for which such Personal Data was collected; (d) the categories of Third-Party Commercial Partners with whom the Company has shared or to whom the Company has sold such Personal Data; and (e) the specific pieces of Personal Data the Company has collected concerning the Data Subject, in each case within the preceding twelve (12) month period;
• Right to Correction and Rectification — the right to request that the Company correct or rectify any inaccurate, incomplete, misleading, or outdated Personal Data relating to the Data Subject that is maintained within the Company's active processing systems, subject to the Company's ability to verify the accuracy of the corrected information;
• Right to Erasure and Right to Deletion (CCPA § 1798.105) — the right to request deletion of Personal Data collected from or concerning the Data Subject, subject to applicable statutory exceptions including but not limited to: (i) data necessary to complete a pending transaction or perform a contract with the Data Subject; (ii) data necessary for the Company to detect, prevent, or investigate security incidents or illegal activity; (iii) data necessary to exercise free speech rights or another legal right; (iv) data necessary to comply with a legal obligation; or (v) data retained for solely internal uses that are reasonably aligned with the Data Subject's expectations;
• Right to Withdrawal of Consent — the right to withdraw any affirmative consent previously granted to the Company for any specific processing activity, including without limitation consent to receipt of commercial electronic communications and consent to the sale or sharing of Personal Data, at any time and without detriment, without prejudice to the lawfulness of any processing undertaken by the Company on the basis of such consent prior to its withdrawal;
• Right to Opt Out of Sale and Sharing (CCPA § 1798.120) — the right, available to California residents and Data Subjects in other jurisdictions conferring analogous rights under applicable statute, to direct the Company to cease the Sale and Sharing of the Data Subject's Personal Data to or with Third-Party Commercial Partners for cross-context behavioral advertising, direct marketing, or other commercial purposes, effective prospectively from the date of receipt of a valid Verifiable Consumer Request to that effect;
• Right to Restriction of Processing — the right to request that the Company limit, suspend, or otherwise restrict its processing of the Data Subject's Personal Data in circumstances specifically recognized under applicable data protection law, including without limitation where the accuracy of the data is contested by the Data Subject, where the processing is unlawful but the Data Subject opposes erasure, or where the Company no longer needs the data but the Data Subject requires it for the establishment, exercise, or defense of legal claims;
• Right to Data Portability — the right, where technically feasible and legally applicable, to receive Personal Data provided by the Data Subject to the Company in a structured, commonly used, and machine-readable format, and to transmit such data to another controller without hindrance from the Company;
• Right to Non-Discrimination (CCPA § 1798.125) — the right not to receive discriminatory treatment by the Company in connection with the exercise of any privacy right conferred by applicable law, including the right not to be denied services, charged different prices, provided a different quality of service, or subjected to any other adverse treatment as a consequence of having exercised or sought to exercise any right described in this Section.

To submit a Verifiable Consumer Request to exercise any of the foregoing rights, the Data Subject must transmit a written communication to the Company's designated privacy contact at seansteticinquiry@gmail.com, clearly identifying the specific right or rights being exercised and providing sufficient information to enable the Company to verify the Data Subject's identity and locate the relevant Personal Data within its systems. The Company shall acknowledge receipt of any Verifiable Consumer Request within ten (10) business days of confirmed receipt. The Company shall endeavor to provide a full, substantive response to any such request within forty-five (45) calendar days of receipt, provided that where the complexity or volume of requests necessitates additional time, the Company may extend such period by a further forty-five (45) calendar days upon provision of written notice to the Data Subject within the initial forty-five (45) day period, setting forth the reason for the extension and the anticipated response date. Data Subjects may submit a maximum of two (2) Verifiable Consumer Requests within any twelve (12) month period without incurring a fee. The Company reserves the right to decline to process requests that are manifestly unfounded, excessive, repetitive, or otherwise not cognizable under applicable law, and to charge a reasonable administrative fee for requests that exceed the foregoing threshold, subject to applicable statutory constraints.

Authorized agents may submit Verifiable Consumer Requests on a Data Subject's behalf, provided that the Data Subject has furnished written authorization to such agent, and the agent submits proof of such authorization to the Company at the time of the request. The Company may require additional verification measures where a request is submitted by an authorized agent to protect against fraudulent or unauthorized requests.

12. AMENDMENTS, MODIFICATIONS, REVISIONS, AND SUPERSESSION OF THIS POLICY

The Company expressly reserves the unilateral, non-exclusive right to amend, modify, update, supplement, revise, or entirely supersede this Policy at any time and from time to time, in its sole and absolute discretion, and without the prior consent of any Data Subject, subject only to the notification requirements specifically imposed by applicable data protection law with respect to material changes that adversely affect the rights or interests of Data Subjects. The Company's right to amend this Policy is a material inducement to the Company's provision of the Services and is an integral term of the Data Subject's use thereof.

The version of this Policy that is operative and legally binding with respect to the Company's data processing activities shall at all times be the version most recently published on the Company's website and bearing the most current "Last Updated" date as displayed at the head of this document. In the event of any amendment that is determined by the Company, in its reasonable judgment, to constitute a material change — including without limitation changes that materially expand the categories of Personal Data collected by the Company, materially alter the purposes for which Personal Data is processed, materially expand the categories of Third-Party Commercial Partners to whom Personal Data is sold or disclosed, or materially diminish the rights accorded to Data Subjects under this Policy — the Company shall endeavor to provide advance notice of such material change through one or more of the following means: (i) publication of a prominently displayed notice on the Company's website homepage or within the Services for a period of not less than thirty (30) days prior to the effective date of such change; (ii) transmission of electronic mail notification to the electronic mail addresses of all Data Subjects maintaining active accounts with the Company; or (iii) such other notification mechanism as the Company determines to be reasonably calculated to provide effective notice to affected Data Subjects. The Data Subject's continued access to or use of the Services, or the Data Subject's failure to exercise any available opt-out mechanism, following the effective date of any amendment to this Policy shall constitute the Data Subject's irrevocable, binding acceptance of the amended Policy in its entirety and shall be deemed the Data Subject's waiver of any objection to the amended terms. Data Subjects who do not consent to any material amendment to this Policy are required to discontinue all use of the Services prior to the effective date of such amendment and to notify the Company in writing of such discontinuation.

13. GOVERNING LAW, JURISDICTION, AND DISPUTE RESOLUTION

This Policy, and all rights and obligations arising hereunder, and any and all claims, disputes, controversies, or causes of action arising out of or relating to this Policy, the Company's data collection and processing practices, or the Data Subject's use of the Services, shall be governed by and construed in all respects in accordance with the substantive laws of the jurisdiction in which Miree LLC is duly organized and existing, without giving effect to any choice of law or conflict of law provisions, principles, or rules — whether of such jurisdiction or any other jurisdiction — that would cause or require the application of the laws of any other jurisdiction.

Any dispute, claim, or controversy arising out of or relating to this Policy or its subject matter — including disputes regarding the existence, validity, interpretation, performance, breach, or termination hereof — that cannot be resolved through good-faith negotiation between the parties shall be subject to binding arbitration conducted in accordance with the applicable rules of a nationally recognized arbitration provider, as designated by the Company in its sole discretion, by a single arbitrator mutually agreed upon by the parties or, failing such agreement, appointed in accordance with the rules of the designated arbitration provider. The arbitration shall be conducted in the English language, in the jurisdiction in which the Company is organized, unless otherwise required by applicable law. The award of the arbitrator shall be final and binding upon both parties and shall be enforceable in any court of competent jurisdiction. EACH PARTY EXPRESSLY WAIVES ANY RIGHT TO A TRIAL BY JURY WITH RESPECT TO ANY CLAIM ARISING UNDER OR RELATED TO THIS POLICY. FURTHER, EACH PARTY WAIVES ANY RIGHT TO PARTICIPATE IN OR BRING ANY CLASS ACTION, COLLECTIVE ACTION, REPRESENTATIVE ACTION, OR PRIVATE ATTORNEY GENERAL ACTION IN CONNECTION WITH ANY CLAIM ARISING UNDER OR RELATED TO THIS POLICY. Nothing in this Section shall be construed to limit the Company's right to seek injunctive or other equitable relief in any court of competent jurisdiction in connection with any actual or threatened breach of this Policy or infringement of the Company's intellectual property rights.

To the extent that any court of competent jurisdiction determines that mandatory arbitration is unenforceable with respect to a particular claim or class of claims, such claims shall be resolved exclusively in the state or federal courts of competent jurisdiction located within the jurisdiction in which Miree LLC is organized, and each party irrevocably submits to the personal jurisdiction of such courts for that purpose and waives any objection to venue or jurisdiction therein.

14. DISCLOSURE, TRANSFER, AND COMMERCIAL SALE OF PERSONAL DATA

THE COMPANY EXPRESSLY, AFFIRMATIVELY, AND WITHOUT LIMITATION ENGAGES IN THE SALE, RENTAL, LICENSING, TRANSFER, COMMERCIAL DISCLOSURE, AND ALL OTHER FORMS OF MONETIZATION OF PERSONAL DATA TO AND WITH THIRD-PARTY COMMERCIAL PARTNERS FOR MONETARY CONSIDERATION AND OTHER VALUABLE CONSIDERATION. BY ACCESSING THE SERVICES, CREATING AN ACCOUNT, SUBMITTING A COACHING APPLICATION, OR OTHERWISE PROVIDING PERSONAL DATA TO THE COMPANY THROUGH ANY CHANNEL, THE DATA SUBJECT EXPRESSLY ACKNOWLEDGES NOTICE OF, AND IRREVOCABLY CONSENTS TO, THE SALE, TRANSFER, AND COMMERCIAL EXPLOITATION OF THEIR PERSONAL DATA AS DESCRIBED IN THIS SECTION, SUBJECT TO THE OPT-OUT RIGHTS SET FORTH HEREIN.

The Company engages in the commercial sale, licensing, rental, and transfer of Personal Data as an integral and material component of its business model and revenue-generating activities. Such commercial transactions are not incidental or ancillary to the Company's provision of the Services but constitute independent, substantive business activities from which the Company derives monetary and other valuable consideration. The Company has implemented appropriate contractual frameworks with its Third-Party Commercial Partners governing the use of transferred Personal Data; however, the Company makes no warranty, representation, or guarantee with respect to the data protection practices, security standards, or regulatory compliance posture of any individual Third-Party Commercial Partner, and the Company's liability with respect to the downstream processing of Personal Data by Third-Party Commercial Partners is expressly disclaimed to the fullest extent permitted by applicable law.

• Sale, Licensing, and Commercial Transfer to Third-Party Commercial Partners — The Company may sell, rent, license, transfer, assign, syndicate, or otherwise commercially exploit Personal Data — including without limitation identifiers such as full legal name, electronic mail address, and telephone number; demographic data including age and geographic region; health-adjacent interest and behavioral data including fitness goals, training experience, and self-reported health metrics; psychographic data derived from goal narratives and program preference selections; and any other Personal Data categories enumerated in Section 4 of this Policy — to any Third-Party Commercial Partner operating within or adjacent to the fitness, nutrition, health and wellness, lifestyle, sports performance, dietary supplement, apparel and equipment, digital media, direct marketing, affiliate marketing, data aggregation and brokerage, and related commercial sectors. Third-Party Commercial Partners receiving Personal Data pursuant to this provision are independently authorized to utilize such data for their own purposes, including without limitation direct mail and electronic mail marketing campaigns, targeted digital advertising, customer profiling and segmentation, propensity modeling, lookalike audience development, product and service promotion, and resale or further transfer to their own third-party partners. The Company makes no representations regarding and assumes no liability whatsoever for the downstream data processing activities, privacy practices, or data security measures of any Third-Party Commercial Partner, each of whom is independently and solely responsible for compliance with all applicable data protection laws governing their own use of the transferred Personal Data.
• Disclosure to Authorized Service Providers and Sub-processors — The Company may disclose Personal Data to third-party vendors, contractors, technical service providers, and sub-processors engaged by the Company on a service-provider basis to perform specific operational, technical, or administrative functions on the Company's behalf. Such sub-processors may include, without limitation: electronic mail delivery and marketing automation platforms; cloud computing and data hosting infrastructure providers; web analytics, attribution, and audience measurement services; customer relationship management (CRM) platform operators; payment processing and fraud prevention services; and legal, accounting, and compliance advisory service providers. Sub-processors engaged on a service-provider basis are authorized to access and process Personal Data only to the extent necessary to perform their contracted services and are prohibited from using Personal Data for their own independent commercial purposes or disclosing it to additional third parties without the Company's prior written authorization, subject to the terms of applicable data processing agreements.
• Compelled Disclosure Pursuant to Legal Process or Governmental Authority — The Company reserves the absolute right to disclose Personal Data, without prior notice to or consent of the Data Subject, where such disclosure is required, compelled, or deemed advisable by: any applicable federal, state, local, territorial, or international law or regulation; any court order, subpoena, civil investigative demand, search warrant, or other judicial or quasi-judicial process; any governmental, regulatory, administrative, or law enforcement inquiry, investigation, audit, or proceeding; or any other compulsory legal authority or binding directive of any governmental body with jurisdiction over the Company or the subject matter of the disclosure. The Company shall not be liable to any Data Subject for any disclosure made pursuant to legal compulsion, and shall endeavor, to the extent permitted by applicable law, to provide the Data Subject with advance notice of any such compelled disclosure where feasible and legally permissible.
• Transfers in Connection with Corporate Reorganization and Asset Transactions — In the event of any proposed or consummated merger, acquisition, consolidation, reorganization, recapitalization, asset sale, business combination, divestiture, or analogous corporate transaction involving the Company or its assets — whether in whole or in substantial part — Personal Data collected from and about Data Subjects may constitute a material asset of the Company and may be transferred, disclosed, assigned, or otherwise made available to the acquiring entity, successor-in-interest, surviving entity, or other counterparty to such transaction as an integral component of the transferred or combined business enterprise. The Company shall use commercially reasonable efforts to provide advance written notice to Data Subjects of any such transfer and of any resulting material change to the privacy terms governing their Personal Data, and to obtain such consent as may be required by applicable law prior to any such transfer. Any successor entity receiving Personal Data pursuant to a corporate transaction shall be bound by the terms of this Policy with respect to such Personal Data unless and until a superseding privacy policy is published in accordance with applicable law.
• Disclosure for Protection of Legal Rights, Enforcement, and Fraud Prevention — The Company expressly reserves the right to disclose Personal Data to third parties, including without limitation law enforcement agencies, regulatory authorities, legal counsel, insurance providers, and affected third parties, where the Company determines in its reasonable and good-faith judgment that such disclosure is necessary or appropriate to: investigate, detect, deter, prevent, or remediate actual or suspected fraudulent activity, identity theft, unauthorized account access, or misuse of the Services; enforce or protect the Company's contractual rights, intellectual property rights, and other legal rights arising from or related to the Services; investigate potential violations of the Company's Terms of Service, this Policy, or applicable law; respond to claims asserted against the Company by third parties; protect the rights, property, safety, or physical security of the Company, its members, officers, employees, contractors, clients, or the general public; or comply with the requirements of any applicable insurance policy or risk management framework.

Notwithstanding any other provision of this Policy, Data Subjects who are residents of the State of California possess, pursuant to the CCPA/CPRA, the statutory right to opt out of the Sale and Sharing of their Personal Data with Third-Party Commercial Partners for cross-context behavioral advertising or other commercial purposes, effective as of the date on which the Company receives and processes a valid Verifiable Consumer Request asserting such opt-out right. To exercise this right, a Data Subject must submit a Verifiable Consumer Request to the Company's designated privacy contact at seansteticinquiry@gmail.com, clearly identifying the request as a "Do Not Sell or Share My Personal Information" request pursuant to CCPA/CPRA § 1798.120, and providing sufficient identifying information to enable the Company to locate the Data Subject's Personal Data within its systems and verify the Data Subject's identity. The Company shall process such opt-out requests within fifteen (15) business days of receipt of a verifiable and complete request. Data Subjects who have exercised this opt-out right shall not be denied Services, charged a different or higher price for the Services, or subjected to any other form of discriminatory treatment by the Company as a consequence of such exercise, except to the extent that any differential treatment is directly and reasonably related to the value of the Data Subject's Personal Data to the Company's commercial operations and is expressly authorized under applicable law. The opt-out right applies prospectively only; it does not require the Company to reverse or unwind any sale, transfer, or disclosure of Personal Data that was completed prior to the Company's receipt of the opt-out request. Data Subjects located in other jurisdictions possessing analogous opt-out rights under applicable state or federal statute are encouraged to submit a Verifiable Consumer Request asserting such rights, and the Company shall evaluate and respond to such requests in good faith and in accordance with applicable law.

THE DATA SUBJECT EXPRESSLY ACKNOWLEDGES AND AGREES THAT THE COMPANY'S ENGAGEMENT IN THE COMMERCIAL SALE AND TRANSFER OF PERSONAL DATA AS DESCRIBED IN THIS SECTION 14 IS A MATERIAL TERM OF THE DATA SUBJECT'S ACCESS TO AND USE OF THE SERVICES, THAT THE DATA SUBJECT HAS BEEN AFFORDED CLEAR AND CONSPICUOUS NOTICE OF SUCH PRACTICES THROUGH THIS POLICY, AND THAT THE DATA SUBJECT'S CONTINUED USE OF THE SERVICES FOLLOWING REVIEW OF THIS POLICY CONSTITUTES INFORMED ACKNOWLEDGMENT OF SUCH DATA PRACTICES. NOTHING IN THIS POLICY SHALL BE CONSTRUED TO LIMIT THE COMPANY'S RIGHT TO ENGAGE IN THE SALE, LICENSING, OR TRANSFER OF PERSONAL DATA TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW.

15. CONTACT INFORMATION FOR FORMAL PRIVACY INQUIRIES, COMPLAINTS, AND VERIFIABLE CONSUMER REQUESTS

All formal privacy inquiries, data protection complaints, Verifiable Consumer Requests for the exercise of Data Subject rights, opt-out requests, and all other communications pertaining to this Policy or the Company's data processing practices must be directed exclusively to the Company's designated privacy and data protection contact through the contact information set forth below. The Company shall not be obligated to receive, process, or respond to privacy-related communications submitted through channels, addresses, or methods other than those specifically identified herein. Informal communications received through social media or other non-designated channels are acknowledged as non-binding and will not trigger any formal response obligation on the part of the Company under applicable data protection law.