Privacy Policy

Last updated: 9 January 2026

In order to use the MyRise mobile application, website, and other services that may become available in the future (collectively, the “Services”), we may ask you to provide certain personal information during account registration and onboarding. This information may include, but is not limited to, your name, email address, age, gender, weight, height, fitness level, fitness goals, preferred workout styles, areas for improvement, food preferences, information about injuries or physical limitations, and other onboarding questions designed to personalize your experience. Some of our Services may also ask for mental wellness and mood-related information (for example, to enable tracking and personalized coaching support).

In many parts of the app, you will have the ability to skip specific onboarding questions by selecting “Skip” or a similar option. Choosing to skip certain questions may limit the personalization or availability of certain features, but you will still be able to use the core Services.

In addition to the data you provide directly, we may automatically collect certain technical information from your device when you access or use our Services. This information may include, but is not limited to: language settings, IP address, time zone, device type and model, device settings, operating system version, app version, unique device identifiers, crash data, and other technical details. We use this data to:

• Deliver and optimize the functionality of the Services (e.g., ensure correct rendering of features).
• Analyze and understand how our users engage with the app (e.g., to improve features and user experience).
• Detect, prevent, and address technical issues or potential security risks.
• Serve internal MyRise promotions and, where applicable, personalized advertising.

In most cases, you can control certain aspects of this automatic data collection through your device settings, app settings, or privacy features provided within the Services.

Please carefully review this Privacy Policy to understand:

• What types of data we collect  (Section 1) and for what purposes (Section 2).
• What rights and privacy controls are available to you (Section 4).

Depending on your region and the MyRise product you use, you may have access to additional privacy features and controls. Examples include:

• Managing online tracking preferences through in-app privacy settings.
• Opting out of certain data uses where permitted by law (e.g., “sale” or “sharing” of data under certain US state privacy laws).
• Requesting access to, correction of, or deletion of your personal data.
• Exercising other rights under applicable data protection laws, including the GDPR.

When these features are available, we will display them prominently within the app (for example, in your account settings or privacy center). We strive to make privacy controls simple, accessible, and user-friendly, allowing you to manage your data without complex requests. If you cannot locate a privacy feature or it is not available in your region, you may always submit a request to us directly.

If you have any questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at support@myrise.app.

Privacy Policy

This Privacy Policy explains and provides transparency about what personal data we collect when you use the MyRise mobile application, website, and the services provided through them (together, the “App” or “Service”), and how such personal data is processed, stored, shared, and protected.

By using the Service, you confirm that:

1. You have read, understood, and agreed to this Privacy Policy and the data processing described herein; and
   
2. You are at least 18 years of age and legally capable of entering into binding agreements.

If you do not agree, or are unable to make this confirmation, you must not use the Service. In that case, you must:

• (a) Delete your account and contact us to request deletion of your personal data;
• (b) Cancel any active subscriptions using the appropriate functionality provided by Apple (if you are using iOS), Google (if you are using Android), any other app store that may be available from time to time, or by contacting us directly if you purchased your subscription via our website; and
• (c) Delete the App from all your devices.

Any non-English translation of this Privacy Policy is provided solely for convenience and transparency purposes. In the event of any difference in meaning or interpretation between this English version of the Privacy Policy, available at https://myrise.app/privacy-policy, and any translation, the English version shall prevail. The English text is the only legally binding version of this Privacy Policy.

Contents:

1. Categories of Personal Data We Collect
2. Purposes and Legal Bases for Processing Your Personal Data
3. Sharing of Your Personal Data
4. How You Can Exercise Your Privacy Rights
5. Age Limitation
6. International Data Transfers
7. Changes to This Privacy Policy
8. Data Retention
9. Personal Data Controller
10. Contact Us

1. Categories of Personal Data We Collect

We process data:

(i) you directly provide to us (for example, when you create an account, complete onboarding, send us an email, or interact with the MyRise AI coach),
(ii) we receive about you from third parties (for example, when you sign in via Apple or allow us to access Apple Health or Google Health Connect data),
(iii) automatically when you use our Service (for example, your IP address via cookies or SDK technologies).

1.1. Data Directly Provided by You

1.1.1. Identifiers

This may include your name, email address, password, and profile photo. You provide this information when you register for the Service, manage your account settings, subscribe to communications, or contact us by any means.

1.1.2. Onboarding and Product Data

You provide this category of information during registration, onboarding, and when updating your profile or interacting with the app. This includes:

• General information: age, date of birth, gender.
• Physical characteristics: height, weight.
• Fitness and lifestyle data: fitness level, workout preferences (e.g., cardio, strength, yoga), workout frequency and duration, available equipment (e.g., dumbbells, bodyweight only), fitness goals (e.g., fat loss, muscle gain, overall health), Preferred workout setting (e.g., solo training, group workouts, or a blend of both).
• Coaching preferences: preferred coaching style (e.g., motivational, soft, strict).
• Wellness information: mood tracking, mental wellness self-assessments, dietary preferences, nutrition goals, dietary restrictions, and medical notes or limitations relevant to workouts.
• Optional inputs: any other onboarding or preference information you choose to provide.

Some onboarding questions are optional and may be skipped by selecting “Skip” or a similar option. Selected parts of this data are used to personalize your AI coaching, workouts, and progress tracking.

1.1.3. Sensitive Wellness Data

Some information you provide may be considered sensitive health data under applicable data protection laws. Examples include injury history, health-related limitations, mood tracking inputs, mental wellness assessments, and medical notes. Where required by law, MyRise will request your explicit consent before processing this data to deliver personalized coaching and recommendations.

1.1.4. Subscription and Commercial Data

If you purchase a subscription or paid service, you provide financial account data (e.g., credit card details) to our secure third-party payment processors. While MyRise does not collect or store your full payment card numbers, we may receive limited payment information, such as:

• Type of payment method used
• Date, time, and amount of purchase
• A secure token reflecting your payment method
• Status of your transaction

1.1.5. Community and Social Data

When using MyRise’s social features, you may provide:

• Public/private profile selection
• Profile bio and uploaded profile photos
• User-generated posts, comments, likes, and other social interactions shared with the community

This information is visible to other users according to your privacy settings.

1.1.6. AI Interaction Data

We process the conversations you have with the MyRise AI coach. This includes:

• Texts or messages you enter
• Responses generated by the AI
• Follow-up interactions related to workouts, confirmations, and coaching feedback

These interactions are stored and processed to deliver personalized recommendations and improve coaching performance.

1.1.7. Support and Communication Data

When you contact us via support@myrise.app, in-app support, surveys, or other communication channels, we process:

• Messages, inquiries, and attachments you send to us; and
• Feedback and survey responses you voluntarily provide.

1.2. Data Provided by Third Parties

1.2.1. Apple or Google Account Data

When you sign in with Apple or Google to create a MyRise account, we receive personal data from your Apple or Google ID account. This may include:

• Your name
• Verified email address

When using Apple, you may choose to share either your real email address or an anonymized address generated via Apple’s private relay service. Apple and Google will present detailed privacy information on their sign-in screens.

1.2.2. Apple Health and Google Health Connect Data

With your explicit consent, we may read and/or write fitness and health data from your device’s health platforms:

• Read (receive): number of steps, distance traveled, calories burned, heart rate, weight, sleep, and other metrics you select on the consent screen.
• Write (share): workouts, weight logs, calorie burn, or other activity data generated by MyRise.

Apple or Google will indicate which data types are covered when requesting access. MyRise does not control these native permission pop-ups.

Before sharing your health data, we encourage you to review Apple’s or Google’s privacy policies, as your data in those apps is also governed by their policies.

• More on Apple Health: http://www.apple.com/ios/health/
• More on Google Health Connect: https://health.google/health-connect-android/

You may withdraw MyRise’s access to read or write health data at any time in your device’s health app settings.

1.2.3. Data from Connected Third-Party Apps and Services

With your explicit permission, you may choose to connect MyRise to external applications or services that store your health and fitness information. These integrations may include, for example, other workout tracking platforms, nutrition logging tools, menstrual cycle tracking applications, wearable device apps, or similar services that you use to manage your fitness and wellness data.

When you authorize such a connection, we may receive and process information made available to us by the third-party service, which may include:

• Historical workouts and activity logs (e.g., past exercises, distances, times, calories burned, steps).
• Training performance metrics and analytics (e.g., heart rate, VO₂ max, recovery data).
• Nutritional data and food tracking logs.
• Women’s health and menstrual cycle data (e.g., cycle phases, symptoms, fertility tracking, period logs).
• Other health and wellness information you approve for sharing.

This data is used to:

• Import your past progress into MyRise to create a comprehensive fitness history.
• Provide personalized coaching recommendations and habit guidance.
• Display analytics and trends within the App to help you better understand your progress.

You will be asked for explicit consent before we access or process any data from a third-party service. This consent is typically requested through an in-app authorization screen. You may revoke MyRise’s access to any connected third-party service at any time via MyRise settings or through the connected external service.

1.3. Data We Collect Automatically

1.3.1. Online Activity
We record how you interact with our Service. For example, we log your interactions with different areas of the interface, features, and content. This includes:

• Workouts you complete, including time and duration
• Mood check-ins and progress tracking
• How often you use the App and the length of each session
• Your participation in challenges and subscription activity

Wearable device data: MyRise allows you to connect certain supported wearable fitness trackers (for example, fitness bands, watches, or other health monitoring devices) to the App. When you connect a wearable device, we may process data collected by the device, such as step counts, heart rate measurements, sleep statistics, calories burned, and other activity data. We will request your explicit consent when you first connect a wearable device to the App. Once provided, this consent will allow ongoing processing of data received from the device until you withdraw it in your settings.

1.3.2. Device and Geolocation Data
We collect data from your mobile device to provide and improve the Service. This may include:

• Language settings
• Internet Protocol (IP) address
• Time zone
• Type and model of device
• Device settings and operating system version
• Internet service provider and mobile carrier
• Hardware identifiers (e.g., device ID)
• Diagnostic and crash logs

If you provide consent in certain parts of the App, we may also collect geolocation data (for example, when enabling route tracking during workouts).

1.3.3. Advertising IDs
We collect your Apple Identifier for Advertising (“IDFA”) or Google Advertising ID (“AAID”), depending on your device’s operating system. You can reset or limit these identifiers through your device settings (we do not control these settings).

1.3.4. Cookies and Similar Tracking Technologies
Our App and website use technologies such as cookies, SDKs, and similar tools to:

• Enhance your experience;
• Optimize app performance and content loading;
• Analyze usage and traffic; or
• Where applicable, deliver MyRise promotions and targeted advertising.

These technologies are activated when you use the App, visit our website, or enable certain features like chats or social interactions. Disabling them may limit some functionalities, but the core Service will remain usable.

We and our partners may also use targeting technologies to tailor ads and display them to you at relevant times. Your interactions with the App or website could lead to seeing MyRise promotions on social platforms or other websites, helping us measure campaign effectiveness.

We respect your privacy and give you options to manage non-essential data processing. The tracking technologies we use include:

• Strictly Necessary – Essential for core functionality (e.g., remembering preferences, ensuring fast content loading, enhancing security). Some features, like customer support, rely on these technologies.
• Functional – Used to personalize and improve your experience (e.g., remembering your language choice, keeping you logged in, saving workout settings). If disabled, some features may not function properly.
• Performance – Helps us understand user engagement, identify popular features, and improve future development. If disabled, we will not receive some analytics information.
• Targeting – Used by us and our partners to show you relevant MyRise promotions and measure advertising performance. If disabled, you may see less relevant promotions, and we may have limited ability to evaluate campaigns.

2. Purposes and Legal Bases for Processing Your Personal Data

We collect and use your data primarily to provide our Service, enhance your personalized coaching experience, and continuously improve MyRise. We also process data to attract new users and foster a supportive health and fitness community. Below is a detailed description of each purpose, including examples and the legal bases we rely on.

Please note that some of the information we collect, including data provided during onboarding or gathered when you connect wearable devices or third-party health applications, may be regarded as a special category of personal data or sensitive data under certain data protection legislation to which we are subject.

When this is the case – for example, when you share injury history, menstrual cycle information, or when wearable device data such as heart rate is processed – we will strive to ask for your explicit consent before processing such data. However, if processing this information is necessary to deliver certain parts of the Service (for example, tailoring workouts to accommodate physical limitations or generating activity reports from connected wearables), providing such consent will be required to access and fully use these features, as we would otherwise be unable to provide them to you.

---

2.1. To Provide Our Service and Administer Your Account

This includes verifying your identity, performing email verification, enabling you to access and use our Service in a seamless manner, and preventing or addressing Service errors or technical issues, while customizing your experience.

Consequences of this processing may also include:

• Customizing your experience: We adjust the content of the Service and provide coaching tailored to your personal preferences and fitness goals. As a result, you may receive workout programs adapted to your fitness level, available equipment, preferred coaching style, and other onboarding inputs.
• Responding to your requests: We address technical or customer support requests, provide comprehensive answers to your inquiries, ensure that you are satisfied with our Service, and process any disputes related to your account or subscription.
  

For this purpose, we may send you notifications or emails about the performance of our Service, security updates, subscription or payment confirmations, notices regarding our Terms and conditions of Use, or this Privacy Policy.

MyRise may also be offered through business-to-business (B2B) wellness programs. In such cases, we process personal data necessary to create and manage your account within a corporate or group-based setting, ensuring secure and seamless access to the Service.

Categories of personal data: All categories.
Lawful basis: Performing our contract with you, or explicit consent if the data relates to a special category of personal data in a covered jurisdiction.

2.2. To Communicate With You Regarding Your Use of Our Service

We communicate with you through push notifications, emails, and in-app messages. These communications may include reminders and motivational messages encouraging you to complete workouts, track your progress, or follow a personalized plan. For example, you may receive a notification each day at a specific time reminding you to train or complete a daily challenge.

We may also communicate with you about important updates or changes to the Service, request feedback to improve MyRise, or respond to any inquiries or complaints you submit.

Categories of personal data: All categories.
Lawful basis: Performing our contract with you (or legitimate interest, when it is not necessary for provision of the Service).

2.3. To Communicate With You Regarding Possible Cooperation

We may contact you to discuss opportunities for cooperation, such as partnership options, group wellness programs, or other service enhancements that may benefit you or your organization.

Categories of personal data: Identifiers, B2B Service data.
Lawful basis: Legitimate interest*.

2.4. To Process and Fulfill Payments and Purchases

We manage and fulfill your paid transactions, whether they are for subscriptions, premium services, or physical/digital products offered within MyRise. We use third-party services to process payments securely, allowing you to complete purchases while we are notified when payments are successful. MyRise does not store or collect your full payment card details.

This processing also includes providing customer support related to payments, issuing receipts or order confirmations, delivering purchased products or services, and handling returns or disputes where applicable.

Categories of personal data: Identifiers, Commercial information, Purchase data, Device and Geolocation data, B2B Service data.
Lawful basis: Performing our contract with you.

2.5. To Research and Analyze Your Use of the Service

We process data to understand how users interact with MyRise, improve current features, and develop new ones. This includes statistical analysis and testing to enhance user experience and optimize coaching programs.

Examples: If we discover that users frequently engage with short home-based workouts, we may introduce more similar programs or design new challenges.

This processing helps us better understand user behavior and trends across different types of users, including those using MyRise individually or as part of a corporate wellness program.

Categories of personal data: All categories.
Lawful basis: Legitimate interest (unless processing involves special categories of data or methods requiring consent under certain privacy regulations).

2.6. To Send Our Marketing Communications

We may add your email address or account information to our marketing list, provided we have received your consent or otherwise established a legal basis for sending marketing communications under applicable law.

As a result, you may receive information about MyRise products, services, new features, or special promotional offers. If you do not wish to receive marketing emails from us, you can unsubscribe at any time by following the instructions included in the footer of each marketing email or by adjusting your communication preferences in the App settings.

Categories of personal data: Identifiers.
Lawful basis: Consent or legitimate interest* (in jurisdictions that allow exceptions to consent requirements).

2.7. To Personalize Our Ads

We, and our partners, may use your personal data to tailor promotional content and show you relevant MyRise ads at the right time and place.

For example, if you have installed our App or visited our website, you might see MyRise promotions in your social media feeds or on other online platforms. This personalization helps us provide more relevant offers and measure the success of our marketing efforts.

Categories of personal data: Onboarding and product data, Commercial information, Purchase information, Device and Geolocation data, Advertising IDs (e.g., for preventing or fixing technical issues), Cookies and similar tracking technologies.
Lawful basis: Consent or legitimate interest* (unless consent is specifically required, for example, under certain e-Privacy regulations).

2.8. To Audit Ad Performance

We process data to conduct auditing related to advertising activities. This includes counting ad impressions for unique visitors, verifying the positioning and quality of advertisements, and auditing compliance with industry standards and specifications.

Categories of personal data: Identifiers, Onboarding data, Commercial information, Device and Geolocation data, Advertising IDs, Cookies, and similar tracking technologies.
Lawful basis: Consent or legitimate interest* (unless consent is specifically required, for example, under certain e-Privacy regulations).

2.9. To Enforce Our Terms and conditions of Use and to Prevent and Combat Fraud

We collect and store personal data to the extent necessary to defend our legal rights and interests in the event of legal disputes or claims. This may include using your data to support our legal claims, respond to legal requests from authorities, or establish, exercise, or defend our legal position.

Additionally, we process data to detect and prevent fraudulent or unauthorized activity, ensuring the integrity and security of MyRise and its users.

Categories of personal data: All categories.
Lawful basis: Legitimate interest*.

2.10. To Comply With Legal Obligations

We may process personal data to comply with applicable legal obligations, such as tax regulations, accounting standards, or other laws and requirements.

Examples:

• Calculating and reporting taxes owed;
• Issuing invoices or receipts;
• Responding to tax-related inquiries from government authorities;
• Maintaining accurate financial and transaction records;
• Complying with data protection regulations such as GDPR or CCPA; or
• Responding to lawful requests from law enforcement or regulatory agencies.

Categories of personal data: All categories.
Lawful basis: Compliance with legal obligations*.

---

*We rely, in particular, on the following legitimate interests:

To communicate with you regarding your use of the Service. This includes, for example, sending you push notifications reminding you to exercise or complete mood check-ins at appropriate times. The legitimate interest we rely on for this purpose is our goal to encourage you to use the Service more often. We also take into account the potential benefits to you of following your personalized fitness and wellness plan, which may help you achieve a healthier lifestyle.

To communicate with you regarding possible cooperation. The legitimate interest we rely on for this processing is our interest in establishing and maintaining business relationships with potential partners, clients, or collaborators, allowing you or your organization to benefit from additional programs and offers.

To research and analyze your use of the Service. Our legitimate interest for this purpose is our aim to improve MyRise so that we can better understand user preferences and provide you with an enhanced experience (for example, by making the app easier to navigate, more engaging, or by introducing and testing new features).

To send you marketing communications (unless you provide consent to that). The legitimate interest for this processing is our interest to promote MyRise in a balanced and relevant manner. We may rely on this interest, for example, when we have an established relationship with you, such as an active subscription or a previous purchase within the Service.

To personalize our ads. We rely on our legitimate interest to promote MyRise in a reasonably targeted way, ensuring that any promotional messages are relevant and helpful to you.

To audit ad performance. The legitimate interest for this processing is our aim to ensure the accuracy and quality of our advertising services and compliance with industry standards.

To defend our legal rights and interests. The legitimate interest refers to our need to protect MyRise from legal disputes, claims, or other actions that could affect our operations, reputation, or financial stability. This may involve using your data to support our position in a dispute, respond to legal requests, or provide necessary evidence in litigation.

To enforce our Terms and conditions of Use and to prevent and combat fraud. Our legitimate interests for this purpose include enforcing our legal rights, detecting and preventing fraudulent or unauthorized use of the Service, and addressing non-compliance with our Terms and conditions of Use.

3. Sharing of Your Personal Data

A. General classification
We work with carefully selected partners who perform specific services or business functions for MyRise, using their technologies and resources under our instructions. This may include processing your personal data through software development kits (SDKs), application programming interfaces (APIs), cookies, and similar technologies. As a result, your information may be transferred to and processed on their servers – typically without the partner having direct access to the specific details – solely on our behalf and for our purposes.

This type of processing may be considered sharing information with third parties. Whenever possible, we enter into written data processing agreements with these partners to clearly define the rules for handling your personal data, ensuring it is processed only on our behalf and limited to the agreed purpose. Our partners enable us to operate, improve, integrate, personalize, support, and promote the MyRise Service.

3.1. Third-party service providers

We process your personal information using the following types of service providers (and, in certain cases, their subprocessors). These service providers help us operate, secure, support, analyze, and improve the Service, including by enabling account functionality, data storage, AI coaching features, and voice interactions.

a. Cloud infrastructure, database, authentication, and related hosting providers – Supabase
We use cloud infrastructure and database technologies to host, store, and secure personal data and to enable core Service functionality. This includes user authentication, account management, secure database storage (including user profile data, onboarding preferences, workout history, consent history, and communications), and related service operations.
(Example: To host and protect personal data and enable core Service features, including account login and secure storage.)

b. AI coaching and generative AI service providers – Anthropic and OpenAI
We use third-party AI service providers to deliver AI-powered coaching features in the Service (for example, generating coaching messages, workout guidance, and contextual responses based on your inputs). Depending on the feature you use, we may share limited information with these providers, such as your onboarding inputs, fitness goals, workout history, and coaching conversation context, to generate responses requested by you and to operate the feature.
Where required by applicable law (including where special categories of data are involved), this processing is enabled only after you provide the relevant consent or otherwise activate the AI coaching features in the Service.
Retention note: These providers may process and retain data for a limited period in accordance with their policies and our configuration; we seek to minimize what is shared and retained. (Example: To generate AI coaching responses and provide personalized guidance.)

c. Voice and real-time communication infrastructure providers – Daily
We use real-time communication infrastructure to enable voice-based coaching features (for example, when you initiate a voice session with the AI coach). This may involve processing audio streams and basic session metadata (such as session identifiers and timing information) to establish and maintain the voice connection and ensure voice quality and reliability.
(Example: To enable voice sessions, route audio securely, and maintain call performance.)

d. Speech-to-text and text-to-speech processing providers – NVIDIA
We use speech and voice processing services to convert speech to text and/or text to speech for voice-based coaching features. This may involve processing audio streams in real time to provide the voice interaction you request.
(Example: To enable voice features by converting audio to text and generating spoken responses.)

e. Voice agent orchestration / coordination technologies (where applicable) – Pipecat
We may use voice agent coordination technologies that help manage the technical orchestration of real-time voice interactions (for example, coordinating the flow of audio, transcripts, and AI responses during a voice session).
(Example: To coordinate real-time voice interactions and ensure voice sessions function smoothly.)

f. Payment processing partners and gateway service providers
If you purchase subscriptions or paid offerings, payment processing is handled by secure third-party payment processors and/or app store payment platforms. MyRise does not store full payment card details, but may receive limited transactional metadata (for example, payment status, transaction date, and subscription identifiers) required to provide access to paid features and handle billing support.
(Example: To process payments and manage subscriptions securely.)

g. Customer communication and support service providers
We may use service providers that help us deliver service communications and provide customer support (for example, handling support requests, sending essential account notices, and enabling certain in-app communications).
(Example: To provide support functions and deliver important service messages.)

h. Analytics and performance monitoring service providers (where applicable)
We may use analytics or performance monitoring technologies to understand how users interact with the Service, diagnose technical issues, and improve the user experience. Where required, these technologies are enabled only after you provide the relevant consent (for example, analytics consent) or as otherwise permitted under applicable law for strictly necessary measurements and security-related purposes.
(Example: To analyze Service usage and improve stability and performance.)

i. Additional providers added over time (future-proofing)
As MyRise evolves, we may add or replace service providers (for example, additional voice providers, alternative text-to-speech providers, or media processing providers). When we do so, we will update this Privacy Policy as required to reflect material changes and, where required by law, obtain any necessary consent before enabling such processing.
(Example: To support new features or improve the Service while maintaining privacy protections.)

3.2. Health Apps

In some cases, you may choose to allow us to write data to third-party health platforms (e.g., Apple Health, Google Health Connect). This may include information on your workouts, weight, and dietary energy (calorie intake).

3.3. Law enforcement agencies and other public authorities

We may use and disclose personal data when necessary to enforce our Terms and Conditions of Use, safeguard our rights, privacy, safety, or property, and/or those of our affiliates, you, or others. We may also share information to respond to lawful requests from courts, law enforcement bodies, regulatory agencies, and other public or governmental authorities, or in any other circumstances required or permitted by applicable law.

3.4. Third parties as part of a merger or acquisition

As our business evolves, we may buy or sell assets, services, or entire business operations. In such transactions, customer information is often among the transferred assets. We may also share this information with affiliated entities (such as a parent company or subsidiary) and may transfer it as part of a corporate transaction, including a sale, divestiture, merger, consolidation, asset transfer, or, in rare circumstances, bankruptcy.

3.5. Affiliates

We may share your personal data with entities within the MyRise corporate group – companies that own us, are owned by us, or are under common control (including any future parent company or subsidiary, if established). Such sharing will occur only where necessary for legitimate internal business purposes consistent with this Privacy Policy (for example, centralized administration, security, compliance, corporate reporting, or providing the Service), and subject to appropriate safeguards. Any affiliate receiving personal data will be required to process it in a manner consistent with this Privacy Policy and applicable law.

B. CCPA classification of service providers and third parties

Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), MyRise classifies the entities with whom we share personal information as service providers, contractors, or, in limited circumstances, third parties, depending on the nature and purpose of the relationship.

We do not sell personal information for monetary consideration. We also do not knowingly share personal information for cross-context behavioral advertising except where permitted by law and subject to user choice and applicable consent requirements.

Service providers and contractors

We disclose personal information to service providers and contractors that process data solely on our behalf, for business purposes described in this Privacy Policy, and under written agreements that restrict the use of personal information to providing services to MyRise.

These entities are prohibited from:

• Retaining, using, or disclosing personal information for any purpose other than providing services to MyRise; and
• Selling or sharing personal information except as permitted by law.
  

The categories of service providers and contractors include:

Category of recipient	Example providers (where applicable)	Business purpose
Cloud infrastructure, database, and authentication providers	Supabase	Hosting the Service, secure data storage, authentication, account management, backups, and infrastructure security
AI coaching and generative AI providers	Anthropic, OpenAI	Generating AI-powered coaching responses, workout guidance, and contextual assistance requested by users
Voice and real-time communication providers	Daily	Enabling real-time voice interactions and audio routing for voice-based coaching features
Speech-to-text and text-to-speech providers	NVIDIA	Processing audio input and generating voice output for voice-based features
Voice orchestration and coordination technologies (where applicable)	Pipecat	Coordinating real-time voice sessions and managing the technical flow of audio and AI responses
Payment processors and app store platforms	Apple App Store, Google Play, payment gateways	Processing subscription payments, managing billing, and handling transaction confirmations
Customer support and communication providers	(As applicable)	Providing customer support, delivering essential service communications, and responding to user inquiries
Analytics and performance monitoring providers (where applicable)	(As applicable)	Measuring Service performance, diagnosing technical issues, and improving reliability and user experience

Third parties

In limited circumstances, personal information may be disclosed to third parties that are not acting as service providers or contractors, including:

• Legal and regulatory authorities, where disclosure is required to comply with law, legal process, or enforce our rights; and
• Corporate transaction counterparties, such as in connection with a merger, acquisition, asset sale, or similar business transaction, subject to appropriate confidentiality and data protection safeguards.

Such disclosures are made only as permitted or required by applicable law.

“Sale” and “sharing” under California law

Certain data disclosures for advertising or analytics purposes may be considered a “sale” or “sharing” of personal information under California law, even where no money is exchanged. Where applicable:

• MyRise provides users with the right to opt out of such sale or sharing;
• We honor legally recognized opt-out preference signals where required; and
• We provide access to relevant privacy controls within the Service or through the contact methods described in this Privacy Policy.

California residents may exercise their rights as described in Section 4.3 (California Privacy Rights).

4. How You Can Exercise Your Privacy Rights

4.1 General Privacy Rights

To provide you with control over your personal data, we recognize and uphold the following rights in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and equivalent legislation in other jurisdictions.

Accessing, reviewing, updating, or correcting your personal data. You have the right to request a copy of the personal data we process about you, as well as to request corrections or updates to any inaccurate or incomplete information.

• You may be able to access and update your data directly within the Service by navigating to the Profile, Account, or Settings sections (availability depends on your device and app version).

• Alternatively, you can send a request to support@myrise.app specifying the data you wish to access or amend.
• In accordance with applicable laws, we will provide you with a copy of your personal data in an accessible format.

Deleting your personal data. You may request that we delete your personal data, subject to legal and contractual obligations that require us to retain certain records for a period of time.

• When you request deletion, we will take reasonable steps to remove the relevant information from our systems.
• If some data must be retained for legal, accounting, or compliance purposes (e.g., payment transaction records or support interactions), it will be securely stored until it can be deleted.
• Once retention obligations expire, we will proceed with deletion without additional notice.
  

Getting to know the details of the processing. You have the right to obtain transparent information about:

• The categories and specific items of personal data we process;
• The purposes for which we process your personal data;
• The legal bases for such processing;
• The categories of recipients with whom the data may be shared; and
• The applicable retention periods.
  

Most of this information is contained within this Privacy Policy. However, you may contact us at any time for clarification or further details.

Objecting to or restricting the use of your personal data

You may request that we stop processing your personal data, or that we limit processing to specific purposes only. Examples include:

• Email marketing: You can unsubscribe from our marketing emails at any time by following the “unsubscribe” link included in every email, or by contacting support@myrise.app.
• Push notifications: You can disable push notifications via your device’s settings at any time.
• E-privacy and tracking settings: We provide controls to manage tracking preferences on a granular level. These controls may be accessible in your account or device settings.
• Personalized advertising settings:

• iOS devices: Go to Settings → Privacy & Security → Tracking and adjust your permissions. You may also reset your advertising identifier.
• Android devices: Go to Settings → Privacy → Ads to opt out of interest-based ads, or reset your advertising ID.
  

To learn even more about how to affect advertising choices on various devices, please look at the information available at NAI Mobile Device Advertising Opt-Out Guide.

For more detailed control over targeted advertising, you can use the following opt-out resources:

• Network Advertising Initiative
• Digital Advertising Alliance
• Digital Advertising Alliance (Canada)
• Digital Advertising Alliance (EU)
• DAA AppChoices page

Right to lodge a complaint with a supervisory authority. We would love you to contact us directly first, so we can address your concerns – customer satisfaction is our top priority, and we dedicate significant resources to resolving issues quickly and effectively.

Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority.

• In Iceland, the relevant authority is Persónuvernd (www.personuvernd.is).
• You may also contact the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement.
  

Right to data portability. You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV) and to transmit that data to another controller, where technically feasible. Requests can be made via support@myrise.app.

Exercising your rights. To exercise any of your privacy rights, please send a request to support@myrise.app or use the privacy settings available in our app.

Verification process. To protect your privacy and ensure security, we must verify the identity of anyone making a privacy rights request.

• Verification methods may include confirming account details such as your registered email address, account creation date, date of last activity, subscription status, or other account usage data.
• In some cases, we may send you a verification code or link to your registered contact information, or request minimal identity documentation.

Authorized agents. You may designate an authorized agent to act on your behalf.

• If you have granted your agent a valid power of attorney, we will work directly with them to complete your request.
• If no formal power of attorney exists, we will contact you directly to confirm the agent’s authority before proceeding.
• In all cases, the agent must verify both their own identity and yours.

4.2 Additional Regional Rights

European Economic Area (EEA), United Kingdom (UK), and Switzerland. If you are located in the EEA, UK, or Switzerland, you have the following rights under applicable data protection laws, in addition to those listed above:

• Right to withdraw consent – Where we rely on your consent to process your personal data, you may withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Right to restriction of processing – You may request that we temporarily or permanently stop processing all or some of your personal data.
• Right not to be subject to automated decision-making – You have the right not to be subject to decisions based solely on automated processing, including profiling, where such decisions would have legal or similarly significant effects on you, unless certain conditions apply.
  

Canada
If you are located in Canada, you may have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) or applicable provincial privacy laws, including:

• The right to challenge the accuracy of your personal data and have it amended as appropriate;
• The right to be informed of our policies and practices with respect to the management of your personal data.

Other jurisdictions
We will comply with any additional privacy rights or protections granted to you by the laws of your place of residence, even if they are not explicitly listed in this Privacy Policy.

4.3 California Privacy Rights

This section applies only to residents of the State of California, United States, and is intended to comply with the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”), as well as California’s Shine the Light Law.

For more details about the personal information we collect, including the categories of sources, please see Section 1 above. We collect this information for the purposes described in Section 2 of this Privacy Policy. We may also share your information with certain categories of third parties, as indicated in Section 3.

In addition to the rights listed above, California residents have the following rights:

Right to know what personal information is collected, sold, or shared and to whom. You may request that we disclose to you:

• The categories of personal information we collected about you;
• The categories of sources from which the personal information was collected;
• The business or commercial purposes for which the personal information was collected, sold, or shared;
• The categories of personal information that we sold or shared and the categories of third parties to whom such personal information was sold or shared;
• The categories of personal information we disclosed about you for a business purpose and the categories of persons to whom it was disclosed.

Right to opt out of sale or sharing of personal information. We may share certain personal information with advertising and analytics partners to provide you with more relevant content and ads. In certain circumstances, this may be considered a “sale” or “sharing” of personal information under California law.

• You have the right to opt out of such sale or sharing at any time.
• Where applicable, we will strive to provide a “Your Privacy Choices” link within the Service (e.g., in the footer, settings menu, or profile section) that will allow you to exercise this right directly.
• We will also endeavor to honor opt-out preference signals sent by supported browsers and devices.
  

Right to limit the use and disclosure of sensitive personal information. California law allows you to request that we limit our use of “sensitive personal information” (such as health-related data) to only what is necessary to provide the services you have requested.

Right not to be discriminated against. You will not be treated differently or denied access to services for exercising any of your privacy rights under the CCPA/CPRA.

Shine the Light Law – Right to request information about direct marketing

Under California’s “Shine the Light” law, you may request information regarding:

• Whether we share your personal information with third parties for those parties’ own direct marketing purposes; and
• The categories of such personal information and the identities of those third parties (if applicable).

To make such a request, email support@myrise.app with the subject line:
“Request for California Shine the Light Privacy Information” and include your state of residence and your email address in the message body. Please note that not all sharing is covered by the “Shine the Light” requirements, and only qualifying sharing will be included in our response.

Exercising Your Rights

To exercise any of your privacy rights under this Section 4, you may:

• Use any in-app privacy features available in your Settings or Profile section (where applicable);
• Email us at support@myrise.app with details of your request; or
• Follow the specific opt-out or unsubscribe instructions provided in our communications.

We may require you to verify your identity before fulfilling your request, as described in 4.1 Verification process.

5. Age Limitation

We do not knowingly collect or process personal data from individuals under 18 years of age. The Service is intended solely for use by adults, and by accessing or using the Service you confirm that you meet this age requirement.
If you believe that someone under the age of 18 has provided personal data to us without valid parental or guardian consent, please contact us at support@myrise.app.

6. International Data Transfers

Your personal data may be transferred to and processed in countries other than the country in which it was originally collected, including countries outside of the European Economic Area (EEA), the United Kingdom (UK), and Switzerland, in order to provide the Service as described in our Terms and Conditions of Use and for the purposes set forth in this Privacy Policy.
Some of these countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer personal data to such countries, we implement appropriate safeguards in accordance with applicable law, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission; and/or
• Other lawful transfer mechanisms recognized by applicable data protection laws.
  You may request a copy of the applicable safeguards by contacting us at support@myrise.app.
  

7. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our business practices, technologies, legal requirements, or other factors.
If we make material changes to this Privacy Policy, we will notify you in advance through our Services. The “Last updated” date at the end of this Privacy Policy will indicate when it was most recently revised.
Your continued access to or use of the Service after the revised Privacy Policy becomes effective will signify your acceptance of the changes. If you do not agree with any updated terms, you should discontinue using the Service.

8. Data Retention

We will retain your personal data for as long as it is reasonably necessary to fulfill the purposes set forth in this Privacy Policy and in our Terms and Conditions of Use (including providing the Service to you), unless a longer retention period is required or permitted by law. This includes, but is not limited to, the period during which you maintain an active account with the Service.
We also retain certain data to:

• Comply with legal obligations (e.g., tax, accounting, and audit requirements);
• Resolve disputes;
• Enforce agreements; and
• Maintain necessary business records.
  For example, under certain accounting and tax laws, we are required to store transaction-related information for a specific period even after you close your account or submit a deletion request. In such cases, we will securely store only the minimum amount of data necessary to meet these obligations and will delete or anonymize the rest.

9. Personal Data Controller

The entity responsible for determining the purposes and means of processing your personal data under this Privacy Policy is:

MyRise ehf.
Registered in Iceland
Company number: [To be inserted]
Registered address: [To be inserted]
Email: support@myrise.app

For the purposes of this Privacy Policy, “data controller” also includes any parent company or affiliated legal entity of MyRise ehf., in accordance with applicable law.

10. Contact Us

You may contact us at any time for details regarding this Privacy Policy, its previous versions, or our information practices.
For any questions concerning your account or your personal data, please contact us at support@myrise.app or by mail at:
MyRise ehf., Registered address: [To be inserted], Iceland.

For security purposes, we may request additional verification information before responding to certain types of inquiries.