Global Privacy Policy

Effective Date: January 6, 2026

wellKnell LLC (“wellKnell,” “we,” “us,” or “our”) respects your privacy. This Global Privacy Policy explains how we collect, use, protect, and share personal information in connection with our guided meditation and relaxation platform through our website at wellknell.ai, our web-based application at app.wellknell.ai, our mobile applications for iOS and Android (collectively, the “App”), and related online services (collectively, the “Service”).

This Global Privacy Policy applies to individuals who use the Service worldwide. It is intended to serve as a global privacy notice and to comply with applicable data protection and privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other U.S. state privacy laws, where applicable. Certain rights and disclosures apply only to residents of specific jurisdictions, as described in this Policy.

Introduction

This Global Privacy Policy applies to personal information we collect from or about you when you access or use the Service, including when you create an account, subscribe, generate meditation sessions, or otherwise interact with the Service and its features. It also applies to personal information you provide to us through communications, forms, surveys, or other interactions that reference this Policy.

Please read this Policy carefully to understand our practices regarding the collection, use, processing, and storage of personal information. By accessing or using the Service, you acknowledge that you have read and understood this Policy.

This Policy may be updated from time to time. If we make material changes, we will update with a “Last Modified” date above. Your continued use of the Service after any updates indicates that you have acknowledged the revised Policy. Prior versions of this Policy may be obtained by contacting us.

This Policy should be read together with our Terms of Service, which govern your access to and use of the Service. Certain jurisdictions provide additional privacy rights. If you reside in California or another state with comparable privacy laws, please review our Privacy Notice for California Residents, which supplements this Policy and provides additional information about your rights and how to exercise them.

The Service may include links to third-party websites, services, or applications. We do not control these third-party services and are not responsible for their privacy practices. We encourage you to review the privacy notices of any third-party services you choose to access through the Service.

Information We May Collect About You

We collect and use different types of data from and about you, including:

• Account information, such as your name, email address, username, internal account identifier, and preferences you choose to provide (including your first name, if provided), including account settings, preferences, and subscription status.

• User-provided content and inputs, including information you choose to provide when generating or customizing meditation sessions, such as selected focus areas, session preferences, and other optional inputs.

• Communications with us, including information you provide when you contact us through the Service, email, or other support channels.

• AI-generated session interactions, including information temporarily processed in real time to generate guided meditation content and audio output based on your inputs and selections.

• Account integrity and security information, such as authentication data, account verification signals, and information related to preventing fraud, abuse, or misuse of the Service.

• User preferences and settings, including meditation preferences, notification settings, language preferences, and other choices you make within the Service.

• Support and feedback information, including information you provide when you contact customer support, submit help requests, provide feedback, or respond to surveys.

• Purchase and subscription information, including information related to subscriptions, credits, or in-app purchases. Subscription payments are processed by Apple or Google, as applicable. We do not receive or store payment card information.

• Non-personal data, such as demographic information, statistics, or aggregated information that does not directly or indirectly identify you. We may derive aggregated or statistical data from personal data.

• Technical and device information, including IP address; login information; browser type and version; time zone setting; operating system and platform; device type and model; unique device identifiers, mobile device identifiers; application version; language preferences; and network or carrier information.

• Usage and interaction data, including information about how you access and use the Service, such as pages or features viewed, session duration, feature usage, performance data, crash reports, and diagnostic information.

• If we combine or connect non-personal, technical, or device data with personal data so that it identifies an individual, we treat the combined information as personal information under this Policy.

How We Collect Data About You

We use different methods to collect data from and about you including through:

• Direct interactions. You may give us information about you by filling in forms or by corresponding with us through email, in-app communications, or otherwise. This includes information you provide when you create an account, subscribe to or use the Service, generate meditation sessions, provide feedback, contact customer support, or when you report a problem with the Service.

• Account registration and authentication. When you register for an account, you provide information such as your name, email address, and password. You may optionally provide your date of birth (month and day), which may be used to personalize meditation content, including features where certain instructor characters incorporate astrological or seasonal themes based on birth month and day. You may also optionally provide pronunciation guidance for your name to improve text-to-speech accuracy. You may sign in using third-party authentication services such as Apple Sign-In or Google Sign-In, where permitted by you.

• Session generation and AI processing. When you generate a meditation session, certain information you provide, such as your first name, selected focus area, preferences, and session-related metadata, is processed in real time to generate audio meditation content.

• User feedback. We collect information you choose to provide after sessions, such as ratings or optional written feedback.

• Automated technologies or interactions. As you interact with our Website or mobile application, we may automatically collect technical data about your device, usage, interactions, and activity patterns, as specified above. We collect this information by using cookies, mobile SDKs, server logs, and other similar technologies (see Cookies and Automatic Data Collection Technologies below).

  Our servers automatically generate log files in connection with your use of the Service. These log files may include temporary Internet Protocol (IP) addresses, timestamps, authentication events, session generation requests, subscription status changes, error logs, and related diagnostic information. We use this information for security purposes, such as detecting unauthorized access, as well as for debugging, troubleshooting technical issues, performance monitoring, and customer support assistance. Server log data is retained for up to thirty (30) days and is then deleted or anonymized.

  To maintain authenticated user sessions, we may use session-based identifiers and similar technologies, including token-based authentication credentials such as JSON Web Tokens. These session identifiers are used solely to enable essential Service functionality for logged-in users. On mobile devices, session information is stored using platform-native secure storage mechanisms, such as the iOS Keychain or Android Keystore.

  We use minimal tracking limited to what is necessary to operate, secure, and maintain the Service. We do not engage in invasive tracking, behavioral profiling, advertising tracking, or cross-device tracking.

• Third parties. We may receive information about you from third parties that support authentication, analytics, infrastructure, or subscription management, including mobile platform providers such as Apple or Google, where permitted by law.

Cookies and Automatic Data Collection Technologies

Our Website and mobile application use cookies and other automatic data collection technologies to support core functionality of the Service. These technologies enable navigation, maintain user sessions, store necessary preferences, and help us understand aggregate usage patterns and performance metrics.

Certain features of the Service are supported by third-party service providers, such as analytics, security, performance monitoring, or infrastructure services. These providers may use cookies or similar technologies solely to support the operation of the Service.

We do not permit third parties to use cookies or similar technologies on the Service for cross-context behavioral advertising, profiling, or tracking users across unrelated websites or applications.

How We Use Your Personal Data

We use personal data to operate, provide, maintain, and improve the Service, communicate with you, and conduct related business operations. Examples of how we may use the personal data we collect include to:

• Provide and operate the Service, including our Website and mobile applications, and to deliver the features, content, and functionality you request.

• Enable core functionality, including account creation and management, authentication, subscription and credit management, session access, and Service availability.

• Fulfill the purposes for which you provided the data, or that were described to you at the time of collection.

• Communicate with you, including to send service-related messages, confirmations, technical notices, updates to features, changes to policies, and other important administrative information.

• Provide customer support, including responding to inquiries, troubleshooting issues, and addressing support requests.

• Maintain, secure, and administer the Service, including internal operations such as system monitoring, testing, debugging, data analysis, research, statistical analysis, and performance optimization.

• Improve and develop the Service, including enhancing features, functionality, reliability, usability, and overall user experience.

• Ensure effective presentation and performance, including adapting the Service for different devices, operating systems, browsers, and application environments.

• Support safety, security, and compliance, including detecting, preventing, and responding to fraud, abuse, unauthorized access, misuse of the Service, or violations of applicable laws or our Terms of Service.

• Manage subscriptions and Service access, including billing status, renewals, cancellations, and account-related notices, as applicable.

• Provide information about the Service, including updates, new features, or changes that may be relevant to your use of the Service. You may manage your communication preferences through your account settings or as otherwise described in this Policy.

We do not permit third parties to use your personal data for their own advertising purposes, and we do not sell or share personal data for cross-context behavioral advertising.

We may use non-personal or aggregated data for lawful business purposes, including analytics, research, reporting, and Service improvement.

Artificial Intelligence and Automated Features

We use artificial intelligence and automated systems (“AI”) to generate and deliver guided meditation sessions and to support the operation and performance of the Service. We inform users when they are interacting with AI-generated content through AI-supported features of the Service. AI is used to create short-form meditation content in real time based on information you choose to provide, such as your selected meditation focus, preferences, and first name, and to generate audio output using synthesized voices.

AI-supported features are designed to support relaxation and general wellbeing and are provided solely for entertainment and informational purposes. The Service does not provide medical, mental health, therapeutic, or other professional advice, and AI-generated content should not be relied upon as a substitute for professional guidance.

AI-generated outputs may vary in quality, tone, or suitability and may not be accurate or appropriate in all situations. You are responsible for how you choose to interpret or use any content generated through the Service. The Service is intended to inform and support user-selected experiences and does not seek to influence behavior in a manner that exploits vulnerabilities or impairs user autonomy.

We do not use AI as the sole basis for decisions that produce legal or similarly significant effects concerning you. The Service does not engage in automated decision-making that has legal, financial, or other materially significant consequences for users. AI is used as a content-generation and support tool, not for profiling users for advertising, eligibility, creditworthiness, or access to essential services. We do not perform biometric identification, emotion recognition, or social scoring.

Information processed through AI-supported features is handled in accordance with this Policy. We may use third-party service providers to support AI functionality, and such providers are permitted to process personal data only on our behalf, subject to contractual confidentiality, data protection, and security obligations. AI-supported processing is subject to appropriate technical and organizational measures designed to protect personal data and system integrity.

Use of Third-Party AI Models and Training Disclosure.

To provide AI-supported features, wellKnell uses third-party artificial intelligence service providers. In connection with providing these features, limited user inputs—including your first name, selected meditation preferences, and session-related prompts—may be transmitted to such providers for processing to generate AI outputs on our behalf.

Generated meditation audio files include your spoken name as part of the personalized meditation experience. These audio files are temporarily stored to enable playback and are automatically deleted after a short retention period.

Depending on the third-party provider and the configuration in effect at the time of processing, such providers may retain and use submitted data to improve, train, or develop their AI models, subject to their own terms, data usage policies, and privacy practices. wellKnell does not control how third-party AI providers use data once received and encourages users to review the applicable privacy and data use policies of those providers.

wellKnell takes reasonable steps to minimize personal information included in AI inputs and does not intentionally submit sensitive personal information for AI model training. Where available, we configure third-party AI services to limit or opt out of data use for training purposes; however, such controls may not be available for all providers or processing scenarios.

By using AI-supported features of the Service, you acknowledge and consent to the processing of your inputs by third-party AI providers as described above.

Disclosure of Your Personal Data

We do not sell your personal data, and we do not share personal data for cross-context behavioral advertising.

We may disclose your personal data to the following categories of recipients:

• Affiliates. Members of our corporate group, such as our parent company, subsidiaries, or affiliates, where applicable and consistent with this Policy.

• Service providers. Third-party service providers that help us operate, maintain, and support the Service, including providers of hosting, infrastructure, database management, analytics, security, customer support tools, authentication services, and technical operations.

  This includes service providers that support AI-enabled functionality used to generate and deliver guided meditation content, such as text generation, audio synthesis, and temporary audio processing. Personal data shared with these providers may include limited identifiers (such as first name), session-related inputs, generated script content, or audio output, as necessary to provide the Service.

  These providers are permitted to process personal data only on our behalf, for the purposes we specify, and subject to contractual confidentiality, data protection, and security obligations. Where applicable, processing is limited in scope and duration, and certain content (such as generated audio) may be retained only for a short period of time before deletion.

• Platform and payment providers. Mobile platform providers such as Apple or Google, including in connection with account access, app distribution, authentication, and subscription management. wellKnell does not receive payment card details and does not process payments directly. When you use Apple Sign-In or Google Sign-In, we receive limited account information, such as your name and email address, as authorized by you. Subscription payments are processed by Apple or Google, as applicable, and we receive only limited transaction or subscription status information.

• Legal and regulatory authorities. Third parties where required to comply with applicable laws, regulations, legal processes, court orders, subpoenas, or lawful requests from government authorities.

• With your direction or consent. Third parties when you direct us to disclose personal data or otherwise provide permission to do so.

  We may also disclose personal data in connection with the following circumstances:

• Business transfers. In connection with a merger, acquisition, reorganization, sale of assets, financing, or similar transaction, including during negotiations or due diligence, subject to appropriate confidentiality protections.

• Legal compliance and enforcement. To comply with legal obligations, enforce our Terms of Service or other agreements, or respond to claims or disputes.

• Security and protection. To protect the rights, safety, and property of wellKnell, our users, or others, including to detect, investigate, and prevent fraud, abuse, unauthorized access, or security incidents, and to maintain the integrity and security of the Service.

We may share non-personal or aggregated information without restriction, where permitted by law.

Your Personal Data Use Choices

We strive to provide you with meaningful choices about how your personal data is used, particularly with respect to communications and certain features of the Service. The choices available to you may include the following:

• Communications from wellKnell. You may choose whether to receive promotional or informational communications from us about our services, features, or updates. Where available, you can manage your communication preferences through your account settings. You may also opt out of promotional emails at any time by using the unsubscribe link included in those messages.

  Please note that even if you opt out of promotional communications, we may still send you non-promotional, service-related messages, such as account notices, security alerts, subscription updates, or other important information related to your use of the Service.

• Cookies and similar technologies. You may be able to manage certain cookies or similar technologies through your browser or device settings. Please note that disabling some technologies may affect the availability or functionality of certain features of the Service.

• Account settings and controls. Depending on how you use the Service, you may have controls available through your account settings, such as preferences related to notifications, meditation settings, language, or other user-selected options. These settings allow you to manage certain aspects of how your information is used within the Service.

• Third-party links and features. The Service may contain links to third-party websites or include features provided by third parties. If you choose to interact with those third-party sites or features, their privacy practices will apply. We encourage you to review the privacy policies of any third-party services you choose to access.

Accessing and Correcting Your Personal Data

You may access, review, and update certain personal data directly through your account settings within the Service.

You may also contact us at info@wellknell.ai to request access to, correction of, or deletion of personal data you have provided to us. We may need to verify your identity before processing your request.

In some circumstances, we may be unable to accommodate a request where doing so would violate applicable law, legal obligations, or adversely affect the integrity or security of the Service. Deleting certain information may require deleting your account.

California

Certain U.S. states, including California, have enacted privacy laws that provide residents with specific rights regarding their personal data. Depending on applicable law, these rights may include the ability to access, correct, delete, or limit the use of personal data, as well as the right to opt out of certain data practices.

We provide additional information about these rights and how to exercise them in a separate privacy notice for California residents. If you are a resident of California, please review our Privacy Notice for California Residents, which supplements this Policy.

Residents of other U.S. states with comparable privacy laws may also have similar rights, as described in the Privacy Notice for California Residents.

The rights available to you, and the manner in which you may exercise them, depend on your state of residence and are subject to applicable legal requirements, limitations, and exceptions.

Your Rights (EEA, United Kingdom, and Switzerland)

This section applies to individuals located in the European Economic Area (“EEA”), the United Kingdom, and Switzerland. Individuals located in the United States have separate rights, which are described in the section titled California.

If you are located in the EEA, you have the following rights under the General Data Protection Regulation (“GDPR”), subject to applicable conditions and limitations:

• Right of Access. You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data. Where available, you may also access and review certain account information directly through the Service.

• Right to Rectification. You have the right to request correction of inaccurate or incomplete personal data. You may be able to update certain information, such as your name or email address, through your account settings.

• Right to Erasure (“Right to Be Forgotten”). You have the right to request deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where you object to processing and there are no overriding legitimate grounds.

• Right to Restrict Processing. You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while the accuracy of the data is being verified or where processing is unlawful and you oppose erasure.

• Right to Data Portability. You have the right to request a copy of certain personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

• Right to Object. You have the right to object to the processing of your personal data where processing is based on our legitimate interests. We may continue processing where required by law or where we have compelling legitimate grounds that override your interests, rights, and freedoms.

• Right to Withdraw Consent. Where we process personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

• Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where the alleged infringement occurred. We encourage you to contact us first so we may attempt to address your concerns.

Information about how to exercise these rights is provided in the How to Exercise Your Rights section of this Policy.

How to Exercise Your Rights

You may submit a request to exercise any rights available to you under applicable privacy laws by contacting us at info@wellknell.ai or, where available, through the in-app privacy or account settings. We may need to verify your identity before processing your request and will respond within the timeframes required by applicable law.

The rights available to you, and the manner in which you may exercise them, depend on your place of residence and are described in the applicable region-specific sections of this Policy.

Legal Basis for Processing Your Data

Depending on your location and the purposes for which we process personal data, we rely on one or more of the following legal bases under applicable data protection laws, including the GDPR, where applicable:

• Performance of a Contract. We process personal data where necessary to provide the Service you request and to perform our contractual obligations to you. This includes creating and managing your account, enabling access to the Service, generating guided meditation sessions, managing subscriptions and entitlements, providing customer support, and communicating with you about your use of the Service.

• Consent. We process certain personal data based on your consent where required by applicable law. This may include optional communications, participation in certain features, or other processing activities for which consent is the appropriate legal basis. You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

• Legitimate Interests. We process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Legitimate interests may include operating, maintaining, and improving the Service; ensuring the security and integrity of our systems; preventing fraud and misuse; conducting analytics to improve performance and reliability; and managing internal administrative and business operations.

• Legal Obligations. We process personal data where necessary to comply with applicable laws, regulations, or lawful requests from public authorities. This may include recordkeeping obligations, responding to legal process, and complying with tax, accounting, or other regulatory requirements.

To promote transparency, we describe the categories of personal data we collect, the purposes for which the data is processed, and the applicable legal bases where required by applicable law in Appendix A, including:

• What Information We Collect, including the purpose, source, legal basis, and retention period for each category of data.

• How We Use Your Information, including the legal basis for each processing activity.

For users located in the EEA, the United Kingdom, and Switzerland, Appendix A includes a detailed table describing the personal data we collect, the purposes of processing, the applicable legal bases under the GDPR, and retention periods.

Global Data Processing and Protection

We operate and process personal data globally and are committed to protecting personal data regardless of where users are located or where, or by whom, personal data is processed. Our global data protection measures include:

• Data security. Protecting personal data in transit and at rest through encryption and other appropriate technical safeguards.

• Access controls. Limiting access to personal data through authentication, authorization, and internal access control policies designed to restrict access to authorized personnel only.

• Data minimization. Collecting and retaining only the personal data necessary to operate, maintain, and improve the Service.

• Government and law enforcement requests. Limiting access to personal data except where disclosure is required by applicable law, necessary to address legitimate safety or security concerns, or made with user consent.

International Data Transfers

We may transfer personal data to countries outside of the European Economic Area (“EEA”), the United Kingdom, or Switzerland, including the United States, where data protection laws may differ from those in your jurisdiction.

Where required by applicable law, we rely on appropriate safeguards to protect personal data, which may include:

• Contractual necessity, where transfers are necessary to provide the Service or perform our agreement with you.

• Consent, where you have provided explicit consent for the transfer.

• Adequacy decisions, where transfers are made to jurisdictions recognized as providing an adequate level of data protection by the European Commission, the UK government, or the Swiss Federal Council.

• Standard Contractual Clauses and equivalent mechanisms, where transfers are made to countries without an adequacy decision. In such cases, we require our service providers to implement appropriate technical and organizational measures to protect personal data and restrict onward transfers.

Personal data transferred under these mechanisms remains subject to contractual safeguards. You may contact us to request additional information about applicable transfer mechanisms.

Data Sharing

We share personal data only as necessary to operate and provide the Service, at your direction, or as otherwise described in this Policy. We do not share personal data with advertising networks, data brokers, or third parties for cross-context behavioral advertising or profiling purposes. This may include sharing personal data:

• With service providers. Trusted third parties that assist us with hosting, infrastructure, database management, authentication, analytics, AI-supported content generation, customer support, security, and payment or subscription processing. These providers are authorized to process personal data only on our behalf and subject to contractual confidentiality and security obligations.

• With platform providers. Mobile platform providers such as Apple or Google, including in connection with app distribution, authentication, and subscription management.

• For legal and safety purposes. Where required to comply with applicable law, legal process, or lawful government requests, or where disclosure is necessary to protect the rights, safety, and security of wellKnell, our users, or others.

• With your consent or at your direction. Where you instruct us to disclose personal data or otherwise provide permission to do so.

We do not share personal data with social media companies for advertising, profiling, or cross-context behavioral advertising purposes.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, including to operate and provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and protect the integrity and security of the Service.

Retention periods vary depending on the nature of the data and the purpose for which it is processed. In general, we apply the following retention practices:

Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

Our security measures include:

• Encryption. Personal data is protected using industry-standard encryption for data in transit and at rest.

• Secure transmission. Data is transmitted using secure communication protocols, and authentication credentials are transmitted using secure headers.

• Authentication and access controls. Access to personal data is restricted through authentication mechanisms and role-based access controls.

• Password protection. Account passwords are stored using cryptographic hashing techniques and are never stored in plaintext.

• Data segmentation and minimization. Temporary or sensitive data used for AI processing is logically segregated and retained only for limited periods.

• Monitoring and logging. We use logging and monitoring tools to help detect unauthorized access, system errors, and security incidents.

• Third-party security. Service providers processing personal data on our behalf are required to maintain security measures appropriate to the nature of the data.

No system can be guaranteed to be completely secure. While we take reasonable steps to protect personal data, we cannot guarantee absolute security.

Children’s Online Privacy

The Service is not directed to children, and we do not knowingly collect personal data from individuals under the age of sixteen (16). If we become aware that we have inadvertently collected personal data from a minor, we will take reasonable steps to delete such information as soon as practicable.

If you believe that we may have collected personal data from or about a minor, please contact us using the contact information provided below.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do so, we will update the “Last Modified” date at the top of this Privacy Policy.

If we make material changes, we may provide additional notice, such as by posting a notice within the Service or, where appropriate, by sending a notification to the email address associated with your account. We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices.

Contact Information

If you have questions, comments, or requests regarding this Privacy Policy or our privacy practices, please contact us at info@wellknell.ai.