1. Information We Collect

We may collect and process the following data about you:

• Identity and Contact Data: Name, email address, password, and other registration information.
• Wellness Data: Information you provide through check-ins, chats, and plan generation, such as your mood, stress levels, goals, fitness preferences, lifestyle details, and any images or videos you upload for analysis.
• Subscription Data: Details about your subscription plan (e.g., Core, Platinum) and payment information, which is securely handled by our third-party payment processor (Stripe).
• Technical Data: IP address, browser type, device information, and usage data collected through cookies and similar technologies.

2. How We Use Your Information

We use your data for the following purposes:

• To provide and manage your account and our services.
• To personalize your experience, including generating wellness plans and providing coaching.
• To process your subscription payments.
• To communicate with you about your account and our services.
• To improve our platform by analysing anonymised and aggregated data.
• To comply with legal obligations.

3. How We Use Automated Systems

Our platform uses automated systems to provide core features like personalized coaching and data analysis. When you interact with our coaches, the data you provide (such as text, images, or videos) is processed to generate a response. We do not use personal data to train our core models without your explicit consent. Your individual conversations and data are not used to train models that serve other users.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following legal bases:

• Contract: To fulfill our contractual obligations to you when you subscribe to our service.
• Legitimate Interests: To improve our service and for security purposes, provided our interests are not overridden by your rights.
• Consent: For specific purposes, such as when you agree to let us use your data for model training or marketing. You can withdraw your consent at any time.

5. Data Storage and Security

Your data is stored on secure servers. We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised use, or access. Payment transactions are encrypted using SSL technology and handled by our secure payment provider.

6. Your Data Protection Rights

Under UK data protection law, you have rights including:

• Right of access: You have the right to ask us for copies of your personal information.
• Right to rectification: You have the right to ask us to rectify information you think is inaccurate.
• Right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
• Right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
• Right to object to processing: You have the right to object to processing if we are doing so under legitimate interests.
• Right to data portability: You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.

To exercise these rights, please contact us at privacy@workhealthy.example.com.

7. Cookies

We use essential cookies to make our site work. These include cookies for authentication (to keep you logged in) and security. We do not use non-essential tracking or advertising cookies.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "last updated" date.

9. Contact Us

If you have any questions about this Privacy Policy, please contact our Data Protection Officer at: dpo@workhealthy.example.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).