PRIVACY POLICY

Last Updated: 12/23/2025

This Privacy Policy explains how CalmTrade™ (“CalmTrade,” “we,” “us”) collects, uses, shares, and protects your information when you use our website, apps, and services (the “Services”).

1) Information we collect

A. Information you provide

• Account information (such as name, email, login credentials)

• Customer support communications

• Any notes, tags, or journal-style entries you choose to add

B. Health and biometric-related information (Health Data)

If you connect compatible wearables (including Polar H10 and Polar 360) and/or Apple HealthKit and grant permission, we may collect the Health Data you authorize, including heart rate, HRV, resting heart rate, sleep-related metrics, steps, and related timestamps/metadata. We may also generate derived metrics (such as trends, baselines, or scores) from this data.

C. Device and usage information

• Device type, operating system, app version

• IP address and approximate location (derived from IP)

• Logs and diagnostic data to maintain and secure the Services

D. Cookies (website)

We may use essential cookies for site functionality and security. We do not currently use third-party advertising cookies or analytics cookies [update this if you add them later].

2) How we use information

We use information to:

• Provide, operate, and maintain the Services

• Sync your data across devices and enable features (including export)

• Provide educational/wellness insights and in-app experiences you request

• Communicate with you about the Services (e.g., account notices, support)

• Protect the security and integrity of the Services (fraud/abuse prevention)

• Comply with legal obligations and enforce our Terms of Service

3) Legal bases for processing (for users in certain regions)

Where required by law (e.g., EU/UK), we process information under one or more of the following:

• Consent (for example, HealthKit permissions and wearable integrations)

• Contract (to provide the Services you request)

• Legitimate interests (such as securing and improving the Services)

• Legal obligation (to comply with applicable laws)

4) How we share information

We do not share your Health Data with brokers or trading partners.

We may share information with:

• Service providers (processors) that help us operate the Services (e.g., cloud hosting, customer support), under contractual obligations to protect your data

• Legal and safety purposes (to comply with law, respond to lawful requests, protect rights/safety, prevent fraud)

• Business transfers (if we undergo a merger, acquisition, or asset sale; we will provide notice as required)

We do not sell your personal information.

5) Data retention

We retain personal information (including Health Data stored on our servers) only as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law. You may request deletion as described below.

6) Your choices and rights

A. Health permissions and integrations

• You can revoke HealthKit permissions at any time in your device settings.

• You can disconnect wearable integrations.

B. Access, export, and deletion

• You may be able to export your data through the Services.

• You may request access to, correction of, or deletion of your information by contacting us at [PRIVACY EMAIL].

We may need to retain certain information for legal, security, or fraud-prevention purposes.

C. Region-specific rights

Depending on where you live, you may have additional rights (such as the right to object, restrict processing, or lodge a complaint with a data protection authority).

7) International data transfers

Because we operate globally, your information may be transferred to and processed in countries other than where you live. We take steps designed to protect information during international transfers as required by applicable law.

8) Security

We use reasonable administrative, technical, and physical safeguards designed to protect information. No system is completely secure.

9) Children’s privacy

The Services are not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us.

10) BROKERAGE ACCOUNT DATA (IF YOU ENABLE BROKER SYNC)

If you choose to connect a brokerage account, we may access and store certain brokerage account information such as account identifiers, balances, positions/holdings, and transaction history (“Brokerage Data”) to provide syncing, dashboards, and export features.

How we access Brokerage Data.

Brokerage Data is accessed through the SnapTrade connection method you choose (for example, an account-connection provider). Some providers support recurrent, user-absent access to keep your connected accounts up to date.

How we use Brokerage Data.

We use Brokerage Data to provide syncing, display your portfolio information inside the Services, support data export, improve reliability, and maintain security. We do not use Brokerage Data for advertising.

Sharing.

We do not share Brokerage Data with brokers or trading partners for marketing. We may share Brokerage Data with service providers that help us operate the Services (e.g., hosting) under contractual confidentiality and security obligations.

Your controls.

You can disconnect broker sync at any time. After disconnection, we will stop new data pulls, and you can request deletion of previously stored Brokerage Data, subject to limited legal/security exceptions.

11) Changes to this Privacy Policy

We may update this Policy from time to time. We will update the “Last Updated” date and provide additional notice if required.

12) Contact

Privacy questions or requests:

Burns Capital LLC

414 Roosa Gap rd.

Bloomingburg, NY 12721

Email: joseph.burns@getcalmtrade.com