Well Seven AI-Powered Marketing Automation

1. Introduction

Welcome to Well Seven ("we," "our," or "us"). We are committed to protecting your privacy and handling your personal information with transparency and care.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Well Seven wellness platform, including our website, mobile applications, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our Service.

Well Seven is operated by Well Seven, registered in Paris, France.

2. Information We Collect

2.1 Personal Information You Provide

When you register, set up a profile, or interact with our Service, you may provide:

Account information name, email address, password, date of birth
Profile data wellness goals, health preferences, dietary restrictions, activity levels
Payment information billing address, payment card details (processed securely by our payment processor; we do not store full card numbers)
Communications messages you send to us, feedback, support requests
Health and wellness data information you voluntarily enter such as weight, sleep patterns, mood logs, nutrition intake, and exercise records

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain technical and usage information:

Device information device type, operating system, unique device identifiers, browser type and version
Usage data pages visited, features used, session duration, interaction patterns, time and date of access
Log data IP address, access times, referring URLs, error logs
Location data approximate location derived from your IP address (we do not collect precise GPS location unless you explicitly grant permission)

2.3 Cookies and Similar Technologies

We use cookies, pixels, and similar tracking technologies to collect information about your browsing activity. See Section 8: Cookies & Tracking for full details.

2.4 Information from Third Parties

We may receive information about you from:

Connected apps and devices if you connect fitness trackers, health apps, or wearable devices to Well Seven
Social login providers if you sign in via Google, Apple, or other identity providers, we receive your name and email as permitted by your settings
Analytics partners aggregated insights about how users discover and interact with our Service

3. How We Use Your Information

We process your information for the following purposes:

Purpose	Description
Service delivery	Create and manage your account, deliver personalized wellness plans, track your progress, and provide core platform functionality
Personalization	Tailor recommendations, content, and insights based on your health goals, preferences, and activity patterns
Analytics & improvement	Understand how users interact with the Service, identify trends, diagnose technical issues, and improve features
Communications	Send transactional emails (account confirmations, password resets), wellness reminders, and with your consent marketing communications
Safety & security	Detect fraud, enforce our Terms of Service, and protect the security and integrity of the platform
Legal compliance	Fulfill our legal obligations, respond to lawful requests, and resolve disputes
Research	Conduct aggregated, de-identified research to advance wellness insights (individual users are never identifiable in research outputs)

4. Legal Basis for Processing

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following grounds:

4.1 Contractual Necessity

Processing necessary to perform our contract with you for example, creating your account, delivering your personalized wellness plan, and processing payments.

4.2 Consent

Where required by law, we obtain your explicit consent before processing. This applies specifically to:

Health and wellness data (classified as special category data under GDPR Article 9)
Marketing communications
Non-essential cookies and tracking technologies

You may withdraw consent at any time through your account settings or by contacting us. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal.

4.3 Legitimate Interest

We process data where we have a legitimate business interest that is not overridden by your rights, including:

Improving and optimizing the Service
Preventing fraud and ensuring platform security
Conducting aggregated analytics
Providing customer support

4.4 Legal Obligation

We process data when required to comply with applicable laws, regulations, or legal proceedings.

5. Data Sharing & Third Parties

We do not sell your personal information. We have never sold user data and have no plans to do so. Under the California Consumer Privacy Act (CCPA), we confirm that no sale of personal information has occurred in the preceding 12 months.

We may share your information with the following categories of recipients:

5.1 Service Providers

Trusted third-party vendors who assist us in operating the Service, subject to strict contractual data protection obligations:

Cloud hosting infrastructure and data storage
Payment processing secure handling of transactions
Email delivery transactional and marketing communications
Analytics understanding usage patterns and Service performance
Customer support help desk and ticketing systems

5.2 Connected Third-Party Services

If you choose to connect external apps or devices (fitness trackers, health apps), data will be shared with those services as necessary for the integration to function. Each third-party service is governed by its own privacy policy.

5.3 Legal and Safety Disclosures

We may disclose your information if required to do so by law, or if we believe in good faith that disclosure is necessary to:

Comply with a legal obligation, regulation, or valid legal process
Protect the rights, property, or safety of Well Seven, our users, or the public
Detect and prevent fraud or security incidents

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.

Data Category	Retention Period
Account information	Duration of your account, plus 30 days after deletion request
Health & wellness data	Duration of your account; deleted within 30 days of account closure
Payment records	7 years (as required by tax and financial regulations)
Usage & analytics data	26 months, then aggregated or deleted
Support communications	3 years from resolution date
Server logs	90 days
Cookie data	See Section 8

When data is no longer needed, we securely delete or anonymize it so that it can no longer be associated with you.

7. Your Rights

Depending on your jurisdiction, you have certain rights regarding your personal data. We are committed to honoring these rights regardless of where you are located, to the extent technically feasible.

7.1 Rights Under GDPR (EEA & UK)

Access Request a copy of the personal data we hold about you
Rectification Request correction of inaccurate or incomplete data
Erasure ("Right to be Forgotten") Request deletion of your personal data, subject to legal retention obligations
Restriction Request that we limit processing of your data in certain circumstances
Portability Receive your data in a structured, commonly used, machine-readable format
Objection Object to processing based on legitimate interest or direct marketing
Withdraw consent Withdraw previously given consent at any time
Lodge a complaint File a complaint with your local Data Protection Authority

7.2 Rights Under CCPA (California Residents)

Right to Know Request details about the categories and specific pieces of personal information we have collected
Right to Delete Request deletion of personal information we have collected from you
Right to Opt-Out Opt out of the sale of personal information (note: we do not sell personal information)
Right to Non-Discrimination We will not discriminate against you for exercising any of your privacy rights

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at contact@wellseven.com or use the privacy controls in your account settings. We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA).

We may need to verify your identity before processing your request. If a request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee or refuse the request, with explanation.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and support our operations.

8.1 Types of Cookies We Use

Category	Purpose	Duration
Strictly necessary	Essential for the Service to function (authentication, security, load balancing)	Session – 1 year
Functional	Remember your preferences (language, theme, display settings)	Up to 1 year
Analytics	Understand how users interact with the Service (page views, feature usage)	Up to 26 months
Marketing	Deliver relevant content and measure campaign effectiveness	Up to 13 months

8.2 Managing Cookies

When you first visit our Service, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. You can update your preferences at any time through our cookie settings panel or through your browser settings.

Please note that disabling certain cookies may affect the functionality of the Service.

8.3 Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. We currently respond to DNT signals by disabling non-essential analytics and marketing cookies when a DNT header is detected.

9. Children's Privacy

Well Seven is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 years of age, in compliance with the Children's Online Privacy Protection Act (COPPA).

For users in the European Economic Area, the age threshold is 16 (or the applicable age in your member state under GDPR Article 8).

If we discover that we have inadvertently collected information from a child under the applicable age threshold, we will take immediate steps to delete that information. If you believe a child has provided us with personal data, please contact us at contact@wellseven.com.

10. International Data Transfers

Well Seven operates globally, and your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from the laws in your jurisdiction.

10.1 Safeguards

When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) EU-approved contractual terms that provide adequate data protection
Adequacy decisions Transfers to countries recognized by the European Commission as providing adequate protection
Data Processing Agreements Binding agreements with all sub-processors that meet GDPR requirements

10.2 Data Storage Location

Primary data storage is located in the European Union. Backups and redundant copies may be stored in additional regions to ensure service reliability.

11. Security Measures

We implement robust technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

11.1 Technical Safeguards

Encryption in transit All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
Encryption at rest Sensitive data, including health and wellness information, is encrypted using AES-256
Access controls Role-based access, multi-factor authentication for administrative systems, and principle of least privilege
Infrastructure security Regular vulnerability assessments, penetration testing, and security audits
Secure development Security review processes, dependency monitoring, and secure coding practices

11.2 Organizational Safeguards

Staff training on data protection and security awareness
Data protection impact assessments for new features involving personal data
Incident response plan with defined notification procedures
Regular review of sub-processors and third-party security posture

11.3 Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33) and will inform affected users without undue delay when the breach is likely to result in a high risk to their rights.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make material changes, we will:

Update the "Last updated" date at the top of this page
Provide prominent notice within the Service (e.g., a banner or in-app notification)
Send an email notification to registered users for significant changes
Where required by law, obtain your renewed consent before applying changes

We encourage you to review this page periodically. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email	contact@wellseven.com
Postal Address	21 Rue Dautrancourt, Paris 17, France
Data Protection Officer	Petra Bochnickova contact@wellseven.com

For data access, deletion, or portability requests, you may also use the self-service privacy controls available in your account settings under Settings → Privacy & Data.