PRIVACY POLICY

Last updated May 29, 2026

This Privacy Notice for Bodhi Cipher ('we', 'us', or 'our'), describes how and why we might access, collect, store, use, and/or share ('process') your personal information when you use our services ('Services'), including when you:

• Visit our website at https://bodhicipher.online, or any website of ours that links to this Privacy Notice
• Use Bodhi Cipher — a digital wellness app that helps users decode the emotional and psychological roots of physical symptoms, accessed via a once-off purchase granting lifetime access at bodhicipher.online
• Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected].

---

Summary of Key Points

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the choices you make.

Do we process any sensitive personal information? No. We do not process sensitive personal information.

Do we collect any information from third parties? No. We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

In what situations and with which parties do we share personal information? We may share information in specific situations with specific third parties including our payment processor (FastPayDirect) and our CRM platform (GoHighLevel).

How do we keep your information safe? We have adequate organisational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet can be guaranteed to be 100% secure.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

How do you exercise your rights? The easiest way is by contacting us at [email protected]. We will consider and act upon any request in accordance with applicable data protection laws.

---

---

1. What Information Do We Collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you purchase access to Bodhi Cipher or when you contact us. The personal information we collect includes:

• Name and email address — collected at point of purchase via FastPayDirect and used to create your Bodhi Cipher account via Supabase Auth
• Feedback — any feedback you voluntarily submit within the app

Sensitive Information: We do not process sensitive information.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes.

Information automatically collected

In Short: Some information — such as your IP address and browser characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information such as your IP address, browser and device characteristics, operating system, language preferences, and other technical information. This information is primarily needed to maintain the security and operation of our Services.

---

2. How Do We Process Your Information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for the following purposes:

• To create and manage your Bodhi Cipher account
• To deliver the app and its content to you
• To send you account-related communications including your access invite email
• To send you service updates and notifications about new conditions added to the app (only if you have opted in)
• To improve and maintain the Services
• For security and fraud prevention
• To comply with applicable laws

---

3. What Legal Bases Do We Rely On to Process Your Information?

In Short: We only process your personal information when we have a valid legal reason to do so under applicable law.

If you are located in the EU or UK, we rely on the following legal bases:

• Consent: Where you have given us permission to use your personal information for a specific purpose.
• Contract: Where processing is necessary to fulfil our contract with you — specifically, to deliver your Bodhi Cipher access after purchase.
• Legal Obligations: Where processing is necessary for compliance with our legal obligations.
• Vital Interests: Where processing is necessary to protect vital interests.

If you are located in Canada, we may process your information where you have given express or implied consent, or in exceptional circumstances permitted by applicable law.

---

4. When and With Whom Do We Share Your Personal Information?

In Short: We may share information in specific situations with specific third parties.

We share your personal information with the following service providers:

• FastPayDirect: Our payment processor. Processes your payment at the point of purchase.
• GoHighLevel (GHL): Our CRM platform. Receives your name and email after purchase to trigger your account setup email and any subsequent service communications.
• Supabase: Our app database and authentication provider. Stores your account credentials and app usage data securely.
• Google Analytics: We may use Google Analytics to track and analyse use of the Services. To opt out, visit https://tools.google.com/dlpage/gaoptout.

Business Transfers: We may share or transfer your information in connection with any merger, sale, or acquisition of all or part of our business.

---

5. Do We Use Cookies and Other Tracking Technologies?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies to maintain the security of our Services, fix bugs, save your preferences, and assist with basic site functions. We also permit third-party service providers to use tracking technologies for analytics purposes.

---

6. How Long Do We Keep Your Information?

In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this Privacy Notice unless otherwise required by law.

We keep your account information for as long as your Bodhi Cipher account remains active. If you request deletion of your account, we will delete or anonymise your personal information unless a longer retention period is required by law.

---

7. How Do We Keep Your Information Safe?

In Short: We aim to protect your personal information through a system of organisational and technical security measures.

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet can be guaranteed to be 100% secure. You should only access the Services within a secure environment.

---

8. Do We Collect Information From Minors?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly collect, solicit data from, or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years of age. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data. If you become aware of any data we may have collected from children under age 18, please contact us at [email protected].

---

9. What Are Your Privacy Rights?

In Short: Depending on your location, you may have certain rights regarding your personal information.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right to:

• Request access to and obtain a copy of your personal information
• Request rectification or erasure of your personal information
• Restrict the processing of your personal information
• Data portability
• Not to be subject to automated decision-making

You may review, change, or request deletion of your account at any time by contacting us at [email protected].

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us using the details below.

Opting out of marketing communications: You can unsubscribe from our marketing emails at any time by clicking the unsubscribe link in any email we send, or by contacting us directly. We may still send you service-related messages necessary for the administration of your account.

---

10. Controls for Do-Not-Track Features

Most web browsers include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. As no uniform technology standard for recognising and implementing DNT signals has been finalised, we do not currently respond to DNT browser signals.

---

11. Do United States Residents Have Specific Privacy Rights?

In Short: If you are a US resident, you may have additional rights regarding your personal information depending on your state of residence.

In the past 12 months we have NOT collected any of the following categories of personal information: identifiers beyond name and email, protected classification characteristics, commercial information beyond transaction records, biometric data, detailed network activity, precise geolocation data, audio or visual data, employment information, education information, inferences, or sensitive personal information.

We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose beyond what is described in Section 4 of this policy. We will not sell personal information belonging to website visitors, users, or other consumers.

To exercise your rights under applicable US state data protection laws, please contact us at [email protected].

---

12. Do Other Regions Have Specific Privacy Rights?

Australia and New Zealand

We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. If you do not wish to provide the personal information necessary to fulfil the applicable purpose, it may affect our ability to provide our services or respond to your requests.

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint to the Office of the Australian Information Commissioner or the Office of New Zealand Privacy Commissioner.

Republic of South Africa

At any time, you have the right to request access to or correction of your personal information by contacting us using the details below.

If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the Information Regulator (South Africa):

• General enquiries: [email protected]
• Complaints (POPIA/PAIA form 5): [email protected] & [email protected]

---

13. Do We Make Updates to This Notice?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated date at the top of this Privacy Notice. If we make material changes, we may notify you either by prominently posting a notice or by directly sending you a notification. We encourage you to review this Privacy Notice frequently.

---

14. How Can You Contact Us About This Notice?

---

15. How Can You Review, Update, or Delete the Data We Collect From You?

You have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.

To request to review, update, or delete your personal information, please contact us at [email protected].