PRIVACY POLICY

Eective Date: March 10, 2026
Last Updated: March 10, 2026

Controller: Essential Nova Labs OÜ
Business Address: Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia
Contact Email: support@essentialnovalabs.com
Data Protection Ocer: Essential Nova Labs OÜ (support@essentialnovalabs.com)

1. INTRODUCTION
Essential Nova Labs OÜ ("Essential Nova Labs," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, purchase our courses, or use our coaching services.

This Privacy Policy applies to all users worldwide, including residents of the European Union (EU), European Economic Area (EEA), United Kingdom (UK), United States (US), Australia, and other jurisdictions. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Australian Privacy Act 1988.

By using our services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. INFORMATION WE COLLECT
We collect several types of information from and about users of our services:

Personal Information You Provide Directly
We collect personal information that you voluntarily provide to us when you:
• Register for an account or enroll in courses
• Participate in coaching programs
• Subscribe to our newsletter or marketing communications
• Complete forms, surveys, or assessments
• Contact our customer support team
• Participate in community features (member-only areas)

The types of personal information we may collect include:

Table 1: Categories of Personal Information Collected
• Contact Information: Name, email address, phone number
• Account Information: Username, password (encrypted)
• Coaching Information: Information you provide to customize coaching programs
• Payment Information: Processed by third-party providers (see below)
• Course Progress: Quiz results, assessment scores, completion status
• Communications: Support inquiries, feedback, correspondence

Payment Information
We use third-party payment processors to handle all payment transactions:
• Stripe: For credit/debit card payments
• Circle payments: Integrated payment processing
• PayPal: Alternative payment method

Important: We do not store complete credit card numbers, CVV codes, or full payment card details on our servers. Payment information is transmitted directly to and stored by our payment processors in compliance with Payment Card Industry Data Security Standards (PCI DSS). We may receive and store limited payment information such as the last four digits of your card, card type, and billing address for record-keeping and customer support purposes.

Automatically Collected Information
When you access our website or use our services, we automatically collect certain information about your device and usage patterns:
• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages viewed, time spent, click patterns, navigation paths
• Location Data: General geographic location inferred from IP address
• Cookies and Tracking Technologies: See "Cookies and Tracking" section below

Information from Third Parties
We may receive information about you from third-party platforms and services you use to access our services, such as social media authentication providers (if applicable).

3. HOW WE USE YOUR INFORMATION
We use the information we collect for the following purposes:

Service Delivery and Account Management
• Provide, maintain, and improve our educational services
• Create and manage your account
• Deliver course content and coaching programs
• Track your progress and issue completion certicates
• Process payments and maintain transaction records
• Provide customer support and respond to inquiries
• Communicate important service updates and notications

Personalization and Product Development
• Customize coaching programs to your specic needs and goals
• Personalize your learning experience and recommend relevant content
• Develop new products, services, and features based on user feedback
• Analyze usage patterns to improve course eectiveness
• Conduct research and analysis to enhance our educational oerings

Marketing and Communications
• Send promotional emails about new courses, features, and special oers
• Provide newsletters with educational content and industry insights
• Market future products and services that may be of interest to you
• Conduct surveys and gather feedback to improve our services

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or contacting us at support@essentialnovalabs.com.

Analytics and Improvement
• Analyze website trac and user behavior to improve site performance
• Monitor and analyze trends, usage, and activities
• Detect, prevent, and address technical issues and security threats
• Ensure the security and integrity of our services

Legal Compliance and Protection
• Comply with legal obligations and regulatory requirements
• Enforce our Terms of Service and other agreements
• Protect the rights, property, and safety of Essential Nova Labs, our users, and others
• Respond to legal requests from authorities and government agencies
• Prevent fraud, unauthorized access, and other illegal activities

Aggregated and Anonymized Data
We may aggregate and anonymize personal information to create statistical data that cannot identify you individually. This anonymized data may be used for any purpose, including business analysis, research, and improving our services, without restriction.

4. LEGAL BASIS FOR PROCESSING (GDPR AND UK GDPR)
For users in the EU, EEA, and UK, we process your personal information based on the following legal grounds:

Table 2: Legal Bases for Data Processing
• Contract Performance: Providing courses, coaching services, account management, payment processing
• Consent: Marketing communications, non-essential cookies, optional features
• Legitimate Interest: Service improvement, analytics, fraud prevention, security, product development
• Legal Obligation: Compliance with tax laws, nancial regulations, responding to legal requests

Where we rely on legitimate interests, we have balanced our interests against your rights and freedoms and determined that our processing is proportionate and necessary.

5. HOW WE SHARE YOUR INFORMATION
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share your information in the following limited circumstances:

Service Providers and Business Partners
We share personal information with trusted third-party service providers who perform services on our behalf. These providers are contractually obligated to protect your information and use it only for the purposes we specify:

Table 3: Third-Party Service Providers
• Circle: Community/ Course  hosting, email delivery, website infrastructure
• Stripe / PayPal: Payment processing
• Google Workspace: Email communications, document storage
• Notion: CRM, customer data management, internal operations
• Typeform: Forms, surveys, assessments
• Zapier/Make: Integration and automation between platforms
• Meta: Advertising and marketing (with consent)
• Google Analytics: Website analytics and usage tracking (with consent)

These service providers may process your data in various locations, including the United States and other countries outside your jurisdiction. We ensure appropriate safeguards are in place for international data transfers (see "International Data Transfers" section).

Legal Requirements and Protection
• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of Essential Nova Labs, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to claims of intellectual property infringement

Business Transfers
In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the successor entity. We will notify you of any such change in ownership or control of your personal information.

With Your Consent
We may share your information with third parties when you give us explicit consent to do so.

Aggregated Information
We may share aggregated, anonymized information that does not identify you personally with partners, researchers, or the public for analysis, research, or promotional purposes.

6. COOKIES AND TRACKING TECHNOLOGIES
We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities and preferences.

What Are Cookies?
Cookies are small text les placed on your device by websites you visit. They help websites remember your preferences, analyze trac, and improve functionality.

Types of Cookies We Use
Table 4: Cookie Categories
• Strictly Necessary: Essential for website operation, account login, security
• Functional: Remember your preferences, language settings, customization
• Analytics: Google Analytics - track usage patterns and website performance
• Advertising: Meta Pixel - deliver targeted ads and measure campaign eectiveness

Cookie Consent and Management
For EU, EEA, and UK Users: We obtain your explicit consent before placing non-essential cookies (analytics and advertising) on your device. You can manage your cookie preferences through our cookie consent banner that appears when you rst visit our website.

For All Users: You can control cookies through your browser settings. Most browsers allow you to:
• View and delete cookies
• Block all cookies or specic cookies
• Receive notications when cookies are set
• Block third-party cookies

Please note that blocking essential cookies may prevent you from using certain features of our website.

Third-Party Tracking
• Google Analytics: We use Google Analytics to understand how users interact with our website. Google Analytics uses cookies to collect usage data. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
• Meta Pixel (Facebook Pixel): We use Meta Pixel to measure advertising eectiveness and deliver targeted ads on Facebook and Instagram. The Pixel collects information about your website activity. You can control Facebook ads through your Facebook Ad Preferences.

For more information about how these third parties use your data, please review their privacy policies:
• Google Analytics Privacy Policy: https://policies.google.com/privacy
• Meta Privacy Policy: https://www.facebook.com/privacy/policy

7. DATA RETENTION
We retain your personal information only for as long as necessary to fulll the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods
Table 5: Data Retention Schedule
• Account Information: Active account + 30 days after closure
• Course Progress Data: Active account + 30 days after closure
• Transaction Records: 7 years (tax and accounting requirements)
• Marketing Communications: Until you unsubscribe or object
• Support Communications: 3 years after resolution
• Cookies / Analytics Data: According to cookie type (see cookie notice); Identiable data 26 months

Account Deletion
When you request account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain certain information for legal, tax, or regulatory purposes (such as transaction records).

Backup Systems
Deleted information may remain in backup systems for up to 90 days before being permanently removed.

8. INTERNATIONAL DATA TRANSFERS
Essential Nova Labs is based in Estonia. We provide services to users globally and use service providers located in various countries, including the United States.

Transfers Outside Your Country
When we transfer personal information outside the EU/EEA, UK, or Australia, we implement appropriate safeguards to protect your data:
• Standard Contractual Clauses: We use European Commission-approved Standard Contractual Clauses (SCCs) with our service providers
• Adequacy Decisions: We rely on adequacy decisions where applicable
• Data Processing Agreements: We enter into data processing agreements with all processors
• Privacy Shield (legacy): For US-based providers, we verify appropriate alternative transfer mechanisms

Transfers to the United States
Several of our service providers (including Kajabi, Stripe, PayPal, Google, and Meta) are based in the United States. We have ensured these providers implement appropriate technical and organizational measures to protect your data in accordance with applicable laws. By using our services, you acknowledge and consent to the transfer of your personal information to countries outside your country of residence, which may have dierent data protection standards.

9. YOUR PRIVACY RIGHTS
Depending on your location, you have certain rights regarding your personal information.

Rights Under GDPR and UK GDPR (EU, EEA, UK Residents)
• Right of Access: Request a copy of the personal information we hold about you
• Right to Rectication: Request correction of inaccurate or incomplete information
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information
• Right to Restriction: Request that we limit how we use your information
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Rights Under CCPA/CPRA (California Residents)
• Right to Know: Request information about categories and specic pieces of personal information collected
• Right to Delete: Request deletion subject to exceptions
• Right to Correct: Request correction of inaccurate information
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information
• Right to Limit Use: Limit our use of sensitive personal information
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising rights

Rights Under Australian Privacy Act
• Right to Access: Request access to your personal information
• Right to Correction: Request correction of inaccurate information
• Right to Complain: Lodge a complaint with the Oce of the Australian Information Commissioner (OAIC)
• Right to Anonymity: Where practicable, interact with us anonymously or using a pseudonym

How to Exercise Your Rights
To exercise any of these rights, please contact us at:
• Email: support@essentialnovalabs.com
• Subject Line: "Privacy Rights Request"

Please include your full name, email address associated with your account, a clear description of your request, and verication information to conrm your identity. We will respond within the required legal timeframes (GDPR: 30 days; CCPA: 45 days; Australian Privacy Act: 30 days). We may need to verify your identity before fullling your request to protect your personal information from unauthorized access.

10. CHILDREN'S PRIVACY
Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16 years of age.

Age Restrictions
• Minimum Age: Users must be at least 16 years old to use our services
• Parental Consent: If you are under 18 but at least 16, obtain parental consent before using our services
• Verication: We may request age verication if needed

If we discover that we have inadvertently collected personal information from a child under 16, we will delete such information immediately. If you believe we have collected information from a child under 16, please contact us immediately at support@essentialnovalabs.com.

Regulatory Standards
Our age policy complies with GDPR (16 years minimum), CCPA/CPRA, and Australian Privacy Act standards.

11. DATA SECURITY
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Security Measures
• Encryption: SSL/TLS encryption for data in transit
• Access Controls: Role-based access restrictions and authentication requirements
• Secure Hosting: Use of reputable hosting providers with robust security standards
• Password Protection: Encrypted password storage using industry-standard hashing
• Regular Updates: Timely security patches and software updates
• Monitoring: Continuous threat monitoring
• Data Minimization: Collection of only necessary information
• Vendor Security: Contractual security requirements for all service providers

Data Breach Notication
In the event of a data breach, we will notify aected individuals within 72 hours of discovery (required by GDPR) and report to relevant authorities.

Your Responsibility
• Keep your password condential and secure
• Do not share your account credentials
• Log out after each session, especially on shared devices
• Report suspicious activity immediately

12. THIRD-PARTY LINKS AND SERVICES
Our website may contain links to third-party websites, applications, or services not operated by us. This Privacy Policy does not apply to third-party sites. We encourage you to review their privacy policies.

Social Media
Features may collect your IP address and set cookies. These are governed by the privacy policies of the third parties hosting them.

13. CHANGES TO THIS PRIVACY POLICY
We may update this policy to reect changes in practices or requirements. Minor changes update the "Last Updated" date; material changes get 30-day notice.

14. CONTACT INFORMATION AND COMPLAINTS
General Inquiries: support@essentialnovalabs.com
Address: Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia
Supervisory Authorities: EU Residents: Estonian Data Protection Inspectorate; UK: ICO; California: CPPA; Australia: OAIC.

Consent and Acceptance
By using Essential Nova Labs services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

End of Privacy Policy
Last reviewed and approved: March 10, 2026
Next scheduled review: March 10, 2027