Kyha Privacy Notice
Effective as of October 27th, 2025
This Privacy Notice describes how Kyha, Inc. ("Kyha", "we", "us" or "our") handle personal information that we
collect through our digital properties that link to this Privacy Notice, including our website and mobile
application (collectively, the "Services"), as well as through social media, our marketing activities, and other
activities described in this Privacy Notice.
Index
Information you provide to us.
Personal information you may provide to us through the Services or otherwise includes:
- Contact data, such as your first and last name, salutation, email address, mailing address, professional title
and company name, and phone number.
- Demographic Information, such as your city, state, country of residence, and postal code.
- Communications data based on our exchanges with you, including when you contact us through the Services,
email, social media, or otherwise.
- Marketing data, such as your preferences for receiving our marketing communications and details about your
engagement with them.
- Profile data, such as the username and password that you may set to establish an online account on the
Services, date of birth, redemption code, biographical details, photograph or picture, links to your profiles on
social networks, interests, preferences, information about your participation in our contests, promotions, or
surveys, and any other information that you add to your account profile.
- Health-related personal information, including symptoms, life stage (e.g., perimenopause, menopause),
menstrual history, and other reproductive or hormonal health details that you choose to share through the
Services.
- Health app and wearable device data. If you choose to connect a health app or wearable device (such as Apple
Health or Google Health), we may receive classified health metrics including sleep patterns, physical activity,
heart rate variability, resting heart rate, and body temperature readings. This data is processed on your
device — raw health data is never transmitted to our servers. Only derived pattern classifications (such as
whether a metric is trending above or below your personal baseline) are sent to Kyha to power your personalized
insights. You can disconnect your health app at any time through your device settings.
- Transactional data, such as information relating to or needed to complete your orders on or through the
Services, including order numbers and transaction history.
- Interactive data, such as information you provide when you interact with our Services through daily tracking
or open-ended inputs such as journaling, chat with AI, or forms.
- User-generated content data, such as photos, images, music, videos, comments, questions, messages, works of
authorship, and other content or information that you generate, transmit, or otherwise make available on the
Services, as well as associated metadata. Metadata includes information on how, when, where and by whom a piece
of content was collected and how that content has been formatted or edited. Metadata also includes information
that users can add or can have added to their content, such as keywords, geographical or location information,
and other similar data.
- Government-issued identification number data, such as national identification number (e.g. Social Security
Number, tax identification number, passport number), state or local identification number (e.g., driver's
license or state ID number), and an image of the relevant identification card.
- Payment data needed to complete transactions, including payment card information or bank account number.
- Other data not specifically listed here, which we will use as described in this Privacy Notice or as otherwise
disclosed at the time of collection.
Third-party sources.
We may combine personal information we receive from you with personal information we obtain from other sources,
such as:
- Public sources, such as government agencies, public records, social media platforms, and other publicly
available sources.
- Data providers, such as information services and data licensors that provide demographic and other
information.
- Marketing or brand partners, such as joint marketing partners, brand partners, and event co-sponsors.
- Our affiliate partners, such as our affiliate network provider and publishers, influencers, and promoters who
participate in paid affiliate programs that we may operate.
- Third-party services, such as social media services and connected devices, that you use to log into, or
otherwise link to, your Services account. This data may include your username, profile picture, health and other
information collected through a connected device, and other information associated with your account on that
third-party service that is made available to us based on your account settings on that service and/or device.
Automatic data collection.
We, our service providers, and our business partners may automatically log information about you, your computer
or mobile device, and your interaction over time with the Services, our communications and other online services,
such as:
- Device data, such as your computer or mobile device's operating system type and version, manufacturer and
model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP
address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile
device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), time zone, and general location information
such as city, state or general geographic area.
- Crash reports, such as detailed diagnostic information about your device and the activities that led to the
crash which may include personal information (if you elect to provide crash reports).
- Push notification preferences, which may include tokens that indicate your preference.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website
you visited before browsing to the Services, navigation paths between pages or screens, information about your
activity on a page or screen, access times and duration of access, and whether you have opened our emails or
clicked links within them.
- Communication interaction data such as your interactions with our email, text or other communications (e.g.,
whether you open and/or forward emails) – we may do this through use of pixel tags (which are also known as
clear GIFs), which may be embedded invisibly in our emails.
Cookies and similar technologies.
Some of the automatic collection described above is facilitated by the following technologies:
- Cookies, which are small text files that websites store on user devices and that allow web servers to record
users' web browsing activities and remember their submissions, preferences, and login status as they navigate a
site. Cookies used on our sites include both "session cookies" that are deleted when a session ends, "persistent
cookies" that remain longer, "first party" cookies that we place and "third party" cookies that our third-party
business partners and service providers may place.
- Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger
amounts of data on your device outside of your browser in connection with specific applications.
- Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was
accessed or opened, or that certain content was viewed or clicked.
How we use your personal information
We may use your personal information for the following purposes or as otherwise described at the time of
collection:
Services delivery.
We may use your personal information to:
- provide, operate and improve the Services and our business;
- communicate with you about the Services, including by sending announcements, updates, security alerts, and
support and administrative messages;
- communicate with you about events in which you participate;
- understand your needs and interests, and personalize your experience with the Services and our communications
such as generating personalized insights or responses; and
- provide support for the Services, and respond to your requests, questions and feedback.
Research and development.
We may use your personal information for research and development purposes, including to analyze and improve the
Services and our business. As part of these activities, we may create aggregated, de-identified or other anonymous
data from personal information we collect. We make personal information into de-identified data by removing
information that makes the data personally identifiable to you. We may use this de-identified data and share it
with third parties for our lawful business purposes, including to analyze and improve the Services and promote our
business.
Direct marketing.
We may collect and use your personal information for marketing purposes. For example, we may send you direct
marketing communications or we may offer you certain products from our brand partners though the Services. You may
opt-out of our marketing communications as described in the "opt-out of marketing" section below. We do not share
your personal information with third parties for purposes of interest-based or cross-contextual advertising.
Compliance and protection.
We may use your personal information to:
- comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests
from government authorities;
- protect our, your or others' rights, privacy, safety or property (including by making and defending legal
claims);
- audit our internal processes for compliance with legal and contractual requirements or our internal policies;
- enforce the terms and conditions that govern the Services; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity,
including cyberattacks and identity theft.
With your consent.
In some cases, we may specifically ask for your consent to collect, use or share your personal information, such
as when required by law.
Cookies and similar technologies.
In addition to the other uses included in this section, we may use the Cookies and similar technologies described
above for the following purposes:
- Technical operation. To allow the technical operation of the Services.
- Functionality. To enhance the performance and functionality of our services.
- Advertising. To help us understand how you use the Services and other online services over time, which we may
use to offer products or services that we believe will interest you and measure how those ads perform.
- Performance and Analytics. To assess the performance of our Services, including as part of our analytic
practices to help us understand how individuals use our Services and to help us understand user activity on the
Services, including which pages are most and least visited and how visitors move around the Services, as well as
user interactions with our emails.
Artificial Intelligence.
Our Services may use artificial intelligence (or AI) technologies to process certain personal information. Kyha
does not use third-party AI providers for such processing. We may use these AI technologies to enhance our
Services, improve user experience, and provide personalized content or recommendations. For example, when you use
our AI chat functionality, we use your inputs to improve the personalization of responses. However, you control
the information that you share with Kyha and can receive more general responses by providing less personal
information.
How we share your personal information
We may share your personal information with the following parties and as otherwise described in this Privacy
Notice or at the time of collection.
Affiliates.
Our subsidiaries, and affiliates, for purposes consistent with this Privacy Notice.
Services providers.
Third parties that provide services on our behalf or help us operate the Services or our business (such as
hosting, information technology, customer support, email delivery, consumer research, marketing, and website
analytics).
Payment processors.
Any payment card information you use to make a purchase on the Services is collected and processed directly by
our payment processors.
Third parties designated by you.
We may share your personal data with third parties where you have instructed us or provided your consent to do
so. We will share personal information that is needed for these other companies to provide the services that you
have requested.
Business and marketing partners.
Third parties with whom we co-sponsor events, with whom we jointly offer products or services, or whose products
or services may be of interest to you. We do not share your personal information with third parties for purposes
of interest-based or cross-contextual advertising.
Professional advisors.
Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the
professional services that they render to us.
Authorities and others.
Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or
appropriate for the compliance and protection purposes described above.
Business transferees.
Acquirers and other relevant participants in business transactions (or negotiations of or due diligence for such
transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other
disposition of all or any portion of the business or assets of, or equity interests in, Kyha, our affiliates, or
our subsidiaries (including, in connection with a bankruptcy or similar proceedings).
Your choices
In this section, we describe the choices available to you.
Opt-out of marketing and reminder communications.
You may opt-out of marketing-related or reminder emails by following the opt-out or unsubscribe instructions at
the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related
and/or reminder emails, you may continue to receive service-related and other non-marketing emails.
Push notifications.
We may send you push notifications through our mobile application. You may opt out from receiving these push
notifications by changing the settings on your mobile device.
User controls and choices.
Our Services may enable users to view, edit, or delete their logged symptoms, health profile details, or cycle
data from within the Kyha app. If you wish to delete your account and associated data, please email us at
[email protected].
Health app data.
If you have connected a health app or wearable device, you may disconnect it
at any time through your device settings. Disconnecting will stop Kyha from receiving new health metric data,
though previously derived insights will remain in your account history unless you delete your account.
Do Not Track.
Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We
currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track," please visit
http://www.allaboutdnt.com.
Declining to provide information.
We need to collect personal information to provide certain services. If you do not provide the information we
identify as required or mandatory, we may not be able to provide those services.
Advertising choices.
We do not share your personal information with third parties for purposes of interest-based or cross-contextual
advertising.
Other sites and services
The Services may contain links to websites, mobile applications, and other online services operated by third
parties. In addition, our content may be integrated into web pages or other online services that are not
associated with us. These links and integrations are not an endorsement of, or representation that we are
affiliated with, any third party. We do not control websites, mobile applications or online services operated by
third parties, and we are not responsible for their actions. We encourage you to read the privacy policies of the
other websites, mobile applications and online services you use.
Security
We employ a number of technical, organizational and physical safeguards designed to protect the personal
information we collect. However, security risk is inherent in all internet and information technologies and we
cannot guarantee the security of your personal information.
International data transfer
We are headquartered in the United States and may use service providers that operate in other countries. Your
personal information may be transferred to the United States or other locations where privacy laws may not be as
protective as those in your state, province, or country.
Children
The Services are not intended for use by anyone under 18 years of age. If you are a parent or guardian of a child
from whom you believe we have collected personal information in a manner prohibited by law, please contact us. If
we learn that we have collected personal information through the Services from a child without the consent of the
child's parent or guardian as required by law, we will comply with applicable legal requirements to delete the
information.
Changes to this Privacy Notice
We reserve the right to modify this Privacy Notice at any time. If we make material changes to this Privacy
Notice, we will notify you by updating the date of this Privacy Notice and posting it on the Services or other
appropriate means. Any modifications to this Privacy Notice will be effective upon our posting the modified
version (or as otherwise indicated at the time of posting). In all cases, your use of the Services after the
effective date of any modified Privacy Notice indicates your acknowledging that the modified Privacy Notice
applies to your interactions with the Services and our business.
Email: [email protected]
Mail: Kyha, Inc., 300 Creek View Road, Suite 209, Newark, DE 19711, USA - c/o SPI Agent Solutions, Inc.