PRIVACY POLICY

Effective Date: November 9, 2025

1. INTRODUCTION

WOMi Technologies Inc. ("WOMi," "we," "us," or "our") respects the privacy of our users ("user," "you," or "your") and is committed to protecting your personal information. This Privacy Policy describes our practices concerning the collection, use, storage, and disclosure of information gathered through our WOMi consumer application and WOMi for Business application (collectively, the "Applications"), our website, and any related services we provide (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the practices described in this Privacy Policy, please do not use our Services.

2. INFORMATION WE COLLECT

We collect information about you in various ways when you use our Services. The categories of information we collect include personal information you provide directly to us, information we collect automatically through your use of the Services, and information we receive from third-party sources.

Information You Provide Directly

When you create an account, complete your profile, make transactions, or communicate with us, you provide us with personal information that may include your name, email address, phone number, date of birth, profile photograph, and other contact or identifying information. For payment processing and withdrawals, you may provide debit card information, which is processed securely through our payment service provider, Stripe. Business users subscribing to premium features through our WOMi for Business application provide subscription information processed through RevenueCat and the respective app store payment systems.

You also provide content when you write reviews, send messages, submit feedback, share promotions, or upload photographs through our Services. This user-generated content becomes part of your account information and may be visible to other users according to your privacy settings and the nature of our social features.

Information Collected Automatically

When you access or use our Services, we automatically collect certain information about your device and how you interact with our Services. This includes device information such as your hardware model, operating system version, unique device identifiers, mobile network information, and IP address. We collect usage data including the features you use, the pages or screens you view, the promotions you interact with, the time spent on various features, search queries within our Applications, and QR code scanning activity.

Our Services utilize location information to provide location-based features such as showing nearby promotions and verifying redemptions. We collect precise geolocation data through GPS, Bluetooth beacons, WiFi access points, and cell tower triangulation when you have granted permission for our Applications to access location services. You can control location permissions through your device settings, though some features may not function properly without location access.

We request camera permission solely for the purpose of QR code scanning functionality. The camera is used in real-time to scan QR codes for promotion redemption and verification. We do not store images or videos captured through the camera beyond the immediate processing required for QR code recognition and validation.

Information from Third Parties

When you choose to sign in using third-party authentication providers, we receive certain information from these services. If you sign in with Apple, we receive a unique user identifier and, depending on your privacy choices, your name and email address. Google Sign-In provides us with your basic profile information including your name, email address, and profile picture. Facebook Login similarly provides basic profile information including your name, email address, and profile picture. The information we receive from these authentication providers is governed by the privacy settings you have established with each service.

Our payment processing partners provide us with transaction confirmations and status updates necessary to process rewards and withdrawals. Stripe provides payment verification and transaction status information, while RevenueCat, which manages subscriptions for our Business application, provides subscription status and billing information. We do not receive or store complete payment card numbers or sensitive financial account details.

3. HOW WE USE YOUR INFORMATION

We use the information we collect to provide, maintain, and improve our Services. This includes creating and managing your account, processing transactions and rewards, facilitating promotion discovery and redemption through QR codes, enabling communication between users and businesses, and providing customer support. We use location data to show you relevant nearby promotions and verify that redemptions occur at the correct business locations.

We analyze usage patterns to understand how our Services are used, which helps us improve functionality, develop new features, and optimize performance. This analysis is primarily conducted using aggregated and anonymized data that does not identify individual users. We use the information to detect and prevent fraud, unauthorized access, and other harmful activities, ensuring the security and integrity of our platform for all users.

Communication with our users is facilitated through the information we collect. We send transactional emails about your account, rewards, and important service updates. With your consent, we may send promotional communications about new features, promotions, and opportunities that may interest you. You can manage your communication preferences through your account settings or by following the unsubscribe instructions in our emails.

For business accounts using our WOMi for Business application, we use information to manage subscriptions, process payments through app store billing systems, provide analytics about promotion performance, and deliver premium features according to the subscription tier selected.

4. HOW WE SHARE YOUR INFORMATION

We share your information only in the ways described in this Privacy Policy. We do not sell, rent, or trade your personal information to third parties for their promotional purposes.

We share limited information with businesses when necessary to verify promotion redemptions, process rewards, and resolve disputes. The information shared is limited to what is necessary for these specific purposes. Businesses can see when their promotions are redeemed and basic information about redemption patterns, but they do not have access to your complete profile or activity on our platform unless you choose to interact with them directly.

We work with third-party service providers who assist us in providing and improving our Services. These providers have access to your information only to perform specific tasks on our behalf and are obligated to protect your information in accordance with this Privacy Policy. Our key service providers include Stripe for payment processing, RevenueCat for subscription management in our Business application, Supabase for cloud infrastructure and authentication services, and various analytics providers that help us understand usage patterns.

We may share your information when we believe it is necessary to comply with applicable law, regulation, legal process, or governmental request, protect the rights, property, or safety of WOMi, our users, or others, detect, prevent, or address fraud, security, or technical issues, or enforce our Terms of Service or other agreements.

If WOMi is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.

5. DATA SECURITY

We implement appropriate technical and organizational measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of sensitive data both in transit and at rest, secure authentication protocols including OAuth integration with major providers, regular security assessments and monitoring, access controls limiting employee access to personal information on a need-to-know basis, and incident response procedures to address potential security events.

Payment card information is processed in compliance with Payment Card Industry Data Security Standards (PCI DSS) through our certified payment processor, Stripe. We do not store complete payment card numbers on our servers. Authentication credentials are protected using industry-standard encryption and hashing algorithms.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining appropriate safeguards and promptly addressing any security incidents in accordance with applicable law.

6. YOUR RIGHTS AND CHOICES

You have certain rights and choices regarding the personal information we collect and how we use it. You can access and update most of your account information by logging into your account settings. You can request a copy of the personal information we have about you by contacting us at the email address provided below.

You may request deletion of your account and personal information by visiting our data deletion instructions page at https://www.womiapp.com/legal/data-deletion-instructions or by contacting us directly. We will process deletion requests within thirty days, though some information may be retained as required by law or for legitimate business purposes such as fraud prevention and safety.

You can control location permissions through your device settings. Disabling location services may limit the functionality of certain features that depend on knowing your location, such as finding nearby promotions. You can manage camera permissions similarly through device settings, though this will disable QR code scanning functionality.

Communication preferences can be managed through your account settings or by using the unsubscribe links in our emails. Please note that even if you opt out of promotional communications, we may still send you transactional messages related to your account and services.

7. CHILDREN'S PRIVACY

Our Services are not directed to children under the age of thirteen. We do not knowingly collect personal information from children under thirteen years of age. Users must be at least thirteen years old to create an account and use our Services. If we become aware that we have collected personal information from a child under thirteen, we will take steps to delete such information from our systems as quickly as possible. If you believe we have collected information from a child under thirteen, please contact us immediately.

8. CALIFORNIA PRIVACY RIGHTS

California residents have additional rights under the California Consumer Privacy Act (CCPA). These rights include the right to know what personal information we collect, use, disclose, and sell, the right to delete personal information under certain circumstances, the right to opt out of the sale of personal information (though we do not sell personal information), and the right to non-discrimination for exercising these privacy rights.

To exercise these rights, California residents may contact us using the information provided in this Privacy Policy. We will verify your identity before responding to requests and will respond within forty-five days as required by law. You may designate an authorized agent to make requests on your behalf, subject to identity verification requirements.

9. INTERNATIONAL DATA TRANSFERS

Our Services are operated in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to and processed in the United States. By using our Services, you consent to this transfer, processing, and storage of your information in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside.

We implement appropriate safeguards for international data transfers in compliance with applicable data protection laws, including standard contractual clauses and other transfer mechanisms recognized by applicable authorities.

10. DATA RETENTION

We retain your personal information for as long as necessary to provide our Services, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention period depends on the type of information and the purposes for which we use it.

Active account information is retained as long as your account remains active. After account deletion, some information may be retained in our backup systems for up to ninety days. Certain information may be retained longer when necessary for legal compliance, fraud prevention, safety, or to resolve disputes. Transaction records are retained as required by financial regulations and tax laws. Aggregated or anonymized data that does not identify individual users may be retained indefinitely for analytical purposes.

11. THIRD-PARTY AUTHENTICATION PROVIDERS

When you use Sign in with Apple, Google Sign-In, or Facebook Login to access our Services, you are also subject to the respective privacy policies and terms of service of these providers. We encourage you to review their policies to understand how they handle your information.

Sign in with Apple allows you to choose whether to share your email address with us or use a private relay email. We respect your choice and will only receive the information you choose to share. Google and Facebook authentication provide us with basic profile information as authorized through their respective permission systems. You can manage the information these providers share with us through their privacy settings.

12. SUBSCRIPTION AND PAYMENT INFORMATION

For users of our WOMi for Business application who subscribe to premium features, subscription management is handled through RevenueCat in coordination with the Apple App Store or Google Play Store billing systems. Your payment information is processed directly by the app store provider and is not accessible to us. We receive only subscription status information necessary to provide the appropriate level of service.

Withdrawal payments in our consumer application are processed through Stripe Connect. When you request a withdrawal, Stripe handles the secure transfer of funds to your verified debit card. We maintain transaction records as required for accounting and tax purposes but do not have access to your complete card numbers or banking details.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will notify you through the Applications, by email, or through other appropriate means. The "Effective Date" at the top of this Privacy Policy indicates when it was last revised.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after changes to the Privacy Policy constitutes your acceptance of the revised policy.

14. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us through one of the following methods:

Email: info@womiapp.com
Data Deletion Requests: https://www.womiapp.com/legal/data-deletion-instructions
In-App: Visit the Contact Support section in either Application and request Account Deletion in Settings.

We are committed to working with you to address any privacy concerns and to ensure the protection of your personal information.

© 2025 WOMi Technologies Inc. All rights reserved.