PLEASE READ THIS PRIVACY POLICY ("POLICY") CAREFULLY AND IN ITS ENTIRETY BEFORE ACCESSING, DOWNLOADING, INSTALLING, OR OTHERWISE UTILIZING THE AMRIT MANTRAH™ MOBILE APPLICATION ("APPLICATION"). THIS POLICY CONSTITUTES A LEGALLY BINDING DOCUMENT BETWEEN YOU, THE END USER ("USER", "YOU", OR "YOUR"), AND AMRIT MANTRAH ("COMPANY", "WE", "US", OR "OUR"), A WELLNESS ENTERPRISE DULY OPERATING UNDER THE APPLICABLE LAWS OF THE REPUBLIC OF INDIA, HAVING ITS PRINCIPAL PLACE OF BUSINESS AT DWARKA MOR, NEW DELHI – 110059.

BY ACCESSING OR USING THE APPLICATION IN ANY MANNER WHATSOEVER, YOU HEREBY IRREVOCABLY ACKNOWLEDGE THAT YOU HAVE READ, COMPREHENDED, AND UNCONDITIONALLY CONSENTED TO THE COLLECTION, PROCESSING, STORAGE, AND USE OF YOUR PERSONAL INFORMATION AS DESCRIBED IN THIS POLICY, ALONG WITH ANY AMENDMENTS OR UPDATED VERSIONS THEREOF THAT MAY BE PUBLISHED BY THE COMPANY FROM TIME TO TIME AT ITS SOLE AND ABSOLUTE DISCRETION.

For the purposes of this Policy, and unless the context otherwise expressly requires, the following terms and expressions shall have the meanings ascribed to them hereinbelow:

• "Personal Data" shall mean and refer to any information that directly or indirectly identifies or is capable of identifying a natural person, including but not limited to name, mobile number, age, gender, height, weight, medical conditions, dietary preferences, and profile photographs, as furnished by You during the course of Your use of the Application;
• "Sensitive Personal Data" shall mean and include Personal Data pertaining to physical health conditions, medical history, biometric information, weight and body composition data, and any other data classified as sensitive under applicable data protection laws of India including but not limited to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
• "Processing" shall mean any operation or set of operations performed upon Personal Data, whether or not by automated means, including collection, recording, organisation, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction;
• "Applicable Law" shall mean all statutes, enactments, acts of legislature, laws, ordinances, rules, bye-laws, regulations, notifications, guidelines, and orders of any governmental authority in India as may be in force from time to time, including but not limited to the Information Technology Act, 2000, the Information Technology (Amendment) Act, 2008, and the Digital Personal Data Protection Act, 2023.

In furtherance of the provision of Services through the Application, and subject to Your voluntary submission thereof, the Company collects, processes, and retains the following categories of Personal Data and Sensitive Personal Data, the collection of which is strictly limited to what is reasonably necessary and proportionate to the purposes for which such data is processed, in accordance with the principle of data minimisation as recognised under applicable data protection jurisprudence:

Category of Data	Purpose of Collection
Full Name & Mobile Number	User account creation, identification, and authentication
Age, Gender, Height & Weight	Computation of personalised calorie targets, BMR, and TDEE calculations
Target Weight & Weekly Rate	Goal setting, dietary deficit/surplus computation, and plan customisation
Activity Level	Determination of activity multiplier for caloric expenditure estimation
Medical Conditions	Generation of safe, suitable, and medically-conscious wellness recommendations
Food Preference	Personalisation of dietary recommendations and meal suggestions
Weight Progress Logs	Longitudinal progress tracking and motivational trend analysis
Profile Photograph (Optional)	Application personalisation and user interface customisation only

The Company processes Your Personal Data and Sensitive Personal Data exclusively for the following specified, explicit, and legitimate purposes, and shall not process such data in any manner that is incompatible with the purposes described herein, unless You have provided Your prior express and informed consent for such additional processing:

• The creation, maintenance, and administration of Your user account within the Application, including verification of Your identity and eligibility to use the Services;
• The computation and generation of personalised nutrition plans, calorie targets, macronutrient distributions, and dietary recommendations based upon the health parameters furnished by You during the onboarding process;
• The facilitation and management of weight tracking, progress monitoring, and longitudinal trend analysis to support Your wellness journey and goal achievement;
• The configuration and delivery of meal reminders, medication reminders, and other wellness notifications as set by You within the Application;
• The facilitation of expert consultation booking services, enabling You to connect with qualified wellness professionals through the Application's consultation feature;
• The continuous improvement, optimisation, and enhancement of the Application's features, functionality, user interface, and overall user experience;
• Compliance with any legal obligations, regulatory requirements, court orders, or governmental directives applicable to the Company under Applicable Law.

The Company hereby expressly represents and warrants that, as of the date of this Policy, User data including health parameters and account information is stored on Firebase Firestore (Google LLC) cloud infrastructure, as well as on Your device's local storage for offline access. The implications and limitations of such storage modality are as follows:

• Your Personal Data and Sensitive Personal Data is stored on Firebase Firestore (Google LLC) cloud infrastructure and is also cached on Your device's local storage for offline access purposes;
• Firebase implements industry-standard security measures including encryption in transit and at rest to protect Your stored data;
• The deliberate or inadvertent clearing of Your device's local storage shall result in deletion of locally cached data only — Your cloud data on Firebase shall remain intact;
• You may request permanent deletion of Your cloud-stored data by contacting the Company at support@amritmantrah.com.

In recognition of the inherently sensitive nature of health-related Personal Data, the Company undertakes to apply the highest degree of care, diligence, and protection to Sensitive Personal Data including but not limited to weight measurements, medical conditions, and dietary preferences, in strict accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and all other Applicable Laws pertaining to the protection of sensitive personal information:

• Sensitive Personal Data collected through the Application shall be processed solely and exclusively for the purpose of personalising Your wellness plan and shall under no circumstances be disclosed, transferred, shared, sold, rented, or otherwise made available to any advertiser, marketing entity, data broker, third-party analytics provider, or any other external party;
• The provision of medical condition data is entirely voluntary and optional — You may select the "None" option during the onboarding process if You do not wish to disclose such information, without prejudice to Your ability to access and use the Application;
• The Company shall implement and maintain reasonable technical and organisational security measures commensurate with the sensitivity of the data processed, including but not limited to access controls, data minimisation practices, and periodic security reviews.

THE COMPANY HEREBY SOLEMNLY AND UNEQUIVOCALLY REPRESENTS THAT IT DOES NOT SELL, RENT, LEASE, TRADE, BARTER, OR OTHERWISE TRANSFER YOUR PERSONAL DATA OR SENSITIVE PERSONAL DATA TO ANY THIRD PARTY FOR COMMERCIAL, MARKETING, OR ANY OTHER PURPOSES WHATSOEVER.

Notwithstanding the foregoing, the Application may utilise certain limited third-party services in the course of its operation, the scope and nature of which are described hereinbelow:

• WhatsApp (Meta Platforms Ireland Limited) — The Application facilitates the initiation of WhatsApp communications for the purpose of consultation booking and referral sharing. Any information transmitted through WhatsApp is governed exclusively by WhatsApp's own Privacy Policy and Terms of Service, over which the Company exercises no control or responsibility;
• Google Fonts (Google LLC) — The Application utilises Google Fonts for typographic rendering purposes. Google may collect certain technical data in connection with font delivery, which is governed by Google's Privacy Policy. The Company does not share any Personal Data with Google in connection with font loading;
• Hostinger (Hostinger International Ltd.) — The Application is hosted on Hostinger's web hosting infrastructure. Hostinger may collect server logs and technical data in accordance with its own privacy and data processing policies.
• Firebase (Google LLC) — The Application utilises Firebase Authentication for secure user login and Firebase Firestore for cloud-based data storage and synchronisation. Personal Data stored on Firebase is governed by Google LLC's Privacy Policy available at https://policies.google.com/privacy. The Company does not share Your Personal Data with Google beyond what is necessary for the operation of these services;

In accordance with the Digital Personal Data Protection Act, 2023, and other Applicable Laws governing the protection of personal data in India, You, as the Data Principal, are entitled to exercise the following rights in respect of Your Personal Data processed by the Company:

✓ Right of Access ✓ Right to Correction ✓ Right to Erasure ✓ Right to Withdraw Consent ✓ Right to Grievance Redressal ✓ Right to Nominate

To exercise any of the aforementioned rights, You may submit a written request to the Company's designated grievance officer at support@amritmantrah.com. The Company shall endeavour to respond to and resolve all such requests within a reasonable period of time, subject to the limitations imposed by Applicable Law and the technical constraints of the data storage architecture currently employed by the Application.

The Application is strictly intended for use by individuals who have attained the minimum age of eighteen (18) years as of the date of registration. The Company does not knowingly, intentionally, or recklessly collect, process, or retain any Personal Data from minors, defined herein as individuals below the age of eighteen (18) years, in accordance with the provisions of the Digital Personal Data Protection Act, 2023, which imposes heightened obligations upon data fiduciaries with respect to the processing of children's personal data.

In the event that the Company becomes aware, whether through its own investigation or through notification by a concerned party, that Personal Data of a minor has been inadvertently collected through the Application, the Company shall take all reasonable and expeditious steps to permanently delete such data from all applicable storage systems without undue delay. If You have reasonable grounds to believe that a minor has registered on or submitted personal information through the Application, You are requested to immediately notify the Company at support@amritmantrah.com.

The Application employs browser-based local storage technology — a client-side data persistence mechanism functionally analogous to cookies — for the purpose of storing Your account information, health parameters, wellness preferences, and application settings on Your device. The salient characteristics of such technology, as deployed within the Application, are as follows:

• Local storage data is stored exclusively on Your device and does not involve the transmission of any data to the Company's servers or any third-party infrastructure;
• The Application does not utilise tracking cookies, session cookies, persistent cookies, cross-site tracking technologies, web beacons, pixel tags, fingerprinting technologies, or any other surveillance or monitoring mechanisms that track Your online behaviour across different websites or applications;
• The Application does not employ any advertising technology, behavioural profiling systems, or user analytics platforms that would enable the identification or monitoring of individual users across digital platforms;
• You may clear local storage data at any time through Your device's browser or application settings, subject to the understanding that such action will result in the permanent deletion of all stored account data.

The Company undertakes to implement and maintain reasonable and appropriate technical and organisational security measures designed to protect Your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access, in accordance with the standards prescribed under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Notwithstanding the foregoing, the User expressly acknowledges and agrees that:

• No method of electronic data storage or transmission over the internet or any wireless network is entirely impervious to security breaches, and the Company cannot guarantee absolute security of Personal Data stored on Your device;
• You bear the primary responsibility for maintaining the physical security of Your device and for implementing appropriate access control measures such as PIN protection, biometric authentication, or device encryption to prevent unauthorized access to Your locally stored Personal Data;
• You are strongly advised to refrain from sharing Your device with unauthorized third parties, particularly where such sharing may result in unintended access to Your health and wellness data stored within the Application;
• In the event that You become aware of or reasonably suspect any unauthorized access to Your account or any other security incident affecting Your Personal Data, You are requested to promptly notify the Company at support@amritmantrah.com.

The Company reserves the exclusive, unconditional, and absolute right to modify, amend, supplement, revise, or otherwise update this Privacy Policy, in whole or in part, at any time and from time to time, at its sole and unfettered discretion, without any obligation to provide prior notice to You, subject only to such notification requirements as may be mandated by Applicable Law. Any such modifications shall become effective immediately upon being posted within the Application or on the Company's official website at www.amritmantrah.com.

Your continued access to or use of the Application following the posting of any modified Privacy Policy shall constitute Your irrevocable and unconditional acceptance of and consent to the revised Policy in its entirety, including all amendments made thereto. It is Your sole and non-delegable responsibility to periodically review this Policy to ensure that You remain apprised of any changes. If You do not agree to any modification of this Policy, Your sole remedy is to immediately discontinue all use of the Application.

In accordance with the provisions of the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the Company has designated a Grievance Officer to address any concerns, complaints, or queries raised by Users in connection with the processing of their Personal Data or any alleged violation of this Privacy Policy.

Any User who wishes to raise a grievance in relation to the collection, storage, processing, or disclosure of their Personal Data may submit a written complaint to the Grievance Officer at the following contact details. The Company shall acknowledge receipt of all complaints within seventy-two (72) hours and shall endeavour to resolve all grievances within a period of thirty (30) days from the date of receipt, subject to the complexity and nature of the grievance.