PRIVACY POLICY

Zestia — I Am LVC, Inc.

Effective Date: April 16, 2026

Last Updated: May 20, 2026

EMERGENCY DISCLAIMER

This Service is not intended for emergency use and does not provide medical, psychological, or therapeutic services. If you are experiencing a medical or mental health emergency, please call 988 (Suicide & Crisis Lifeline, available 24/7) or contact your local emergency services immediately.

1. Who We Are

I Am LVC, Inc., doing business as "Zestia," "we," "us," or "our," operates the Zestia mobile application (available on iOS and Android) and associated web services (collectively, the "Service"). We are a wellness and personal growth platform. We are not a healthcare provider, and we do not offer medical, psychological, or therapeutic services.

If you have questions regarding this Privacy Policy, please contact us at:

Email: support@bestselfigniter.com

Company: I Am LVC, Inc. (dba Zestia), Riverside County, California, USA

2. Scope of This Policy

This Privacy Policy describes how we collect, use, share, and protect your personal information when you download, access, or use the Service. It also describes the rights and choices you have with respect to your personal information.

This Policy applies to all users of the Service, including individuals who access the Service through the Apple App Store or Google Play Store. By using the Service, you acknowledge that you have read and understood this Privacy Policy.

3. Information We Collect

3.1 Information You Provide Directly

When you create an account, complete onboarding, or otherwise interact with the Service, we collect:

(a) Account Information: Your name, email address, and a securely hashed password, where applicable. If you sign in using Apple Sign-In or Google Sign-In, we receive a secure authentication token and your email address from those providers. We do not receive or store your Apple or Google password.

(b) Onboarding and Survey Responses: Responses you provide during the initial onboarding process, including course creation surveys and ongoing in-app assessments. These responses are used to personalize your experience and may include self-reported information about your emotional state, goals, and areas of personal growth.

(c) Course and Progress Data: Information about your engagement with the Service, including completed exercises, quiz responses, progress milestones, streaks, badges, and activity logs.

3.2 Payment and Billing Information

When you subscribe to a paid plan, payment processing is handled by Stripe, Inc. (for direct payments), Apple Inc. (for App Store purchases), or Google LLC (for Google Play purchases). We do not store sensitive payment details such as credit card numbers, CVV codes, or bank account information. We retain only limited billing information, such as your subscription status, plan type, and associated customer or subscription identifiers provided by the payment processor.

3.3 Device and Technical Information

To deliver notifications and maintain the functionality of the Service, we collect:

(a) Push Notification Token: A unique identifier provided by your device operating system used to deliver push notifications.

(b) Device Identifiers: Platform type (iOS or Android), operating system version, device model, and app version.

(d) Log and Diagnostic Data: Crash reports, error logs, and performance data used to maintain the reliability and security of the Service.

3.4 Usage and Analytics Data

We use Google Analytics to collect usage data, including in-app interactions, features used, session duration, and navigation patterns. This data is used to understand how users engage with the Service and to improve user experience. Our use of Google Analytics is subject to Google's data privacy controls and Google's terms of service.

3.5 Attribution and Marketing Analytics (AppsFlyer)

We use AppsFlyer, a third-party mobile attribution and marketing analytics service, to help us understand how users discover and install the Zestia app and to measure the effectiveness of our marketing campaigns.

To provide these services, AppsFlyer may collect certain technical identifiers from your device, including:

(a) IDFA (Identifier for Advertisers) on iOS devices, subject to your consent under Apple’s App Tracking Transparency framework;

(b) GAID (Google Advertising ID) on Android devices;

(d) App install and in-app event data, including install referrer information; and

(e) Device model, operating system version, and platform type.

This data is used solely to measure marketing effectiveness, attribute app installs to their source campaigns, and optimize user acquisition. It is not used to serve behavioral advertising within the Zestia app.

AppsFlyer’s processing of this data is governed by their own privacy policy, available at https://www.appsflyer.com/legal/privacy-policy/. If you wish to opt out of AppsFlyer’s data collection, you may do so by limiting ad tracking through your device settings (iOS: Settings > Privacy & Security > Tracking; Android: Settings > Privacy > Ads).

3.6 Sensitive Personal Information

To the extent that onboarding responses or in-app survey answers reflect information about your emotional health, mental well-being, or personal circumstances, such information may constitute sensitive personal information under applicable law. We treat all such information with heightened care and use it only to deliver and personalize your experience within the Service. We do not use sensitive personal information for advertising, profiling, or any purpose unrelated to service delivery.

4. How We Use Your Information

We use the information we collect for the following purposes:

(a) Service Delivery: To create and manage your account, deliver personalized content and exercise pathways, track your progress, and provide customer support.

(b) Subscription and Billing Management: To process payments, manage subscription renewals, handle cancellations, and comply with applicable billing obligations.

(c) Notifications: To send push notifications at times you have selected, including reminders, motivational messages, and progress updates.

(d) Service Improvement: To analyze usage patterns, troubleshoot issues, identify bugs, and develop new features.

(e) Safety and Security: To detect, investigate, and prevent fraudulent activity, abuse, and violations of our Terms of Service.

(f) Legal Compliance: To comply with applicable laws, regulations, legal process, and governmental requests.

(g) Communications: To respond to your inquiries, provide customer support, and send transactional communications related to your account.

We do not use your information to serve behavioral advertising.

5. Legal Basis for Processing (EEA, UK, and Similar Jurisdictions)

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following bases:

(a) Performance of a Contract: Processing necessary to provide you with the Service, including account creation, personalized content delivery, and subscription management.

(b) Legitimate Interests: Processing for analytics, service improvement, and fraud prevention, where our legitimate interests are not overridden by your rights and freedoms.

(d) Consent: For any processing that requires your consent. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

6. Information Sharing and Disclosure

We do not sell, rent, trade, license, or otherwise share your personal information with third parties for advertising, marketing, or commercial purposes.

We share your information only in the following limited circumstances:

(a) Service Providers: We work with third-party service providers to operate the Service. Each provider's handling of data is governed by their own terms of service and privacy commitments. Our current service providers include:

• Amazon Web Services (AWS) for cloud hosting and infrastructure

• AWS Cognito for secure authentication and credential management

• Stripe, Inc. for payment processing

• Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM) for push notifications

• Expo for notification delivery infrastructure

• Google Analytics for usage data and service improvement

• AppsFlyer for attribution and marketing analytics

(b) Legal Requirements: We may disclose your information when required by law, subpoena, court order, or other legal process, or when we have a good-faith belief that disclosure is necessary to protect the rights, safety, or property of our users, the public, or the Company.

(c) Business Transfers: In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

(d) With Your Consent: We may share your information for additional purposes with your explicit consent.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

(a) Account Data: Your account data is retained for the duration of your account. If you discontinue use of the Service without requesting deletion, your data will remain preserved in its current state so that your progress and history are available when you return. If you request permanent deletion of your account and data, we will process that request as described in Section 9 below.

(b) Billing Records: Billing and transaction records are retained in accordance with applicable tax, financial, and legal recordkeeping requirements.

(c) Anonymized Analytics Data: Aggregated or de-identified data that cannot reasonably be used to identify you may be retained indefinitely for service improvement purposes.

(d) Legal Hold: Data subject to a legal hold or litigation preservation obligation will be retained for the duration of that obligation.

8. Data Security

We implement commercially reasonable technical, administrative, and physical safeguards designed to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include encryption of data in transit using HTTPS/TLS, secure credential management through AWS Cognito, access controls limiting data access to authorized personnel with a legitimate need, and formal security reviews conducted at least quarterly and whenever material changes are made to our infrastructure or authentication systems. We also conduct periodic penetration testing and employ automated security analysis tools as part of our development and deployment processes.

While we take reasonable steps to protect your information, no system of data security is completely secure. We cannot guarantee the absolute security of your information. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at support@bestselfigniter.com.

8.1 Data Breach Notification

In the event of a data breach that affects your personal information and triggers notification obligations under applicable law, we will notify you as required by law. Notification will be provided via the email address associated with your account. We will take prompt steps to investigate, contain, and remediate any confirmed breach, and will cooperate with applicable regulatory authorities as required.

9. Your Rights and Choices

9.1 Data Deletion

Your account data is preserved for as long as you maintain an account with us, allowing you to return at any time and resume from where you left off. If you would like your account and personal data permanently deleted, you may submit a request through either of the following:

• Within the app: Use the "Delete My Account" option available in your account settings.

• Online: Visit www.zestiaapp.com/delete-account to submit a deletion request.

Upon receiving and verifying your request, we will permanently delete your personal data from our active systems within forty-five (45) days. Please note that deletion is irreversible and your progress and history cannot be recovered after deletion is completed. Some anonymized data may be retained for analytical purposes.

9.2 Access and Correction

You have the right to request access to the personal information we hold about you and to request correction of inaccurate information. To submit a request, please contact us at support@bestselfigniter.com. We will respond within thirty (30) days of receiving your request.

9.3 Notification Controls

You may manage push notification preferences at any time through your device settings. Disabling notifications does not affect your ability to use the Service, but may reduce the personalized reminder experience.

9.4 California Residents — CCPA/CPRA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

(a) Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.

(b) Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions permitted by law.

(d) Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

(e) Right to Limit Use of Sensitive Personal Information: We use sensitive personal information only to deliver the Service and do not use it for inferencing, advertising, or other secondary purposes.

(f) Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a verifiable consumer request, please contact us at support@bestselfigniter.com. We will respond within forty-five (45) days, with a possible extension of an additional forty-five (45) days where reasonably necessary.

9.5 Other U.S. State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Texas, and other states with applicable privacy laws may have rights to access, correct, delete, and opt out of certain processing of personal data. To submit a request, please contact us at support@bestselfigniter.com. We will respond within the timeframe required by applicable law in your state.

9.6 EEA and UK Residents

If you are located in the European Economic Area or the United Kingdom, you may have additional rights under the GDPR or UK GDPR, including the right to data portability and the right to lodge a complaint with your local supervisory authority. To exercise these rights, please contact us at support@bestselfigniter.com.

10. Children's Privacy

The Service is intended solely for individuals who are at least 18 years of age. We do not knowingly collect or maintain personal information from individuals under the age of 18. If we become aware that we have collected personal information from a person under 18, we will take prompt steps to delete that information. If you believe that we may have collected information from a minor, please contact us at support@bestselfigniter.com.

11. Third-Party Services and Links

The Service may reference third-party resources, including crisis support contacts such as 988 (Suicide & Crisis Lifeline) and local emergency services. These third parties operate independently of us. We are not responsible for the practices of any third party and encourage you to review the policies of any third-party services you access independently of our Service.

12. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your personal information may be transferred to, stored in, and processed in the United States, where privacy laws may differ from those in your jurisdiction. By using the Service, you acknowledge and consent to the transfer of your information to the United States in accordance with this Privacy Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through the Service or via email, and will update the "Last Updated" date at the top of this Policy. Your continued use of the Service after any such update constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Policy periodically.

The provisions of Sections 6 (Information Sharing and Disclosure), 7 (Data Retention), 8 (Data Security), 9 (Your Rights and Choices), and 14 (Contact Us) of this Policy shall survive termination or expiration of your account.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

I Am LVC, Inc. (dba Zestia)

Riverside County, California, USA

Email: support@bestselfigniter.com

We aim to respond to all privacy-related inquiries within thirty (30) days of receipt.