Privacy Policy

Last update: May 28, 2026

This privacy policy describes the practices and processes that Rookeries Development Corp (hereinafter ROOK, we, us) for the use and possible disclosure of the personal data that ROOK process and collects from its Clients, Client’s End User, Users and from all those visitors (hereinafter “you” “your”).

In this Privacy Policy, “Services” refers to ROOKConnect and all related services, functionalities, APIs, SDKs, software tools, modules, features, websites, portals, dashboards, integrations, webhooks, analytics, scores, extraction tools, add-ons, and other technology solutions made available by ROOK, including any updates, enhancements, or ancillary services provided in connection therewith.

References to “personal information” might include “personal health information”.

This privacy policy forms part of the terms and conditions established for your acknowledgment and acceptance. By accessing or using the Services, you acknowledge and agree that personal information may be collected, processed, stored, and disclosed in accordance with this Privacy Policy and applicable laws.

The purpose of the collection, use, and disclosure of your personal data is the provision and improvement of the Services as well as the options you have referent to our data practices.

In diff erent regions of the world you might be subject to diff erent data protection standards, if you are accessing our Services from a diff erent country with specifi c laws governing collection, use, and disclosure of data, please be informed that all your personal data is stored in Amazon Web Services in the United States of America, the data may be transmitted to our Service Providers supporting our business operations, in accordance with the applicable laws and regulations.

Our commitment is to safeguard your personal data by treating it in accordance with this privacy policy. ROOK has appropriate measures for the security and protection of your personal information in its collection, storage and transmission of it. We take care of your data with the same treatment as if it was ours.

PRIVACY AND SECURITY GOVERNANCE

ROOK maintains privacy, security, compliance, and governance processes designed to support the protection of personal information processed through the Services.

ROOK maintains a compliance program and designated privacy and security offi cers responsible for supporting applicable privacy, security, healthcare, and data protection compliance activities related to the Services.

DEFINITIONS

  • Client. Means the entity, company, organization, healthcare provider, or other customer that accesses, confi gures, integrates, or uses the Services and determines how the Services are used in connection with its End Users.

  • Client’s End User. Means an individual whose health, wellness, fi tness, activity, or related data is collected, processed, analyzed, and made available through the Services by ROOK on behalf of a Client, so that the Client may use such data for its own business purposes and to off er its products or services to such individual.

  • User. Means any person or entity that accesses or uses the Services for a limited period of time for testing, evaluation, sandbox, or similar non-production purposes.

  • Personal Information. Means any information that identifi es, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual.

  • Services. Means the ROOKConnect and all related Services, functionalities, APIs, SDKs, software tools, modules, features, websites, portals, dashboards, integrations, webhooks, analytics, scores, extraction tools, add-ons, and other technology solutions made available by ROOK, including any updates, enhancements, or ancillary Services provided in connection therewith.

  • Site / Website. Means the internet domain(s), web-based portal(s), and related webpages owned, operated, or controlled by ROOK through which information regarding ROOKConnect and related Services is made available, including access to documentation, dashboards, integrations, support resources, and other materials related to the Services.

  • Cookies. These are small blocks of data created by a web server while a visitor is browsing a website and placed on the visitor's computer or other device by the visitor's web browser.

  • Service Providers, Subprocessors, and Business Associates. Means third-party entities or individuals that perform services, functions, or activities on behalf of ROOK, including those involving the processing, storage, transmission, disclosure, or protection of personal information, or protected health information, as applicable under relevant laws and regulations.

INFORMATION WE COLLECT AND PROCESS

ROOK strictly limits the collection of personal data to only the information that is necessary to perform and provide Services or fulfi ll a direct business need. We adhere to the principle of data minimization, ensuring that only the minimum amount of personal data required is collected and processed.

When collecting personal data, we strive to be transparent about the purposes for which the data is being collected and how it will be used.

ROOK may collect and process diff erent categories of personal information depending on the nature of the interaction with the Services.

For Users and Clients. ROOK may collect identifi ers, contact information, business information, and technical information, including cookies, Website interaction data, email address, phone number, fi rst name, last name, company name, Website, address, city, state, province, country, and ZIP or postal code.

For Clients’ End Users. ROOK may collect and process health, wellness, fi tness, activity, demographic, profi le-related, and body-related information on behalf of Clients, including:

  • Demographic and profi le-related information, such as gender, age, date of birth, city, state, country, time zone, ethnicity, income, marital status, and education.

  • Body-related information, such as height, weight, and body mass index (BMI).

  • Sleep-related metrics, such as sleep quality, sleep duration, respiratory metrics, heart rate, and temperature.

  • Body and wellness-related metrics, such as glucose, blood pressure, hydration, heart rate, mood, nutrition, oxygen saturation, temperature, and menstruation-related information.

  • Physical and activity-related metrics, such as activity levels, calories burned, distance, heart rate, oxygen saturation, stress, and related wellness indicators.

Certain data may be mandatory for the use of ROOK, while other data may be optional. When data is mandatory, it is clearly indicated throughout ROOK. Clients and Client’s End Users are free to choose not to provide optional data without any impact on the availability or functionality of the Services. If you have any questions about which personal data is mandatory, please contact us using the contact information provided in this privacy policy.

ROOK may collect personal information voluntarily provided through the Services, as well as technical, browsing, interaction, or Website activity information generated through the use of the Website or Services.

Furthermore, ROOK may use cookies and other tracking technologies to enhance the visitor experience and provide specifi c functionalities. Please refer to the Cookie Policy for more information at https://www.tryrook.io/cookies-policy

1. PERSONAL INFORMATION OF SITE VISITORS.

We may collect personal information and related business or device information from visitors to our Website. Such information may include identifi ers and contact information such as name, email address, company name, job title, business contact details, IP address, cookie identifi ers, device information, browsing or interaction data, company or fi rmographic information, and other information submitted through forms, surveys, events, registrations, demos, analytics, or similar interactions with our Website.

We may also use analytics, tracking, enrichment, and visitor identifi cation technologies or Service Providers to better understand Website usage, business engagement, and visitor interactions with our Website, including to identify companies or business visitors that may be interested in our Services.

Cookies and similar technologies may be used by us or our Service Providers to associate Website interaction information with other business or contact information that may be available to us or our Service Providers, including business profi les or contact information. This information may be used to better understand business interest in our Services, improve Website engagement, perform business analytics and market analysis, and communicate with prospective business customers regarding our Services.

This information may be used to operate, secure, improve, personalize, analyze, support, and provide our Website and Services, communicate with you, respond to requests, perform business analytics and market analysis, evaluate business interest, and for other lawful business purposes described in this Privacy Policy.

2. PERSONAL INFORMATION

A. PROCESSING AND USE

The personal data we collect, store and process may be used for the following purposes:

  • Providing Services: Personal information is collected to enable ROOK to provide its Services.

  • Analysis: Personal data may be used to monitor and analyze web traffi c and the behavior of any type of user on ROOK, it is also used to create statistical studies, data analysis, metrics, identifi cation of usage trends, service evaluation, marketing analysis, insights, and projections.

  • Database Management: Personal data may be used to create profi les, track activities, and improve ROOK Services.

  • Managing Contacts and Sending Messages: Personal data may be used to manage contact lists and send communications.

  • Handling Payments: Personal data may be processed to facilitate payment transactions and related communications.

  • Displaying Content from External Platforms: Personal data may be used to display external content and enable interaction with it.

  • Hosting and Back-End Infrastructure: Personal data is processed and stored on hosting and back-end infrastructure to support the operation of ROOK.

  • Interaction with Live Chat Platforms: Personal data may be used to facilitate communications through live chat platforms.

  • Spam Protection: Personal data is analyzed to fi lter spam traffi c and protect against spam.

  • Communications and Support: Personal data is processed to respond to requests, inquiries, or communications.

  • Website Marketing and Analytics: Certain Website, device, browsing, or interaction information relating to Website visitors may be used for Website analytics, communications, marketing analysis, remarketing, or similar business engagement purposes. ROOK does not use health or wellness-related information for targeted advertising purposes.

  • Service Operations and Transactions: Personal data may be processed as necessary to operate, provide, support, maintain, facilitate, and manage the Services and related operational or transactional activities.

  • Authentication: To authenticate you, this is necessary to provide access to the Services.

  • Engagement: To perform a contract or any type of agreement for the provision of the Services.

B. SHARING AND DISCLOSURE

ROOK may share and disclose personal data for our legal business purposes:

  • With Service Providers, Subprocessors, contractors, and Business Associates. Who help us operate, host, secure, monitor, analyze, maintain, improve, and provide our Services and business operations. Our core infrastructure subprocessors include cloud storage and hosting providers such as Amazon Web Services ("AWS") and Google Cloud Platform ("GCP"), which process personal information on our behalf as part of the technical infrastructure through which the Services are delivered. These providers are subject to applicable privacy, security, confidentiality, and data protection obligations consistent with those described in this Privacy Policy.

  • With Operational Vendors. that support our internal business functions, such as communications, analytics, marketing, and customer support. These providers may process business contact information and operational data in connection with the services they provide to ROOK, but do not process the health, wellness, fi tness, or activity data of Client's End Users as part of the Services.

  • For business transfers: We may use or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, fi nancing, acquisition, restructuring, reorganization, dissolution, or other similar transaction. In such cases, personal data processed in connection with the Services may be among the transferred assets, including aggregated, anonymized, pseudoanonymized, or de-identifi ed information used for analytics, research, operational, or Services improvement purposes.

  • For legal requirements. When required by law or any judicial authority, to comply with legal obligations, to defend our intellectual property rights, to protect your personal security within the site, and protection and defense against any legal claim, always assuming the commitment to only disclose it in extreme necessity and in good faith.

C. MODE, PLACE, AND METHODS OF PROCESSING THE DATA

Personal data is processed using computers and technology-enabled tools in accordance with organizational policies and procedures related to the stated purposes. In certain cases, personal data may be accessible to ROOK employees involved in the operation of the ROOK Website, application, and supporting applications. External parties, such as third-party technical service providers, hosting providers, and IT companies, may also have access to personal data as Subprocessors appointed by ROOK.

D. LEGAL BASIS OF PROCESSING

ROOK may process personal data when one of the following legal bases applies:

Consent: Processing is based on your consent for one or more specifi c purposes.

Performance of a Contract: Processing is necessary for the performance of contractual obligations associated with the Services.

Legal Obligation: Processing is necessary to comply with a legal obligation.

Legitimate Interests: Processing is necessary for the legitimate interests pursued by ROOK or a third party.

Processing of End User Data: ROOK processes personal information of Client's End Users on behalf of and under the instructions of the applicable Client. The Client is responsible for obtaining and managing any necessary authorizations, consents, or legal bases required under applicable law in connection with their End Users' personal information.

The specifi c legal basis for processing personal data will be provided upon request, including whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

E. PLACE

Personal information may be processed, hosted, stored, or accessed in the United States where ROOK and its authorized Subprocessors, Service Providers, contractors, Business Associates, or infrastructure providers operate.

ROOK primarily operates and hosts its Services in the United States through authorized infrastructure and Service Providers.

F. RETENTION

ROOK will retain personal information for as long as reasonably necessary to fulfi ll the purposes described in this Privacy Policy, provide the Services, comply with applicable laws, contractual, regulatory, tax, accounting, security, and compliance obligations, resolve disputes, enforce agreements, and protect our legitimate business interests.

Retention periods are determined based on the type of information, the nature of the Services provided, applicable legal requirements, contractual obligations with Clients, security and fraud prevention needs, and other legitimate business purposes. ROOK maintains a formal Data Retention and Destruction Policy that governs the specifi c retention periods and disposal procedures applicable to each category of personal information processed through the Services.

We will retain marketing and communication preferences for as long as necessary to honor your choices regarding such communications. You may opt out of receiving marketing or promotional communications at any time through the unsubscribe mechanisms provided in such communications or by contacting us.

When personal information is no longer required for these purposes, ROOK will take reasonable steps to securely delete, destroy, anonymize, de-identify, or otherwise dispose of such information in accordance with applicable laws and our internal data retention and destruction policies.

G. SECURITY

We are committed to protecting personal information and implementing reasonable administrative, technical, physical, and organizational safeguards designed to protect data against unauthorized access, loss, misuse, disclosure, alteration, destruction, or other unlawful processing activities.

We follow industry best practices, standards, and security measures designed to support the confi dentiality, integrity, availability, resilience, and security of personal information and related systems.

Our security measures may include, without limitation:

  • Data Encryption: ROOK uses industry-standard and industry-leading encryption technologies designed to protect data both at rest and in transit.

  • Access Controls: ROOK implements role-based access controls (“RBAC”), least privilege principles, and need-to-know access restrictions designed to ensure that only authorized personnel may access protected information based on their responsibilities and business needs.

  • Cloud Infrastructure Security: ROOK operates on secure and scalable cloud infrastructure environments with multiple layers of security protections, monitoring, and infrastructure safeguards.

  • Pseudonymization Measures: ROOK implements UUID-based and similar technical measures designed to pseudonymize certain data elements, reduce direct identifi ability, and minimize unnecessary exposure of personal information where appropriate.

  • Security Monitoring and Assessments: ROOK conducts periodic security reviews, audits, monitoring activities, assessments, and vulnerability management processes designed to identify, evaluate, and address potential security risks.

  • Workforce Training and Awareness: ROOK personnel receive privacy, security, confi dentiality, and data protection training appropriate to their responsibilities.

While ROOK implements measures designed to protect personal information, no method of electronic transmission, storage, or processing can be guaranteed to be completely secure. Accordingly, ROOK cannot guarantee absolute security of any information processed through the Services.

INCIDENT RESPONSE AND NOTIFICATIONS

ROOK maintains processes and procedures designed to identify, assess, investigate, respond to, document, and address privacy and security incidents involving personal information processed through the Services.

Where required by applicable law, ROOK may notify aff ected parties and applicable regulatory authorities regarding certain privacy or security incidents involving personal information, in accordance with applicable legal and regulatory requirements.

CROSS BORDER TRANSFER

ROOK is headquartered in the United States, and its Services are primarily operated and hosted in the United States through authorized cloud infrastructure providers, including Amazon Web Services ("AWS"). As a result, personal information collected through the Services may be processed, stored, or accessed in the United States, regardless of the country from which it was originally collected.

ROOK recognizes that the United States and other countries to which data may be transferred may have data protection laws that diff er from those applicable in your jurisdiction. Accordingly, ROOK implements appropriate legal safeguards to ensure that all cross-border transfers of personal information are conducted in compliance with applicable law and in a manner that maintains an adequate level of protection for such information.

Depending on the jurisdiction from which personal information originates and the nature of the transfer, ROOK relies on one or more of the following legally recognized mechanisms: Standard Contractual Clauses (SCCs), adequacy decisions issued by competent authorities, or the EU–US Data Privacy Framework and its applicable extensions. All subprocessors and third-party service providers that receive or access personal information on behalf of ROOK are subject to equivalent transfer safeguards under the same mechanisms.

This Privacy Policy is designed to align with and support compliance with applicable privacy, data protection, healthcare, and information security laws and regulations, including, where applicable, the Health Insurance Portability and Accountability Act (“HIPAA”), the General Data Protection Regulation (“GDPR”), the Federal Law on Protection of Personal Data Held by Private Parties (Mexico), and the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”).

YOUR RIGHTS

You have the following rights regarding your personal data processed by ROOK:

  1. Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your personal data at any time.

  2. Right to Object: You can object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

  3. Right of Access: You can request access to your personal data and obtain information about the processing activities.

  4. Right to Rectifi cation: You can request the correction or update of inaccurate or incomplete personal data.

  5. Right to Restrict Processing: You have the right to restrict the processing of your personal data under certain circumstances.

  6. Right to Erasure: You can request the erasure of your personal data, subject to legal obligations or overriding legitimate grounds.

  7. Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another data controller.

  8. Right to lodge a Complaint: You have the right to lodge a complaint with a data protection authority regarding the processing of your personal data.

  9. Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any applicable privacy rights under applicable law.

You may submit requests relating to your personal information or applicable privacy rights by contacting us at compliance@tryrook.io.

We may request specifi c information or documentation to verify your identity and process your request in accordance with applicable law, security requirements, and our internal procedures. Applicable law may permit or require us to decline certain requests under specifi c circumstances. If we decline your request, we will provide information regarding the basis for such decision, subject to applicable legal restrictions.

If you have concerns regarding our privacy practices, the processing of your personal information, or our response to your requests, you may contact us directly. Subject to applicable law, you may also have the right to submit a complaint to an applicable privacy, consumer protection, healthcare, or data protection regulatory authority or government agency with jurisdiction over such matters.

AUTOMATED PROCESSING, PROFILING, AND WELLNESS INSIGHTS

This processing may include the automated analysis of demographic and profi le, body, sleep, body and wellness, physical and activity related metrics in order to provide normalized scores, trend indicators, and wellness-related observations.

ROOK’s automated processing is designed to support wellness analytics and informational reporting and is not intended to diagnose medical conditions, provide medical advice, determine insurance eligibility, evaluate employment suitability, or make decisions that produce legal or similarly signifi cant eff ects concerning Client’s End User

ROOK does not use automated processing to independently make decisions that produce legal or similarly signifi cant eff ects concerning individuals. Any downstream decisions, actions, or determinations made using ROOK-enabled outputs are controlled by the applicable Client.

We expect Clients to use generated outputs responsibly, lawfully, and in compliance with applicable privacy, healthcare, consumer protection, employment, anti-discrimination, and other applicable laws and regulations.

NOTIFICATION OF RECTIFICATION OR ERASURE

ROOK may correct, update, restrict, anonymize, de-identify, or delete personal information where required or permitted by applicable law, contractual obligations, security requirements, compliance obligations, operational needs, or valid requests from Clients or authorized individuals.

Where required by applicable law or where appropriate under the circumstances, ROOK may provide notice regarding material corrections, updates, restrictions, or deletions of personal information.

SPECIAL CATEGORIES

The personal information processed through the Services may include categories that are recognized as sensitive or special under applicable privacy and data protection laws, including health, wellness, fi tness, activity, biometric, body-related, and demographic information, as further described in the Information We Collect section of this Privacy Policy.

ROOK is aware of the heightened privacy and security obligations that apply to special categories of personal data under applicable law. Rather than applying diff erentiated standards by category, ROOK's practice is to treat all personal information processed through the Services, regardless of its classifi cation, with the same level of privacy protection, confi dentiality, and security controls that applicable law reserves for its most sensitive categories. This means that the administrative, technical, and organizational safeguards described in the Security section of this Privacy Policy apply uniformly and without exception across all data processed by ROOK.

Where required by applicable law, the processing of special categories of personal data is carried out on the basis of explicit consent, the provision of health or wellness-related services at the request of the data subject, or other applicable legal bases recognized under relevant legislation.

PERSONAL INFORMATION OF MINORS

We may collect or process personal information relating to minors only in compliance with applicable privacy, data protection, and information security laws. Our Services are not directed to individuals under the age of 13, and we do not knowingly collect or process personal information from individuals under 13 years of age. If we become aware that such information has been collected, it will be deleted in accordance with applicable law.

Personal information relating to individuals over the age of 13 but still considered minors under applicable law may only be processed with any legally required parental or legal guardian consent, authorization, or permission. Where required by applicable law, Clients may be requested to provide evidence or documentation demonstrating that the appropriate parental or legal guardian consent or authorization has been obtained.

NON-DISCRIMINATION

ROOK is committed to providing its Services in a manner that promotes respect, fairness, and non-discrimination. We do not tolerate unlawful discrimination based on gender, race, ethnicity, nationality, social or economic condition, disability, religion, sexual orientation, or any other characteristic protected under applicable law. ROOK also supports the right of individuals to exercise their applicable privacy rights without discriminatory treatment.

LINKS ON THE SITE

We may have made available links to third-party sites in the display of our information or in any part of our website, however, we are not responsible for their privacy practices, for which we invite you before using their services or site to read their policies.

MODIFICATIONS TO THE PRIVACY POLICY

We may update or modify this Privacy Policy from time to time to refl ect changes in our Services, practices, technologies, legal requirements, or other operational, regulatory, or business purposes.

When required by applicable law or when material changes are made, we may provide additional notice through our website, Services, email communications, or other appropriate means. Where changes materially aff ect the rights of individuals with respect to their personal information, ROOK will make reasonable eff orts to notify aff ected users through available communication channels prior to such changes taking effect. The "Last Updated" date at the top of this Privacy Policy indicates when this Privacy Policy was most recently revised.

Please periodically review this Privacy Policy to remain informed about our privacy practices.

CONTACT US

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy, our privacy practices, your personal information, or if you wish to exercise your privacy rights, you may contact our Data Protection Offi cer (“DPO”) at:

ROOKERIES DEVELOPMENT, CORP.

Attn: Data Protection Offi cer (DPO)

compliance@tryrook.io

1310 Rayford Park Rd. Suite 337 Spring, TX, 77386, United States.