PRIVACY STATEMENT

Last updated: March 24, 2026

This Privacy Statement for Liberdat B.V. (doing business as Liberdat) (“we”, “us”, or “our”) explains how and why we may access your personal data, and how we collect, store, use, and/or share (“process”) it when you use our services (“Services”) via:

• Website: https://liberdat.io • Mobile application (Liberdat), available via the Apple Store: https://apps.apple.com/in/app/liberdat/id6463052903 or the Google Play Store: https://play.google.com/store/apps/details?id=com.liberdat.liberdatbeta&hl=en_IN&pli=1

Liberdat is a privacy-focused data platform, designed in compliance with the General Data Protection Regulation (GDPR) and aligned with international security standards. It enables users to securely collect personal data and share it with their healthcare provider, as well as with verified researchers in a form that is not directly identifiable to you (see Section 9). Users retain control over what they share and can exercise their rights at any time.

If you have questions or concerns, this Privacy Notice will help you understand your rights and choices. We are responsible for decisions regarding the processing of your personal data. If you do not agree with our policies and practices, please do not use our Services. For further questions, contact us at info@liberdat.io.

TABLE OF CONTENTS

  1. What data do we collect?
  2. Why do we process your data?
  3. What legal basis do we rely on?
  4. When and with whom do we share your data?
  5. Do we use cookies and tracking technologies?
  6. Do we offer AI-based products?
  7. Is your data transferred internationally?
  8. How long do we retain your data?
  9. How do we keep your data safe?
  10. Do we collect data from minors?
  11. What are your privacy rights?
  12. Do-not-track features
  13. Updates to this notice
  14. Contact information

1. WHAT DATA DO WE COLLECT?

We collect personal data that you voluntarily provide when registering for our Services.

Personal data provided by you This includes data entered into the application, necessary for generating health predictions: • Names • Email addresses • Passwords • Contact or authentication data • Health data from devices • Health data provided by you

Data collected via smartphone When using our platform on a smartphone, we may collect: • Mobile app permissions: Access to features such as health and fitness data, sensors, and other functionalities (e.g., step count via Apple HealthKit or Health Connect) • Device data: Device ID, model, OS, configuration, IP address, network, etc. • Usage data: Interaction with app features, such as frequency of tracking and viewed metrics

Data collected via desktop (web portal)Log and usage data: IP address, browser type, activity logs, timestamps, etc. • Device data: Hardware, OS, provider, and configuration data

Google API Our use of Google API data complies with the Google API Services User Data Policy, including Limited Use requirements.

2. WHY DO WE PROCESS YOUR DATA?

With your consent, we process your data to provide our Services: • Research: Data may be used for research described by your healthcare provider • Data sharing: Data may be shared with verified researchers in a non-directly identifiable form

Additional purposes: • Account management and authentication • Customer support • Administrative communications • User-to-user communication • Feedback collection • Security and fraud prevention • Usage analysis and service improvement • Protection of vital interests

3. LEGAL BASIS FOR PROCESSING

Under GDPR, we rely on: • Consent (which can be withdrawn at any time) • Legal obligations (e.g., compliance with authorities or legal claims)

4. WHEN AND WITH WHOM DO WE SHARE YOUR DATA?

We only share your data with your explicit consent: • With your selected healthcare provider • With verified researchers (in non-directly identifiable form)

We also use the following processors: a) Amazon Web Services b) PostHog c) Apple Store d) Google Play Store e) Firebase f) Apple Push Notifications g) Resend

5. COOKIES AND TRACKING TECHNOLOGIES

We may use cookies and similar technologies for: • Security and functionality • Bug fixing and crash prevention • Preferences storage Third parties may also use tracking technologies for analytics and advertising.

6. AI-BASED PRODUCTS

We currently do not offer AI-based products. However, we use Machine Learning (ML) technologies in a scientific context for health predictions.

7. INTERNATIONAL DATA TRANSFERS

Our servers are located in Germany. Data may also be processed in: • EU • UK • USA • Canada • Other countries

Transfers to the US rely on the EU-US Data Privacy Framework. Other transfers use Standard Contractual Clauses approved by the European Commission.

8. DATA RETENTION

We retain data as long as necessary to provide Services, unless longer retention is legally required. If no longer needed, data is deleted, anonymized, or securely stored until deletion is possible.

9. DATA SECURITY

We implement appropriate technical and organizational measures, such as encryption. When sharing non-directly identifiable data: • Direct identifiers (name, email, DOB) are removed • Data may be transformed (e.g., step counts modified) However, re-identification may still be possible in rare cases.

10. DATA FROM MINORS

We do not knowingly collect data from individuals under 18. If such data is identified: • Accounts will be deactivated • Data will be deleted Contact us if you believe such data has been collected.

11. YOUR PRIVACY RIGHTS

Under GDPR, you may have rights to: • Access your data • Correct or delete data • Restrict processing • Data portability • Object to processing • Avoid automated decision-making You can exercise these rights via info@liberdat.io.

Withdrawal of consent You can withdraw consent by deleting your account: Settings → Delete Account

12. DO-NOT-TRACK

We currently do not respond to Do-Not-Track signals due to lack of a uniform standard.

13. UPDATES TO THIS NOTICE

We will inform you of significant changes.

14. CONTACT

For questions, contact: Data Protection Officer: Dane Hoeksma dane.hoeksma@liberdat.io

Postal address: Liberdat B.V. Soerapatistraat 59 1018 PN, Amsterdam The Netherlands