PRIVACY POLICY
Last Revised: May 17, 2025
This Privacy Notice for Willma development ("we," "us," or "our"), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
● Download and use our mobile application (WILLMA Beta V1), or any other application of ours that links to this Privacy Notice
● Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at developer@wilma.life.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by using our table of contents below to find the section you are looking for.
● What personal information do we process? When you visit, use, or navigate our Services for Beta V1, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. This primarily includes information you provide for account registration, information related to your interaction with trainers and nutrition plans, and technical data from your device. Learn more about personal information you disclose to us.
● Do we process any sensitive personal information? For Beta V1, we may process sensitive personal information, such as health-related data (e.g., dietary preferences, allergies, health goals) that you voluntarily provide to your chosen trainer through our Services for the creation of your nutrition plan. We also process financial data for payment processing via our third-party provider. We process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.
● Do we collect any information from third parties? For Beta V1, we do not actively collect personal information directly from third-party data brokers or similar sources. If you choose to engage with features that may involve third-party services in future versions (like social logins, which are not available in V1), this section will be updated.
● How do we process your information? We process your information to provide, improve, and administer our Services (specifically the Beta V1 features), communicate with you (including essential notifications), for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
● In what situations and with which parties do we share personal information? We may share information in specific situations, primarily with our payment processor (EasyKash) to facilitate your purchases, and with essential service providers who help us operate and secure the Beta V1 application (e.g., hosting, error tracking). Learn more about when and with whom we share your personal information.
● How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. Learn more about how we keep your information safe.
● What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
● How do you exercise your rights? The easiest way to exercise your rights for Beta V1 is by contacting us. We will consider and act upon any request in accordance with applicable data protection laws. Learn more about how you can review, update, or delete the data we collect from you.
Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us for the operation of Beta V1 features.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services (such as interacting with trainers or your nutrition plan), or otherwise when you contact us.
● Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use in Beta V1. The personal information we collect may include the following:
○ names
○ phone numbers
○ email addresses
○ passwords
○ Information you provide in chat messages with trainers.
○ Information related to your execution of nutrition plans (e.g., marking meals as completed).
● Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information for Beta V1:
○ Health Data: For Beta V1, health data may include information you voluntarily provide to your chosen trainer through our Services (e.g., via chat or in response to trainer queries after purchasing a plan) such as dietary restrictions, allergies, fitness goals, or other health-related details necessary for your trainer to create your nutrition plan.
○ Financial Data: This is processed as described below for payments.
● Payment Data. We collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by EasyKash. You may find their privacy notice link(s) here: [ “https://www.easykash.net/privacy”]. Willma may receive transaction IDs and status information from EasyKash but does not directly store your full payment instrument details.
● Social Media Login Data. We do not currently offer the option to register or log in using social media accounts for Beta V1. If this feature is introduced in the future, this policy will be updated accordingly.
● Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:
○ Geolocation Information. We do not currently request access to track precise location-based information from your mobile device for Beta V1. If future features require this for specific services, we will request your permission at that time.
○ Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version (if applicable), hardware model, Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed.
○ Push Notifications. For Beta V1, we primarily use in-app notifications. We are setting up infrastructure for push notifications for important account updates (like plan updates and chat messages) and will request your permission if you choose to enable them. You can manage these preferences in your device's settings.
This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting (e.g., via error tracking services like Sentry), and for our internal analytics and reporting purposes related to Beta V1 functionality.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Beta V1 Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services in Beta V1, including:
● To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order for the Beta V1 Services.
● To deliver and facilitate delivery of Services to the user. We process your information to provide you with the requested Services, which for Beta V1 primarily includes connecting you with trainers, enabling the purchase and delivery of nutrition plans, facilitating basic chat communication, and allowing you to track simple execution of your nutrition plan.
● To send administrative information to you. We may process your personal information to send you details about our products and services (particularly updates related to the Beta V1 program), changes to our terms and policies, and other similar information.
● To respond to user inquiries and offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the use of our Beta V1 Services (e.g., through basic chat support or email).
● For security and fraud prevention. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention, and to troubleshoot issues (e.g., through error tracking services like Sentry).
● To comply with our legal obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
● To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
If you are located in the EU or UK, this section applies to you. The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
● Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. This includes consent for processing sensitive health data you provide to your trainer for plan creation, or for enabling push notifications. You can withdraw your consent at any time. Learn more about withdrawing your consent.
● Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services (account management, facilitating trainer connection, processing purchases, delivering nutrition plans, enabling chat and plan execution features of Beta V1) or at your request prior to entering into a contract with us.
● Legitimate Interests. We may process your information when we believe it is necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
○ Ensure the security of our Services and prevent fraud.
○ Analyze how our Beta V1 Services are used so we can improve them to engage and retain users (e.g., through internal analytics and error tracking).
○ Diagnose problems and/or prevent fraudulent activities.
● Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
● Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are located in Canada, this section applies to you. We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time. In some exceptional cases, we may be legally permitted under applicable law to continue processing your information without consent, for example:
● to comply with a legal obligation;
● when collection is clearly in the interests of an individual and consent cannot be obtained in a timely way;
● for investigations and fraud detection and prevention;
● for business transactions, provided certain conditions are met;
● if the information is publicly available and is specified by regulation;
● when it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim;
● where necessary to evaluate, process, or settle an insurance claim;
● when we need to comply with a subpoena, warrant, court order, or rules of court relating to the production of records;
● when it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced;
● if the collection is solely for journalistic, artistic, or literary purposes; or
● if the information is about an individual who is deceased and we have reasonable grounds to believe the individual’s next of kin is seeking the information solely for informational, genealogical, or family-research purposes.
We share information only when strictly necessary to operate Willma Beta V1:
|
Situation |
Categories of Recipients |
Purpose |
|
Service operation & infrastructure |
Cloud-hosting providers; database-as-a-service vendors; monitoring & error-tracking provider (e.g., Sentry) |
To host the application, store data securely, detect and fix bugs, and maintain service reliability. |
|
Payment processing |
EasyKash (our third-party payment processor) |
To process your purchases. We receive only transaction IDs, status, and limited metadata—not your full card details. |
|
Customer support communications |
Email delivery platform (if you email us) |
To respond to inquiries, send purchase confirmations, or notify you of material changes to the Beta program or this Policy. |
|
Legal or compliance requirements |
Competent courts, regulators, law-enforcement authorities, or advisors |
To comply with applicable law, court orders, or defend our legal rights. |
|
Business transfers |
Successors or assigns in connection with any merger, sale of company assets, financing, or acquisition |
If we are involved in a corporate transaction, your information may be transferred as permitted by law and subject to the promises in this Notice. |
No Offer Walls or Third-Party Ad Networks in Beta V1
Willma Beta V1 does not include third-party “offer walls,” advertising SDKs, or embedded marketing networks. If such features are introduced in a future release, this Notice will be updated before launch.
Willma Beta V1 uses only essential first-party technologies (such as secure session tokens, local storage, and crash-report identifiers) to:
● keep you logged in;
● remember in-app preferences (e.g., language, theme);
● measure basic, aggregated performance metrics; and
● help us diagnose and resolve crashes or security incidents.
We do not serve behaviorally-targeted third-party advertisements, nor do we track you across unaffiliated apps or websites.
Willma Beta V1 does not support social-media registration or login. If we add this option later, we will revise this Privacy Notice and request your permission before enabling it.
We retain personal information only as long as necessary to fulfill the purposes described in this Notice, unless a longer retention period is required or permitted by law (e.g., tax, accounting, or other statutory requirements). When we have no ongoing legitimate need to process your personal information, we will either delete or anonymize it. If that is not possible (for example, because your data is stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.
We implement industry-standard technical and organizational measures, including but not limited to:
● TLS 1.2+ encryption in transit and AES-256 encryption at rest;
● role-based access controls and the principle of least privilege;
● periodic security audits and vulnerability scanning;
● continuous monitoring and automated alerting for anomalous activities;
● secure-coding practices, code review, and dependency-vulnerability management; and
● encrypted VPN access for administrative functions.
Although we strive to safeguard your information, no electronic transmission or storage method is completely secure, and we cannot guarantee absolute security.
Depending on your region, you may have rights that include:
● Access – Obtain a copy of your personal information;
● Rectification – Correct inaccurate or incomplete data;
● Erasure – Request deletion of your personal information;
● Restriction – Limit the processing of your data in certain circumstances;
● Portability – Receive your data in a structured, machine-readable format;
● Objection – Object to processing based on legitimate interests;
● Consent withdrawal – Withdraw any consent you previously gave us;
● Complaint – Lodge a complaint with your local supervisory authority.
To exercise any of these rights for Beta V1, email privacy@wilma.life or write to the postal address in Section 14. We will respond in accordance with applicable law.
Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature. Because there is no uniform technology standard for recognising and implementing DNT signals, Willma Beta V1 currently does not respond to them. We will update this Notice if a standard is adopted that we must follow in the future.
If you are a U.S. resident, state-specific privacy laws (e.g., the California Consumer Privacy Act — CCPA, as amended by CPRA) may provide additional rights regarding your personal information, including:
● the right to know what categories of personal information we collect and how we use and disclose that information;
● the right to request deletion or correction of certain personal information;
● the right to opt out of “sales” or “sharing” of personal information (as defined by statute).
Willma Beta V1 does not “sell” or “share” your personal information for cross-context behavioral advertising. To make a request under applicable U.S. law, use the contact details in Section 14.
● EU/EEA & UK – You may have additional rights under the GDPR/UK GDPR, as outlined in Section 9.
● Brazil – You have rights under the LGPD, including confirmation of processing and anonymisation where applicable.
● MENA & GCC – Where local data-protection laws apply, we honor the rights granted thereunder.
Please contact us if you have questions about region-specific rights.
Yes. We may update this Privacy Notice from time to time to remain compliant with relevant laws or to reflect changes to Willma Beta’s features. When we do, we will:
If we make material changes, we will notify you via email or an in-app alert.
Willma Inc.
Attention: Privacy Team
23 El-Batal Ahmed Abdel-Aziz St., Dokki, Giza 12311, Egypt
Email: privacy@wilma.life
For Beta V1 you can:
● Review & update basic account info – open the Profile → Account Settings section of the Willma app.
● Request additional access, portability, correction, or deletion – email us at privacy@wilma.life with the subject line “Data Request.”
● Withdraw consent (e.g., health-data processing, push notifications) – use the relevant in-app setting or email us.
We will verify your identity before fulfilling requests and respond within the timeframe required by applicable law.