PRIVACY POLICY

سياسة الخصوصية

Tamreen Platform Tamreen Sports Consulting Company (شركة تمرين للاستشارات الرياضية)

Effective Date: May 8, 2026 Last Updated: May 8, 2026 Document Version: 1.1

PREAMBLE

Tamreen Sports Consulting Company (شركة تمرين للاستشارات الرياضية) ("Tamreen," "we," "us," or "our") is committed to handling your personal data responsibly, transparently, and in accordance with applicable law.

This Privacy Policy explains what data we collect, why we collect it, how we use and share it, how long we keep it, and what rights you have in relation to it. It applies to all Users and Service Providers who access or use the Tamreen Platform, including the mobile application, website, and all associated digital services.

This Privacy Policy forms an integral part of Tamreen's Terms and Conditions and should be read alongside them. By creating an Account and accepting these policies through the in-platform consent mechanism, you confirm that you have read and understood this Privacy Policy.

Governing Law: This Privacy Policy is governed by the laws of the State of Kuwait, including the Kuwait Electronic Transactions Law (Law No. 20 of 2014), the Kuwait Cybercrime Law (Law No. 63 of 2015), and the Kuwait Constitution, Article 39. Additional data protection legislation may apply and will be incorporated upon legal confirmation.

1. DATA CONTROLLER

1.1 The data controller responsible for your personal data is:

Tamreen Sports Consulting Company شركة تمرين للاستشارات الرياضية Commercial Registration No.: Defined in the Platform Email: support@Mytamreen.com Address: Kuwait, Kuwait

1.2 The data controller function is currently held by the founder of Tamreen and may be delegated to a designated Data Protection Officer or equivalent role as the organization scales. Any such delegation will be reflected in an update to this Policy.

2. DATA WE COLLECT

We collect data in different categories depending on who you are and how you use the Platform. The following sets out what we collect, how, and why.

2.1 Account and Profile Data (All Users)

When you register and use the Platform, we collect:

(a) Full name;

(b) Email address;

(c) Phone number;

(d) Date of birth;

(e) Gender;

(f) Profile photo (if uploaded); and

(g) Language preference and account settings.

2.2 Service Provider Data

In addition to the data in Section 2.1, Service Providers are required to provide:

(a) Civil ID number (for identity verification purposes);

(b) Professional qualifications, certifications, and licensing information;

(c) Banking details and payment account information (required to receive earnings transfers from Tamreen); and

(d) Any other documentation required during Tamreen's onboarding and approval process.

Service Provider banking and Civil ID data is collected strictly for the purpose of verifying identity and processing legitimate payment transfers of earnings. This data is not shared with Users and is subject to enhanced security controls.

2.3 Fitness and Wellness Data (Sensitive Category)

When you use fitness or wellness features on the Platform, we may collect:

(a) Fitness goals and objectives;

(b) Training history and program progress;

(c) Physical measurements entered voluntarily by the User (e.g., height, weight, body measurements);

(d) Dietary preferences and nutritional information entered by the User; and

(e) Performance indicators and self-reported health information.

Tamreen treats all fitness and wellness data as sensitive personal data. This data will not be shared with any Service Provider without your explicit, separate consent given through the in-platform consent mechanism. Sharing this data is optional and does not affect your ability to access the Platform.

2.4 Future Biometric and Wearable Integration

Tamreen may in the future introduce features that integrate with wearable devices and health platforms (such as Apple Health, Google Fit, or similar services) to collect biometric data including but not limited to heart rate, step count, sleep data, and other health metrics. Any such integration will:

(a) be implemented only with your explicit, separate consent;

(b) be clearly disclosed to you before activation; and

(c) be subject to an update to this Privacy Policy before it takes effect.

No biometric or wearable data is currently collected by the Platform.

2.5 Payment and Transaction Data

We collect data related to your use of paid features, including:

(a) Subscription plan selected and billing history;

(b) Transaction reference numbers and payment status; and

(c) Refund and dispute records.

Tamreen does not store full payment card numbers or sensitive card verification data on its own servers. Payment processing is handled by MyFatoorah, which stores subscription-related transaction data on its own systems as part of its service. See Section 6.2 for more detail.

2.6 In-App Messaging Data

The Platform includes an in-app messaging feature that enables communication between Users and Service Providers. Messages sent through this feature are stored on Tamreen's infrastructure. We may access the content of messages where necessary to:

(a) investigate reports of abuse, misconduct, or policy violations;

(b) resolve disputes between Users and Service Providers; or

(c) comply with legal obligations or a valid court order.

Tamreen does not routinely monitor the content of private messages.

2.7 Location Data

The Platform may request access to your device's location, but only with your explicit permission. Location data is collected only when you grant access through your device's operating system permissions interface. You may withdraw location permission at any time through your device settings. Withdrawing location access does not affect your ability to use the core features of the Platform.

2.8 Usage and Technical Data

When you use the Platform, we automatically collect technical data including:

(a) Device type, model, and operating system;

(b) Application version;

(c) IP address;

(d) Session data including login times, duration, and activity within the Platform;

(e) Features accessed and content viewed;

(f) Crash reports and error logs; and

(g) Network type and connection information.

2.9 Consent and Compliance Data

Each time you accept our Terms and Conditions, this Privacy Policy, or any other policy or consent prompt through the Platform, we generate a Consent Record that includes:

(a) Your account identifier;

(b) Date and time of acceptance (timestamp);

(c) Document version accepted;

(d) Type and mechanism of consent given (e.g., checkbox, acceptance button);

(e) Device type, operating system, and application version;

(f) Session metadata; and

(g) IP address, where technically available.

Consent Records are maintained as evidence of lawful processing and compliance. See Section 8.4 for retention details.

2.10 Marketing and Analytics Data

If you interact with Tamreen's marketing channels (including the website, social media, or advertising), we may collect data through analytics and advertising tools. See Sections 5 and 6 for details on the specific tools and platforms involved.

3. HOW WE USE YOUR DATA

We use the data we collect for the following purposes:

3.1 To create and manage your Account and authenticate your identity.

3.2 To deliver and personalize the Services you access on the Platform, including matching you with relevant Programs and Service Providers.

3.3 To process payments, manage Subscriptions, and handle billing, refunds, and disputes.

3.4 To facilitate in-app communication between Users and Service Providers.

3.5 To transfer earnings to Service Providers following commission deduction, using Civil ID and banking data for verification and payment processing.

3.6 To monitor and improve Platform performance, user experience, and technical stability.

3.7 To send service-related communications, including account notifications, payment confirmations, policy updates, and security alerts. These communications are sent regardless of your marketing preferences.

3.8 To send marketing communications, promotional offers, and content recommendations — only where you have given consent under Section 2 of the User Consent document.

3.9 To conduct analytics on Platform usage, aggregated Program performance, and user behavior, for the purpose of improving the Platform and informing product decisions.

3.10 To maintain Consent Records and demonstrate compliance with applicable law.

3.11 To investigate and prevent fraud, abuse, unauthorized access, and violations of our Terms and Conditions.

3.12 To enforce our platform rules, including suspension and termination of accounts where required.

3.13 To comply with legal obligations, respond to court orders, and cooperate with competent authorities.

4. LEGAL BASIS FOR PROCESSING

We process your personal data on the following legal bases:

4.1 Consent: Where you have provided explicit consent, including for the processing of fitness and wellness data, for sharing data with Service Providers, for marketing communications, and for location data. You may withdraw consent at any time in accordance with Section 10.

4.2 Contract: Where processing is necessary for the performance of your agreement with Tamreen, including account creation, service delivery, payment processing, and earnings transfers to Service Providers.

4.3 Legitimate Interests: Where processing is necessary for Tamreen's legitimate business interests, including Platform security, fraud prevention, analytics for product improvement, and enforcement of platform rules, provided those interests are not overridden by your rights and interests.

4.4 Legal Obligation: Where processing is required to comply with applicable Kuwait law, including commercial record-keeping obligations, regulatory requirements, and responses to valid legal process.

5. THIRD-PARTY SERVICE PROVIDERS AND TOOLS

To operate the Platform, Tamreen uses a number of third-party technology providers. These providers may process your data on our behalf. We take reasonable steps to ensure they handle data securely and in accordance with their own privacy standards and applicable law.

5.1 Analytics and Product Intelligence

5.2 User Engagement and Communications

5.3 Payment Processing

5.4 Infrastructure

5.5 Future Tools

Tamreen may integrate additional third-party tools in the future. Where any new tool involves the processing of personal data, we will update this Privacy Policy before the integration takes effect.

6. MARKETING, ADVERTISING, AND RETARGETING

6.1 Tamreen uses advertising and retargeting pixels and SDKs from third-party marketing platforms to measure advertising effectiveness and deliver relevant advertising to prospective users. The platforms currently used or planned for use include:

(a) Meta (Facebook and Instagram) Pixel;

(b) TikTok Pixel;

(c) Google Ads (conversion tracking and remarketing); and

(d) Snapchat Pixel.

6.2 These tools may collect data including your IP address, browser or device identifiers, pages or content viewed, and actions taken on the Platform or website, for the purposes of advertising measurement and audience targeting.

6.3 Advertising data collected through these tools is governed by the privacy policies of the respective platforms. Tamreen does not control how these platforms use data received through their pixels and SDKs.

6.4 Where required by applicable law or where consent is the appropriate legal basis for such tracking, Tamreen will obtain your consent before activating marketing pixels.

6.5 You may manage advertising preferences through:

(a) your device's operating system advertising settings (e.g., Limit Ad Tracking on iOS, Opt out of Ads Personalization on Android); and

(b) the opt-out mechanisms provided by each advertising platform directly.

7. DATA SHARING

7.1 Service Providers (Technology) We share data with the third-party providers listed in Section 5 solely for the purposes described. These providers act as data processors on our behalf and are not permitted to use your data for their own purposes beyond what is necessary to provide their services to us.

7.2 Service Providers (Coaches and Professionals) Where you subscribe to or purchase a Program from a Service Provider on the Platform, we share with that Service Provider only the data necessary to deliver the Program you have purchased. This includes your name and contact information required to support your Program.

Fitness and wellness data (Section 2.3) will only be shared with a Service Provider if you provide explicit, separate consent through the in-platform consent mechanism. This consent is optional.

Service Providers will not have access to your fitness and wellness data after you cancel or terminate a Program, unless you provide separate consent for continued access. Access is revoked automatically when a Program ends.

Tamreen shares aggregated, anonymized analytics data with Service Providers to help them understand their Program performance. This aggregated data does not identify individual Users.

7.3 Payment Processors We share transaction data with MyFatoorah as necessary to process payments and manage Subscriptions. MyFatoorah processes and stores subscription transaction data in accordance with its own privacy policy and applicable Central Bank of Kuwait regulations.

7.4 Legal and Regulatory Authorities We may disclose personal data to competent authorities, courts, or regulators where required by applicable Kuwait law, a valid court order, or other binding legal process. Where legally permitted to do so, Tamreen will notify you of such a disclosure.

7.5 Business Transfers In the event of a merger, acquisition, reorganization, or sale of all or substantially all of Tamreen's assets, your personal data may be transferred to the acquiring entity as part of the transaction. You will be notified of any such transfer and any material change to this Privacy Policy that results from it.

7.6 No Sale of Personal Data Tamreen does not sell, rent, or trade your personal data to any third party for their own commercial purposes.

8. DATA STORAGE, SECURITY, AND INTERNATIONAL TRANSFERS

8.1 Storage Location

Your data is stored on Amazon Web Services (AWS) infrastructure. Tamreen uses AWS servers in two regions:

(a) Middle East (UAE) — primary region; and

(b) Europe (Paris, France) — secondary/backup region.

No user data is currently stored on servers physically located within Kuwait. All storage is cloud-hosted outside Kuwait.

8.2 Cross-Border Data Transfers

By creating an Account and accepting this Privacy Policy through the in-platform consent mechanism, you acknowledge and consent to the transfer of your personal data to and from servers located outside Kuwait, including in the UAE and France. Tamreen relies on the technical and contractual safeguards of its infrastructure provider (AWS) to ensure adequate protection of data transferred internationally.

8.3 Data Security

Tamreen implements commercially reasonable technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

(a) Encryption of data in transit and at rest;

(b) Access controls limiting data access to authorized personnel;

(c) Monitoring and error tracking through Sentry and Firebase;

(d) Regular security reviews of Platform infrastructure; and

(e) Third-party providers subject to their own security certifications (e.g., AWS ISO 27001, SOC 2; MyFatoorah PCI DSS compliance).

No method of electronic transmission or storage is completely secure. Tamreen cannot guarantee absolute security against all threats and is not liable for unauthorized third-party access that occurs despite reasonable security measures being in place.

8.4 Data Retention

We retain your data for the following periods:

After the applicable retention period expires, data will be deleted or anonymized in a manner that prevents re-identification.

9. YOUR RIGHTS

9.1 Rights Available to You

Subject to applicable Kuwait law, you have the right to:

(a) Access: Request a copy of the personal data we hold about you;

(b) Correction: Request correction of any inaccurate or incomplete personal data;

(c) Deletion: Request deletion of your personal data, subject to legal retention obligations and operational requirements;

(d) Withdrawal of Consent: Withdraw consent for any processing that is based on your consent, at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal;

(e) Restriction: Request that we limit the processing of your data in certain circumstances; and

(f) Objection: Object to processing carried out on the basis of Tamreen's legitimate interests.

9.2 How to Exercise Your Rights

(a) In-App Deletion: You may submit a data deletion request directly through the Platform's account settings, using the designated data deletion feature.

(b) Email: For all other rights requests, or if you prefer, you may contact us at support@Mytamreen.com.

9.3 Response Time

Tamreen will acknowledge your request promptly and respond substantively within 14 business days of receiving a valid and complete request. Where a request is complex or involves a high volume of data, we may extend this period and will notify you accordingly.

9.4 Identity Verification

To protect your data, we may ask you to verify your identity before we process a rights request. We reserve the right to decline requests that are manifestly unfounded, repetitive, or excessive.

10. WITHDRAWAL OF CONSENT

10.1 Where we process your data on the basis of your consent, you may withdraw that consent at any time through:

(a) the Platform's account settings; or

(b) a written request to support@Mytamreen.com.

10.2 The practical effects of withdrawing specific consents are as follows:

10.3 Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Tamreen will process withdrawal requests within 14 business days and confirm the change by email.

11. HEALTH AND FITNESS DATA — SPECIAL PROVISIONS

11.1 Tamreen classifies fitness goals, training history, physical measurements, dietary data, and related wellness information as sensitive personal data requiring heightened protection.

11.2 This data will only be processed with your explicit consent, given separately through the in-platform consent mechanism.

11.3 This data will only be shared with a Service Provider:

(a) where you have given explicit, separate consent for that specific sharing; and

(b) to the extent strictly necessary to deliver the Program or service you have purchased from that Service Provider.

11.4 Service Provider access to your fitness and wellness data ends automatically when your engagement with their Program ends. Continued access requires your renewed consent.

11.5 You may revoke a Service Provider's access to your fitness data at any time through your Account settings, without cancelling the Program itself.

12. CHILDREN'S PRIVACY

12.1 The Platform is intended for Users aged 18 years and older. Users must be at least 18 to create an Account and use the Platform independently.

12.2 Users aged 16 to 17 may access the Platform only with the prior, verified consent of a parent or legal guardian, in accordance with the eligibility provisions of the Terms and Conditions.

12.3 The Platform is not accessible to Users under the age of 16. Tamreen does not knowingly collect personal data from children under 16. If Tamreen becomes aware that personal data has been collected from a child under 16 without appropriate parental consent, that data will be promptly deleted.

12.4 If you are a parent or guardian and believe your child under 16 has created an Account or provided personal data to the Platform without your consent, please contact us immediately at support@Mytamreen.com.

13. SERVICE PROVIDER PRIVACY

13.1 Service Providers are subject to this Privacy Policy in respect of their own personal data held by Tamreen, and also to the data handling obligations set out in the Coach Agreement.

13.2 Service Providers may access User data only to the extent necessary to deliver Programs and Services that the User has purchased. Service Providers must handle User data in accordance with the Coach Agreement and must not use User data for any purpose outside the Platform.

13.3 Service Providers are required to maintain confidentiality of all User data accessed through the Platform and must not retain User personal data after their engagement with a User ends, unless the User has provided separate consent for continued retention.

14. COOKIES AND TRACKING TECHNOLOGIES

14.1 The Tamreen mobile application may use analytics SDKs and tracking tools listed in Section 5. These tools operate within the app environment and do not use browser cookies.

14.2 The Tamreen website may use browser cookies. The full scope of cookies used on the website has not yet been finalized and will be confirmed and disclosed prior to the website's launch or the activation of any cookie-based tracking.

14.3 A separate Cookie Policy for the website will be published when the website's tracking implementation is confirmed. Until that Cookie Policy is published, no non-essential tracking cookies will be activated on the website without your consent.

14.4 When implemented, users will be able to manage cookie preferences through a cookie consent interface on the website.

15. PUSH NOTIFICATIONS

15.1 The Platform may send push notifications to your device through Firebase Cloud Messaging (Android and compatible devices), Apple Push Notification Service (iOS devices), and Customer.io (for automated lifecycle and marketing messages).

15.2 Push notifications include service notifications (e.g., payment confirmations, program updates) and, where you have opted in, marketing and promotional notifications.

15.3 You may manage push notification preferences through:

(a) your device's operating system notification settings; or

(b) the notification preferences section within your Platform account settings.

Disabling push notifications may mean you miss time-sensitive service communications.

16. CHANGES TO THIS POLICY

16.1 Tamreen may update this Privacy Policy from time to time to reflect changes in law, technology, operational practices, or the data we collect and how we use it.

16.2 Where a change is material, we will notify you through one or more of the following: an in-app notification, a banner or pop-up within the Platform, or an email to your registered address, before the change takes effect.

16.3 Where a material change affects how we process data for which you have previously given consent, we may require you to re-consent through the in-platform consent mechanism before you may continue using the Platform.

16.4 The current version and effective date of this Privacy Policy are displayed at the top of this document. We recommend reviewing this Policy periodically.

17. CONTACT AND PRIVACY REQUESTS

For any privacy-related questions, concerns, rights requests, or data deletion requests, please contact:

Tamreen Sports Consulting Company شركة تمرين للاستشارات الرياضية

Email: support@Mytamreen.com Address: Kuwait, Kuwait

Tamreen will respond to all privacy inquiries within 14 business days.