Tina - For Life With Scoliosis Effective Date: March 16, 2026 Contact: tinathebrace@gmail.com 1. Who We Are Tina ("Tina", "we", "our", "us") includes the Tina mobile app and Tina website. Tina is designed to help brace wearers track wear time, pain, sleep, mood, physio, notes, and optional guardian summaries. This Privacy Policy explains what personal data we collect, how we use it, and the choices you have. 2. Who Can Use Tina Tina is intended for people aged 13 and older. During onboarding, we ask for date of birth and country or region so we can apply the age and guardian-consent rules for your location. The countries currently supported by the onboarding flow are shown on the country selection screen in the app. If a user is below the applicable digital consent age for their selected country or region, they must complete Tina's in-app guardian approval flow before continuing. We do not knowingly allow children under 13 to create accounts. Tina is not directed to children under 13. 3. What Data We Collect A. Sign-in and account data - Google or Apple sign-in information we receive from your provider, such as provider user ID, email address, name, and profile photo - Tina account ID, role selection, preferred language, and onboarding status - Date of birth, selected country or region, and parental consent status when required for onboarding - Brace details, goals, reminder preferences, and push notification token if you enable notifications B. Data you choose to enter in Tina - Brace wear sessions - Pain logs, body locations, brace discomfort details, triggers, pain types, and reliefs - Mood check-ins and wear check-ins - Physio check-ins, routines, completed sessions, and notes - Sleep logs - Journal notes and note history - Daily summaries and trend data generated from the information above C. Guardian and sharing data - Parent or guardian email address when a wearer sends a consent request - Invite status, hashed invite tokens, link codes, approval timestamps, and revocation records - Trend summaries shared with a linked guardian Linked guardians currently see brace-relevant summaries, such as wear trends, rough nights, recurring discomforts, missed-wear reasons, and suggested appointment follow-ups, plus limited account identifiers needed to manage the link. They do not get access to private notes, journal entries, or raw detailed logs through the guardian dashboard. D. Technical, website, and analytics data - Your in-app analytics consent preference - In-app usage events and screen views, if you opt in to analytics - Device or app metadata made available by our analytics, notification, and hosting providers - Website analytics data if you visit our website - Waitlist email address if you choose to join the Tina waitlist on the website 4. Why We Use This Data We use your data to: - authenticate you and keep your account secure - store your data and support account-connected features - generate trends, summaries, and exports - send optional reminders and push notifications - run guardian consent, guardian linking, and guardian trend sharing - if you opt in to in-app analytics, understand feature usage and improve Tina - measure website traffic and waitlist demand if you use our website - troubleshoot issues, respond to support requests, and comply with legal obligations We do not sell your personal data. We do not use your data for third-party advertising or cross-app tracking. 5. Third-Party Services We Use We currently rely on third-party services to operate Tina, including: - Google and Apple for sign-in - Cloudflare for hosting, APIs, and database infrastructure - Expo for app infrastructure and push notifications - PostHog for optional in-app product analytics if you opt in - Google Analytics for website analytics on Tina web pages - Resend for guardian consent and guardian code emails These providers process data only as needed to deliver their services to Tina. In-app analytics are only used if you opt in. 6. Legal Bases We process personal data to provide the service you ask us to provide, where required based on your choices to use optional features such as guardian linking, notifications, or in-app analytics, to comply with legal obligations, and for our legitimate interests in keeping Tina secure and improving it. 7. Data Storage and Security Your data is stored primarily on your device. Tina is currently designed for one person on one device at a time, and signing out does not automatically remove data already saved on that device. Some account, guardian, diagnostic, and other cloud-connected features may send limited data to our backend or service providers when needed to operate those features. However, you should not assume that all content in Tina is available for cloud restoration across devices at all times. We use HTTPS for data in transit, store auth session data in secure device storage where available, and store sensitive server-side tokens in hashed form where applicable. No method of storage or transmission is completely secure, but we use reasonable technical and organisational measures to protect your data. 8. Data Retention We keep account and content data while your account is active. If you use Tina on a shared or borrowed device, you are responsible for understanding that signing out does not automatically clear local app data from that device. Tina is not intended for shared-device use in this MVP form. If you delete your account from Tina, we delete the associated local and backend account data, including synced entries, guardian links, guardian invites, and active refresh tokens, subject to any limited retention we must keep for legal, security, or fraud-prevention reasons. If cloud restoration is not available for particular data at that time, deletion may be permanent. Some service providers may keep limited logs under their own retention policies. 9. Your Choices and Rights You can update or delete much of your information in the app. You can revoke guardian access in the app. You can turn in-app analytics on or off in Settings. If you withdraw analytics consent, Tina stops sending new in-app analytics events from that device. You can export selected reports and notes before deleting your account. You should treat Tina as a single-user-per-device app in this MVP release. You can contact us to request access to, correction of, or deletion of personal data associated with your account. Depending on where you live, you may also have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. To exercise those rights, contact: Roxana Popescu Email: tinathebrace@gmail.com 10. Children and Guardian Approval Tina is not directed to children under 13. If guardian approval is required, we collect the guardian's email address to send the consent link and a follow-up guardian code email after approval. This flow is used only to confirm consent and enable the optional guardian connection. 11. Changes to This Policy We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and post the latest version in the app and on the website. 12. Contact and Data Controller If you have questions or concerns about this Privacy Policy, contact: Roxana Popescu Email: tinathebrace@gmail.com For data protection purposes, Roxana Popescu is the data controller for Tina.