MYOS HOLDINGS LLC dba KIOS 
Effective Date: November 1, 2024

KIOS ("we," "our," or "us") is committed to protecting the privacy and confidentiality of our clients, participants, coaches, and partners. This Privacy Policy explains how we collect, use, store, and protect your information in the context of our consulting, coaching, retreats, and related services.
 
1. Information We Collect
We collect information from the following sources:

• Directly from You: When you register for programs, participate in assessments, coaching sessions, retreats, or communicate with us. This may include your name, contact details, business information, assessment responses (including from proprietary and third-party tools), payment details, and health information.
• Health Information: Health information (including data from biometric tracking devices like wearables, or other biological tests, if you choose to share it) is collected only when voluntarily provided by you and deemed necessary for program safety, suitability, or to support your program objectives. Such sensitive information receives enhanced protection, including separate storage where feasible, heightened encryption standards, and access strictly limited to essential authorized personnel.
• Automatically: When you interact with our digital platforms, we may collect device, usage, and network information (e.g., IP address, browser type, access times, and activity logs) via cookies and similar technologies.
• From Third Parties: If you are referred by a coach or partner, or if you use third-party services to interact with us (e.g., for assessments or wellness tracking), we may receive relevant information as permitted by those services and applicable law, and always in accordance with your consents.

2. How We Use Your Information
We use your information to:

• Provide, operate, and improve our consulting and coaching services, including assessments, program delivery, and follow-up support.
• Personalize your experience and tailor our offerings to your needs, including the use of proprietary assessment tools and biometric tracking data (e.g., from wearables, pre/post retreat surveys) to support your journey.
• Communicate with you about program updates, scheduling, results, and relevant content.
• Process payments and manage bookings.
• Ensure the safety and suitability of participants for specific program activities.
• Fulfill any other purpose disclosed to you at the time information is collected or with your explicit consent.
• AI-Assisted Processing (where applicable): We may utilize artificial intelligence (AI) technologies to assist in processing your information for purposes such as summarizing notes, transcribing sessions, or generating insights to support your program, always ensuring such processing adheres to the security and confidentiality standards outlined in this policy. Where third-party AI services are used, they are vetted according to our vendor management standards.

3. Confidentiality and Security Practices

• Physical Security: Access to areas where client information is stored (e.g., offices, retreat venues) is restricted to authorized personnel. Physical files with personal information are kept in locked storage.
• Digital Security: All digital client data is stored using industry standard protocols. Access is limited to authorized staff via secure networks and two-factor authentication.
• Sensitive Data Handling: As noted in Section 1, health and other sensitive information is stored with enhanced security measures, including separate encrypted storage where feasible and access limited to authorized personnel only.
• Staff Training: All personal handling client data undergo confidentiality training and sign non-disclosure agreements (NDAs).
• Vendor Management: Third-party vendors (e.g., payment processors, venues, assessment platforms, AI service providers) are vetted and required to comply with our confidentiality standards and sign confidentiality agreements.
• Secure Communications: All client-related communications are conducted through encrypted channels.

Data Minimization and Retention: We collect only information necessary for program delivery and retain it according to the following timeframes:

• Contact and basic participant information: 7 years after your last interaction with KIOSPayment information: As required by tax and accounting regulations, typically 7 years
  
• Health information (including wearable data): 3 years after program completion, unless a longer period is required for safety, legal reasons, or with your explicit consent for ongoing support.
• Assessment responses and program materials: 3 years after program completion
• Recordings and session notes (including AI-generated summaries): 3 years after program completion

4. Confidentiality of Program Content and Methods
All KIOS materials, methods, and content are the exclusive intellectual property of MYOS HOLDINGS LLC dba KIOS. By engaging with KIOS, you agree to:

• Maintain the confidentiality of all proprietary and confidential information, including assessment tools and program content.
• Not disclose, record, reproduce, or share confidential KIOS content with any third party without prior written consent.
• Use materials provided solely for personal, non-commercial purposes.
• Respect that confidentiality obligations continue indefinitely, even after participation ends.

These confidentiality obligations do not apply to information that:

• Becomes publicly available through no fault of the Participant.
• Was already known to you prior to participation, as evidenced by written records.
• Is independently developed without reference to KIOS Confidential Information.
• Is required to be disclosed by law, provided you give prompt notice to KIOS to allow us to seek protective measures.

5. Sharing and Disclosure of Information
We may share your information only as necessary and with appropriate safeguards:

• With authorized personnel and partners who need access to deliver services and are bound by confidentiality obligations.
• With any coach who referred you to KIOS.
• With vetted third-party service providers (e.g., payment processors, assessment platforms, medical professionals, AI service providers for specific tasks) who are contractually obligated to maintain confidentiality and use information solely for our purposes.
• To comply with legal obligations, respond to lawful requests, enforce our policies, or protect rights, safety, or property.
• In connection with business transfers (e.g., merger, acquisition), with appropriate safeguards and notice where feasible.
• With your explicit consent or as otherwise disclosed at the time of collection.

6. Your Rights and Choices
Your participation in KIOS Activities requires explicit consent for different types of data processing, obtained through clear affirmative actions:

• Initial registration and assessment data: Consent is obtained through your completion of intake forms and agreement to this policy.
• Health and sensitive information: Requires separate, specific written consent (e.g., via our Health Information Authorization Form) before collection or processing.
• Photography/Recordings: Requires explicit opt-in consent for each specific use or event.
• Marketing communications: You may opt out at any time by clicking 'unsubscribe' in any email, texting 'STOP' to any message, or contacting us directly.
• Anonymized Data Use: You may opt out of having your data used in anonymized form for program improvement by notifying us in writing.

Depending on your location, you may have additional rights regarding your personal information:
For California Residents (CCPA):

• Right to know what personal information we collect and how it is used and shared.
• Right to delete personal information collected from you (with certain exceptions).
• Right to opt-out of the sale or sharing (for cross-context behavioral advertising) of your personal information.
• Right to non-discrimination for exercising your CCPA rights.
• Right to correct inaccurate personal information.

For EU/UK Residents (GDPR):

• Right to access your personal data.
• Right to rectification of inaccurate personal data.
• Right to erasure ('right to be forgotten').
• Right to restriction of processing.
• Right to data portability.
• Right to object to processing (including for direct marketing).
• Rights related to automated decision-making and profiling.

To exercise these rights, please contact us. We will respond to your request within the timeframe required by applicable law and may need to verify your identity.

7. Data Security and Breach Notification
We employ administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, or destruction. In the event of a data breach affecting your personal information that is likely to result in a high risk to your rights and freedoms, KIOS will notify you and relevant authorities as required by applicable law, outlining the nature of the breach, the information involved, and steps taken to mitigate harm. While we strive for comprehensive security, no system is completely immune, and we cannot guarantee absolute protection.

8. Cookie and Tracking Information
When you visit our website or use our digital platforms, we may collect certain information automatically through cookies and similar technologies. These technologies help us understand user activity, remember your preferences, and improve our services.

• Essential cookies: Required for basic website functionality.
• Analytics cookies: Help us understand how visitors use our site.
• Marketing cookies: Allow us to deliver more relevant content. You can manage cookie preferences through your browser settings. Disabling certain cookies may impact your experience on our website.

9. Anonymized Data Use
We may use anonymized (all personally identifiable information removed) and aggregated data derived from participant information for legitimate business purposes, such as:

• Program improvement and development.
• Research and educational purposes.
• Creating marketing materials and case studies (which will not identify individuals).
• Training of staff and coaches. You may opt out of having your data included in such anonymized datasets by notifying us in writing at admin@kiosmethod.com, though this may be limited where data has already been fully anonymized and aggregated.

10. International Transfers
If you access KIOS services from outside the United States, your information may be transferred to, processed, and stored in the United States or other jurisdictions where our service providers are located. For transfers of personal data outside the European Economic Area (EEA), UK, or Switzerland, KIOS implements appropriate safeguards such as Standard Contractual Clauses approved by relevant authorities, or relies on adequacy decisions or other lawful transfer mechanisms as required by applicable law.

11. Age Restriction
KIOS services are designed for adults and are not directed at individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected personal information from a person under 18 without verifiable parental consent, we will take steps to delete that information promptly. If you believe we might have any information from or about someone under 18, please contact us immediately.

12. Policy Updates
We may revise this Privacy Policy from time to time to reflect changes in our practices, service offerings, or legal requirements. Updates will be posted on our website with a new effective date. We encourage you to review this policy periodically. Your continued use of our services after any changes means you accept the updated policy. For significant changes, we may also notify you through other means, such as email.

13. Contact Us
For questions, requests, concerns about this Privacy Policy, or our data practices, or to exercise your rights, please contact:

• Email: admin@kiosmethod.com
• Mail: KIOS Privacy, OH, 45693, United States

We strive to respond to all inquiries within 14 business days, or as otherwise required by law.