Milo+ — Privacy Policy Last updated: 6 March 2026 1. Who We Are This Privacy Policy explains how Jacob Buckley Orsborn-Smith (trading as Milo+) ("we", "us", "our") collects, uses, and protects your personal data when you use Milo+ ("Service"). We are the data controller for the purposes of UK GDPR. Contact us at: support@meetmilo.app 2. What Data We Collect Data you provide directly: • Full name • Email address • Password (stored securely as a hashed value — we never store your plain-text password) • How you heard about us (referral source) Data collected automatically: • Usage data (pages visited, features used, session duration) • Device and browser information • IP address Payment data: We use Stripe to process payments. We do not store your card number, expiry date, or CVV. Stripe handles all payment data in accordance with PCI-DSS standards. We only receive a Stripe customer ID to link your account to your subscription. 3. How We Use Your Data We use your data to: • Create and manage your Milo+ account; • Provide and personalise the Service; • Process your subscription and manage billing via Stripe; • Send you important service emails (e.g. trial reminders, account updates); • Improve and develop the Service; • Comply with our legal obligations. 4. Legal Basis for Processing Under UK GDPR, we process your data on the following legal bases: • Contract: to provide the Service you have signed up for; • Legitimate interests: to improve the Service and prevent fraud; • Legal obligation: where required by law; • Consent: where you have explicitly opted in (e.g. marketing emails). 5. Data Sharing We do not sell your personal data. We may share it with: • Stripe — for payment processing; • Supabase — our database and authentication provider, who store your account data securely; • Apple App Store — if you download the iOS app; • Law enforcement or regulators — where required by law. All third-party providers are contractually required to keep your data secure and to use it only for the purposes we specify. 6. Data Retention We retain your personal data for as long as your account is active, and for up to 2 years afterwards in case of any legal or billing disputes. You can request deletion of your data at any time (see Section 8). 7. Data Security We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and access controls. However, no method of internet transmission is completely secure and we cannot guarantee absolute security. 8. Your Rights Under UK GDPR, you have the right to: • Access the personal data we hold about you; • Correct inaccurate data; • Request deletion of your data ('right to be forgotten'); • Object to or restrict certain processing; • Data portability (receive your data in a structured format); • Withdraw consent at any time (where processing is based on consent). To exercise any of these rights, contact us at support@meetmilo.app. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk. 9. Cookies We use essential cookies and similar technologies to keep you logged in and to maintain your session. We do not currently use advertising or tracking cookies. You can control cookies through your browser settings. 10. Children Milo+ is not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us and we will delete it promptly. 11. Changes to This Policy We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via the app. The date at the top of this policy reflects when it was last updated. 12. Contact Us For any privacy-related questions or requests, please contact: Jacob Buckley Orsborn-Smith (trading as Milo+) Email: support@meetmilo.app