Privacy policy

FASTMIND LABS INC. (MAKINA)

Last Updated: November 21, 2025

1. Overview and Scope

We at Fastmind Labs Inc. (MAKINA), a Delaware corporation (“us,” “we,” “our,” or the “Company”) recognize the importance of protecting the privacy of personally identifiable information (“Personal Information” or “PII”) collected about you and other visitors (collectively, “Users”) through our website (the “Site”), our PULSE by MAKINA Products, the MAKINA mobile application (the “Mobile App”), or our other services (collectively, our “Services”). We are committed to ensuring that your privacy is protected. To that end, this Privacy Policy (“Policy”) discloses our practices regarding the collection, use, and disclosure of the PII we receive through Users’ use of the Services. Unless otherwise expressly agreed to in writing, your Personal Information will be processed according to the terms of this Policy. By using the Site, you accept the terms of this Policy. Defined terms used but not defined herein have the meaning set forth in the Terms of Service as found at https://checkout.makina.com/policies/terms-of-service.

This Policy is also drafted to comply with the California Consumer Privacy Act (“CCPA”) (as amended by the California Privacy Rights Act) and the Washington My Health, My Data Act (the “MHMDA”). In addition, this Policy is applicable to data subjects within the European Economic Area and the United Kingdom (collectively, the “EEA”). Therefore, this Policy is drafted to comply with the E.U. General Data Protection Regulation (EU) 2016/679 and the U.K. GDPR (collectively, the “GDPR”). Users of the Services are under no statutory or contractual obligation, or other obligation to provide PII to us. For the purposes of compliance with the GDPR, we are the data controller of information we collect from data subjects through the Services. For the purposes of this Policy, “data subject” means an identified or identifiable natural person located in the EEA. For purposes of compliance with the MHMDA, references to PII may be interchangeable with the definition of “Consumer health data” as defined in the MHMDA.

This Policy applies to the Services, including the Site, https://www.makina.com/, its subdomains, and all the websites, Mobile App and internet properties owned or operated by us, regardless of the medium by which the Services are accessed by Users (e.g., via a web or mobile browser). This version of the Policy replaces and supersedes any prior privacy policies applicable to the Services.

2. Information We Collect

The information that we collect depends on your interactions with us, the choices that you make, the products and features you use, your location, and applicable laws. We may collect or receive information directly from you, such as your name and email address when you or your organization sign up for our Services or marketing activities. In other cases, we receive information through your use of our Services, such as IP addresses and telemetry data.

We are the sole owner of information collected on the Services. We collect several types of information from and about Users of the Services, including:

(A) Personal Information: We may collect PII (i.e., “personal data” under the GDPR) when you complete forms, participate in surveys, navigate web pages, and in connection with other activities, services, features, or resources we make available on the Services. PII means any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. PII does not include publicly available information from government records, deidentified or aggregate information, or information excluded from the scope of the GDPR or CCPA. We do not collect Sensitive PII about you.

The types of PII we have collected, used, stored, and disclosed in the last twelve (12) months include, but are not limited to, the following categories of information:

Category

Type(s) of Information

Identifiers

First Name, Last Name, Date of Birth, Email, Phone Number, IP Addresses

Measured Data

Heart rate, respiration rate, movement data, skin temperature data, blood oxygen levels

Calculated Data

Sleep phases, activity levels throughout the day, body mass index (calculated based on height and weight)

Categories of PII listed in the CA Consumer Customer Records law

First Name, Last Name, Date of Birth, Unique Personal Identifier, Online Identifier, Account Name, Professional or Employment-Related Information

Information within this category may overlap with other categories

Internet or Other Similar Network Activities

Interactions with the Services including but not limited to user provided activities, comments, notes, and feedback


Please note that some of the personal data we process, including any data concerning your health, is considered special or sensitive personal data. Under applicable law, such data is processed only if you have given your consent for processing. If you access or use any of our location-based services, such as by enabling GPS-based activity tracking through our Services, we may process the approximate or precise location of your device while the service is active. We do not process such location data without first obtaining your consent. You may disable such location processing at any time using your device’s location permission settings. If you choose to disable access to location data, please note that certain Services, features, or functionalities may no longer be accessible. Please also note that if you give your opt-in consent through our Services, you may share limited personal information with other users. The information you choose to share may be shared with other users in the circle(s) you join, and with any additional users who are added to those circles. You can make changes to what data you share with other users, including opting out of sharing any data. Depending on your use of our Services, you may also choose to communicate with and react to other users’ information and scores. 

(B) Deidentified Information: We may collect deidentified information from you and aggregate information that may not by itself reasonably identify you as the source when you navigate the Services (“Deidentified Information”). Deidentified Information may include: (i) device type; (ii) device operating system; (iii) internet browser type; (iv) internet service provider; (v) referring/exit pages; (vi) date/time stamp; and (vii) clickstream information. Deidentified Information may also include feedback we receive from you through anonymous surveys. We will take reasonable measures to ensure that Deidentified Information we collect is not personally identifiable and may not later be easily used to identify you as required by applicable law.

(C) Children’s Information: We do not offer our services or promote the Services to, nor do we intentionally collect or retain PII from, children who are younger than eighteen (18) years of age. If we discover that we have inadvertently collected information from a child under eighteen (18) years of age, we will promptly take all reasonable measures to delete such information from our systems.

(D) Phone Number Collection and Usage: We collect phone numbers when you provide them during checkout, account creation, SMS opt-in, or when contacting customer service. We use phone numbers to send order confirmations, shipping updates, customer service communications, cart abandonment reminders, and promotional messages (if you've opted in to receive them).

We may share phone numbers with our SMS service providers to deliver text messages, and with shipping carriers and logistics companies to fulfill orders and provide delivery notifications. We store phone numbers securely and retain them while you maintain an account or profile with us, or as long as reasonably necessary to respond to queries, demonstrate fair treatment, for business continuity, or to comply with applicable laws. When we no longer have a legitimate business need to retain your phone number, we will delete or anonymize it within a reasonable period.

3. How We Collect Information

The information we collect depends on what Users do when they visit or utilize the Site. We collect PII and Deidentified Information in various ways, including:

(A) Directly from You: We collect PII when you voluntarily submit PII to us while using the Services and in connection with other activities, services, features, or resources we make available on the Services. The PII we collect depends on what you do when you visit or utilize the Services or how you choose to communicate with us.

(B) Through Your Use of the Services: We may collect PII and Deidentified Information that your browser transmits when you visit the Services. We may also collect Deidentified Information about how you access and interact with the Services through the use of automated tracking technologies, such as session cookies, persistent cookies, and web beacons. A cookie is a small data file that is transferred to an internet browser, which enables the Services to remember and customize your subsequent visits. We may use session cookies to make it easier for you to navigate the Services. In particular, we may use session cookies to record session information, such as which web pages you visited and to track your activity on the Services. Session cookies expire when you close your browser. We may also use persistent cookies to track and target your interests to enhance your experience on the Services. Persistent cookies remain on your device for an extended period of time. Additionally, we may use web beacons, which are single-pixel, electronic images embedded in the Services that allow us to gather information about your browsing activities on the Services. Most internet browsers automatically accept cookies. However, you can instruct your internet browser to block cookies or to provide you with a warning prompt before you accept cookies from the Services. Please refer to your internet browser’s instructions to learn more about these functions. If you reject cookies, the functionality of the Services may be limited, and you may not be able to participate in several of the Site’s features.

(C) From Third Party Services: We may collect PII about you from third parties whose privacy practices may differ from the practices described in this Policy. We do not make any representations or warranties concerning, and will not in any way be liable for, any informational content, products, services, software, or other materials available through third parties. Your use of third parties’ services and/or third-party websites is governed by and subject to the terms and conditions of those third parties and/or third-party websites. We encourage you to carefully review the privacy policies and statements of such third parties and/or third-party websites.

4. How We Use Information

We may use Users’ PII for lawful business purposes: (i) as necessary for the performance of our contract with Users, (ii) for our legitimate interests, so long as they are not overridden by Users’ own rights and interests, or (iii) as required by law. These purposes include:

(A) Service Operation: We may use your PII and/or Deidentified Information to operate, administer, provide, maintain, and deliver our Services, including troubleshooting, system maintenance, and upgrades.

(B) Fulfill User Requests: We may use your PII and/or Deidentified Information to fulfill any requests you may submit through the Services.

(C) Customer Service and User Communications: We may use your PII and/or Deidentified Information to help us respond to your inquiries, questions, requests, and support needs more efficiently.

(D) Direct Marketing: We may use your PII and/or Deidentified Information to send you promotional materials. You have the right to opt-out of receiving direct marketing. Further, this information may be used to develop and improve marketing activities, such as to review and analyze trends, usage, and interaction with our Services, Site, and to personalize and improve marketing activities. We may also use your information to provide you with content and/or features that match your interests and preferences.

(E) User Experience Personalization: We may use Users’ PII and/or Deidentified Information in the aggregate to analyze Users’ browsing and usage activities and patterns in order to understand Users’ interests and preferences with respect to the Site and our services. This will help us optimize your experience on the Services.

(F) Business Optimization: We may use your PII and/or Deidentified Information to improve the content on our web pages, to customize the content and layout of our web pages, and in managing our everyday business needs. We may also use your feedback to improve the Site and our services. All of this is done with the intention of making the Services more useful for you.

(G) Safety and Security: We may use your PII and/or Deidentified Information to promote the safety and security of the Services, our users, and other parties. For example, we may use the information to detect, investigate, prevent, protect against, and respond to potential threats, authenticate users, facilitate transactions, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies. 

(H) For Any Other Purposes with Your Consent: We will not collect additional categories of PII or use PII we collected for materially different, unrelated, or incompatible purposes without providing you notice.

5. How We Disclose Information

We do not sell, rent, lease, or share PII, and will not disclose Users’ PII to third parties without your permission. (The CCPA defines “sharing” as the disclosure of PII for cross-context behavioral advertising.) We may disclose Users’ PII to third parties for a business purpose as described below:

(A) To Affiliates: We may disclose your PII to affiliates, including entities within the Company such as subsidiaries, parent companies, and other related parties. Any PII that we provide to our affiliates will be treated by those affiliates in accordance with the terms of this Policy.

(B) To Service Providers: We may disclose your PII to third party service providers that require access to information to support our operations and delivery of our Sites and Services. This may include those service providers that assist us in providing user support, communicating with Users, and promoting our Services, fulfilling and shipping orders (including logistics and delivery companies), and any other services relating to our Site.

(C) Law Enforcement, Safety, and Legal Processes: We may disclose your PII to law enforcement or other government officials if it relates to a criminal investigation or alleged criminal activity. We may also disclose your PII: (i) if required or permitted to do so by law; (ii) for fraud protection and credit risk reduction purposes; (iii) in the good-faith belief that such action is necessary to protect our rights, interests, or property; (iv) in the good-faith belief that such action is necessary to protect your safety or the safety of others or the public; or (v) to comply with a judicial proceeding, court order, subpoena, or other similar legal, arbitration, or administrative process.

(D) Sale or Acquisition of Assets: If we become involved in a transaction involving the sale of our assets, such as a merger or acquisition, or if we are transferred to another company, we may disclose and/or transfer your PII as part of the transaction. If the surviving entity in that transaction is not us, the surviving company may use your PII pursuant to its own privacy policies, and those policies may be different from this Policy.

(E) Any Other Party with Your Consent: We may disclose your information with other third parties with your consent.

6. Type of Information Disclosed

In the last twelve (12) months, we have disclosed the following categories of PII to third parties for a business purpose: (i) Identifiers; (ii) Categories of PII listed in the CA Consumer Customer Records law; (iii) Internet or Other Similar Network Activities; and (iv) Geolocation Data.

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

7. Security

The security and confidentiality of your PII is important to us. We use commercially reasonable administrative, technical, and physical security measures to protect your PII on the Services from unauthorized or unlawful access, use, modification, destruction, loss, alteration, and/or disclosure. However, no data transmitted over or accessible through the internet can be guaranteed to be 100% secure. As a result, while we attempt to protect your PII, we cannot guarantee or warrant that your PII will be completely secure (i) from misappropriation by hackers or from other nefarious or criminal activities, or (ii) in the event of a failure of computer hardware, software, or telecommunications networks.

We require third parties acting on our behalf or with whom we disclose your information to provide security measures in accordance with industry standards and in compliance with contractual obligations, their privacy and security obligations, and any other appropriate confidentiality and security measures. We are not responsible for the privacy and security practices of such third parties outside of the information we receive from or disclose to them.

8. Data Retention

We will retain Users’ PII (including Sensitive PII, where applicable) while they maintain an account or profile with us or to the extent necessary to provide the services through the Site and Services. Thereafter, we will keep PII for as long as reasonably necessary: (i) to respond to any queries from Users; (ii) to demonstrate we treated Users fairly; (iii) for ordinary business continuity procedures; or (iv) to comply with any applicable laws. 

When we no longer have an ongoing legitimate business need to process your PII, we will either delete or anonymize it within a reasonable period. When we choose to anonymize information, we take commercially reasonable efforts to ensure that the information cannot be linked back to you or any specific user. If deletion is not possible (e.g., backups), we will store it securely. 

9. Legal Rights

(A) GDPR Data Subject Rights:

If you are a data subject located in the EEA, the GDPR grants you certain data privacy rights. Your rights include the:

  • Right to Access: You have the right to request a copy of your PII.

  • Right to Rectification: You have the right to request that we correct any mistakes in PII.

  • Right to Erasure: You have the right to request that we delete your PII.

  • Right to Restrict Processing: You have the right to restrict processing of your PII.

  • Right to Object to Processing: You have the right to object to our processing or your PII.

  • Right to Data Portability: You have the right to receive your PII in a structured, commonly used and machine-readable format.

  • Right to Not be Subject to Automated Individual Decision Making: You have the right not to be subject to a decision based solely on automated processing.

To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights (including those enumerated elsewhere in this Policy) are limited to the extent permitted by the GDPR.

(B) CCPA California Resident Rights:

If you are a California resident, the CCPA grants you certain data privacy rights. Your rights include the:

  • Right to Access: You have the right to request a copy of the specific pieces of PII that we have collected about you in the previous twelve (12) months. The information will be delivered by mail or electronically. Upon receipt of a Verifiable Consumer Request, we will disclose:

    • The categories of PII we have collected about you;

    • The categories of sources from which PII is collected;

    • Our business purpose for collecting PII;

    • The categories of third parties with whom we share PII, if any; and

    • The specific pieces of PII we have collected about you.

  • Right to Data Portability: You have the right to receive your PII in a portable, readily usable format that allows you to transmit your information to another entity without hindrance.

  • Right to Correct Inaccurate Information: You have the right to request that we correct inaccurate information about you that we maintain.

  • Right to Deletion: You have the right request that we delete your PII.

  • Right to Be Free from Discrimination: You have the right not to be discriminated against by us for exercising any of your rights under the CCPA. Unless permitted by the CCPA, we will not:

    • Deny goods or services to you;

    • Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;

    • Provide a different level or quality of goods or services to you; or

    • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights (including those enumerated elsewhere in this Policy) are limited to the extent permitted by the CCPA.

(C) Additional California Privacy Rights:

California’s “Shine the Light” law permits Users of the Services that are California residents to request certain information regarding our disclosure of PII to third parties for their direct marketing purposes. To make such a request, please contact us with the Contact Information provided below.

(D) MHMDA Washington Consumer Rights:

If you are a Washington Consumer (as defined under the MHMDA), the MHMDA grants you certain data privacy rights. Your rights include the:

  • Right to Confirm and Access: You have the right to confirm whether we are collecting, sharing, or selling consumer health data and access such data.

  • Right to Withdraw Consent: You have the right to withdraw consent to the collection and sharing of your consumer health data.

  • Right to Erasure: You have the right to request that we delete your consumer health data.

To exercise your rights, please use the Verifiable Consumer Request method described below. Please be aware that your rights (including those enumerated elsewhere in this Policy) are limited to the extent permitted by the MHMDA.

(E) Additional Information for Nevada Residents:

This section of this Privacy Policy only applies to Nevada residents. Nevada law gives Nevada residents the right to request that a company not sell their Personal Data. This right applies even if their Personal Data is not currently being sold. If you are a Nevada resident and wish to exercise this right, please contact us at the Contact Information provided below.

(F) Lei Geral de Proteção de Dado, Brazil’s Data Protection Law (“LGPD”) Rights:

This Section addresses legal obligations and rights set forth in the LGPD that apply only to eligible residents of Brazil. These obligations and rights apply to businesses doing business in Brazil and to Brazilian residents and information that relates to Brazilian users. It does not apply to information that has been anonymized.

If you are a Brazilian resident, the following provisions apply in addition to the terms of the Privacy Policy:

  • The LGPD grants you certain rights about your Personal Data. In addition to the rights outlined in this Privacy Policy, you also have the right to:

  • request confirmation of whether your Personal Data is processed by the Company;

  • request access to the Personal Data we Process about you;

  • have your Personal Data corrected to the extent it is inaccurate or out-of-date;

  • request information about (i) what third parties we share your Personal Data with, and (ii) information about your ability to deny consent and the consequences thereof (e.g., our inability to provide the Services if you do not consent);

  • request the deletion, blocking, or anonymization of your Personal Data, if you believe the Company is processing your Personal Data information in an unnecessary, exceeding, or non-compliant matter;

  • request the portability of your Personal Data; 

  • withdraw consent where consent was the basis for our processing or collection of Personal Data; and

  • request information about the entities with which the Company has shared your Personal Data with.

Because the Services are provided to you by the Company in the United States, the Company needs to carry out international transfers of your Personal Data from Brazil to the United States and other countries for the proper operation of the Services. Therefore, the international transfers of all Brazilian Users’ Personal Data are based upon contractual necessity, as provided by the LGPD.

(G) Additional Information for Canadian Residents:

This section of this Privacy Policy only applies to Canadian residents. Under various Canadian laws and regulations, you have certain rights in regard to our collection of personal information. These rights include:

  • The right to request access to your personal information;

  • The right to request corrections to your personal information; and

  • The right to lodge a complaint with the Office of the Privacy Commissioner of Canada and/or the applicable Canadian provincial regulatory body if you consider that the collection and use of your personal information violates this Privacy Policy or applicable law.

The above rights are only exercisable by you where applicable law in the jurisdiction in which you reside actually grant you the right being exerted.

10. Verifiable Consumer Requests

If you are a California resident, a consumer subject to the MHMDA, or a data subject located in the EEA, you can exercise your legal rights by submitting a Verifiable Consumer Request to us by: Emailing us at support@makina.com.

Only you, or someone legally authorized to act on your behalf, may make a Verifiable Consumer Request related to your PII. Making a Verifiable Consumer Request does not require you to create an account with us. You may only make a Verifiable Consumer Request for access to PII twice in a 12-month period.

The Verifiable Consumer Request must: (i) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and (ii) Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with PII if we cannot verify your identity or authority to make the request and confirm the PII relates to you. We will only use PII provided in a Verifiable Consumer Request to verify the requestor’s identity or authority to make the request.

We will acknowledge receipt of a Verifiable Consumer Request within ten (10) days. We endeavor to respond to Verifiable Consumer Requests within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the Verifiable Consumer Request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to Verifiable Consumer Requests, unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

11. Withdraw Consent

Generally, we do not process PII based on consent. However, in the event we do, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on said consent before its withdrawal. If you would like to withdraw your consent, please use the Verifiable Consumer Request method described above.

12. Cross Border Data Transfer

To deliver our Services through the Site, it may be necessary for us to share data subjects’ PII outside the EAA. We may share data subject PII with Company affiliates and services providers located in the United States. In the event we transfer PII outside the EEA, we will take commercially reasonable measures to ensure the transfer complies with applicable data protection laws and PII is securely transferred. Our standard practice is to use standard contractual clauses approved by the European Commission and the UK Information Commissioner’s Office to facilitate such data transfers. If you have any questions about our data transfer practices, please contact us at the Contact Information provided below.

13. Do Not Track Disclosure

Some internet browsers may transmit “do-not-track” signals to websites with which the browser communicates. The Site does not currently respond to these “do-not-track” signals.

14. SPAM

We do not participate in bulk email solicitations that you have not consented to receiving. We do not sell or disclose customer lists or email address lists to unrelated third parties. Except as otherwise provided herein, we do not share PII with any third-party advertisers.

15. Third-Party Links

The Services may contain links to other websites or applications (“Linked Sites”) that are not owned by the Company. We do not control the collection or use of any information, including PII, which occurs while you visit Linked Sites. Therefore, we make no representations or warranties for —and will not in any way be liable for—any content, products, services, software, or other materials available on Linked Sites, even if one or more pages of the Linked Sites are framed within a page of the Site.

Furthermore, we make no representations or warranties about the privacy policies or practices of the Linked Sites, and the Company is not responsible for the privacy practices of those Linked Sites. We encourage you to be aware of when you leave the Site and read the privacy policies of Linked Sites.

16. Modifications and Updates

We reserve the right to update this Policy in our sole discretion. If our privacy practices change materially in the future, we will post an updated version of the Policy to the Services. It is your responsibility to review this Policy for any changes each time you use the Services. We will not lessen your rights under this Policy without your explicit consent. If you do not agree with the changes made, we will honor any opt-out requests made after the Effective Date of a new privacy policy.

17. Accessing, Updating, and Controlling Information

If you ever wish to access, update, change, delete, opt-out of us sharing, or otherwise control your PII, or remove or alter your user profile you may do so by contacting us at the Contact Information provided below. To help us process your request, please provide sufficient information to allow us to identify you in our records. We reserve the right to ask for additional information verifying your identity prior to disclosing any PII to you. Should we ask for verification, the information you provide will be used only for verification purposes, and all copies of the information will be destroyed when the process is complete.

If you wish to opt out of receiving update messages and/or direct marketing communications from us, you may opt-out by: (i) following any instructions included in the communication, or (ii) contacting us at the Contact Information provided below. Please be aware that although you may opt-out of update messages and/or direct marketing communications, we reserve the right to email you administrative notices regarding the Services, as permitted under the CAN-SPAM Act.

We will make commercially reasonable efforts to respond to opt-out requests and handle requests to access, update, change, or delete PII without unreasonable delay and in any event within one month of receipt of a Users’ request. Where circumstances require, we may extend the reply period for an additional two months. Please be aware that requests may be limited to the extent permitted by applicable law, including the GDPR.

18. File a Complaint

If you would like to file a complaint with us about our privacy practices, please contact us at the Contact Information provided below. If you are a data subject located in the EEA, the GDPR grants you the right to lodge a complaint with a competent supervisory authority as well. To find a competent supervisory authority, please use the following resource: https://edpb.europa.eu/about-edpb/board/members_en

UK data subjects can utilize the following resource: https://ico.org.uk/global/contact-us/.

19. FTC’s Health Breach Notification Rule

The FTC Health Breach Notification Rule requires us to notify affected consumers, the FTC, and in some cases, the media following a breach of unsecured personal health information. 

20. Data Storage

Your PII and health data you share in connection with this feature will be stored securely on our servers. All storage will be in accordance with applicable laws and regulations.

21. Contact Information

If you have questions about this Policy or wish to contact us with questions or comments, please contact us at:

Fastmind Labs Inc. (MAKINA)
support@makina.com