PRIVACY POLICY

Last updated March 5, 2026

This Privacy Notice for Pursue ("we," "us," or "our" ), describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

Visit our website at http://getpursue.app or any website of ours that links to this Privacy Notice

Download and use our mobile application (Pursue) , or any other application of ours that links to this Privacy Notice

Engage with us in other related ways, including any marketing or events

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [email protected] .

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us .

Data Visibility within Groups Pursue is designed for group accountability. By joining a group, you acknowledge that your goal progress, activity logs, and profile name will be visible to other members of that specific group.

Do we process any sensitive personal information? Some of the information may be considered "special" or "sensitive" in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, health and fitness goals, and religious beliefs. We process sensitive personal information in the form of goals and progress data that is voluntarily entered by you. We do not pull data from medical records or health providers. Such data is visible to other group members.

Collection of Health and Fitness Data Pursue allows you to track personal goals which may include health and fitness activities (e.g., "Jogging," "Weightlifting") or health-related habits (e.g., "Take Medication," "Blood Pressure Check").

User-Initiated Data Entry We do not pull data from medical records or health providers. All health-related data is entered voluntarily and manually by you. By entering goals related to your physical or mental health, you explicitly consent to Pursue collecting and processing this information to provide our habit-tracking services.

Visibility and Social Disclosure (IMPORTANT) Pursue is a social accountability platform. If you join a group, any health or medication goals you create—and your progress toward them—will be visible to the other members of that group. We strongly advise users to use discretion when naming goals. If you wish to track sensitive medical habits privately, do not add them to a shared group.

Not a Medical Device Pursue is a general productivity and accountability tool. It is not a medical device, nor is it intended for the diagnosis, treatment, or management of any medical condition. You should not rely on Pursue for critical health reminders or as a substitute for professional medical advice.

Do we collect any information from third parties? We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information .

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information .

How do we keep your information safe? We have adequate organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe .

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights .

How do you exercise your rights? The easiest way to exercise your rights is by visiting [email protected] , or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the Privacy Notice in full .

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?

2. HOW DO WE PROCESS YOUR INFORMATION?

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

9. HOW LONG DO WE KEEP YOUR INFORMATION?

10. HOW DO WE KEEP YOUR INFORMATION SAFE?

11. DO WE COLLECT INFORMATION FROM MINORS?

12. WHAT ARE YOUR PRIVACY RIGHTS?

13. CONTROLS FOR DO-NOT-TRACK FEATURES

14. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

15. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?

16. DO WE MAKE UPDATES TO THIS NOTICE?

17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us
In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

usernames

passwords

email addresses

group memberships

personal goals and progress data

photos attached to progress entries

names

date of birth (collected at registration for age verification only — not retained after verification)

Sensitive Information. Pursue allows you to track personal goals which may include health and fitness activities (e.g., "Jogging," "Weightlifting") or health-related habits (e.g., "Take Medication," "Blood Pressure Check").

User-Initiated Data Entry. We do not pull data from medical records or health providers. All health-related data is entered voluntarily and manually by you. By entering goals related to your physical or mental health, you explicitly consent to Pursue collecting and processing this information to provide our habit-tracking services.

Visibility and Social Disclosure. Pursue is a social accountability platform. If you join a group, any health or medication goals you create — and your progress toward them — will be visible to the other members of that group. We strongly advise users to use discretion when naming goals. If you wish to track sensitive medical habits privately, do not add them to a shared group.

Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Google . You may find their privacy notice link(s) here: https://policies.google.com/privacy .

Photo Data. When you attach a photo to a progress entry, the image is processed and stored using Google Cloud Storage. Photos are automatically deleted after 7 days. If you join a group, photos attached to your progress entries may be visible to other members of that group. Upon account deletion, all remaining photos are permanently removed from our cloud storage.

Age Verification Data. We collect your date of birth at registration to verify you are 18 years of age or older. Once verified, your date of birth is immediately discarded — we store only a confirmation that you meet the minimum age requirement. Your date of birth is never written to persistent storage. We do not share it with any third party, and we do not use it for personalisation, advertising, or analytics.

Crash Report Data. If the app crashes or encounters an error, we automatically collect diagnostic information including device model, operating system version, app version, and a stack trace of the error. This data is processed by Firebase Crashlytics (Google LLC) and may be tagged with an internal user identifier — a randomly generated ID that does not include your name or email address — so that we can diagnose issues affecting specific accounts. Crash report data is used solely for debugging and improving app stability and is not used for advertising or shared with third parties beyond Google LLC as our data processor. For more information, see Google's Privacy Policy at https://policies.google.com/privacy.

Usage Analytics Data. With your consent, we collect anonymised information about how you interact with the app using Firebase Analytics (Google LLC). This includes which screens you visit, how long you use the app, which features you engage with (such as posting progress or joining a group), and general session information. As part of this analytics collection, we also collect your Android Advertising ID — a unique, user-resettable identifier provided by Google Play Services. This Advertising ID is used solely for analytics purposes (such as measuring app usage across devices and understanding user retention) and is not used for advertising or ad targeting. You can reset or opt out of personalized advertising in your device settings (Settings > Privacy > Ads), which will limit the use of your Advertising ID. This data does not include the content of your goals, notes, or any other text you enter. It is used solely to understand how the app is being used so we can improve it, and is processed by Google LLC as our data processor. Under the New Zealand Privacy Act 2020, you have the right to request access to, or deletion of, any personal information we hold about you — contact us at [email protected]. You can withdraw consent at any time via Settings > Share usage & crash data. For more information, see Google's Privacy Policy at https://policies.google.com/privacy.

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, X, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in the section called " HOW DO WE HANDLE YOUR SOCIAL LOGINS? " below.

Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's camera, microphone, contacts, and other features. If you wish to change our access or permissions, you may do so in your device's settings.

Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our application(s), we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, and information about the features of our application(s) you accessed.

Push Notifications. We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.

Focus Session Data. When you participate in body-teaming focus sessions, we collect session metadata including join/leave timestamps, session duration, and participation status. Audio and video streams are transmitted in real time directly between participants using peer-to-peer WebRTC connections and are not recorded, stored, or processed by Pursue. All media streams are encrypted using DTLS-SRTP (the WebRTC standard). Our signaling server relays only connection metadata (SDP offers/answers, ICE candidates, and session phase changes) — it never carries audio or video media. A Google public STUN server is used for network address discovery. Where direct peer-to-peer connections cannot be established — common on mobile networks behind carrier-grade NAT — encrypted media may be relayed via a TURN server operated by Cloudflare, Inc. (Cloudflare Calls). Audio relayed through Cloudflare remains encrypted end-to-end using DTLS-SRTP; Cloudflare does not have access to the media content. ICE candidates generated during connection setup may transiently expose your local IP address to other participants in the same session; on Android, this is not subject to the mDNS IP obfuscation that some desktop browsers apply. Your camera and microphone are enabled by default when you join a session; your microphone is force-muted during the Focus phase; you may toggle both camera and microphone at any time. Your name and participation status (joined, left, muted) are visible to other group members in the same session. We also record scheduled session slots (date, time, and duration) and RSVP commitments you make to sessions scheduled by group members.

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected
In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services(such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings). Crash reports are processed by Firebase Crashlytics (Google LLC) and may be associated with an internal user identifier to help us diagnose issues affecting specific accounts. This identifier is a randomly generated ID and does not include your name or email address. With your consent, we also use Firebase Analytics (Google LLC) to collect anonymised usage data — such as which screens you visit and which features you use — to help us understand and improve the app. Neither crash reports nor usage analytics include the content of your goals, notes, or other text you enter. For more information, see Google's Privacy Policy at https://policies.google.com/privacy.

Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

Google API
Our use of information received from Google APIs will adhere to Google API Services User Data Policy , including the Limited Use requirements .

2. HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We process the personal information for the following purposes listed below. We may also process your information for other purposes only with your prior explicit consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.

To verify your minimum age requirement. We process your date of birth at the point of registration or account activation to confirm you are 18 years of age or older, as required by our Terms of Service. Your date of birth is used only for this check and is not retained.

To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.

To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.

To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.

To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see " WHAT ARE YOUR PRIVACY RIGHTS? " below.

To deliver targeted advertising to you. We may process your information to develop and display personalized content and advertising tailored to your interests, location, and more.

To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.

To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.

To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.

To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent .

Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.

Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:

Send users information about special offers and discounts on our products and services

Develop and display personalized and relevant advertising content for our users

Analyze how our Services are used so we can improve them to engage and retain users

Support our marketing activities

Diagnose problems and/or prevent fraudulent activities

Understand how our users use our products and services so we can improve user experience

Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way

For investigations and fraud detection and prevention

For business transactions provided certain conditions are met

If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim

For identifying injured, ill, or deceased persons and communicating with next of kin

If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse

If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province

If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records

If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced

If the collection is solely for journalistic, artistic, or literary purposes

If the information is publicly available and is specified by the regulations

We may disclose de-identified information for approved research or statistics projects, subject to ethics oversight and confidentiality commitments

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

Content Moderation Processor (OpenAI). We share user-generated text and images with OpenAI solely for the purpose of automated content moderation and community safety. OpenAI acts as a data processor under our instructions and does not use this content to train its models. Only the content itself is transmitted — no account identifiers, email addresses, or IP addresses are included. OpenAI retains API content for up to 30 days for abuse monitoring purposes. See Section 6 for full details.
Semantic Search Processor (OpenAI). We use OpenAI to generate vector embeddings of group names and goal descriptions to power semantic search. When you search for groups, your search query is also sent to OpenAI to generate an embedding for matching purposes. Only the text content is transmitted — no account identifiers, email addresses, or IP addresses are included. Embeddings are cached by us to improve performance. OpenAI retains API content for up to 30 days for abuse monitoring purposes. See Section 6 for full details.
Focus Session Participants. When you join a body-teaming focus session, your audio and video streams are transmitted directly to other participants in the same session via peer-to-peer WebRTC connections — this media does not pass through Pursue's servers. Only group members who have joined the same session receive your streams. Session metadata (your name, participation status, and join/leave events) is shared with other participants via our signaling server. A Google public STUN server, and where required for NAT traversal a Cloudflare TURN relay server (Cloudflare Calls), may process your IP address during connection establishment. Audio relayed via Cloudflare TURN remains encrypted and Cloudflare does not retain or access the media content. See Google's Privacy Policy and Cloudflare's Privacy Policy for details.
TURN Relay Processor (Cloudflare). Where direct peer-to-peer WebRTC connections cannot be established between session participants — common on mobile networks — encrypted audio may be relayed through Cloudflare Calls, a TURN relay service operated by Cloudflare, Inc. Cloudflare acts as a data processor solely to relay encrypted network packets; it does not decrypt, record, or retain audio content. Temporary TURN credentials are generated on demand and expire shortly after use. See Cloudflare's Privacy Policy at https://www.cloudflare.com/privacypolicy/ for details.

Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Notice. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.

Business Partners. We may share your information with our business partners to offer you certain products, services, or promotions.

Other Users. When you share personal information (for example, by posting comments, contributions, or other content to the Services) or otherwise interact with public areas of the Services, such personal information may be viewed by all users and may be publicly made available outside the Services in perpetuity. If you interact with other users of our Services and register for our Services through a social network (such as Facebook), your contacts on the social network will see your name, profile photo, and descriptions of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Services, and view your profile.

Offer Wall. Our application(s) may display a third-party hosted "offer wall." Such an offer wall allows third-party advertisers to offer virtual currency, gifts, or other items to users in return for the acceptance and completion of an advertisement offer. Such an offer wall may appear in our application(s) and be displayed to you based on certain data, such as your geographic area or demographic information. When you click on an offer wall, you will be brought to an external website belonging to other persons and will leave our application(s). A unique identifier, such as your user ID, will be shared with the offer wall provider in order to prevent fraud and properly credit your account with the relevant reward.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.

We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.

To the extent these online tracking technologies are deemed to be a "sale"/"sharing" (which includes targeted advertising, as defined under the applicable laws) under applicable US state laws, you can opt out of these online tracking technologies by submitting a request as described below under section " DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS? "

Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice .

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
In Short: We offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies.

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, "AI Products"). These tools are designed to enhance your experience and provide you with innovative solutions. The terms in this Privacy Notice govern your use of the AI Products within our Services.

Use of AI Technologies

We provide the AI Products through third-party service providers ("AI Service Providers"), including OpenAI . As outlined in this Privacy Notice, your input, output, and personal information will be shared with and processed by these AI Service Providers to enable your use of our AI Products for purposes outlined in " WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION? " You must not use the AI Products in any way that violates the terms or policies of any AI Service Provider.

Our AI Products

Our AI Products are designed for the following functions:

Automated content moderation and community safety
Semantic search of groups by goal and name

Content Moderation Using AI

To maintain a safe and supportive community, we use OpenAI's moderation API to automatically analyse user-generated text and images for content that may violate our Community Guidelines (such as hate speech, harassment, threats, or illegal content). This process may involve automated decisions to restrict or remove content.

What data we send to OpenAI

We apply data minimisation principles. When your content is sent to OpenAI for moderation analysis, we transmit only the text or image content itself — we do not include your name, email address, IP address, or any other identifying information with the moderation request. OpenAI processes this content solely as a data processor acting on our instructions.

How long OpenAI retains this data

Under OpenAI's standard API terms, content submitted to the API is retained for up to 30 days for abuse monitoring purposes, after which it is deleted. OpenAI does not use API content to train its models. For more information, see OpenAI's Privacy Policy.

Automated moderation decisions

Our content moderation system may automatically prevent content from being posted or flag it for human review if it exceeds our safety thresholds. This is a necessary and proportionate measure to protect the safety of all users. While we do not offer the ability to opt out of automated moderation (as this is fundamental to keeping the platform safe), you may dispute a moderation decision by contacting us at [email protected]. We will conduct a human review and notify you of the outcome.

How We Process Your Data Using AI

Semantic Search Using AI

To help you discover relevant accountability groups, we use AI-generated vector embeddings to power semantic search. When you search for groups, your search query is sent to OpenAI to generate an embedding, which is then compared against pre-computed embeddings of group names and goal descriptions. Group names and goal text are sent to OpenAI when a group is created or updated to generate and cache these embeddings.

What data we send to OpenAI

We apply data minimisation principles. Only the text of group names, goal descriptions, and search queries is transmitted — no account identifiers, email addresses, or IP addresses are included with embedding requests. OpenAI processes this content solely as a data processor acting on our instructions. The resulting embeddings are cached by us; the original text is not stored by OpenAI beyond their standard API retention period of up to 30 days. OpenAI does not use API content to train its models.

All personal information processed using our AI services is handled in line with this Privacy Notice and our agreements with third-party processors. OpenAI is contractually bound to process your data only for the purposes we have specified and to maintain appropriate security measures.

7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or X logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.

We will use the information we receive only for the purposes that are described in this Privacy Notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.

8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
In Short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the United States and Australia . Regardless of your location, please be aware that your information may be transferred to, stored by, and processed by us in our facilities and in the facilities of the third parties with whom we may share your personal information (see " WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION? " above), including facilities in the United States, New Zealand, and other countries.

New Zealand residents: Our primary infrastructure is hosted in Australia and the United States. Additionally, user-generated content submitted through the Services may be processed by OpenAI (United States) for content moderation purposes, and group names, goal descriptions, and search queries may be processed by OpenAI (United States) to generate embeddings for semantic search, as described in Section 6. The United States is not listed as a country with comparable privacy protections under New Zealand's Privacy Act 2020. We rely on contractual protections with our third-party processors, including OpenAI's Data Processing Agreement, to ensure your information receives a standard of protection comparable to that provided under the Privacy Act 2020. By using our Services, you acknowledge that your personal information may be transferred to, stored in, and processed in countries outside New Zealand. If you have questions about international data transfers, please contact us at [email protected].

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law.

European Commission's Standard Contractual Clauses:

We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

9. HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us. Progress photos attached to entries are automatically deleted 7 days after upload. Upon account deletion, we remove all personal and health-related data from our active databases, and any remaining photos are also permanently removed from our cloud storage. However, we retain a record of your agreement to our Terms and Privacy Policy for a period of 7 years to comply with legal obligations and resolve potential disputes. .

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

10. HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

11. DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction .

We do not knowingly collect, solicit data from, or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or the equivalent age as specified by law in your jurisdiction or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age or the equivalent age as specified by law in your jurisdiction has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18 or the equivalent age as specified by law in your jurisdiction, please contact us at [email protected] .

Our Services include real-time audio and video communication features (body-teaming focus sessions) that are intended exclusively for adult users. We do not provide parental controls, content filtering, or monitoring tools for these features. Pursue is not operated as a COPPA-compliant service and relies on an age gate at registration to prevent use by minors. We collect your date of birth at registration or first sign-in to perform this verification. Once we confirm you meet the minimum age requirement, the date of birth is immediately discarded — only a boolean age-verified flag is stored. Your date of birth is not retained, not shared with any third party, and is not used for any purpose other than confirming you are 18 or older.

12. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: Depending on your state of residence in the US or in some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. Our automated content moderation system may prevent content from being posted or flag it for review without human intervention. We do not consider these content moderation decisions to produce legal or similarly significant effects as defined under GDPR Article 22, as they relate to platform safety rather than decisions that materially affect your legal rights or circumstances. Accordingly, we do not provide an opt-out from automated content moderation, which is fundamental to maintaining a safe community. However, in the spirit of transparency and fairness, we provide a human review process for any automated moderation outcome you wish to dispute. If you believe your content was incorrectly moderated, please contact us at [email protected] and we will review the decision and respond to you. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section " HOW CAN YOU CONTACT US ABOUT THIS NOTICE? " below.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority .

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner .

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section " HOW CAN YOU CONTACT US ABOUT THIS NOTICE? " below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the details provided in the section " HOW CAN YOU CONTACT US ABOUT THIS NOTICE? " below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can:

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.

If you have questions or comments about your privacy rights, you may email us at [email protected] .

13. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.

14. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. More information is provided below.
Categories of Personal Information We Collect
The table below shows the categories of personal information we have collected in the past twelve (12) months. The table includes illustrative examples of each category and does not reflect the personal information we collect from you. For a comprehensive inventory of all personal information we process, please refer to the section " WHAT INFORMATION DO WE COLLECT? "

Category	Examples	Collected
A. Identifiers	Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name	YES

B. Personal information as defined in the California Customer Records statute

Name, contact information, education, employment, employment history, and financial information

YES

C. Protected classification characteristics under state or federal law	Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data	NO
D. Commercial information	Transaction information, purchase history, financial details, and payment information	YES
E. Biometric information	Fingerprints and voiceprints	NO
F. Internet or other similar network activity	Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements	YES
G. Geolocation data	Device location	NO
H. Audio, electronic, sensory, or similar information	Images and audio, video or call recordings created in connection with our business activities. Focus sessions involve real-time peer-to-peer audio and video that is not recorded or stored by us. Session metadata (participation timestamps and status) is collected.	YES
I. Professional or employment-related information	Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us	NO
J. Education Information	Student records and directory information	NO
K. Inferences drawn from collected personal information	Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics	YES
L. Sensitive personal Information		NO

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

Receiving help through our customer support channels;

Participation in customer surveys or contests; and

Facilitation in the delivery of our Services and to respond to your inquiries.

We will use and retain the collected personal information as needed to provide the Services or for:

Category A - As long as the user has an account with us

Category B - As long as the user has an account with us

Category D - As long as the user has an account with us

Category F - As long as the user has an account with us

Category K - As long as the user has an account with us

Sources of Personal Information
Learn more about the sources of personal information we collect in " WHAT INFORMATION DO WE COLLECT? "
How We Use and Share Personal Information
Learn more about how we use your personal information in the section, " HOW DO WE PROCESS YOUR INFORMATION? "

Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose personal information to in the section, " WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION? "

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal information.

We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. Wewill not sell or share personal information in the future belonging to website visitors, users, and other consumers.

Your Rights
You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:

Right to know whether or not we are processing your personal data

Right to access your personal data

Right to correct inaccuracies in your personal data

Right to request the deletion of your personal data

Right to obtain a copy of the personal data you previously shared with us

Right to non-discrimination for exercising your rights

Right to opt out of the processing of your personal data if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects ("profiling")

Depending upon the state where you live, you may also have the following rights:

Right to access the categories of personal data being processed (as permitted by applicable law, including the privacy law in Minnesota)

Right to obtain a list of the categories of third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in California, Delaware, and Maryland )

Right to obtain a list of specific third parties to which we have disclosed personal data (as permitted by applicable law, including the privacy law in Minnesota and Oregon)

Right to obtain a list of third parties to which we have sold personal data (as permitted by applicable law, including the privacy law in Connecticut)

Right to review, understand, question, and depending on where you live, correct how personal data has been profiled (as permitted by applicable law, including the privacy law in Connecticut and Minnesota)

Right to limit use and disclosure of sensitive personal data (as permitted by applicable law, including the privacy law in California)

Right to opt out of the collection of sensitive data and personal data collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including the privacy law in Florida)

How to Exercise Your Rights
To exercise these rights, you can contact us by visiting [email protected] , by emailing us at [email protected] , or by referring to the contact details at the bottom of this document.

Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.

Request Verification
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request and the agent will need to provide a written and signed permission from you to submit such request on your behalf.
Appeals
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at [email protected] . We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.
California "Shine The Light" Law
California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by using the contact details provided in the section " HOW CAN YOU CONTACT US ABOUT THIS NOTICE? "

15. DO OTHER REGIONS HAVE SPECIFIC PRIVACY RIGHTS?
In Short: You may have additional rights based on the country you reside in.

Australia and New Zealand

We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020 (Privacy Act).

This Privacy Notice satisfies the notice requirements defined in both Privacy Acts, in particular: what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information.

If you do not wish to provide the personal information necessary to fulfill their applicable purpose, it may affect our ability to provide our services, in particular:

offer you the products or services that you want

respond to or help with your requests

manage your account with us

confirm your identity and protect your account

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section " HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU? "

If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand's Privacy Principles to the Office of New Zealand Privacy Commissioner .
Republic of South Africa
At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section " HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU? "

If you are unsatisfied with the manner in which we address any complaint with regard to our processing of personal information, you can contact the office of the regulator, the details of which are:

The Information Regulator (South Africa)

General enquiries: [email protected]

Complaints (complete POPIA/PAIA form 5): [email protected] & [email protected]

16. DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, you may email us at [email protected] or contact us by post at:

Pursue

9A Ryan Grove

Tawa

Wellington 5028

New Zealand

18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please contact us at: [email protected] , or delete your account via the application's Profile page, which will permanently remove your personal data from our active databases.

This Privacy Policy was created using Termly's Privacy Policy Generator