This Privacy Policy (hereinafter referred to as the "Policy") constitutes a comprehensive and legally binding declaration of the manner in which Roar Consulting LLC (hereinafter referred to as "the Company," "we," "our," or "us") collects, receives, processes, stores, utilizes, discloses, transfers, and otherwise handles all categories of personal data, personal information, and ancillary metadata pertaining to individuals and entities who interact with our digital infrastructure, access our services, enroll in our educational programs, purchase our products, or engage with our personnel in any professional or commercial capacity.

By accessing, browsing, registering upon, purchasing from, or otherwise engaging with any platform, application, website, online course portal, electronic mailing correspondence, social media presence, or affiliated digital property operated or administered by the Company, you — as the data subject — explicitly and unambiguously acknowledge that you have read, comprehended, and consented to the entirety of the terms, conditions, disclosures, and obligations set forth within this Policy in its current and most recently amended form.

Should you disagree with any provision contained herein, you are respectfully and unequivocally directed to discontinue all use of our services, platforms, and affiliated properties forthwith, and to contact our designated Privacy Officer at the electronic address provided within this document to arrange for the cessation of any previously authorized data processing activities.

ARTICLE I — SCOPE, APPLICABILITY & JURISDICTION

Section 1.1 — Geographic and Demographic Scope

This Policy applies universally, without geographic limitation, to all natural persons and legal entities — regardless of nationality, domicile, country of residence, professional industry, organizational affiliation, or engagement level — who interact with any service, platform, product, content library, membership community, coaching program, digital course, live event, webinar, podcast, publication, social media broadcast, or affiliated commercial offering made available by the Company or any of its subsidiaries, assigns, licensees, affiliated coaches, affiliated facilitators, or contracted third-party service providers acting on the Company's behalf.

The Company's services are not restricted to any single professional sector or industry. Our coaching, advisory, and educational services are designed for entrepreneurs, executives, creatives, technologists, healthcare professionals, legal practitioners, educators, artists, skilled tradespeople, corporate employees, nonprofit leaders, athletes, consultants, freelancers, and individuals at every stage of their professional journey across all industries globally. Accordingly, this Policy applies with equal force to every individual regardless of the professional context in which they engage with our services.

Section 1.2 — Regulatory Framework

The Company is committed to maintaining compliance with all applicable data protection, privacy, and consumer rights legislation across jurisdictions, including without limitation: the General Data Protection Regulation (GDPR) of the European Union and European Economic Area; the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA); the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada; the UK General Data Protection Regulation (UK GDPR) as incorporated into domestic law following the United Kingdom's withdrawal from the European Union; the Australian Privacy Act 1988 and its subsequent amendments; the Lei Geral de Proteção de Dados (LGPD) of Brazil; and any other applicable national, federal, state, provincial, or territorial data protection legislation that may govern the processing of personal data of individuals within the respective jurisdiction.

In the event of any conflict or inconsistency between the provisions of this Policy and the requirements of applicable law within a given jurisdiction, the more protective provision — whether contained herein or prescribed by applicable law — shall prevail to the maximum extent permissible.

Section 1.3 — Definitions

For the purposes of this Policy, the following terms shall bear the meanings attributed to them herein, unless the context expressly requires otherwise:

"Personal Data" shall mean any information relating to an identified or identifiable natural person, including but not limited to name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

"Processing" shall mean any operation or set of operations performed upon Personal Data, whether by automated or manual means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

"Data Controller" shall mean the Company, which alone or jointly with others determines the purposes and means of the Processing of Personal Data.

"Data Processor" shall mean any natural or legal person, public authority, agency, or body that Processes Personal Data on behalf of the Data Controller pursuant to a written contractual arrangement.

"Data Subject" shall mean any identified or identifiable natural person whose Personal Data is subject to Processing by the Company.

"Sensitive Personal Data" shall mean Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person's sex life or sexual orientation.

"Consent" shall mean any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.

ARTICLE II — CATEGORIES OF DATA COLLECTED

Section 2.1 — Data Voluntarily Provided by Data Subjects

The Company collects Personal Data that you voluntarily and knowingly provide in the course of engaging with our services, completing registration or enrollment forms, submitting payment information, participating in coaching sessions, completing surveys or assessments, communicating with our personnel, or otherwise establishing a commercial or educational relationship with the Company. Categories of voluntarily provided data include, without limitation:

Full legal name, preferred name, and professional title or designation

Residential and business postal addresses, including city, state or province, postal code, and country

Primary and secondary electronic mail addresses

Mobile, landline, and international telephone contact numbers

Financial payment information, including credit and debit card numbers, bank account details, billing addresses, and transaction identifiers (processed exclusively through PCI-DSS compliant third-party payment processors)

Professional background information, including current industry, years of experience, organizational role, business revenue range, team size, and professional objectives

Educational background, credentials, certifications, and professional affiliations voluntarily disclosed during onboarding or coaching intake processes

Photograph or likeness, where voluntarily submitted for profile or community purposes

Business name, registered entity type, and jurisdiction of incorporation or registration

Social media handles, LinkedIn profile URLs, website addresses, and other digital identity markers

Personal and professional goals, challenges, aspirations, and circumstances disclosed during coaching engagements or intake questionnaires

Communications, messages, questions, and feedback submitted through any channel of contact with the Company

Section 2.2 — Data Automatically Collected Through Digital Interactions

When you access or interact with any of our digital platforms, websites, course portals, or applications, the Company and its authorized third-party technology partners automatically collect certain technical and behavioral data through the use of cookies, web beacons, pixel tags, session recording technologies, server logs, and similar tracking technologies. This automatically collected data may include:

Internet Protocol (IP) address and approximate geolocation derived therefrom

Device type, operating system, browser type and version, screen resolution, and device identifiers

Pages visited, content viewed, videos accessed, courses commenced or completed, and time spent on individual pages or modules

Search queries entered within platform search functions

Referring URLs indicating the source through which you arrived at our platform

Click-stream data, interaction sequences, and navigation pathways through our digital properties

Session duration, frequency of visits, and timestamps of access events

Error logs and performance data relevant to platform functionality

Engagement metrics related to email correspondence, including open rates, click-through rates, and link interaction patterns

Section 2.3 — Data Derived From Third-Party Sources

The Company may receive Personal Data pertaining to you from third-party sources, including but not limited to: social media platforms upon which you have engaged with Company content or personnel; affiliate marketing partners who referred you to our services; publicly available professional directories and databases; payment processors and financial institutions facilitating transactional relationships; analytics and data enrichment service providers; and professional referral networks or partner organizations. All such third-party sourced data is handled in accordance with this Policy and applicable law.

ARTICLE III — LAWFUL BASIS FOR DATA PROCESSING

Section 3.1 — Legal Grounds

The Company processes Personal Data only where a valid legal basis for such Processing exists under applicable data protection law. The lawful bases upon which we rely include:

Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party, or in order to take pre-contractual steps at your request — for example, enrolling you in a course, processing your payment, or delivering coaching services.

Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by the Company or by third parties, provided that such interests are not overridden by your fundamental rights and freedoms — for example, fraud prevention, network and information security, internal analytics, and business development activities.

Legal Compliance: Processing is necessary for compliance with a legal obligation to which the Company is subject — for example, retention of financial records for tax and accounting purposes, or disclosure to regulatory authorities upon lawful demand.

Consent: Where no other lawful basis applies, we will seek your explicit and granular consent prior to Processing your Personal Data for a specific purpose. You retain the right to withdraw any such consent at any time without prejudice to the lawfulness of Processing conducted prior to withdrawal.

Vital Interests: In exceptional circumstances, Processing may be necessary to protect the vital interests of you or another natural person.

Public Task: Processing may be necessary for the performance of a task carried out in the public interest.

ARTICLE IV — PURPOSES OF DATA PROCESSING

Section 4.1 — Primary Operational Purposes

The Company processes your Personal Data for the following primary operational purposes, each of which is supported by an identified lawful basis:

Establishing and maintaining your account or member profile across our platforms and course systems

Processing, administering, and fulfilling purchases of courses, coaching packages, digital products, publications, and physical merchandise

Delivering, scheduling, hosting, and administering one-on-one coaching sessions, group coaching programs, live workshops, retreats, and accelerator programs

Providing technical support, customer service assistance, and responding to inquiries, complaints, or support tickets

Communicating course updates, new content releases, scheduling changes, and operational notifications essential to the delivery of services

Assessing eligibility and suitability for specialized programs, advanced coaching tracks, or application-based cohort enrollments

Monitoring progress, engagement, and outcomes within educational and coaching programs for purposes of program quality and participant support

Administering affiliate, referral, and partnership programs in which you may participate

Facilitating peer community platforms, discussion forums, accountability groups, and collaborative learning environments

Section 4.2 — Marketing and Communication Purposes

Subject to your applicable consent or opt-out preferences, the Company may process your Personal Data for the following marketing and communications purposes:

Sending electronic newsletters, educational content, business insights, and curated resources aligned with your professional interests and engagement history

Communicating information about new course launches, program expansions, live events, speaking engagements, and partnership opportunities

Conducting targeted advertising campaigns across third-party digital platforms, including but not limited to Meta, Instagram, LinkedIn, YouTube, and Google Ads, utilizing custom audience and lookalike audience technologies

Personalizing the content, recommendations, and promotional offers presented to you based upon your engagement history, demographic profile, and stated professional objectives

Conducting market research, satisfaction surveys, testimonial collection, and Net Promoter Score assessments

Section 4.3 — Analytics and Business Intelligence Purposes

The Company processes aggregated, de-identified, and pseudonymized derivatives of Personal Data for internal analytical and business intelligence purposes, including product development, curriculum enhancement, pricing strategy, market analysis, and operational efficiency improvement. Such de-identified data, when not reasonably capable of re-identification, falls outside the scope of this Policy's substantive data protection obligations.

ARTICLE V — COOKIES AND TRACKING TECHNOLOGIES

Section 5.1 — Categories of Cookies Deployed

The Company utilizes various categories of cookies and analogous tracking technologies across its digital properties. These technologies serve distinct functions, and your engagement with our platforms constitutes acknowledgment of their deployment, subject to your right to manage your preferences through available consent management tools:

Strictly Necessary Cookies: Essential to the core functioning of our platforms, enabling authentication, session management, security operations, and fundamental navigation. These cookies cannot be disabled without rendering the platform non-functional.

Performance and Analytics Cookies: Enable the Company to measure and analyze traffic patterns, user engagement, content consumption, and platform performance, facilitating data-driven optimization of the user experience. These technologies include but are not limited to Google Analytics, Hotjar, and Mixpanel.

Functional Cookies: Remember your preferences, language settings, regional configurations, and prior interaction history to deliver a personalized and consistent experience across sessions and devices.

Targeting and Advertising Cookies: Deployed by the Company and its third-party advertising partners to track your browsing behavior across digital properties, build profiles of your interests, and deliver advertising content calibrated to your apparent preferences and professional profile.

Social Media Cookies: Placed by social media platforms when you interact with embedded content, share buttons, or authenticated social login functions within our platforms.

Section 5.2 — Cookie Management

You may manage, restrict, or withdraw your consent to non-essential cookies at any time through our Cookie Preference Center, accessible via the footer navigation of our primary website, or through the native cookie management controls of your preferred internet browser. Please note that disabling certain categories of cookies may impair the functionality, personalization, and performance of our digital platforms.

ARTICLE VI — DATA SHARING, DISCLOSURE & THIRD PARTIES

Section 6.1 — Categories of Third-Party Recipients

The Company does not sell, rent, or trade your Personal Data to third parties for their independent commercial purposes. However, the Company does share your Personal Data with carefully vetted third-party service providers, technology partners, and institutional recipients as necessary to operate our business and deliver our services. Categories of such recipients include:

Payment processing and financial transaction service providers, including Stripe, PayPal, and affiliated banking institutions, who process payment information under their own stringent privacy and security frameworks

Course hosting and learning management system (LMS) platforms, including Kajabi, Teachable, Thinkific, or equivalent platforms, upon which our educational content is hosted and delivered

Customer relationship management (CRM) system providers, including HubSpot, ActiveCampaign, Keap, or equivalent platforms, utilized for managing client communications and engagement tracking

Electronic mail service providers facilitating automated and manual correspondence on behalf of the Company

Video conferencing and virtual meeting platforms facilitating live coaching sessions, group calls, and webinars

Cloud storage and data hosting infrastructure providers maintaining the security and availability of our digital systems and data repositories

Analytics and business intelligence service providers enabling data-driven operational decision-making

Legal counsel, accountants, auditors, and professional advisors engaged to provide regulatory compliance and fiduciary guidance

Regulatory authorities, law enforcement agencies, judicial bodies, and government institutions, where disclosure is compelled by applicable law, court order, or regulatory requirement

Prospective acquirers, investors, or business partners in the event of a corporate merger, acquisition, restructuring, asset sale, or investment transaction, subject to confidentiality obligations

Section 6.2 — International Data Transfers

The Company operates on a global scale, and your Personal Data may be transferred to, stored in, and processed within jurisdictions outside your country of residence, including jurisdictions that may not offer an equivalent level of data protection to that afforded within your home jurisdiction. Where such international transfers occur, the Company implements appropriate safeguards in compliance with applicable law, including the use of Standard Contractual Clauses approved by relevant data protection authorities, Binding Corporate Rules, adequacy decisions issued by competent regulatory bodies, or other legally recognized transfer mechanisms.

ARTICLE VII — DATA SECURITY & INTEGRITY

Section 7.1 — Technical and Organizational Measures

The Company implements comprehensive technical, organizational, and procedural security measures designed to protect your Personal Data against unauthorized access, accidental loss, alteration, disclosure, destruction, or unlawful Processing. These measures include, without limitation:

Industry-standard TLS/SSL encryption of all data transmitted between your device and our platforms

AES-256 encryption of Personal Data at rest within our storage infrastructure

Multi-factor authentication requirements for administrative access to systems containing Personal Data

Role-based access controls limiting Personal Data access to personnel with a demonstrable operational need

Regular penetration testing and vulnerability assessments conducted by independent cybersecurity specialists

Comprehensive security incident response protocols and breach notification procedures

Mandatory data protection training for all personnel with access to Personal Data

Vendor security assessment processes applied to all third-party Data Processors prior to engagement

Business continuity and disaster recovery planning to ensure data availability and integrity

Section 7.2 — Data Breach Notification

In the event of a personal data breach that is reasonably likely to result in a high risk to your rights and freedoms, the Company will notify you without undue delay — and in any event within seventy-two (72) hours of becoming aware of such breach — in accordance with applicable legal obligations. Such notification shall include a description of the nature of the breach, the categories and approximate number of individuals affected, the likely consequences of the breach, and the measures taken or proposed to address the breach and mitigate its potential adverse effects.

ARTICLE VIII — DATA RETENTION

Section 8.1 — Retention Periods

The Company retains your Personal Data only for the duration strictly necessary to fulfill the purposes for which it was collected, to comply with applicable legal, regulatory, accounting, and reporting obligations, to resolve disputes, and to enforce our agreements. Specific retention periods applicable to principal categories of Personal Data are as follows:

Account and registration data: Retained for the duration of your active relationship with the Company and for a period of seven (7) years following the termination or expiration thereof, to facilitate regulatory compliance and dispute resolution

Transaction and financial records: Retained for a minimum of seven (7) years in accordance with applicable tax and financial reporting legislation

Coaching session records, session notes, and program completion data: Retained for a period of five (5) years following completion of the relevant program, unless a longer retention period is required by applicable law

Marketing and communication preference data: Retained until such time as you withdraw consent or opt out of communications, and for a period of three (3) years thereafter to evidence consent management

Technical and usage data: Retained for a period of twenty-four (24) months, following which it is aggregated and de-identified for analytical purposes

Legal claims and dispute-related data: Retained for the duration of any applicable statutory limitation period governing potential legal claims

ARTICLE IX — YOUR RIGHTS AS A DATA SUBJECT

Section 9.1 — Enumeration of Rights

Subject to applicable law and the Company's legitimate operational and legal obligations, you possess the following rights with respect to your Personal Data:

Right of Access: You have the right to request confirmation of whether the Company Processes your Personal Data, and if so, to receive a comprehensive copy of such data along with information regarding the purposes, categories, recipients, and retention periods applicable to such Processing.

Right to Rectification: You have the right to request the correction of inaccurate or incomplete Personal Data concerning you, without undue delay.

Right to Erasure ("Right to Be Forgotten"): You have the right to request the deletion of your Personal Data where such data is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, where you have objected to Processing, where the data has been unlawfully Processed, or where deletion is required to comply with a legal obligation.

Right to Restriction of Processing: You have the right to request that the Company restrict the Processing of your Personal Data in specified circumstances, including where you contest the accuracy of the data, where Processing is unlawful but you oppose erasure, or where you have objected to Processing pending verification of legitimate grounds.

Right to Data Portability: Where Processing is based on consent or contractual necessity and carried out by automated means, you have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to transmit such data to another controller without hindrance.

Right to Object: You have the right to object, on grounds relating to your particular situation, to the Processing of your Personal Data based upon legitimate interests or the performance of a public task, including profiling based on such grounds. You also have an unconditional right to object to Processing for direct marketing purposes.

Rights in Relation to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated Processing, including profiling, which produce legal or similarly significant effects concerning you.

Right to Lodge a Complaint: You have the right to lodge a complaint with the competent supervisory authority in the member state of your habitual residence, place of work, or place of an alleged infringement.

Right to Withdraw Consent: Where Processing is based upon your consent, you have the right to withdraw such consent at any time, without affecting the lawfulness of Processing conducted prior to withdrawal.

Section 9.2 — Exercise of Rights

To exercise any of the rights enumerated in Section 9.1, you may submit a written request to the Company's designated Privacy Officer at [email protected], or by postal correspondence to our principal place of business. The Company shall respond to all valid requests within thirty (30) calendar days of receipt, or such shorter period as required by applicable law. In cases of particular complexity or volume, the Company may extend this response period by a further sixty (60) days, provided that you are notified of such extension and the reasons therefor within the initial thirty-day period.

The Company reserves the right to verify your identity prior to processing any such request, through reasonable and proportionate means, in order to prevent fraudulent or unauthorized access to third-party Personal Data.

ARTICLE X — CHILDREN'S PRIVACY

The services offered by the Company are directed exclusively at adults who are at least eighteen (18) years of age, or who have attained the age of majority in their jurisdiction of residence if that age exceeds eighteen years. The Company does not knowingly or intentionally collect Personal Data from individuals below this age threshold. Should the Company become aware that Personal Data has been collected from a minor without appropriate parental or guardian consent, the Company will take immediate and comprehensive steps to delete such data from its systems. Parents or guardians who believe that a minor may have submitted Personal Data to the Company are encouraged to contact us at the earliest opportunity.

ARTICLE XI — AMENDMENTS AND UPDATES

The Company reserves the right to amend, revise, supplement, or replace this Policy at any time, in its sole discretion, in response to changes in applicable law, technological developments, operational practices, or the scope of services offered. All amendments shall become effective upon publication of the revised Policy on our primary website, accompanied by an updated "Last Revised" date at the commencement of this document.

Where amendments materially affect your rights or the manner in which we process your Personal Data, we will endeavor to provide advance notice through electronic correspondence or prominent notification within our platforms. Your continued use of our services following the effective date of any amendment shall constitute your acknowledgment of, and agreement to, the revised Policy. If you do not agree to the revised Policy, you must discontinue use of our services and contact us to discuss the cessation of data processing activities.

ARTICLE XII — CONTACT INFORMATION

All inquiries, requests, complaints, or communications regarding this Privacy Policy or the Company's data processing practices should be directed to:

Privacy Officer

Roar Consulting LLC

Email:[email protected]

Website: www.roarconsulting.com/privacy

The Company is committed to resolving all data protection concerns promptly, transparently, and in accordance with applicable law.

END OF PRIVACY POLICY