Privacy Policy

Effective Date: December 9, 2025

This Privacy Policy describes how TOTUM LLC ("TOTUM," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use our services, including our website (totumone.com), mobile application (the "App"), and related online platforms (collectively, the "Services"). The Services include a health and wellness marketplace where users can track nutrition and fitness, access programs and content, and engage with a community of coaches, creators, and merchants. Studio owners can manage wellness businesses, sell programs, handle scheduling, and process payments through an all-in-one dashboard.

By accessing or using the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use the Services. This Privacy Policy applies to all users, including individual users ("Users") seeking health and wellness tools, and studio owners ("Studio Owners") managing businesses. Terms used here have the same meaning as in our Terms of Service, available at totumone.com/terms, unless otherwise defined.

We are committed to protecting your privacy and handling your data responsibly. TOTUM LLC is the data controller for the information we collect directly from you. For questions, contact us at admin@totum.coach.

Information We Collect

We collect information to provide, improve, and personalize the Services. TOTUM is not a healthcare provider and does not process protected health information under HIPAA. We handle wellness data only. This includes information you provide directly, information collected automatically, and information from third parties.

Information You Provide

  • Account and Profile Information: When you create an account, we collect your name, email address, date of birth, gender, username, password, and payment details (if applicable). Studio Owners may also provide business details, such as studio name, location, tax ID, and bank account information for payouts.
  • Activity and Health Information: We collect data on your workouts, nutrition logs (including meal photos), progress tracking, goals, and challenges. This may include inferred health metrics like heart rate, weight, or exertion levels. Users can connect wearable devices (e.g., Whoop, Garmin, Fitbit, Oura), Apple HealthKit, or Google Health Connect to import data, which you control and can disconnect at any time.
  • Content You Share: Photos, posts, comments, reviews, ratings, and other user-generated content, such as meal logs or progress updates. For the Goal Body™ feature (detailed below), users upload body progress photos.
  • Contacts and Connections: If you choose, you can import contacts from your device or social accounts to connect with others.
  • Payment Information: Billing details, card numbers (tokenized), and transaction history for purchases, subscriptions, or studio payouts.
  • Other Information: Feedback from surveys, support requests, or referrals.

Information Collected Automatically

  • Usage and Technical Data: How you interact with the Services, including IP address, device type, browser, operating system, location (approximate via IP or precise with consent for activity tracking), pages viewed, and session duration. We use cookies, log files, and analytics tools for this purpose.
  • Location Information: Precise location during use (e.g., for workout tracking) with your consent; we do not track when the App is closed. Adjust via device settings.

Information from Third Parties

  • Data from connected devices/apps, social logins (e.g., Facebook, Google, Apple), or payment processors.
  • Aggregated insights from partners, such as referral data.

We do not collect sensitive information beyond what's necessary for health tracking, and you control sharing health data with coaches or others.

How We Use Your Information

We use your information to deliver the Services and enhance your experience:

  • Provide core features: Track activities, analyze performance, manage goals/challenges, and facilitate marketplace purchases.
  • Personalize content: Recommend programs, workouts, or coaches based on your profile and activity.
  • Manage Studio Owner tools: Automate scheduling, CRM, storefronts, and client management.
  • Process payments and transactions (see "Processing of Funds" below).
  • Communicate: Send updates, support responses, or marketing (with opt-out).
  • Improve Services: Analyze trends, debug issues, and develop new features.
  • Ensure safety: Detect fraud, abuse, or violations.
  • Legal compliance: Meet regulatory requirements.

With your consent, we may use health data for advanced analysis (e.g., performance insights).

Sharing Your Information

We do not sell your personal information. We share it only as needed to provide the Services or as described:

  • With Your Consent: To coaches, connections, or public feeds (e.g., activity posts, reviews).
  • Service Providers: Third parties like cloud hosts, analytics tools (e.g., Google Analytics), or email services, bound by confidentiality.
  • Studio Owners: For Users booking classes or purchasing programs, we share relevant details (e.g., name, contact) with consent.
  • Business Transfers: In mergers or acquisitions.
  • Legal Reasons: To comply with laws, respond to authorities, or protect rights.
  • Aggregated Data: Non-identifiable insights for research.

Profile information (e.g., name, photo) may be public or visible to connections, per your settings. Health data is never shared without explicit consent.

Third-Party Service Providers

To operate the Services, we share personal information with trusted third-party service providers who act as our processors or controllers. These include:

  • Payment and Financial: Stripe (for processing via Stripe Connect; see their Privacy Policy).
  • Analytics and Advertising: Google Analytics (for usage insights; see their Privacy Policy).
  • Cloud and Storage: Amazon Web Services (AWS) for data hosting and encryption.
  • Integrations and Wearables: Apple HealthKit, Google Health Connect, Whoop, Garmin, Fitbit, Oura (for health data import; data subject to their policies).
  • Communication and Support: Email services (e.g., SendGrid) and customer support tools.
  • AI and Personalization: Third-party AI providers for features like Goal Body™ analysis (data is de-identified and not used for their training models).

All providers are contractually obligated to protect your data and comply with applicable laws (e.g., via Standard Contractual Clauses for international transfers). For a full, up-to-date list, contact admin@totum.coach.

Processing of Funds

TOTUM uses Stripe Connect to process payments, subscriptions, and payouts securely. When you make a purchase or Studio Owners receive earnings, we collect transaction details (e.g., amount, date, billing info) and share necessary data with Stripe for authentication, fraud prevention, and settlement. Stripe acts as our processor and may share data with banks or card networks.

For Studio Owners using Stripe Connect as connected accounts:

  • We share User transaction data (e.g., name, email) to facilitate payouts or refunds.
  • You authorize Stripe to hold funds in reserve for disputes or fees.
  • All processing complies with PCI DSS standards; we do not store full card details.

Refunds or disputes are handled per our Terms. See Stripe's Privacy Policy for details on their handling.

Informed Consent

TOTUM prioritizes transparent, informed consent for all parties. By using the Services, you consent to our collection and use of your information as outlined here. Specific consents include:

  • For Users: Explicit permission to process health/activity data, share with coaches (e.g., for personalized programs), or upload content (e.g., photos). Withdraw via settings or by disconnecting integrations. Location tracking requires one-time consent for features like geo-tagged workouts. For AI-driven features (e.g., personalized recommendations or Goal Body™ analysis), toggle off "Personalized Experiences" in Profile > Preferences.
  • For Studio Owners: Consent to share business data (e.g., client lists) with TOTUM for CRM/tools, and User data for bookings/payments. You must obtain User consent before sharing their info (e.g., for class rosters).
  • For TOTUM LLC: As data controller, we process information based on your consent, contract performance (e.g., payments), legitimate interests (e.g., fraud detection), or legal obligations. Withdraw consent for non-essential processing (e.g., marketing) via account settings; this won't affect core Services.

We explain data uses at collection points (e.g., permission prompts). Consent is voluntary; withdrawing may limit features. For minors under 13 (or 16 in some regions for health data), parental consent is required. We honor Global Privacy Control (GPC) signals for opt-outs where applicable.

Goal Body™

Goal Body™ is a patent pending trademarked feature allowing Users to upload and track body progress photos for personal motivation and analysis. TOTUM does not process or store explicit photos or content violating our Terms (e.g., nudity, sexual material). All uploads are moderated for compliance.

We use AI for non-decision-making analysis (e.g., progress insights from photos and metrics), with safeguards like de-identification of data shared with third-party AI providers. No profiling affects legal rights. Opt out via Informed Consent settings above.

  • Ownership and Consent: Photos must be owned by you or uploaded with explicit consent from the depicted individual (e.g., via release form). You represent you have rights to the content and indemnify TOTUM for claims.
  • Handling: Photos are encrypted, stored securely, and visible only to you (or shared connections with consent). We use them solely for your tracking/AI analysis; no sharing with third parties without permission.
  • Removal: Delete anytime via settings; we remove upon account deletion.

Violations may result in content removal or account suspension.

Sales Bonus Program

The Sales Bonus Program rewards Studio Owners and eligible Creators for referrals and sales milestones (e.g., bonuses on referred User subscriptions or program sales). Participation is optional, and the Company may start or stop a program at it's sole discretion for any reason; opt-in via dashboard.

  • Data Use: We collect referral codes, earnings data, and contact info to calculate/track bonuses. Bonuses are paid via Stripe Connect.
  • Sharing: Aggregated performance data shared with participants; individual data only with your consent.
  • Consent: Explicit opt-in required, including for marketing related to the program. Withdraw anytime, ending future bonuses.

Details in program terms; taxes on bonuses are your responsibility.

Cookies and Similar Technologies

We use cookies and tracking technologies for functionality, analytics, and personalization. Essential cookies enable login/sessions; others (e.g., analytics) can be managed via browser settings or our cookie banner. Third-party cookies (e.g., from Stripe) support payments.

Security

We use industry-standard measures (e.g., encryption, access controls) to protect your data. Health and payment info is encrypted at rest/transit. However, no system is 100% secure; report issues to admin@totum.coach.

In the event of a data breach, we will notify affected users and relevant authorities without undue delay, in compliance with applicable laws (e.g., within 72 hours to supervisory authorities under GDPR; within 45-90 days to users under CCPA).

Children's Privacy

The Services are not for children under 13 (or 16 for health features). We do not knowingly collect their data. If we learn of such, we delete it promptly. Parents/guardians: Contact us to remove child data.

Data Deletion

You control your data. We retain information only as long as necessary for the purposes described (e.g., account data during use + 30 days post-deletion; health logs until request; transaction records for 7 years for legal compliance). After the retention period, data is securely deleted, erased, or de-identified.

Delete specific items (e.g., posts, photos) via settings. To delete your full account:

  • Go to Profile > Settings > Delete Account.
  • Confirm, and all personal data (e.g., profile, activities, health info) will be permanently deleted within 30 days, except for records required by law (e.g., transaction logs for 7 years).

Backups may retain data temporarily. For other requests (e.g., CCPA rights), email admin@totum.coach with verification. We respond within 45 days.

California Privacy Rights (CCPA/CPRA)

California residents have rights to know, delete, correct, and opt-out of "sales" (we do not sell data). Exercise via admin@totum.coach or our privacy portal. No discrimination for exercising rights.

GDPR Compliance (European Economic Area, United Kingdom, and Switzerland)

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, TOTUM LLC processes your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national laws.

Legal Bases for Processing

We process your personal data only when we have a valid legal basis under GDPR:

Purpose of ProcessingLegal Basis (Art. 6 GDPR)Legal Basis for Special Category Data (Health) (Art. 9 GDPR)
Account creation, providing core ServicesPerformance of a contract with youExplicit consent (Art. 9(2)(a))
Processing payments & payouts (Stripe Connect)Performance of a contract / Legal obligationN/A
Personalized recommendations & analyticsLegitimate interests (improving Services)Explicit consent
Health & fitness tracking, Goal Body™ photosExplicit consentExplicit consent
Marketing communicationsConsent or legitimate interests (where permitted)N/A
Fraud prevention & securityLegitimate interests / Legal obligationN/A
Compliance with law (e.g., tax, accounting)Legal obligationN/A

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal. Withdrawal is done via your account settings or by emailing admin@totum.coach.

Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of access – Obtain a copy of your data.
  • Right to rectification – Correct inaccurate data.
  • Right to erasure ("right to be forgotten") – Delete your data (subject to legal retention obligations).
  • Right to restriction of processing – Limit how we use your data.
  • Right to data portability – Receive your data in a structured, machine-readable format.
  • Right to object – Object to processing based on legitimate interests or direct marketing.
  • Right not to be subject to automated decision-making – We do not make solely automated decisions with legal or significant effects, though we use AI for supportive analysis (e.g., recommendations) with opt-out options.

To exercise any of these rights, email admin@totum.coach with proof of identity. We will respond within one month (extendable by two months for complex requests).

International Data Transfers

TOTUM LLC is based in the United States. When we transfer personal data from the EEA, UK, or Switzerland to the US or other countries not deemed "adequate" by the European Commission, we use:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, and
  • Supplementary measures where required (e.g., encryption, pseudonymisation).

Our sub-processors (e.g., Stripe, cloud providers) are also bound by SCCs or equivalent safeguards.

Data Protection Officer (DPO)

You may contact our Data Protection Officer at:

Email: admin@totum.coach

If you believe we have not handled your data properly, you have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France, etc.).

This GDPR section is integrated into the full Privacy Policy and forms part of it. All other sections of this Privacy Policy also apply to users covered by GDPR unless explicitly stated otherwise.

Changes to This Privacy Policy

We may update this Policy; changes post here and notify via email/App. Continued use constitutes acceptance.

Contact Us

Questions? Email admin@totum.coach. For EU/UK: TOTUM LLC use same email. Response within 1 month.