Privacy Policy

Last updated: 27.03.2026

Zouris (“Zouris”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you visit www.zouris.io (the “Website”) or interact with Zouris.

By using this Website, you acknowledge that you have read and understood this Privacy Policy.

1. DATA CONTROLLER

Zouris is operated by:

Zouris FZE
Sharjah Publishing City Free Zone, Sharjah, UAE.
Email: admin@zouris.io

Zouris acts as the data controller for personal information collected through this Website.

2. SCOPE

This Privacy Policy applies to:

• Website visitors

• Individuals submitting inquiries

• Coaches / practitioners applying to join Zouris

• Any personal data collected via forms or communications on zouris.io

Separate privacy terms may apply inside the Zouris mobile application.

3. PERSONAL DATA WE COLLECT

A. Website Visitors

We may collect:

• Name

• Email address

• IP address

• Browser and device information

• Usage data

• Cookie identifiers

B. Coaches / Practitioners

If you apply to join Zouris, we may collect:

• Full name

• Contact details

• Professional information

• Certifications and credentials (uploaded documents)

• Banking details (for payout processing)

• Profile content

Providing this information is voluntary, but required to onboard as a Coach.

4. PURPOSE OF PROCESSING

We process personal data to:

• Operate and maintain the Website

• Respond to inquiries

• Evaluate Coach applications

• Verify professional credentials

• Facilitate payments and payouts

• Prevent fraud and abuse

• Improve platform experience

• Comply with legal and regulatory obligations

• Protect Zouris’ legal rights

5. LEGAL BASIS FOR PROCESSING (GDPR)

Where GDPR applies, Zouris relies on the following lawful bases:

• Performance of a contract

• Legitimate business interests

• Compliance with legal obligations

• Consent (where required)

You may withdraw consent at any time.

6. DATA FLOW AND CROSS‑BORDER TRANSFER Coach banking details are collected strictly for:

6.1 Overview

Zouris FZE operates a health and wellness platform that processes personal data of users located in the United Arab Emirates and other countries. This section describes how personal data flows through our systems and under what conditions it may be transferred outside the UAE, in line with applicable data protection laws, including the UAE Federal Decree‑Law No. 45 of 2021 on the Protection of Personal Data (“PDPL”).

6.2 Data Flow Architecture

Controllers and Processors: Zouris acts as the primary data controller for personal data collected through our Website and, where applicable, related services. We engage carefully selected third‑party service providers as data processors (for example, cloud infrastructure providers, analytics providers, communication tools, and payment service providers). These processors only process personal data on our documented instructions and under written data processing agreements.

Primary Processing Location (UAE) : Our primary production environment for the Zouris platform is hosted in cloud infrastructure physically located in the United Arab Emirates. This environment stores and processes personal data necessary to provide and improve our services, including:

- Account and profile information (e.g., name, contact details, login data)

- App and Website usage data (e.g., session data, preferences, device information)

- Booking and transaction data (e.g., session bookings, subscription information, payment‑related metadata)

- Wellness‑related information that you choose to share with us or your coaches/practitioners via the app (where applicable, under separate app terms) This data is processed in real time in our UAE‑based production systems in order to authenticate users, deliver functionality, enable communication, and provide customer support.

Backup and Disaster Recovery: To ensure service continuity, resilience and protection against data loss, we maintain encrypted backup copies (snapshots) of our production databases. These backups are primarily stored in the UAE and are used strictly for: - Restoring services in case of system failure, data corruption, or other incidents - Security and integrity purposes (e.g., investigation of security events, where permitted by law) Backups are retained only for as long as necessary for these purposes and are subject to strict access controls and logging. They are not used to create new user profiles, for marketing, or for unrelated analytics.

6.3 Cross‑Border Data Transfers (PDPL and GDPR)

When Cross‑Border Transfers Occur In certain cases, personal data may be transferred and processed outside your country of residence, including outside the UAE. For example: - When we use cloud infrastructure providers that operate data centers in multiple regions (including for secondary backup and disaster recovery copies) - When support, monitoring, or security operations are performed from other countries by our processors. - When we integrate third‑party tools or services that process personal data in non‑UAE locations. As part of our infrastructure strategy, we may maintain additional encrypted backup copies of production data in one or more data centers outside the UAE (for example, within the EMEA region) for redundancy and disaster recovery. These copies are logically linked to our UAE production systems and are not used as separate operational environments.

Legal Basis for Cross‑Border Transfers: When personal data is transferred outside the UAE or the EU/EEA, we do so in accordance with PDPL, GDPR (where applicable), and other relevant data protection laws. Depending on the context, we rely on one or more of the following legal bases: - The transfer is necessary for the performance of a contract with the data subject (for example, to provide the Zouris platform and its core features reliably) - The transfer is necessary for the establishment, exercise, or defence of legal claims or for protection of vital interests - The transfer is made to a country, territory, or sector that is recognized by the competent authority as providing an adequate level of protection - Zouris has implemented appropriate contractual, technical and organizational safeguards to ensure that the personal data continues to be protected to a level that is not less than that required by PDPL and, where applicable, GDPR - Where required, the data subject has been informed of the transfer and, if necessary, has provided explicit consent, which can be withdrawn at any time. We do not sell personal data and do not authorize our processors to use personal data for their own independent purposes.

Safeguards for Cross‑Border Transfers: To protect personal data that is transferred outside the UAE or EU/EEA, we implement a combination of legal, technical, and organizational safeguards, including:

- Contractual safeguards: We enter into written data processing agreements and, where appropriate, cross‑border transfer clauses with our processors. These agreements require processors to: - Process personal data only on our documented instructions - Implement appropriate technical and organizational measures to protect personal data - Assist us in fulfilling data subject rights and responding to regulatory inquiries - Notify us without undue delay in the event of a personal data breach - Limit sub‑processing and ensure equivalent protection by any sub‑processors

- Technical safeguards: We use industry‑standard security controls, which may include: - Encryption of data in transit and at rest (including encrypted database backups and snapshots) - Strong access control, role‑based permissions, and authentication - Network protections such as firewalls, allowlists, and private connectivity where applicable - Security monitoring, logging, and incident response processes - Data minimization and retention policies, including rotation of backup copies

- Organizational safeguards: We maintain internal policies and procedures covering information security, access governance, vendor management, and incident response. Access to systems and backups that contain personal data is limited to authorized personnel with a legitimate business need and is subject to confidentiality obligations.

Data Subject Rights and Backups: We respect data subject rights under PDPL, GDPR and other applicable laws, including rights of access, correction, deletion and objection, regardless of where the data is physically stored. When a deletion or similar request is granted: - We delete personal data from our active production systems within a reasonable time frame, subject to legal retention requirements - Backup copies containing that data are not actively used for any new processing. They are retained only for the limited periods defined in our backup policy and are then permanently deleted or overwritten - If we must restore from a backup that contains data previously deleted in production, we apply our deletion policies again so that the restored environment reflects the granted data subject requests.

7. BANKING INFORMATION

Coach banking details are collected strictly for:

• Processing payouts

• Accounting and reconciliation

• Fraud prevention

Banking information:

• Is encrypted where technically feasible

• Is access-restricted internally

• Is shared only with authorized payment processors and financial partners

Zouris does not store complete card numbers.

8. CERTIFICATIONS AND PROFESSIONAL DOCUMENTS

Coaches may upload certifications and credentials for verification purposes.

These documents may be:

• Reviewed internally

• Displayed publicly on Coach profiles (if approved)

Zouris does not independently guarantee authenticity.

Coaches remain fully responsible for the accuracy and validity of submitted credentials.

Zouris reserves the right to remove or reject documentation at its discretion.

9. DATA SHARING

We may share personal data with:

• Payment processors

• Cloud hosting providers

• Analytics providers

• Customer support tools

• Legal or regulatory authorities where required

We do not sell personal data.

All partners are contractually required to protect your information.

10. INTERNATIONAL DATA TRANSFERS

Your data may be transferred and processed outside your country of residence, including the UAE, EU, UK, and United States.

Where applicable, Zouris uses contractual safeguards consistent with GDPR standards to protect international transfers.

11. DATA RETENTION

We retain personal data only as long as necessary to:

• Fulfill business purposes

• Meet legal obligations

• Resolve disputes

• Enforce agreements

Financial records may be retained longer as required by law.

12. YOUR RIGHTS

Depending on your jurisdiction, you may request:

• Access to your data

• Correction of inaccurate data

• Deletion

• Restriction of processing

• Data portability

• Withdrawal of consent

Requests can be submitted to:

admin@zouris.io

We may verify identity before responding.

13. SECURITY

Zouris implements administrative, technical, and organizational safeguards to protect personal data.

However, no system can guarantee absolute security.

You acknowledge that data transmission over the internet carries inherent risks.

14. COOKIES

Zouris uses cookies and similar technologies to enhance functionality and analyze traffic.

You may manage cookie preferences through our cookie banner or browser settings.

For details, please review our Cookie Policy.

15. CHILDREN’S PRIVACY

Zouris does not knowingly collect data from individuals under 18.

If we become aware of such collection, we will delete the data.

16. PLATFORM ROLE DISCLAIMER

Zouris operates as a technology platform connecting users with independent Coaches.

Coaches are not employees or agents of Zouris.

Zouris is not responsible for services provided by Coaches.

17. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically.

Updated versions will be posted on this page.

Continued use of the Website constitutes acceptance.

18. CONTACT INFORMATION

If you have questions, requests, or complaints regarding this Privacy Policy, please contact:

Zouris FZE
Email: admin@zouris.io
Registered Office: Sharjah Publishing City, Sharjah, United Arab Emirates