This Privacy Policy describes how KidStrong Inc. and its affiliates and franchisees (collectively "KidStrong," "we," "us," or "our") collect, disclose, and use personal information. This Privacy Policy applies to personal information we collect online, including via our websites, mobile applications, and other online platforms or services (collectively "Online Services"), or any other product or service where this Privacy Policy is displayed, and offline, including our physical locations and centers, and programs and events operated by or in partnership with us.

Depending on your relationship with us and/or the service(s) you obtain from us, a separate or additional privacy policy may be provided and apply to you. For purposes of this Privacy Policy, the term "personal information" has the same meaning as the equivalent term defined under applicable laws and does not include certain types of information, such as publicly available information or de-identified information.

Where required by law, we provide notice at or before the point of collection, including a description of the categories of personal information collected and the purposes for which they will be used.

We encourage you to read this Privacy Policy carefully and review it regularly for any updates to better understand how we handle your personal information.

Summary of this Privacy Policy

This section summarizes the Privacy Policy, which describes our data handling practices in more detail below, and is intended to provide a quick reference related to our collection and use of your personal information.

What Personal Information We Collect

We may collect the following categories of personal information from and about you:

• Identifiers
• Characteristics of protected classifications under certain state or federal law
• Commercial information
• Internet or other electronic network activity information
• Payment information
• Photos, video, and audio (including recordings at our centers)
• Geolocation data (approximate)
• Professional or employment-related information
• Child development and health information
• Sensitive personal information

How We Collect and Use Your Personal Information

We typically collect personal information directly from you, including via cookies or other tracking technologies, but we may also collect information about you from our business partners, vendors, or other third parties. We use this information consistent with this Privacy Policy to:

• Provide you with our developmental fitness programs and services
• Improve and develop new offerings, features, and services
• Maintain our business relationship with you, including customer correspondence or other modes of communication
• Promote our products and services and otherwise serve advertising and marketing campaigns
• Comply with applicable laws or legal requirements
• For other purposes with your consent

Targeted Advertising / Sale or Sharing of Personal Information

We may use certain information, including identifiers and online activity information, for targeted advertising. Depending on your state of residence, you may have the right to opt out of targeted advertising, and (for California residents) the right to opt out of the "sale" or "sharing" of personal information as those terms are defined under applicable law.

How We Protect and Retain Your Personal Information

We use reasonable security measures that are designed to protect your personal information; however, no system of transmission or storage of data can be 100% secure and we cannot guarantee the absolute security of your information. We retain your personal information for as long as is reasonably necessary to fulfill the purpose(s) for which it was collected or as otherwise required to be retained under applicable law.

What Personal Information We Collect

We may collect the following categories of personal information from and about you:

Identifiers

Real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver's license number, or other similar identifiers.

Characteristics of protected classifications

Age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information.

Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, membership information, and transaction information.

Internet or other electronic network activity information

Browsing history, search history, information on your interaction with a website, application, or advertisement, device information, and usage patterns.

Payment information

Payment method information, transaction details, and billing information. We do not store full payment card information; payment processing is handled by third-party payment processors as described below.

Photos, video, and audio (including recordings at our centers)

We may collect photographs, videos, or audio recordings that you submit to us (for example, for profiles, assessments, progress tracking, support requests, or marketing content with your consent) or that are captured in connection with participation in KidStrong classes and activities.

KidStrong centers may use video—and, where permitted by law, audio—recording systems to record classes or portions of classes for purposes such as internal training, quality assurance, safety, incident investigation, and program improvement. We provide notice of recording in our centers (for example, through signage). By attending or participating in KidStrong classes or activities, you understand that you and your child may be recorded, and where consent is required by law, we will obtain such consent.

These recordings are protected using reasonable administrative, technical, and physical safeguards. We do not sell class recordings or use them for advertising or marketing without your separate consent. We do not share class recordings with third parties except (a) with service providers that help us securely store, manage, or review recordings on our behalf under contractual confidentiality and security obligations, (b) as required by law, or (c) to protect the safety of participants.

We retain class recordings for a limited period consistent with the purposes described above, unless a longer retention period is required for safety, legal compliance, dispute resolution, or incident investigation.

We do not intentionally collect biometric identifiers (such as faceprints or voiceprints) unless we provide a separate notice and obtain any consent required by law.

Geolocation data

General location information may be derived from your device, browser, or IP address (for example, to help us understand general service areas, improve site functionality, and comply with fraud-prevention and security requirements). We do not collect or use precise geolocation for advertising purposes.

Professional or employment-related information

Current or past job history, work contact information, or performance evaluations.

Child development and health information

Developmental milestones, physical abilities, cognitive assessments, behavioral observations, motor skills development, athletic performance data, body measurements, health conditions, medical history, dietary restrictions, injury history, and other health-related or developmental data you provide or that we collect through our services.

Sensitive personal information

Sensitive personal information may include government-issued identifiers, account login information combined with required access credentials, precise geolocation data, racial or ethnic origin, religious beliefs, health information, genetic data, and the contents of private communications.

We do not use or disclose sensitive personal information for purposes other than those permitted by applicable law, such as to provide requested services, ensure security and integrity, prevent fraud, and comply with law.

How We Collect Your Personal Information

We may collect personal information from different sources, which include:

Directly from you, such as when you:

• Create an account or register for our services
• Enroll your child in our developmental fitness programs
• Contact us with questions or feedback
• Participate in developmental assessments or consultations
• Make purchases or process payments
• Subscribe to our communications or newsletters
• Participate in contests, surveys, or promotions
• Visit our centers or attend events

Automatically through your use of our Online Services, including:

• Device information and identifiers
• Usage data and browsing patterns
• Location information (approximate)
• Cookies and similar tracking technologies

From third parties, such as:

• Our affiliates, franchisees, and business partners
• Service providers acting on our behalf
• Advertising networks and data analytics providers
• Social media platforms
• Background check providers (for employees)
• Publicly available sources

How We Use Your Personal Information

We may use or disclose the personal information we collect for different purposes, which may include one or more of the following business purposes:

To provide our services and fulfill your requests

• Providing our developmental fitness programs and related services for children ages 1–11
• Processing enrollments and managing memberships
• Scheduling training sessions and classes
• Processing payments and managing billing
• Providing customer support and responding to inquiries
• Communicating about your account, services, or programs
• Tracking your child's developmental progress

To improve and personalize our services

• Analyzing usage patterns and service performance
• Conducting research to improve our programs and facilities
• Developing new services, features, and training programs
• Personalizing your experience and recommendations
• Testing new features and functionality
• Assessing and improving child development outcomes

For business operations and administration

• Managing our business operations and franchise network
• Maintaining safety and security at our centers
• Preventing fraud and unauthorized access
• Enforcing our terms of service and policies
• Managing employee and contractor relationships
• Conducting business analytics and reporting
• Recording-based training and quality assurance (as described above)

For marketing and advertising purposes

• Sending promotional communications about our services
• Advertising on third-party websites and platforms
• Creating targeted marketing campaigns
• Analyzing marketing effectiveness
• Managing loyalty programs and special offers
• Delivering targeted advertising (where permitted) based on your interactions with our Online Services and third-party websites and services

To comply with legal requirements

• Complying with applicable laws and regulations
• Responding to legal process and government requests
• Protecting our rights and interests
• Ensuring child safety and protection

For other purposes

• With your consent or as otherwise described to you at the point of collection

To Whom We Disclose Your Personal Information

We may disclose personal information to different persons for various purposes, consistent with this Privacy Policy, which may include the following:

• Service providers and contractors who perform services on our behalf, such as payment processing companies, customer service providers, marketing and advertising companies, analytics providers, technology service providers, security providers, and professional services firms.
• Recordings service providers: We may disclose recordings to service providers that help us securely store, manage, or review recordings solely on our behalf and under contractual obligations to protect the information.
• Affiliates and franchisees: We may share personal information within the KidStrong family of companies and with franchisees that operate KidStrong centers in order to provide services, manage memberships, deliver classes, support customer requests, and operate our franchise network. Franchisees may be independently owned and operated and may be separate legal entities.
• Professional advisors including lawyers, accountants, auditors, and other professional advisors who provide services to us.
• Government entities and law enforcement when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, including child protection services.
• Business transaction parties in connection with any merger, acquisition, financing, sale of assets, or similar business transaction, or in the event of insolvency, bankruptcy, or receivership, where personal information may be transferred as a business asset.
• Emergency responders and healthcare providers when necessary to protect health and safety, including emergency medical situations at our centers.
• With your consent when you have provided specific authorization for us to disclose your information to third parties.

We also may share information with third parties when we have your consent or otherwise as described to you at the point of collection. Note, however, that if you provided us with consent to contact you such as through SMS, we do not share that consent with third parties, and SMS opt-in consent and SMS data is not shared with any third party.

How We Protect Your Child's Privacy

Your child's privacy is extremely important to us. KidStrong provides science-based developmental fitness programs for children ages 1–11 through our age-appropriate curriculum tracks. We are committed to operating our Services in compliance with all applicable state and federal laws that protect the privacy of children's personal information, including the Children's Online Privacy Protection Act (COPPA).

Our Online Services are intended for parents and guardians. Children under 18 years old may not use our Online Services directly, and we do not knowingly allow children under 18 to create accounts or submit personal information through our Online Services. We may, however, collect personal information about a child under the age of 18 from a parent or guardian for the purpose of providing our youth developmental fitness programs.

For children under 13 years of age

If we ever collect personal information online directly from children under 13 (for example, through a child-directed feature), we will comply with COPPA requirements, including:

• Parental Consent: We obtain verifiable parental consent before collecting, using, or disclosing personal information from children under 13
• Limited Collection: We only collect personal information that is reasonably necessary for the child's participation in our developmental fitness programs
• Restricted Disclosure: We do not disclose children's personal information to third parties except as permitted by COPPA or with additional parental consent
• Parental Rights: Parents have the right to review, delete, and control their child's personal information

Parents have the following rights regarding their child's information

• Review the personal information we have collected about their child
• Request deletion of their child's personal information
• Refuse to allow further collection or use of their child's information
• Withdraw consent at any time

If you believe that a child under the age of 18 has submitted personal information to us, or if you wish to exercise your rights regarding your child's information, please contact us using the information provided in the Contact Us section below so that we can delete the information or take other appropriate action.

How to Exercise Your Privacy Rights

Depending on applicable laws or the jurisdiction you reside in, you have certain rights regarding your personal information, which may include the right to:

• Know the categories of personal information we collect, use, disclose, sell, or share about you
• Access the specific pieces of personal information we have collected about you
• Correct inaccurate personal information we maintain about you
• Delete personal information we have collected about you
• Opt out of targeted advertising (where applicable)
• Opt out of the sale or sharing of your personal information (where applicable)
• Non-discrimination for exercising your privacy rights
• Data portability to receive your personal information in a portable format

Some of these rights may be limited when certain exceptions are provided under applicable laws, including to complete a transaction or to comply with a legal obligation. You will not receive discriminatory treatment for exercising your privacy rights.

Global Privacy Control (GPC)

You may enable the Global Privacy Control (GPC) to exercise your opt-out rights, which is a tool that communicates your opt-out preferences if your browser or browser extension supports such a signal. The GPC may apply only to a single browser or device, and you may need to turn on the GPC signal for each browser that you use.

Where required by applicable law, we process GPC signals as a request to opt out of certain forms of data sharing or targeted advertising for that browser or device.

How to Opt Out of Targeted Advertising / Sale or Sharing (California)

You may opt out of targeted advertising and (for California residents) the "sale" or "sharing" of your personal information by contacting us at privacy@kidstrong.com with the subject line "Do Not Sell or Share Request." Where required by applicable law, we also process Global Privacy Control (GPC) signals as a request to opt out for that browser or device.

To exercise your privacy rights

Please submit a request by emailing us at privacy@kidstrong.com.

If available, you may also submit a request using our online request form accessible through our Online Services.

To exercise your right to know, correct, and delete personal information, you will need to submit a verifiable request, and we may request additional information to verify your identity before we can respond to your request.

You may designate an authorized agent to submit privacy rights requests on your behalf. Authorized agents will be required to provide proof of their authority to act on your behalf by providing relevant documentation. We may contact you to confirm an authorized agent's representation and to verify your identity.

Appeals

If we deny your request, you may have the right to appeal our decision. To appeal, please contact us at privacy@kidstrong.com with the subject line "Privacy Appeal."

Depending on where you live, you may also have the right to file a complaint with your state Attorney General or other regulator.

California Privacy Rights (CCPA/CPRA Disclosures)

This section provides additional disclosures for California residents under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (collectively, the "CCPA/CPRA").

Categories of Personal Information Collected

In the preceding 12 months, we have collected the categories of personal information described in the "What Personal Information We Collect" section above.

Categories of Sources

We collect personal information from the following categories of sources:

• Directly from you
• Automatically from your devices and browsers when you use our Online Services
• Our franchisees, affiliates, and service providers
• Third-party partners such as analytics and advertising providers
• Publicly available sources

Business or Commercial Purposes

We collect and use personal information for the business and commercial purposes described in the "How We Use Your Personal Information" section above.

Disclosures for a Business Purpose

In the preceding 12 months, we may have disclosed the categories of personal information listed above for business purposes to the categories of recipients described in "To Whom We Disclose Your Personal Information."

Sale / Sharing of Personal Information

We do not sell personal information for monetary consideration. However, we may "share" certain personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA.

You may opt out by using the "Do Not Sell or Share My Personal Information" link on our website or by emailing privacy@kidstrong.com with the subject line "Do Not Sell or Share Request." Where required by applicable law, we also process Global Privacy Control (GPC) signals as a request to opt out for that browser or device.

Categories of Personal Information Disclosed / Shared

We do not knowingly sell or share the personal information of individuals under 16 years of age.

Sensitive Personal Information (California)

We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA and its regulations. Because we do not use or disclose sensitive personal information for purposes that would trigger the right to limit under the CCPA/CPRA, we do not offer a separate "Limit the Use of My Sensitive Personal Information" option.

Your California Privacy Rights

California residents may have the right to:

• Request to know/access their personal information (including categories and specific pieces)
• Request deletion of personal information
• Request correction of inaccurate personal information
• Opt out of the sale or sharing of personal information
• Not be discriminated against for exercising these rights

Shine the Light (California Civil Code § 1798.83)

California residents may also request information about disclosures of certain categories of personal information to third parties for their direct marketing purposes, if applicable, by contacting us at privacy@kidstrong.com.

Financial Incentives

We may provide certain discounts, special offers, benefits, or other rewards as part of our voluntary loyalty program, which may be interpreted as a "financial incentive" or "bona fide loyalty program" under certain applicable laws, when we collect your personal information, which may include your name, contact information, address, or birthday. Joining this voluntary program is subject to our Terms and your opt-in consent. The value of your personal information may vary depending on the types of special offers, benefits, or other rewards that are available, and you choose to participate in, and it is reasonably related to the incentives that we offer. You may withdraw from a financial incentive at any time by contacting us as described below.

Consumer Health Data Privacy Policy

Effective Date: January 23, 2026

This Consumer Health Data Privacy Policy (the "Policy") supplements our Privacy Policy and applies only to "consumer health data" and "consumer" as the terms are defined under applicable laws, including the Washington My Health My Data Act and Nevada privacy laws. If you are not a Washington or Nevada "consumer", this Policy does not apply to you.

What Consumer Health Data We Collect

We may collect the following categories of consumer health data if you choose to provide such information to us:

• Developmental assessments and body measurements
• Health conditions and medical history
• Athletic and motor skills performance data and metrics
• Dietary information and nutritional data
• Injury history and physical limitations
• Data collected during training sessions relating to health or development
• Cognitive and behavioral development observations

How We Use Consumer Health Data

We may collect and use your consumer health data as described in the "How We Use Your Personal Information" section of the Privacy Policy. We may primarily collect, use, and share your consumer health data to provide developmental fitness programs or services that you request or to fulfill the reason for which your consumer health data is provided.

To Whom We Share Consumer Health Data

We may share the categories of consumer health data listed above with the following categories of third parties:

• Certified trainers and developmental fitness professionals
• Service providers operating on our behalf
• Healthcare providers (with your consent)
• Emergency responders (in emergency situations)
• Franchisees and affiliates for service delivery

Your Consumer Health Data Rights

Depending on applicable laws or the jurisdiction you reside in, and subject to certain limitations which may apply under applicable laws, you have certain rights regarding your consumer health data, which may include the right to:

• Confirm whether we process your consumer health data
• Access your consumer health data
• Delete your consumer health data
• Withdraw consent for processing your consumer health data
• Appeal decisions regarding your consumer health data requests

To exercise your consumer health data rights, please contact us at privacy@kidstrong.com.

Depending on where you live, you may also have the right to file a complaint with your state Attorney General or other regulator.

How We Protect and Retain Your Personal Information

Security

We use reasonable security measures that are designed to protect your personal information from unauthorized access and use, which may include using access controls and using Secure Socket Layer (SSL) technology to encrypt certain sensitive information. However, no system of transmission or storage of data can be 100% secure. As such, we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to us over networks that we do not control.

Retention

We retain your personal information for no longer than is reasonably necessary to fulfill the purposes described in this Privacy Policy or any other notice provided to you at the time your personal information is collected, and to comply with our legal obligations. For children's information, we retain personal information only for as long as reasonably necessary to fulfill the specific purpose(s) for which it was collected.

The following table provides examples of general retention periods. Actual retention may vary based on legal requirements, safety considerations, dispute resolution, and operational needs.

Cookies and Other Technologies

We use tracking technologies, such as pixels, cookies, and web beacons to ensure that those using our Online Services have the best possible experience.

Types of Technologies We Use

• Essential cookies that are necessary for our Online Services to function
• Performance cookies that help us understand how visitors interact with our Online Services
• Functional cookies that enable enhanced features and personalization
• Advertising cookies that are used to deliver relevant advertisements

Your Choices

You can set your browser to refuse cookies before accessing our website. However, if you disable all cookies, some features of our website may not function properly.

Third-Party Analytics

Our website uses analytics technology, including Google Analytics and Firebase, to support the operation and performance of our Online Services. You may exercise choices regarding the use of cookies from Google Analytics by downloading the Google Analytics Opt-out Browser Add-on.

We also use Unity Analytics to monitor and analyze the use of our mobile application. SMS opt-in consent and SMS data is not shared with Unity Analytics or any other third party.

Browser Privacy Signals

Some browsers and extensions provide privacy signals. Where required by applicable law, we respond to Global Privacy Control (GPC) signals as described above.

SMS Communications

SMS Opt-In and Consent

By providing your phone number and consenting to receive text messages from KidStrong and its franchisees, you agree to receive both transactional and marketing text messages, including but not limited to program updates, reminders, class schedules, and promotional messages. Message frequency varies. Standard message and data rates may apply.

Consent Details

You consent to receive recurring telemarketing calls and/or texts, regardless of whether your phone number is listed on federal or state "Do Not Call" lists. Consent to receive marketing communications is not a condition of any purchase.

Opt-Out

To opt-out of text messages, you can reply with 'STOP' at any time. You may also manage your communication preferences through your account settings, by clicking the "Manage Preferences" link at the bottom of our emails, or by contacting us directly. For help with text messages, reply HELP.

The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Payments

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy.

The payment processors we work with are:

• Apple Store In-App Payments
• Google Play In-App Payments

International Data Transfers

We are located in the United States of America. You understand and agree that personal information that you provide to us, or which we collect about you may be transferred to, processed, or stored in the United States, and may be subject to U.S. laws and access by U.S. authorities.

Third-Party Links

To the extent our website may link to a third-party website, and if you should use such links, we are not responsible for the content of any third-party website, nor for the data collection or handling practices of such third party, as we do not control such sites. We encourage you to review the privacy policy of any such third-party website.

Changes to Our Privacy Policy

We may revise or update this Privacy Policy from time to time, including as required under applicable privacy laws or to incorporate changes to our privacy practices. Updates to this Privacy Policy will be reflected in the "last updated" date, above. When we make material changes, we will provide appropriate notice through our Online Services, via email, and/or a prominent notice on our Service, prior to the change becoming effective. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, how we process your personal information, or have concerns about how we have handled your prior privacy requests and would like to appeal, please contact us:

Privacy Officer

Our Privacy Officer can be reached at: privacy@kidstrong.com

By Email

• privacy@kidstrong.com
• support@kidstrong.com

By Mail

For Text Message Help

Text HELP to the number from which you received messages