Privacy Policy – Jammie

Version dated: 28/10/2025

Data Controller

This policy applies to data's processing activities performed on the website https://www.jammie.app ("Website"). The controller of personal data ("Data") is Matteo Core ("Data Controller" or "Company"). The Data Controller provides the following data protection notice pursuant to Articles 13 and 14 of the EU Regulation 679/2016 as amended and integrated from time to time (the "GDPR") and to the international laws - European and Italian – complementing it as amended and integrated from time to time (collectively, together with the GDPR, the "Applicable Privacy Law").

Purpose and Legal Basis of the Data Processing

As better explained in the sections that allow users to join - by providing their personal data - to the services reserved for the Website's users, the Data of the users concerned are processed on the basis of the requests expressly made by them, from time to time, through the Website. Specifically, all Data's collection and subsequent processing activities are aimed at pursuing the following purposes:

• sharing contents available on the Website;
• customer relationship management. In particular, on the Website there are different forms of contact via email, through which the user can indicate his or her email in order to request information about products, or official communications from the Company. In both cases, the Website does not store the user's Data as they are immediately transmitted to the relevant company departments;
• generic request of information;
• redirecting users to third party pages where they can access reserved areas of their interest. The Website does not allow access to any reserved area; should this occur, requests to the user to enter his/her Data for registration and subsequent processing will be managed by the third party supplier of the reserved access page, behind a specific information on the processing of personal data and subject to the specific consent of the data subject;
• provide commercial information on the services carried out by the Data Controller and/or its related companies;
• comply with the obligations provided for by laws or applicable laws or regulations, as well as by decisions and guidelines issued by the competent supervisory and control authorities/bodies.

The Data Controller will not use the collected Data for purposes other than those related to the specific service mentioned above, to which the user has provided their consent, or only within the limits indicated in any further specific information form, accompanying the different and particular service requested by the user.

Data Processing

Purposes and Legal Basis of the Processing Activities

The Data may be processed:

• to manage the contractual relationship in place with the Data Subjects and to send communications relating to this relationship. The legal basis for carrying out these processing activities is the performance, by the Data Controller, of specific contractual or pre-contractual obligations undertaken towards the Data Subjects and/or towards the legal entity in the interest of which the Data Subjects carry out the related work activity (Article 6 letter b of the GDPR), as well as in compliance with laws and regulations (national or EU), as well as orders or requests of judicial authorities, supervisory bodies and professional associations (Article 6, letter c, of the GDPR);
• to fulfill Data Controller's procedures and any applicable legal standard or requirement (including legal, regulatory and safety standards) according to Article 6, letter c, of the GDPR;
• to protect the Data Controller's reputation, market position and corporate assets, allowing it to interface only with Data Subjects with a proven reputation, reliability and professionalism, according to Article 6, letter f, of the GDPR;

The provision of Data is necessary for carrying out of the relationship between the Data Subjects and the Data Controller. Without the Data, it will not be possible for the Data Controller to manage this relationship.

Personal Data We Collect

We collect the following Personal Data when you sign up:

• Email address
• Profile picture (optional)

We do not collect or access passwords, sensitive personal data, or any third-party login credentials.

2. Third-Party Services

Our app uses Supabase® for the storage of all personal data collected during the registration process. All information related to the privacy policy and on the processing of personal data may be found at the following address: https://supabase.com/privacy. The Data-based are located in Frankfurt, Germany (EU).

4. Data Retention

The processing of Data will be performed according to Privacy Law, and it shall be carried out with automated and/or manual systems, suitable to ensure the security of the processing. The processing of Data will be carried out according to the principles of proportionality and necessity, so that no unnecessary personal data will be collected and/or processed. The processing of Data will be fair and transparent, as well as in compliance with the adequacy of the security measures.

The Data will be retained for the time strictly necessary to pursue the purposes for which they were collected, unless the fulfilment of specific legal obligations and/or the protection of a right of the Data Controller does not require longer retention periods.

Data Sharing

We do not share, sell, or monetize your personal data with third parties.

Your data remains private and is used solely for functional app purposes.

5. Children's Privacy

Jammie is not intended for users under the age of 13.

We do not knowingly collect personal information from children.

6. Data Subjects' Rights

With respect to Data held by the Data Controller, the Data Subjects can exercise all the rights set forth by the Privacy Law. In particular, the Data Subjects can:

• request the Data Controller to confirm the existence of their Data, the origin of such data, the reason and purpose of their processing, the categories of subjects to whom the data may be transmitted, as well as the identification details of the Data Controller and of its data processors;
• request access to Data, transformation into anonymous form, blocking, rectification, updating, integration, erasure of such data or limitation of their processing;
• object to the processing according to the Privacy Law;
• exercise the right to portability, within the limits set forth in Article 20 of the GDPR;
• withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
• lodge a complaint with the Italian Data Protection Authority, following the procedures and the instructions published on its official website (www.garanteprivacy.it).

The Data Controller points out that, pursuant to Article 23 of the GDPR, the exercise of these rights could be limited if such limitation is strictly necessary to safeguard, inter alia, national and/or public security, the prevention, investigation, detection and prosecution of crimes or the execution of criminal sanctions, etc.

Any amendment or erasure or limitation on processing carried out upon Data Subjects' request, or due to the withdrawal of their consent - unless this appears to be impossible or involves a disproportionate effort - will be communicated by the Data Controller to each of the recipients to whom the relevant Personal Data have been transmitted. The Data Controller may inform the Data Subjects of these recipients upon request.

For the purpose of exercising the rights listed in paragraph above, as well as for any clarification, the Data Subjects can directly contact the Data Controller by sending an email to the following email address: jammie.app@gmail.com