Privacy Policy
Last Updated: November 20, 2025
NeWell, Inc
SECTION 1 — INTRODUCTION, SCOPE, AND DEFINITIONS
1. Introduction
NeWell, Inc (“NeWell,” “we,” “our,” or “us”) is committed to protecting the privacy, security, and rights of individuals who interact with our leadership systems, digital curriculum, consulting programs, NeWell Plus application, artificial intelligence tools, communities, websites, and related services (collectively, the “NeWell Services”).
This Privacy Policy explains:
The types of data NeWell collects
How NeWell uses, shares, and protects data
How NeWell uses data to improve leadership frameworks, analytics, and AI systems
Your rights and choices under US Federal, US State, and international privacy laws
Our responsibilities when handling enterprise client data
How you can contact us with questions or concerns
This Privacy Policy applies to all individuals who:
Visit www.newell.io or any NeWell website
Use NeWell Plus or any NeWell mobile/web application
Enroll in any NeWell program or curriculum
Participate in NeWell consulting or leadership engagements
Communicate with AI tools or AI assistants provided by NeWell
Interact in NeWell communities or user-to-user environments
Submit content, data, files, recordings, or information to NeWell
This Privacy Policy forms part of the Terms of Service. By accessing or using any NeWell Service, you consent to the terms described here.
2. Scope of This Privacy Policy
This Privacy Policy applies to all personal data NeWell collects, including:
Data you provide directly
Data collected automatically
Data processed through our consulting engagements
Data provided by your organization (for corporate clients)
Leadership and performance assessments
Inputs provided to AI systems
Community interactions
Data uploaded or shared voluntarily
Data collected through cookies, analytics, and tracking tools
Data generated by your use of NeWell services
This Privacy Policy does not apply to:
Third-party platforms we do not control
External websites linked through NeWell
Content you make public within communities
However, we make reasonable efforts to ensure third-party providers meet privacy standards.
3. Definitions
For clarity and compliance with major global privacy frameworks:
“Personal Data” or “Personal Information”
Any information relating to an identified or identifiable natural person, including but not limited to:
Name, email, phone number
Business details
Leadership assessments
IP address or device identifiers
Voice recordings, photos, videos
Behavioral usage patterns
Communications with AI tools
“Sensitive Personal Information”
NeWell does not intentionally collect sensitive information unless you voluntarily provide it. This includes:
Biometric identifiers (voice, face data, images) — collected incidentally only
Health or medical information
Government identification numbers
Financial account numbers
You agree not to upload sensitive information unless explicitly permitted.
“User Generated Content”
Any information, file, media, or data that users submit, upload, or share through NeWell Services, including:
Comments, posts, messages
Leadership journal entries
AI conversations
Uploaded files or recordings
Community interactions
“Enterprise Client Data”
Any data provided by corporate clients in connection with:
Consulting engagements
Revenue architecture diagnostics
Leadership assessments
Team performance data
Cultural evaluations
HR or organizational information
Handled under additional contractual obligations including DPAs.
“AI Tools” / “AI Systems”
Any artificial intelligence, machine learning, predictive analytics, or automated system provided by NeWell.
“Processing”
Any operation performed on personal data, including collection, storage, analysis, distribution, and deletion.
“Controller” and “Processor”
Under GDPR:
NeWell acts as a Controller for most data collected directly.
NeWell acts as a Processor for certain enterprise client data under DPAs.
4. Children’s Privacy
NeWell Services are not intended for children under 18.
We do not knowingly collect data from children in violation of COPPA.
If you believe a minor has provided data, contact support@newell.io and NeWell will remove it.
5. Applicability to Residents of the United States, EU, UK, Canada, and Other Regions
This Privacy Policy is written to comply with:
U.S. Federal Privacy Laws
Arizona and New York Privacy Regulations
California Consumer Privacy Act (CCPA) & CPRA
General Data Protection Regulation (GDPR)
UK GDPR and Data Protection Act
Canada’s PIPEDA
ePrivacy Directive
Other applicable international laws
Where applicable laws conflict, NeWell applies the standard that provides the highest level of protection permitted.
6. What This Policy Covers & What It Does Not
This Privacy Policy Covers:
Personal data collected through NeWell websites
Data collected through NeWell Plus
Data collected during consulting, assessments, leadership programs
AI tool inputs and outputs
User-to-user interactions
Emails, SMS, push notifications
Data stored for compliance or enterprise obligations
This Privacy Policy Does Not Cover:
Public information you voluntarily post in community areas
Third-party websites or apps
Data processed under separate enterprise contracts or DPAs
Aggregated or anonymized data that cannot be linked back to you
7. Contact Information for Privacy Requests
For privacy questions, data subject rights requests, or concerns:
NeWell, Inc
Email: support@newell.io
Subject: “Privacy Request”
A dedicated privacy point of contact will respond within legally required timelines.
SECTION 2 — DATA WE COLLECT
1. Data You Provide Directly
You may provide data to NeWell when you:
Create an account
Enroll in a program
Participate in consulting engagements
Submit leadership assessments
Join community groups
Use NeWell Plus or AI tools
Upload journals, notes, or performance data
Communicate with NeWell staff or AI systems
We may collect:
1.1 Identity Information
Full name
Preferred name
Username
Email address
Phone number
Billing address
Professional role or title
Company or organization
1.2 Contact Information
Email
Phone
Mailing address
Country, region, time zone
1.3 Account Profile Information
Login credentials
Profile photos (if voluntarily uploaded)
Bio or introduction
Contact preferences
Subscription tier or access level
Demographics voluntarily provided
1.4 Payment & Transaction Information
Processed through third-party PCI-compliant providers.
NeWell does not store full financial account numbers.
We may receive:
Last 4 digits of card
Transaction IDs
Payment confirmations
Billing history
Subscription status
1.5 Leadership and Performance Data
Given NeWell’s service model, we collect a unique category of data:
Leadership style assessments
Self-evaluations
Personal development goals
Reflections, journals, or developmental insights
Performance data you voluntarily provide
Organizational diagnostics
Team evaluations
Strengths and weaknesses
Communications with coaches or mentors
This can include highly personal content that you voluntarily disclose.
NeWell handles this data with increased confidentiality but it is not protected under HIPAA or other medical privacy laws.
2. Data Collected During Consulting, Advisory, or Enterprise Engagements
NeWell may collect business information from:
Executives
Managers
Revenue leaders
Sales teams
HR departments
Organizational stakeholders
This may include:
2.1 Business Operational Data
Organizational structure
Revenue targets
Performance metrics
Leadership evaluations
Employee feedback (voluntarily provided)
System metrics or SOPs
Culture and engagement assessments
2.2 Team or Staff Data Provided by the Client
When an enterprise client provides data to NeWell:
Names
Work email addresses
Roles and titles
Performance metrics
Attendance or participation metrics
Survey responses
NeWell processes this data only as permitted by contract or DPA.
3. Data From AI Systems and AI Tool Interactions
NeWell uses artificial intelligence tools to support leadership development, journaling, coaching, and analysis.
When you use AI tools, NeWell may collect:
3.1 AI Interaction Data
Text inputs
Voice inputs
Uploaded documents
Images used for analysis
Messages you send to AI assistants
Prompts, questions, reflections
3.2 AI Output Data
Responses generated by AI
Recommendations generated by AI
Summaries
Insights
Analytics derived from user interactions
3.3 AI Behavioral and Usage Data
Frequency of use
Message count
Length of AI sessions
Feature usage
Decision patterns
Tools accessed
3.4 AI Model Training and Improvement Data
You consent that NeWell may use:
AI inputs
AI outputs
Usage metrics
Aggregate interaction patterns
for:
Improving AI models
Training new models
Refining leadership or performance systems
Enhancing user experience
Developing new NeWell features
Where possible, NeWell may anonymize or aggregate data before training.
4. Data Collected Automatically
When you access NeWell Services, we may automatically collect information using:
Cookies
Device sensors
Browser storage
Server logs
Application analytics
Pixel tags
Web beacons
This includes:
4.1 Device Information
Device type
Operating system
Browser type
Screen size and resolution
Language settings
Time zone
4.2 Technical and Log Data
IP address
Date and time of access
Session duration
Login timestamps
Page visits
Error logs
App crashes
4.3 Behavioral Analytics
Feature usage
Session flow
Button clicks
Navigation patterns
Heatmap data
Performance data
Time spent on lessons or modules
4.4 Tracking Technologies
NeWell may use:
First-party cookies
Third-party analytics cookies
Tracking pixels
Device fingerprinting
Local storage
Session replay tools (only to the extent legally allowed)
Users may control cookies as allowed by their operating system or region.
5. Community, Conversation, and User-to-User Data
If you participate in NeWell communities, group chats, or collaborative features, NeWell collects:
Posts and comments
Private messages sent within the community
Reactions, likes, or engagement data
Images, videos, or files you upload
Group membership
Community roles and participation history
NeWell may moderate, store, or review community content for:
Safety
Abuse prevention
Violation of Terms
Quality assurance
Product improvement
Important:
Content shared in communities may be visible to other users.
Do not post confidential information in public spaces.
6. Leadership Journals, Notes, Personal Reflections
NeWell Plus may include journaling or leadership development tools. These may collect:
Written entries
Voice-to-text recordings
Mood or sentiment indicators
Personal reflections
Goals and progress notes
Habit or behavior tracking
NeWell treats this data as confidential but not privileged and not protected by medical privacy law.
7. Incidentally Collected Biometric Data
NeWell does not intentionally collect biometric identifiers.
However, NeWell may incidentally process biometric-like data if you voluntarily upload it, such as:
Video recordings
Audio or voice notes
Photos
Images showing your face
Uploaded media containing individuals
Training call recordings
This data is processed for:
Leadership review
AI analysis (if applicable)
Community content hosting
Mentorship or consulting engagements
NeWell does not use incidentally collected biometric data for:
Identity verification
Facial recognition
Biometric authentication
Unless explicitly disclosed and contractually agreed upon.
8. Cookies, Pixels, and Tracking Technology Data
NeWell uses sophisticated tracking technologies to:
Improve performance
Analyze behavior
Enhance user experience
Personalize content
Measure effectiveness of programs
Secure NeWell systems
We may collect:
Cookie IDs
Marketing attribution data
Referral sources
UTM parameters
Device identifiers
Behavioral analytics
Users may manage cookie settings, but some features may not work without them.
9. Data from Third Parties
NeWell may receive data from:
9.1 Corporate Clients
Employee rosters
Performance data
Organizational diagnostic information
Contact lists for participants
9.2 Service Providers
Payment processors
Analytics tools
Email/SMS delivery providers
Cloud storage partners
AI model providers
9.3 Publicly Available Sources
To enhance leadership or professional profiles:
LinkedIn
Public websites
Business databases
10. Data Required for Compliance and Security
NeWell may collect:
Fraud detection signals
Login attempts
IP addresses for security
Device metadata
Abuse reports
Law enforcement requests
This data helps protect NeWell and its users.
11. When Users Decline to Provide Data
If certain data is not provided:
Some features may not work
Programs may not operate as intended
AI tools may be less effective
NeWell may not be able to offer consulting or curriculum access
SECTION 3 — HOW NEWELL USES DATA
1. Core Operational Uses of Data
NeWell processes personal and organizational data to:
1.1 Provide NeWell Services
Create accounts
Enable login/authentication
Deliver curriculum, courses, and modules
Provide consulting, coaching, and leadership programs
Operate NeWell Plus and related applications
Facilitate communication with our team
Provide customer support
1.2 Manage Subscriptions and Billing
Process payments through PCI compliant providers
Send billing notices
Manage renewals
Track subscription status
1.3 Maintain Service Functionality
Diagnose technical issues
Monitor system stability
Improve user interface
Maintain platform security
These are essential for service delivery.
2. AI-Related Uses of Data
NeWell uses AI to support users with leadership development, performance analysis, journaling, and predictive insights. For legal compliance and transparency, we list all AI-related purposes.
2.1 Use of Data in AI Interactions
NeWell may process:
Text inputs
Voice inputs
Uploaded documents
Behavioral patterns
Notes, journaling, reflections
Performance data entered into AI tools
2.2 AI Output Processing
NeWell may use the AI’s generated responses to:
Improve AI accuracy
Detect inappropriate or harmful prompts
Provide better leadership and developmental recommendations
Maintain quality controls
2.3 AI Model Training and Improvement
NeWell may use AI input/output data:
To train NeWell AI and machine learning models
To refine existing algorithms
To develop new AI features
To create predictive performance analyses
To enhance journaling and leadership insights
To build user behavior profiles (anonymized where possible)
To perform semantic understanding and intent recognition
2.4 Human Review of AI Interactions
Where permitted by law, NeWell employees or contractors may review AI interactions:
For safety
For training quality
To identify policy violations
To refine AI performance
To improve user experience
This is a common practice for AI service providers.
3. Consulting, Coaching, and Enterprise Use of Data
NeWell processes data to deliver leadership and performance consulting.
3.1 Leadership and Organizational Diagnostics
Data may be used to:
Identify bottlenecks
Assess leadership capabilities
Analyze cultural health
Perform behavioral mapping
Provide executive guidance
Deliver performance architecture insights
3.2 Business Performance Enhancements
NeWell uses organizational data to:
Build revenue architecture
Improve systems and leadership functions
Deliver coaching and recommendations
Provide structured frameworks
Diagnose internal performance issues
3.3 Personalized Development Plans
NeWell uses your data to generate:
Leadership roadmaps
Skill development strategies
Coaching sequences
Personalized performance guidance
Leadership evolution insights
4. Community and Interaction Uses
If you participate in NeWell communities:
4.1 Facilitating User-to-User Interactions
Data is used to:
Display profiles
Track engagement
Enable messaging
Show posts, comments, reactions
Provide community features
4.2 Content Moderation and Safety
NeWell may process community data to:
Detect violations
Enforce terms
Remove harmful content
Investigate reports
Protect user safety
4.3 Social and Behavioral Analytics
NeWell may analyze:
Engagement
Participation
Behavioral patterns
Content categories
To improve community health and experience.
5. Analytics, Tracking, and Improvement Uses
NeWell uses analytics data to:
5.1 Improve User Experience
Understand behavior across features
Optimize leadership modules
Identify friction points
Enhance usability
5.2 Measure Program Effectiveness
Track completion rates
Evaluate leadership transformations
Optimize consulting workflows
Improve curriculum content
5.3 Conduct Research and Development
NeWell may use anonymous or aggregated data to:
Develop new offerings
Predict leadership outcomes
Build performance scoring models
Create new AI systems
Enhance diagnostics
5.4 Security, Fraud, Abuse, and Compliance
NeWell uses data to:
Prevent fraudulent behavior
Detect abuse or unauthorized use
Monitor suspicious activity
Enforce Terms of Service
6. Marketing and Communication Uses
NeWell uses data to:
6.1 Communicate with You
Send updates
Send leadership content
Provide program materials
Deliver onboarding guidance
Communicate about consulting engagements
6.2 Marketing and Outreach
NeWell may send:
Newsletters
Event invitations
Program promotions
Product announcements
6.3 Personalized Recommendations
NeWell uses profile data to tailor:
Leadership recommendations
Course suggestions
Coaching insights
AI-based advice
Relevant content
6.4 Advertising and Attribution
NeWell may use:
Cookie data
UTM parameters
Analytics metrics
To measure advertising effectiveness.
7. Legal, Compliance, and Risk Management Uses
NeWell may use data to:
7.1 Fulfill Legal Obligations
Recordkeeping
Tax compliance
Court orders
Law enforcement requests
7.2 Enforce Agreements
NeWell may use data to:
Enforce Terms
Investigate claims
Prevent misconduct
Resolve disputes
7.3 Protect Rights and Safety
NeWell may use data to protect:
The security of NeWell systems
The safety of users
Intellectual property
Business interests
8. Automated Decision Making and Profiling
Where applicable and legally allowed, NeWell may use:
Behavioral analytics
AI scoring
Pattern recognition
Predictive models
To:
Recommend leadership strategies
Assess performance patterns
Suggest curriculum paths
Identify developmental needs
These models are not used for eligibility decisions (credit, employment, housing, etc.).
9. When NeWell Requires Consent
NeWell may request explicit consent for:
AI training using identifiable content
Marketing communications (in relevant jurisdictions)
Cookies and tracking technologies
Sensitive data voluntarily provided
International transfers under GDPR
Enterprise DPA processing
Users may withdraw consent unless processing is required by law or contract.
10. When NeWell Uses Legitimate Interest
NeWell may process data under “legitimate interest” for:
Preventing fraud
Ensuring security
Improving AI
Enhancing leadership tools
Measuring program effectiveness
Sending transactional communications
Operating community features
Where required, NeWell performs legitimate interest balancing tests.
11. When NeWell Uses Contractual Necessity
Data is processed to fulfill:
Access to purchased programs
Consulting engagements
NeWell Plus subscriptions
AI tool usage
Community participation
Enterprise agreements
If you decline to provide necessary data, services may not function.
12. When NeWell Uses Legal Obligation
NeWell may process data for:
Law enforcement requests
Tax compliance
Safety obligations
Regulatory reporting
SECTION 4 — LEGAL BASES, USER RIGHTS, AND GLOBAL COMPLIANCE
1. Legal Bases for Processing Personal Data
NeWell processes personal data under the following legal bases, depending on your jurisdiction:
1.1 Contractual Necessity
Processing is required to:
Provide NeWell Services
Create and maintain user accounts
Deliver consulting and leadership programs
Enable NeWell Plus functionality
Operate community features
Manage billing and subscriptions
Communicate essential information
If you do not provide necessary data, we may be unable to deliver these services.
1.2 Legitimate Interests
NeWell relies on “legitimate interests” to:
Improve AI systems and performance analytics
Maintain platform security
Conduct product research and development
Prevent fraud and abuses
Analyze usage patterns
Customize user experience
Moderate community interactions
Communicate non-marketing, essential updates
Track program effectiveness
NeWell performs balancing tests where required by law.
1.3 Consent
NeWell may request explicit consent for:
Marketing communications (email/SMS)
Cookies and tracking technologies
AI training using identifiable content
Processing voluntary sensitive information
Participation in surveys or case studies
Cross-border transfers under GDPR
You may withdraw consent at any time unless processing is required by law or contract.
1.4 Legal Obligation
NeWell processes data for compliance with:
Tax laws
Court orders
Law enforcement requests
Regulatory obligations
Financial accounting requirements
Anti-fraud monitoring
1.5 Vital Interests
Used rarely and only when necessary to:
Prevent harm
Respond to safety threats
Protect the security of the NeWell Services
1.6 Public Interest
(Used only if legally required.)
NeWell may process data for purposes related to:
Law enforcement
Public safety
Legal reporting obligations
2. Your Rights Under Applicable Privacy Laws
Depending on your jurisdiction, you may have the following rights.
NeWell will honor all rights required by:
GDPR (EU)
UK GDPR
CCPA + CPRA (California)
New York consumer protection laws
Arizona privacy regulations
Canadian PIPEDA
Other applicable global standards
3. Rights Available to All Users (Global)
Regardless of your location, NeWell grants all users:
3.1 Right to Access
You may request:
A copy of your personal data
Explanation of how it is processed
Categories of data collected
3.2 Right to Correction / Rectification
You may request correction of inaccurate or incomplete information.
3.3 Right to Deletion (Right to Be Forgotten)
You may request deletion of your data, subject to lawful retention obligations.
3.4 Right to Restrict Processing
In certain circumstances, you may ask us to limit processing.
3.5 Right to Object
You may object to:
Marketing communications
Automated profiling
AI-based analysis
Certain legitimate interest processing
3.6 Right to Withdraw Consent
If processing is based on consent, you may withdraw it anytime.
3.7 Right to Portability
You may request your data in a machine-readable format (where required by law).
3.8 Right Not to Be Subject to Automated Decisions
NeWell does not use AI or automated systems to make legal or eligibility decisions (credit, employment, housing, etc.).
3.9 Right to File a Complaint
You may file a complaint with your regional data authority or contact NeWell directly.
4. GDPR-Specific Rights (EU/EEA Users)
If you reside in the EU or EEA, you have additional rights under the General Data Protection Regulation (GDPR).
These include:
4.1 Right to Data Minimization
NeWell collects only data reasonably necessary for our services.
4.2 Right to Transparent Information
You may request explanations of how data is used, shared, and stored.
4.3 Right to Object to Profiling
You may object to AI-based profiling used for leadership recommendations.
4.4 Right to Lodge Complaints
You may file with your national supervisory authority.
4.5 Lawful Basis Documentation
You may request our legitimate interest assessments (summary form).
5. California Privacy Rights (CCPA + CPRA)
California residents have rights including:
5.1 Right to Know
You may request:
Categories of personal information collected
Categories of sources
Purposes for use
Categories of third parties
Specific pieces of personal information
5.2 Right to Delete
Subject to legal exceptions.
5.3 Right to Correct
You may request modifications to inaccurate data.
5.4 Right to Opt-Out of Data Sale/Sharing
NeWell does not sell personal data in the traditional sense.
But CCPA defines “sale” broadly, including sharing with analytics or ad providers.
NeWell provides an opt-out where needed.
5.5 Right to Limit Use of Sensitive Data
Sensitive Personal Information (SPI) is not sold or shared.
5.6 Non-Discrimination
You will not be penalized for exercising your rights.
6. New York Consumer Privacy Rights
Under NY privacy regulations and the NY Privacy Act (where applicable):
6.1 Right to Access and Correction
NY residents may request access and correction of personal data.
6.2 Right to Restrict
NY residents may request processing limitations.
6.3 Transparency Requirements
NeWell complies with enhanced transparency for:
AI data usage
Performance analytics
Biometric incidental data processing
7. Arizona Privacy Rights
Arizona law provides:
7.1 Right to Notification
Residents may receive notice when major changes impact data handling.
7.2 Data Security Requirements
NeWell adheres to Arizona’s data breach notification laws.
8. Canadian Privacy Rights (PIPEDA)
Canadian users have rights including:
Access
Correction
Withdrawal of consent
Challenge of compliance
Transparency rights
9. Exercising Your Rights
You may exercise any applicable privacy right by contacting:
Email: support@newell.io
Subject: “Privacy Request — Data Rights”
NeWell may:
Require identity verification
Decline requests where legally permissible
Charge reasonable fees for excessive or abusive requests
We respond within:
30 days for GDPR
45 days for CCPA/CPRA
As required for other jurisdictions
10. Automated Decision-Making & Profiling Transparency
NeWell may use automated tools to:
Provide leadership recommendations
Suggest training paths
Surface personalized insights
Predict performance bottlenecks
But NeWell does NOT use automated systems for:
Hiring decisions
Employment termination
Credit or financing eligibility
Legal, financial, or medical determinations
Users may request human review of automated assessments.
11. Cookies, Analytics, and Tracking Consent
In regions requiring consent:
NeWell may present cookie banners
Users may opt-out of non-essential cookies
Users may reject analytics tracking
Where not required (e.g., US states without opt-out laws), we maintain tracking in accordance with local laws.
12. Withdrawal of Consent and Data Erasure Limitations
Certain data cannot be deleted when:
Required by law
Necessary for fraud prevention
Needed to enforce agreements
Needed for security and logging purposes
Required for accounting or compliance
SECTION 5 — DATA SHARING, THIRD PARTIES, CROSS-BORDER TRANSFERS, AND ENTERPRISE DPA
1. Overview — When NeWell Shares Data
NeWell shares data only when:
It is necessary to operate the NeWell Services
You consent or request it
It is required by law or contract
It is necessary to protect NeWell’s rights
It is essential for consulting engagements
It is necessary for AI model improvement
It is required to secure the platform
It is part of a business transaction (merger, sale, etc.)
NeWell never sells personal data under the traditional definition of “sale.”
However, CCPA/CPRA define “sale” and “sharing” more broadly. Where applicable, users may opt out.
2. Categories of Third Parties NeWell Shares Data With
NeWell may share data with the following categories:
2.1 Service Providers (“Processors”)
These parties help NeWell operate the business and include:
Cloud hosting platforms (AWS, GCP, Azure, etc.)
AI infrastructure providers
Data analytics platforms
Customer support platforms
Email/SMS delivery providers
Payment processors
CRM systems
Authentication and security providers
Bug tracking and diagnostic tools
Video/audio hosting services
All service providers are bound by:
Confidentiality agreements
Privacy compliance standards
Data protection obligations
Contractual security requirements
They are prohibited from:
Selling your data
Using your data for their own purposes
Retaining data beyond service necessity
2.2 AI Model Providers and AI Processing Partners
NeWell may use third-party AI technologies to:
Support AI coaching tools
Process text and voice inputs
Improve AI functionality
Enhance model performance
AI partners may receive:
AI prompts
Voice or text inputs
Behavioral usage patterns
Metadata
Outputs from the model
Anonymized or aggregated datasets
These providers:
Must comply with NeWell’s contractual privacy standards
Must follow security and confidentiality obligations
May not use data to build competing products
2.3 Consulting and Leadership Engagement Partners
When delivering consulting or enterprise leadership services, NeWell may share data with:
Approved coaches
Consultants
Executive advisors
Leadership trainers
Subject-matter experts
Contracted specialists
These individuals may access:
Performance data
Leadership assessments
Journaling or reflection content
Organizational diagnostic outputs
AI-informed insights
Relevant data necessary to provide the contracted service
Such partners operate under strict confidentiality agreements.
2.4 Enterprise Clients and Organizations
If your employer or organization purchases NeWell Services, NeWell may share:
Participation metrics
Assessment results (unless anonymized at user request)
Leadership insights
User activity data (within the scope of the engagement)
Performance analytics (subject to DPA terms)
You will always be informed if your organization has access to your data as part of the engagement.
2.5 Community Members
If you choose to post content publicly in NeWell communities, your:
Name
Profile data
Posts
Comments
Uploaded media
Activity timestamps
may be visible to other users.
NeWell is not responsible for the actions of other community members.
2.6 Legal, Regulatory, and Safety Disclosures
NeWell may disclose data to:
Courts
Law enforcement
Government agencies
Regulatory bodies
when required to:
Comply with legal obligations
Enforce terms and policies
Investigate fraud or abuse
Respond to subpoenas or warrants
Protect the rights, safety, or property of NeWell or users
NeWell will limit disclosure to the minimum legally required.
2.7 Business Transfers (Mergers, Acquisitions, Asset Sales)
In the event of:
Merger
Acquisition
Reorganization
Asset sale
Bankruptcy
NeWell may transfer user data to the acquiring or successor entity.
Such entities will be bound by equivalent privacy protections.
3. Cross-Border Transfers
NeWell operates in the United States but may process data:
In the U.S.
In the EU/EEA
In the UK
In Canada
In Asia-Pacific regions
In other jurisdictions
Through globally distributed cloud infrastructure
Cross-border transfers may occur when:
You access the NeWell Services from outside the U.S.
AI tools process data across global servers
Cloud storage partners host data internationally
Enterprise engagements require multi-national support
NeWell uses global service providers
Transfer mechanisms include:
GDPR Standard Contractual Clauses (SCCs)
UK Transfer Addendum
Adequacy decisions
Binding corporate rules
Contractual safeguards
Technical and organizational protections
By using NeWell Services, you consent to international data transfers as described.
4. Data Sharing for AI Training and System Improvement
NeWell may use user-provided data to train, improve, or enhance AI models.
This includes:
Text interactions
Voice inputs
Uploaded documents
Journaling or leadership reflections
Performance data
Behavioral analytics
Metadata
Usage patterns
AI training safeguards:
NeWell may anonymize or aggregate data
NeWell prohibits use for identity verification
Sensitive data is handled with heightened controls
Users may request opt-out where law requires (GDPR/UK GDPR)
NeWell may store AI logs for safety and auditing
AI model improvement partners must:
Not use data to build competing models
Maintain strict confidentiality
Follow security standards consistent with NeWell’s
5. Enterprise DPA (Data Processing Addendum
NeWell provides enterprise services to organizations that require additional privacy and security protections.
5.1 DPA Availability
Enterprise clients may request a:
Data Processing Addendum
Business Associate Agreement (if applicable)
Organizational confidentiality agreement
Data security appendix
Sub-processor list
5.2 DPA Coverage
The DPA governs:
Data ownership
Purpose limitations
Controller/Processor roles
Confidentiality
Data access limitations
Sub-processor transparency
International transfers
Employee/contractor security requirements
Breach notification timelines
Return or deletion of client data upon termination
5.3 Priority of Terms
If a DPA conflicts with this Privacy Policy:
The DPA prevails for enterprise client data
This Privacy Policy governs consumer and individual accounts
6. When NeWell Does Not Share Data
NeWell does NOT share data with:
Advertisers for their own marketing
Data brokers
Unapproved third parties
Entities attempting to purchase user data
Insurance companies
Employers (unless explicitly contracted)
NeWell does not:
Sell personal data
Rent data
Trade data for monetary value
Where CCPA/CPRA consider certain analytics sharing to be “sharing,” users may exercise opt-out rights.
7. Aggregated, Anonymized, and De-Identified Data
NeWell may process data in:
Aggregated form
Anonymized form
De-identified form
for:
AI training
Platform analytics
Leadership research
Performance insights
Product development
Security modeling
Such data is not considered personal information under privacy laws when it cannot be linked back to an individual.
8. Disclosure in Case of Abuse or Security Threats
NeWell may disclose data to:
Security professionals
Legal authorities
Threat mitigation partners
if:
Abuse is detected
Terms are violated
Community safety is at risk
A credible security threat exists
AI tools detect dangerous or harmful intentions
9. User-Controlled Sharing
You may choose to share:
Community posts
Leadership reflections
AI interactions
Uploaded media
Collaborative documents
Profile information
NeWell cannot control how other users handle information you share publicly.
SECTION 6 — SECURITY MEASURES, DATA RETENTION, COOKIES & TRACKING, BIOMETRIC HANDLING, COMMUNITY SAFETY, AND INCIDENT RESPONSE
1. Data Security Overview
NeWell uses a layered, defense-in-depth security model. While no system can guarantee perfect security, NeWell implements technical, administrative, and physical safeguards to reduce risks.
1.1 Technical Safeguards
NeWell employs:
Encryption in transit (TLS/SSL)
Encryption at rest (AES-256 or equivalent)
Network segmentation
API authentication controls
Secure coding best practices
Firewalls and intrusion detection
Role-based access control (RBAC)
Application-level security controls
Secure server configurations
1.2 Administrative Safeguards
NeWell maintains:
Employee confidentiality agreements
Security training programs
Access logs and auditing
Vendor due diligence processes
Sub-processor security compliance reviews
Policies governing acceptable use
Incident response policies
Monitoring and anomaly detection
1.3 Physical Safeguards
Data centers used by NeWell partners (AWS, Google, etc.) typically include:
24/7 monitored facilities
Biometrics for access control
Environmental protection systems
Redundant power and network systems
Secure disposal procedures
NeWell does not maintain on-premises servers.
2. Data Breach Notification
NeWell follows applicable laws including:
GDPR Articles 32–34
CCPA/CPRA breach rules
Arizona Revised Statutes § 18-551 et seq
New York SHIELD Act
If a breach occurs that exposes personal data:
NeWell will notify affected users without unreasonable delay
NeWell will notify relevant authorities where required
NeWell will document the nature of the breach and remediation steps
NeWell may also provide guidance on protective measures.
3. Data Retention and Deletion Practices
NeWell retains data only as long as necessary for:
Service delivery
Legal obligations
Security requirements
Contractual obligations
Program archiving (if applicable)
AI system improvement (anonymized when possible)
Default Retention Categories
3.1 Account and Profile Data
Retained while your account is active, and for a limited period afterward for:
Recordkeeping
Billing
Dispute prevention
3.2 Leadership, Journal, and Performance Data
Retained:
For the lifetime of your account
Or until deletion is requested (where permitted)
Or per enterprise contractual requirements
3.3 Consulting and Enterprise Data
Handled under DPA terms, which may override default policies.
3.4 AI Interaction Logs
May be retained:
For training
For safety review
For quality assurance
For system debugging
AI logs may be anonymized or aggregated.
3.5 Community and User-to-User Data
Deleted upon account deletion
Or anonymized
Or retained for safety/legal reasons
3.6 Legal, Security, and Audit Logs
Retained per regulatory guidelines (up to 7–10 years depending on jurisdiction).
3.7 Deletion Requests
Users may request deletion unless:
Retention is required by law
Retention is necessary for fraud prevention
Data is tied to contractual obligations
Enterprise data ownership overrides consumer rights
Data exists in backups not reasonably modifiable
4. Use of Cookies and Tracking Technologies
NeWell uses cookies and tracking systems to:
Authenticate users
Maintain session states
Personalize experience
Analyze performance
Provide security
Enable AI enhancements
Improve leadership recommendations
4.1 Types of Tracking Technologies
A. Essential Cookies
Used for:
Login
Security
Subscription access
Core functionality
Cannot be disabled without breaking the platform.
B. Performance Cookies
Used for:
Traffic analysis
Feature access data
Usability improvement
C. Analytics Cookies
Used for:
Identifying behavior patterns
Measuring conversions
A/B testing
Understanding program effectiveness
D. Advertising and Attribution Cookies
Used for:
Measuring ad effectiveness
Attribution tracking
UTM parameter storage
NeWell does not sell data but may track marketing efficiency.
E. Local Storage and Device Identifiers
Used for:
Mobile app persistence
Cached settings
Chat history (when permitted)
F. Session Replay Tools
Used only where legally allowed to:
Diagnose UX issues
Replay user flows
Improve AI interactions
Users in GDPR regions may opt out.
5. Handling of Incidentally Collected Biometric Data
NeWell may process biometric-like data only when voluntarily uploaded.
5.1 Categories Included
Video recordings
Voice messages
Images containing human faces
Leadership exercise submissions
Media used for analysis
5.2 What NeWell Does Not Do
NeWell does NOT:
Perform facial recognition matching
Store biometric identifiers
Sell biometric data
Use biometric data for identity verification
Create biometric databases
5.3 How NeWell Uses Incidentally Collected Biometric Data
Leadership review
Coaching insight development
AI analysis (if applicable)
Community content display
Quality assurance
5.4 Biometric Data Storage & Security
Handled under:
Strict access controls
Encrypted storage
Role-based visibility
6. Community Safety and Moderation Systems
NeWell communities operate under strict safety protocols.
6.1 Monitoring
NeWell may monitor:
Posts
Comments
Messages
Uploaded media
AI interactions used within community features
Reported behavior
6.2 Automated and Human Moderation
Moderation tools may include:
Keyword detection
Toxicity detection via AI
Manual review
Removal of harmful or inappropriate content
6.3 Prohibited Content Enforcement
NeWell will remove:
Harassment
Threats
Exploitation
Hate speech
Sensitive or illegal content
Commercial spam
IP-infringing content
6.4 Suspension and Termination
Users who violate policies may:
Lose community privileges
Have posts removed
Have accounts suspended
Be permanently banned
Have data provided to law enforcement in extreme cases
7. Risk Mitigation and Threat Prevention
NeWell uses:
Bot detection systems
Security event monitoring
Access anomaly tracking
Rate limiting
Automated abuse prevention systems
Threat intelligence services
Password strength and MFA support
8. Internal Access to Data
Access is limited to:
Trained employees
Authorized contractors
Consultants under NDA
AI safety and quality teams
NeWell uses least privilege principles.
Unauthorized access is grounds for immediate termination of internal personnel.
9. Third-Party Security Requirements
NeWell requires service providers to:
Maintain appropriate security controls
Adhere to confidentiality
Use data only for contracted purposes
Notify NeWell of breaches
Provide certifications or audits when applicable (SOC 2, ISO 27001, etc.)
Delete or return data upon termination of service
10. User Responsibilities in Maintaining Security
Users are responsible for:
Maintaining password hygiene
Securing their device
Using updated browsers
Not sharing login credentials
Avoiding public posting of confidential information
NeWell is not responsible for breaches caused by user negligence.
SECTION 7: Children’s Privacy, Policy Changes, Enforcement, Contact Information, and Final Provisions
1. Children’s Privacy (COPPA Compliance)
NeWell does not knowingly collect or process personal data from children under 18 years old.
The NeWell Services are designed for adults and professional users.
We do not market to or target minors.
We do not knowingly allow minors to register for NeWell Plus, communities, consulting programs, or AI tools.
If a minor has provided personal information:
Parents or guardians may contact:
Email: support@newell.io
Subject: “Minor Data Removal Request”
NeWell will promptly delete the information unless legally required to retain it.
2. Changes to This Privacy Policy
NeWell reserves the right to:
Update
Modify
Expand
Clarify
Replace
any portion of this Privacy Policy at any time.
2.1 Notice of Material Changes
If changes materially affect your rights or how your data is used, NeWell will provide notice via:
Email
Account notifications
Website updates
App updates
Banner notices
2.2 Continued Use Constitutes Acceptance
By continuing to use NeWell Services after updated policies are posted, you agree to the revised terms.
3. Interpretation and Priority of Terms
If this Privacy Policy conflicts with:
Terms of Service
A Data Processing Addendum (DPA)
A consulting or enterprise contract
Regulatory requirements
the priority order is as follows:
Applicable law
Enterprise DPA (if applicable)
Consulting or enterprise contract
Terms of Service
Privacy Policy
This ensures compliance with the highest standard.
4. Enforcement and Violations
NeWell enforces this Privacy Policy through:
Automated systems
Manual review
Security monitoring
Community moderation
Violations may result in:
Content removal
Account suspension
Termination
Legal action
Disclosure to law enforcement (if required)
5. Disclaimer of Responsibility for User Actions
NeWell is not responsible for:
Data a user shares publicly
Community interactions
Content uploaded voluntarily
Misuse of data by other users
Screenshots or re-sharing by third parties
User-to-user disputes
NeWell provides tools but cannot control user behavior outside the platform.
6. International Users
By accessing NeWell Services from outside the United States, you:
Consent to data transfer to the U.S.
Acknowledge U.S. data protection laws may differ from your region
Agree that NeWell complies with GDPR, UK GDPR, and other international frameworks as required
Users may request additional safeguards under lawful basis requirements.
7. Data Protection Officer (If Applicable)
If NeWell appoints a Data Protection Officer (DPO), updated contact information will be posted here.
Until then, privacy inquiries may be directed to:
8. Contact Information for All Privacy Matters
For any privacy-related requests or questions, contact:
NeWell, Inc
Email: support@newell.io
Subject: “Privacy Inquiry”
Users may submit complaints, data requests, appeals of decisions, deletion requests, or clarification questions.
9. Acknowledgment of Understanding
By using the NeWell Services, you acknowledge that you have:
Read this Privacy Policy in full
Understood how your data may be used
Agreed to the terms described
Consented to international data transfers
Consented to AI-related processing where applicable
Accepted that NeWell may update the Policy as required
10. Entire Privacy Policy
This document, in combination with the:
Terms of Service
Cookie Notices
DPA (where applicable)
Community Guidelines
AI Usage Disclosures
constitutes the full and complete declaration of NeWell’s privacy practices.
No oral statements or external documents override this policy unless formally issued by NeWell, Inc.