By Purchasing Access to mamma.earth You Agree To The following Privacy Policy:

mamma.earth, a company registered in the United Kingdom (“mamma.earth”, “we”, “us” or “our”) is committed to providing quality services to you and to respecting your privacy.

We are committed to protecting your privacy and respecting and upholding your rights under the General Data Protection Regulation (EU 2016/679) (the “GDPR”), the UK General Data Protection Regulation and the Data Protection Act 2018 (the “UK Privacy Laws”), and any other relevant laws pertaining to privacy of individuals in jurisdictions which our Services are available (collectively, “Privacy Laws”).

This privacy policy sets out how we collect, use, process, store, share and disclose your Personal Information (as defined in section 1 below) from the operation of our website at https://mamma.earth/ (“Website”), our product, a Software-as-a-Service (SaaS) platform built on the HighLevel Framework, which includes our own proprietary AI utilizing OpenAI Custom GPT technology, designed to empower businesses to create, manage, and automate their customer interactions (“Platform”), our services which include marketing, support, account management and education related to the Platform (“Services”), and when you communicate with us by phone, email, or in person (collectively, “Communication”).

1. What is Personal Information?

The term “Personal Information” as used in this Privacy Policy means information that can be used to identify an individual, or that is otherwise defined as personal data, personal information, or personally identifiable information in the Privacy Laws.

2. When and how we collect Personal Information

We collect Personal Information from you when you:

(a) Register for and use the Platform: when you sign up for an account, create a profile, or use the features of the Platform.

(b) Contact us: when you communicate with us via email, phone, or submit forms on the Website.

(d) Use the Website: we automatically collect certain information as described in the “Cookies and Tracking” section below.

(e) Respond to surveys or feedback requests.

3. The kinds of Personal Information we collect

The types of Personal Information we may collect include:

(a) Contact and Identity Data: Your name, email address, physical address, telephone number, job title, and organisation name.

(b) Payment and Billing Data: Payment details (though processed by a third-party processor), billing address, and transaction history.

(c) Platform Usage Data: Information about how you use the Platform, including features used, settings, configurations, and API keys.

(d) Technical Data: IP address, browser type and version, time zone setting and location, operating system, and other technology on the devices you use to access the Platform.

(e) Communication Data: Any correspondence between you and mamma.earth, including support tickets, emails, and call recordings (where permitted).

(f) Customer Data (Processed on your behalf): Data that your customers or clients input or provide through forms and tools on the Platform that you manage. mamma.earth processes this data on your behalf as a ‘data processor’ (or ‘service provider’) and your own privacy policy will govern this data.

4. Why we collect your Personal Information (Purposes and Legal Basis)

We collect your Personal Information for the following purposes:

- To provide the Platform and Services (Account creation, functionality, support, billing).

- To improve the Platform and Services (Troubleshooting, data analysis, research, and development of new features, including our AI).

- To manage payments and accounting (Processing invoices and payments).

- For marketing and communication (Sending updates, newsletters, or promotional content).

- To maintain security and prevent fraud (Monitoring security of the Platform).

- To comply with legal obligations (Responding to legal requests, court orders).

5. How we use your Personal Information

We use the Personal Information we collect for the purposes specified in the table above. Specifically, this includes:

(a) To operate, maintain, and provide all features of the Platform and Services, including enabling the functionality of the HighLevel framework and our proprietary AI features.

(b) To process and complete transactions and send related information, including transaction confirmations and invoices.

(d) To respond to your comments, questions, and requests and provide customer service.

(e) To monitor and analyse trends, usage, and activities in connection with our Platform and Services.

(f) To personalise and improve the Platform and Services, and provide advertisements, content, or features that match user profiles or interests.

6. Disclosure of Personal Information

We will only disclose your Personal Information in limited circumstances and for the purposes for which it was collected. This may include disclosure to:

(a) Affiliates and Group Companies: Other entities within the mamma.earth corporate group for internal management and support purposes.

(b) Software Providers & AI Partners: third-party service providers that supply enterprise-level software used to deliver our Platform. This includes HighLevel, Inc. which provides the core CRM, automation, and customer communication tools. HighLevel, Inc. may access or process your Personal Information for the purposes of operating and supporting the Platform, in accordance with its Security and Compliance Overview and Data Processing Agreement. Furthermore, our proprietary AI features are built using OpenAI Custom GPT technology. We may share or process Personal Information with OpenAI or other related service providers to facilitate the delivery of our AI-powered features, subject to our agreements and their privacy policies.

(c) Service Providers: Other third-party vendors, consultants, and service providers who need access to the data to perform services on our behalf, such as cloud hosting providers, payment processors, and analytics providers.

(d) Legal Compliance: In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, or legal process.

(e) Corporate Transactions: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

We require all third parties to respect the security of your Personal Information and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes and in accordance with our instructions.

7. International Data Transfers

As a UK company utilising global technology partners, your Personal Information may be transferred to, and processed in, countries outside of the United Kingdom and the European Economic Area (EEA), including the United States, where our service providers (like HighLevel and OpenAI) may be located.

We take reasonable steps to ensure that any international transfers of Personal Information are subject to appropriate safeguards required by the Privacy Laws, such as Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner’s Office (ICO), or reliance on Adequacy Decisions, to ensure your Personal Information is treated securely and in accordance with this Privacy Policy.

8. Cookies and Tracking

We use cookies and similar tracking technologies (like web beacons and pixels) to track activity on our Website and Platform and hold certain information.

(a) Cookies: Small files stored on your device that help us remember information about your visit, such as your preferences and login details.

(b) How we use them: To analyse how the Website and Platform are used, administer the Website, track users’ movements, and gather demographic information.

(c) Your Choices: You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

9. Data Security

We take reasonable steps to protect the Personal Information we hold from misuse, interference, loss, unauthorised access, modification, or disclosure by implementing appropriate technical and organisational security measures. These measures include:

(a) Encryption of Personal Information both in transit and at rest where appropriate.

(b) Access controls and internal policies to limit access to Personal Information to authorised personnel on a need-to-know basis.

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

10. Data Retention

We retain your Personal Information only for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process your Personal Information, and whether we can achieve those purposes through other means, and the applicable legal requirements.

11. Your Rights

You have rights under the Privacy Laws concerning your Personal Information. Depending on your location and the applicable Privacy Laws, these rights may include:

(a) Access: The right to request copies of your Personal Information we hold.

(b) Rectification: The right to have inaccurate or incomplete Personal Information corrected.

(c) Erasure (Right to be Forgotten): The right to request the deletion of your Personal Information in certain circumstances.

(d) Restriction of Processing: The right to request that we limit the way we use your Personal Information.

(e) Data Portability: The right to obtain your Personal Information in a structured, commonly used, and machine-readable format.

(f) Objection: The right to object to the processing of your Personal Information, particularly for direct marketing purposes.

To exercise any of these rights, please contact us using the details provided in section 14. We will respond to your request within a reasonable timeframe as required by the applicable law.

12. Children’s Privacy

Our Platform and Services are not directed to individuals under the age of 18. We do not knowingly collect Personal Information from children under 18. If we become aware that we have collected Personal Information from a child under 18, we will take steps to delete such information. If you believe we might have any information from or about a child under 18, please contact us.

13. Notices specific to certain jurisdictions

We are dedicated to ensuring that individuals in certain jurisdictions have access to their privacy rights as provided by the Privacy Laws of your jurisdiction. We have set out details below dependent on your location.

United Kingdom

You have specific enhanced privacy rights under the UK General Data Protection Regulation and the Data Protection Act 2018, which include the right to:

- Require us to correct any Personal Information held about you that is inaccurate or incomplete;

- Require the deletion of Personal Information concerning you in certain situations (Right to Erasure);

- data portability for Personal Information you provide to us where feasible. Please note, we do not support - transfers of your Personal Information to other businesses or agencies that use the same software from which our Platform is derived and through which we deliver our Services;

- Object or withdraw your consent at any time to the processing of your Personal Information;

object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; or

- Otherwise restrict our processing of your Personal Information in certain circumstances.

Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so. These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this means that we may retain some data even if you withdraw your consent.

We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.

If you believe that we hold Personal Information about you that is not accurate, complete or up to date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe (as set by the applicable law), and you will not be charged a fee for correcting your Personal Information.

If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.

European Union (EU)

For the purposes of the GDPR, we are a ‘data controller’ of your Personal Information. Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including the right to:

- Require us to correct any Personal Information held about you that is inaccurate or incomplete;

- Require the deletion of Personal Information concerning you in certain situations;

- Data portability for Personal Information you provide to us where feasible. Please note, we do not support transfers of your Personal Information to other businesses or agencies that use the same software from which our Platform is derived and through which we deliver our Services;

- Object or withdraw your consent at any time to the processing of your Personal Information;

object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you; or

- Otherwise restrict our processing of your Personal Information in certain circumstances.

We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.

14. Contact and Complaints

Contact Details

If you have any questions or concerns about this Privacy Policy, our use of your Personal Information, or wish to exercise your rights, please contact us at:

Email: [email protected]

Complaints

If you have a complaint regarding a breach of the Privacy Laws, please email us with the details of your complaint. We will investigate the complaint and endeavour to provide a response within 30 days.

If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority. For UK residents, this is the Information Commissioner's Office (ICO).

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will revise the “Last Updated” date at the bottom of the policy. We encourage you to review the Privacy Policy periodically to stay informed about our data handling practices. If we make material changes, we will provide you with additional notice (such as adding a statement to the Website or sending you an email notification).

Last Updated: 12th December 2025