Privacy policy.

Privacy Policy for ‘DAVID HAYE ACCOUNTABILITY LTD’ (“DHA”)

TERMS & CONDITIONS

Effective Date: [30 Dec 2024]

Welcome to David Haye Accountability Ltd (“DHA”). We pride ourselves on delivering a unique, accountable, and motivational experience for our clients, centered around health, wellness, and personal growth. These Terms & Conditions (“Terms”) govern your access to and use of DHA’s services via WhatsApp, and outline how we handle personal data, intellectual property, confidentiality, and more.

Please read these Terms carefully. By using our services, you agree to abide by these Terms in full. If you do not agree, you must not use our services.

1. DEFINITIONS & INTERPRETATION

1.1 “DHA,” “we,” “us,” or “our”
Refers to David Haye Accountability Ltd, a company registered in the United Kingdom, having its principal office at 63 Lyham Road, 21 Park Lofts, London, England SW25EB.

1.2 “Client,” “user,” “you,” or “your”
Denotes any individual who accesses, interacts with, or utilizes DHA’s services, communications, or content through WhatsApp or any other channel we may designate.

1.3 “Services”
Encompasses the entire scope of DHA offerings, communications, advice, materials, and content provided exclusively via the WhatsApp Business API, including but not limited to individualized health and wellness guidance, motivational check-ins, accountability support, data collection, and interactions.

1.4 “Personal Data”
Represents any information relating to an identified or identifiable individual, including but not limited to names, email addresses, phone numbers, health and wellness data (e.g., height, weight, body fat, nutritional habits, sleep data, and energy levels), and Meta profile IDs.

1.5 “Sub-Processors”
Indicates third-party service providers who process personal data on DHA’s behalf, under strict contractual obligations ensuring data protection and security.

1.6 “WhatsApp Business API”
Refers to the official WhatsApp platform interface that allows businesses like DHA to engage with users and manage communications in a secure and streamlined manner.

1.7 Interpretation
All headings are for ease of reference only and shall not affect the construction or interpretation of these Terms. Words in the singular include the plural and vice versa.

2. COMPANY & CONTACT DETAILS

2.1 Legal Entity
DHA is formally registered as David Haye Accountability Ltd in the United Kingdom. Company Number (14547447)

2.2 Principal Address
63 Lyham Road, 21 Park Lofts, London SW25EB

2.3 Contact Information
All inquiries, requests, or notifications related to these Terms, your personal data, or our Services should be directed to:
Email: compliance@hayemaker.com

2.4 Communications via WhatsApp
All primary communication with clients is conducted via WhatsApp messages or voice/video notes. We may, from time to time, require you to confirm certain details by email if needed for compliance or security verification.

3. ACCEPTANCE OF TERMS & ELIGIBILITY

3.1 Agreement to be Bound
By initiating or continuing a WhatsApp conversation with DHA or otherwise interacting with our Services, you explicitly acknowledge that you have read, understood, and agree to these Terms without limitation or qualification.

3.2 Exclusivity of WhatsApp
Our Services are conducted exclusively through the WhatsApp platform. No alternative platforms (emails, phone calls, or in-person consultations) are systematically provided, unless otherwise stated in writing. It is your responsibility to maintain a valid WhatsApp account and internet connection to engage with DHA Services.

3.3 Updates & Revisions
DHA may revise these Terms from time to time. We will notify clients of any major changes via WhatsApp broadcast or other means. Your continued use of our Services following such notice constitutes acceptance of the updated Terms.

3.4 Termination of Use
If at any point you disagree with these Terms or any modifications thereto, you must discontinue using the Services and inform DHA accordingly.

4. AGE RESTRICTIONS & CHILDREN’S DATA

4.1 Age Eligibility
DHA’s Services are exclusively intended for individuals aged 18 years or older. We do not knowingly permit minors to create an account, join a WhatsApp group, or otherwise utilize our Services.

4.2 No Collection of Children’s Data
Because of our strict age requirements, we do not intentionally collect personal data from anyone under 18. Should we discover that a user is underage, we will immediately remove their data from our systems.

4.3 Parental or Guardian Inquiries
If you suspect a minor has accessed our WhatsApp Services, please contact us at compliance@hayemaker.com so we can promptly investigate and delete any related personal data.

4.4 Legal Compliance
We recognize that certain jurisdictions have additional regulations for minors under 16 or 13. Given our 18+ policy, we do not market or provide any aspect of our Services to such minors. If an underage user is inadvertently identified, we will respond under applicable laws to protect their data and privacy.

5. NON-MEDICAL NATURE & PERSONAL EXPERIENCE DISCLAIMER

5.1 Personal Expertise & Athletic Background
DHA’s founder, David Haye, is not a medical doctor. He is a former professional athlete with nearly 25 years of experience working alongside some of the world’s leading nutritionists, strength and conditioning coaches, and sports scientists. All guidance shared reflects personal opinions, learned strategies, and life experiences.

5.2 General Information Only
Any tips, suggestions, or strategies provided by DHA (through text, voice notes, or videos on WhatsApp) are intended as general lifestyle and wellness advice. They do not replace or supersede professional medical consultations, evaluations, or treatment.

5.3 Health Care Professional Involvement
Before making any significant changes to your diet, exercise routine, or overall health regimen, you should consult a qualified healthcare professional. By using DHA’s Services, you acknowledge and agree that you assume full responsibility for any decisions made regarding your health and well-being.

5.4 No Doctor-Patient Relationship
Nothing in DHA’s Services is intended to create a doctor-patient relationship. We do not diagnose, treat, cure, or prevent any medical conditions. If you experience any pain, discomfort, or adverse reactions, cease following our guidance and consult your healthcare provider.

5.5 Limited Liability
In addition to disclaimers outlined in Section 14, DHA accepts no liability for any outcomes, injuries, or health issues that arise from following our content, as we are not licensed medical practitioners.

6. SCOPE OF DATA COLLECTION

6.1 Meta Platform Data
Where authorized by you, DHA may access limited data through Meta (Facebook, Instagram, WhatsApp), such as your profile ID, name, and other basic information necessary to facilitate communication and accountability.

6.2 User-Submitted Data
Clients may voluntarily submit daily health and wellness data via WhatsApp multiple-choice forms or direct messages, including details regarding food intake, movement and exercise, height, weight, body fat, nutritional habits, sleep data, and energy levels. This data is crucial for us to tailor feedback and support your accountability journey.

6.3 Third-Party Website Collection
Outside of WhatsApp, DHA collects certain data from hayemaker.com—particularly for sign-up or subscription purposes—where such information is stored in our Mailchimp CRM.

6.4 No Data Combination Beyond Stated Scope
We do not merge or enrich user data from Meta platforms with external sources, except as necessary to perform the services described (e.g., logging your weight inputs or movement data).

7. PURPOSE & USE OF COLLECTED DATA

7.1 Accountability & Motivation
We use the collected data primarily to keep you motivated and engaged with your long-term health journey. By analyzing daily logs, we provide personalized insights, encouragement, and feedback on your progress.

7.2 Calorie & Movement Calculations
Clients log food and movement data, which DHA may use to estimate calorie burn, track nutritional intake, and offer suggestions on aligning lifestyle habits with wellness objectives.

7.3 Communication & Support
DHA uses WhatsApp messages, voice notes, and video to deliver tips, guidance, and check-ins, ensuring clients have ongoing motivation and accountability.

7.4 User Experience Enhancements
From time to time, we may evaluate anonymized or aggregated user data to improve our Services, refine our approach, and develop additional features that may benefit our clients overall.

7.5 Legal Bases
Our processing rests on (a) your explicit consent at the commencement of Services, and (b) our legitimate interest in providing, maintaining, and improving accountability services to clients.

8. DATA SHARING & SUB-PROCESSORS

8.1 No Partner or Affiliate Sharing
We do not sell, rent, or trade personal data with affiliates or unrelated third parties. Data is only shared as strictly necessary for service delivery or if legally mandated.

8.2 Authorized Sub-Processors
The following trusted service providers (“Sub-Processors”) handle limited data on our behalf, under legally binding agreements ensuring GDPR-level protection:

  1. Amazon Web Services (AWS)

    • Legal Entity: Amazon Web Services EMEA SARL

    • Address: 5 Rue Plaetis, L-2338 Luxembourg

    • Role: Cloud hosting, data storage (UK region)

    • Security: ISO 27001, SOC 2 certifications

  2. Mailchimp (Intuit Inc.)

    • Legal Entity: The Rocket Science Group LLC d/b/a Mailchimp

    • Address: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA

    • Role: Email marketing, CRM communications

    • Usage: Manages sign-up and contact lists from hayemaker.com

  3. OpenAI

    • Legal Entity: OpenAI, L.L.C.

    • Address: 3180 18th Street, San Francisco, CA 94110, USA

    • Role: AI-based text/data processing for content generation, analytics, or limited user submissions

    • Scope: Minimal personal data may be sent (pseudonymized where possible)

  4. Stripe

    • Legal Entity: Stripe, Inc.

    • Address: 185 Berry Street, Suite 550, San Francisco, CA 94107, USA

    • Role: Payment processing

    • Framework: PCI-DSS compliant, subject to GDPR obligations

8.3 DPAs & Compliance
DHA has executed Data Processing Agreements (DPAs) or equivalent contracts with each Sub-Processor, mandating robust security controls, adherence to GDPR, and immediate notification of any data breaches.

8.4 Updates to Sub-Processors
If DHA adds, replaces, or removes a Sub-Processor, we will update our publicly accessible Sub-Processor list accordingly and notify active clients via WhatsApp or email.

9. INTERNATIONAL DATA TRANSFERS

9.1 Cross-Border Flow
Some Sub-Processors may operate in jurisdictions outside the UK/EEA (e.g., the United States). In such circumstances, we ensure that personal data is afforded equivalent protection through legally recognized mechanisms.

9.2 Standard Contractual Clauses (SCCs)
We rely on SCCs (and similar frameworks approved by the European Commission or the UK’s Information Commissioner’s Office) to ensure robust data protection measures for transfers outside the UK/EEA.

9.3 Provider Compliance

  • AWS: Uses GDPR-compliant hosting agreements and SCCs for UK/EU-to-US data flows.

  • Mailchimp: Incorporates SCCs in its Data Processing Agreement for transatlantic data.

  • OpenAI: Provides a DPA that includes SCCs to secure data processed in the U.S.

  • Stripe: Implements SCCs and PCI-DSS compliance measures to protect payment data.

9.4 Additional Safeguards
Where relevant, we may also apply encryption, pseudonymization, or other technical controls to mitigate risks associated with cross-border data transfers.

10. SECURITY MEASURES

10.1 Commitment to Security
Protecting personal data against unauthorized access, alteration, or disclosure is a top priority. We employ a multi-layered security approach, with both technical and organizational controls.

10.2 Encryption

  • Data in Transit: Encrypted using industry-standard TLS protocols when communicating via WhatsApp or integrated systems.

  • Data at Rest: Certain data (including backups and archives) is encrypted (e.g., AES-256) to safeguard it against unauthorized physical access.

10.3 Access Controls

  • Role-Based Access Control (RBAC): Only employees whose job function requires it can view or process specific data subsets.

  • Identity & Authentication: Admin-level accounts use multi-factor authentication. Passwords are salted and hashed.

  • Least Privilege Principle: Permissions are reviewed periodically to ensure minimum necessary access.

10.4 Infrastructure Security

  • Hosting Environment: AWS UK region with ISO 27001, SOC 2 compliance.

  • Firewall & Segmentation: Robust firewalls and internal network segmentation isolate production, testing, and development environments.

  • Patching & Updates: Continuous patch management to close known vulnerabilities.

10.5 Logging & Monitoring

  • Audit Logs: Key user and system events are logged to ensure traceability and compliance.

  • Intrusion Detection: Automated monitoring tools and alerts signal suspicious activity or potential breaches.

10.6 Secure Development Practices

  • Code Reviews: Peer-reviewed code commits to detect and address security risks early.

  • Vulnerability Scans & Testing: Routine penetration testing to identify and mitigate vulnerabilities before exploitation.

  • Change Management: Formal procedures for deploying system updates to reduce accidental misconfigurations.

10.7 Vendor & Sub-Processor Due Diligence

  • DPAs & Risk Assessments: Ensuring Sub-Processors uphold data protection standards aligned with DHA’s security posture.

  • Continual Oversight: Periodic vendor re-assessments to confirm ongoing adherence.

10.8 Employee Awareness & Policies

  • Security Training: Mandatory, recurrent training on data protection, privacy best practices, and phishing awareness.

  • Acceptable Use: Written policies outlining proper handling and confidentiality of personal data.

  • Background Checks: Conducted where permitted by law for employees in high-privilege roles.

10.9 Incident Response & Data Breach Notification

  • Incident Response Plan: A documented procedure for identifying, containing, investigating, and correcting security events.

  • Mandatory Notifications: We will inform both clients and relevant authorities in legally mandated timeframes if a breach impacting personal data is confirmed.

10.10 Business Continuity & Disaster Recovery

  • Regular, Encrypted Backups: Data is backed up securely, with offsite storage for resilience.

  • Disaster Recovery Testing: Controlled simulations to ensure readiness for sudden outages or system failures.

10.11 Continuous Improvement
We periodically review and update our security protocols to stay current with emerging threats, industry standards, and regulatory expectations.

11. CONFIDENTIALITY OF COMMUNICATIONS & CONTENT

11.1 Private & Direct
All communications occur via the WhatsApp Business API, ensuring direct, private conversations between DHA and each client.

11.2 Confidential Materials
Any guidance, advice, audio/video notes, or text-based content exchanged with a client is intended solely for that client’s personal reference. Such information may include proprietary insight from David Haye’s 25-year athletic career.

11.3 Non-Disclosure by Clients
You agree not to copy, distribute, or disclose any proprietary DHA content to third parties or make it public without our express written permission. This includes, but is not limited to, screenshots, forwarded voice notes, and reposted text messages.

11.4 Reciprocal Privacy Commitment
We respect your privacy and will not share personal data or private exchanges with any party unless legally required. We expect you to maintain the same confidentiality regarding DHA’s proprietary or sensitive information.

11.5 Legal Remedies
If you breach confidentiality obligations by disseminating DHA’s content or trade secrets without permission, DHA reserves the right to take appropriate legal action, including claims for damages or injunctive relief.

11.6 Updates to Confidentiality Terms
These confidentiality conditions may be amended over time to reflect evolving legal requirements or DHA’s operational practices. Continued use of our Services constitutes acceptance of any updates.

12. PAYMENT & STRIPE USAGE

12.1 Payment Processing
If our Services require payment, DHA leverages Stripe as a secure and reputable payment gateway. Stripe’s terms and privacy policy will govern any payment transaction, which may entail the processing of your card details, billing address, or other relevant financial information.

12.2 PCI-DSS Compliance
Stripe complies with the Payment Card Industry Data Security Standards (PCI-DSS), ensuring the highest level of security for cardholder data. DHA never stores complete card details on our servers.

12.3 Invoices & Receipts
Where applicable, we will issue digital invoices or receipts for payments processed. These records may contain your name, partial card details (last four digits), and transaction amounts.

12.4 Refunds & Cancellations
We may, at our discretion, offer refunds or cancellations if specific terms are agreed upon in writing with the client. Any refunds processed through Stripe will adhere to Stripe’s own refund policies and timelines.

13. INTERNATIONAL DATA TRANSFERS & COMPLIANCE

13.1 Legal Framework
To align with UK GDPR and EU GDPR requirements, DHA ensures that personal data transferred to countries lacking adequacy decisions is protected through SCCs or equivalent tools.

13.2 Additional Safeguards
We implement encryption, access controls, and pseudonymization (where feasible) to lessen the risks associated with cross-border data transfers.

13.3 Client Requests
Should you require more information on our cross-border data mechanisms (e.g., copies of SCCs), please email compliance@hayemaker.com.

13.4 Regulatory Authorities
We fully cooperate with supervisory authorities and uphold relevant statutes that govern personal data. Any inquiry from such authorities will be handled with transparency and in accordance with legal obligations.

14. LIABILITY & EXTENDED DISCLAIMERS

14.1 No Medical Advice
DHA is not a medical institution. Our guidance stems from personal experience, extended study with top-tier nutritionists, and athletic conditioning. You must consult licensed healthcare providers for individualized medical evaluations.

14.2 Health & Wellness Disclaimer
The Services offered involve suggestions, accountability prompts, and motivational insight based on David Haye’s personal journey. Results vary from person to person, and DHA makes no guarantees of specific health, weight, or fitness outcomes.

14.3 Assumption of Risk
By participating in any recommendations (e.g., exercise regimes, dietary changes), you understand there are inherent risks, including potential injury, discomfort, or health complications. You assume full responsibility for any consequences arising from your decisions.

14.4 Exclusion of Indirect Damages
In no event shall DHA be liable for any indirect, incidental, special, consequential, or exemplary damages, including but not limited to loss of revenue, goodwill, or data, even if DHA has been advised of the possibility of such damages.

14.5 Limitation of Liability
To the extent permitted by law, DHA’s total liability for any claim arising out of or relating to these Terms shall be limited to the amount paid (if any) for our Services over the six months preceding the event giving rise to liability.

14.6 Force Majeure
DHA shall not be responsible for delays or failures to perform due to events outside our reasonable control, including acts of God, public disturbances, fires, floods, pandemics, or internet disruptions.

15. USER RIGHTS & DATA SUBJECT REQUESTS

15.1 Access & Correction
You have the right to request copies of your personal data held by DHA, as well as to rectify inaccuracies. Submit such requests to compliance@hayemaker.com.

15.2 Deletion (“Right to be Forgotten”)
You may request deletion of your personal data at any time. Barring legal retention obligations, DHA will promptly remove your data from active systems, typically within 30 days.

15.3 Restriction & Objection
Under certain circumstances, you can request we limit or cease certain processing activities (e.g., promotional messages). We will honor such requests to the fullest extent required by law.

15.4 Withdrawal of Consent
Where our processing relies on your consent, you have the right to withdraw it at any point. This does not affect the legality of prior processing, but it may impact our ability to provide continued Services.

15.5 Complaint with Supervisory Authority
If you believe DHA has infringed your rights under data protection laws, you can lodge a complaint with the UK Information Commissioner’s Office (ICO) or any other competent authority.

16. DATA RETENTION POLICY

16.1 Active Accounts
We retain personal data for as long as you engage with our WhatsApp-based Services to allow continuity. This includes any progress logs, chat histories, or personal notes.

16.2 Inactive Accounts
If a client becomes inactive—neither sending nor responding to messages—DHA may retain data to simplify future reactivation. However, periodic reviews will ensure data is still necessary, with unnecessary data securely removed.

16.3 User-Initiated Deletion
Should you request data erasure by contacting compliance@hayemaker.com, we will action your request promptly (usually within 30 days), unless retention is mandated by law (e.g., tax or regulatory requirements).

16.4 Backups & Archives
Erased data may still be present in encrypted backups or archives until our standard backup rotation eliminates it. It will not be restored to active systems unless necessary for legal or compliance reasons.

16.5 Legal or Compliance Obligations
We may keep certain data to fulfill legal, auditing, or compliance obligations, and will delete it as soon as those obligations are discharged.

17. WHATSAPP USAGE & CONDUCT

17.1 Exclusive Channel
You acknowledge that all DHA services, instructions, and communications occur exclusively through WhatsApp. Any official changes to channel use will be announced by DHA.

17.2 User Conduct
You agree to use WhatsApp responsibly, refraining from sending harmful, offensive, or unlawful content. DHA reserves the right to terminate any user who violates these guidelines.

17.3 Message Integrity
Although WhatsApp provides end-to-end encryption, we encourage users to maintain updated antivirus and security controls on their devices. DHA is not responsible for compromised devices or third-party interceptions beyond WhatsApp’s control.

17.4 Opt-Out
If you wish to stop receiving messages, you can request to opt out at any time. Once processed, DHA will no longer send WhatsApp communications unless legally required or re-authorized by you.

18. CONFIDENTIALITY & INTELLECTUAL PROPERTY

18.1 Proprietary Rights
DHA and/or David Haye hold all intellectual property rights in the content provided via WhatsApp. This includes copyright in all audio recordings, written guidance, and proprietary accountability methods.

18.2 License to Use
You receive a limited, non-transferable, revocable license to access and utilize the shared materials solely for your personal, non-commercial benefit. This license does not grant any right to distribute or reproduce content without express permission.

18.3 Breach of IP Rights
Any unauthorized use, distribution, or reproduction of DHA’s intellectual property may result in immediate termination of Services, along with legal proceedings for infringement of intellectual property rights.

19. GOVERNING LAW & DISPUTE RESOLUTION

19.1 Governing Law
These Terms, their subject matter, and formation are governed by the laws of England and Wales, without regard to any conflict-of-laws principles.

19.2 Exclusive Jurisdiction
Any disputes or legal actions arising under these Terms shall be subject to the exclusive jurisdiction of the courts located in England. You agree to submit to such jurisdiction for any proceedings.

19.3 Alternative Dispute Resolution
In the event of a dispute, both parties will endeavor in good faith to settle via direct negotiation or alternative dispute resolution (ADR) methods prior to initiating formal court proceedings.

20. TERMINATION & SURVIVAL

20.1 Right to Terminate
DHA reserves the right, in its sole discretion, to suspend or terminate a client’s access to WhatsApp-based Services if the client breaches these Terms, fails to act in good faith, or engages in conduct detrimental to DHA or its clientele.

20.2 Effect of Termination
Upon termination, your access to DHA Services and content shall cease immediately, and any outstanding obligations for payments or confidentiality shall remain in effect.

20.3 Survival Clauses
Provisions regarding confidentiality, disclaimers, limitation of liability, intellectual property, and dispute resolution shall survive any termination or expiration of these Terms.

21. ENTIRE AGREEMENT & SEVERABILITY

21.1 Entire Agreement
These Terms, alongside any referenced policies (e.g., Privacy Policy, Sub-Processor List), constitute the entire agreement between DHA and the user concerning the Services provided exclusively via WhatsApp.

21.2 Severability
If any part of these Terms is deemed invalid or unenforceable by a competent authority, that portion shall be severed, and the remainder will stay valid and enforceable.

21.3 No Waiver
A delay or failure in exercising any right under these Terms does not constitute a waiver of that right or any other rights under these Terms.

22. CONTACT US

If you have any questions, requests, or concerns about these Terms, our privacy practices, or the nature of our Services, please reach out to:

David Haye Accountability Ltd

Email: compliance@hayemaker.com

We appreciate your trust in DHA and look forward to supporting you on your personal accountability journey through WhatsApp. By continuing to use our Services, you confirm that you have read, understood, and agree to the entirety of these Terms & Conditions.