Privacy Policy

1. Introduction

1.1. About us. This Privacy Policy of joinwellsphere.com (“Website”) describes how we collect, use, disclose, and otherwise process personal data of Applicants, Employers and Visitors (as defined below). Wellsphere Enterprises LLC, a Delaware limited liability company with its principal place of business at  1s 1st st, Apt 28D, 11249 Brooklyn, New York United States (“Wellsphere,” “we,” “us,” or “our”), is the controller of personal data processed in connection with the Website and related online services (collectively, the “Platform”). You may contact us regarding privacy matters at hello@joinwellsphere.com

1.2. Wellsphere’s role. Wellsphere acts as an independent controller of the personal data it processes through the Platform. We do not act as an Employer’s processor/service provider with respect to candidate data an Employer independently receives and processes. Employers determine their own purposes and means of processing Applicant data they obtain via the Platform and are responsible for providing their own privacy notices and complying with applicable law. We operate in the United States, the European Union, and the United Kingdom. Supplemental regional disclosures (e.g., GDPR/UK GDPR, U.S. state privacy laws) form part of this Privacy Policy and apply to residents of those jurisdictions.

1.3. Private Visibility. Opportunities and Applicant profiles are visible only to authenticated account holders with valid Platform access. We implement technical controls designed to prevent search-engine indexing of listings and profiles. While we employ rate-limiting and anti-automation measures to deter scraping or bulk extraction, no method is infallible and we cannot guarantee absolute prevention of unauthorized harvesting.

1.4. Wellsphere Hiring. If you apply for a role with Wellsphere (as an employee or contractor), a separate HR privacy notice will be provided at the point of collection and will govern our processing of your application and any subsequent employment-related data.

‍

2. Definitions

2.1 “Personal Data” or “Personal Information” means information relating to an identified or identifiable natural person, or information defined as personal information under applicable law (including, without limitation, the California Privacy Rights Act (CPRA), the EU General Data Protection Regulation (GDPR), and the UK GDPR).

2.2 “Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

2.3 “Controller” means the natural or legal person which, alone or jointly with others, determines the purposes and means of Processing Personal Data. Wellsphere acts as an independent Controller of Personal Data it Processes through the Platform.

2.4 “Special-Category Data” means data deemed sensitive under applicable law, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for unique identification, health data, or data concerning a person’s sex life or sexual orientation. Wellsphere does not intentionally request or Process Special-Category Data.

2.5 “Applicant” means an individual wellness professional who creates a Platform account, posts a profile or CV, or applies for the available jobs.

2.6 “Employer” means a business or organization that posts or manages job posts or otherwise uses the Platform to connect with Applicants.

2.7 “Visitor” means any individual who accesses the Website without creating an account.

‍

3. Collection of Personal Data 

3.1 Direct Interactions. We collect Personal Data you provide when you create an account, complete or update a profile or CV, send or receive messages, schedule interviews, submit applications, or otherwise interact with the Platform. When you enroll in a free trial or purchase plan, we process plan type, start/end dates, and usage activity to operate and enforce the plan and to prevent abuse.

3.2 Automated Means. We automatically collect technical and usage information from your device and browser (including IP address, operating system, device identifiers, log data, page views, event timestamps, approximate location, and cookie/consent strings).

3.3 Transactions. When you purchase or enrol to free trial subscription to the Platform, we receive transaction data such as plan type, currency, payment status, and Stripe customer/payment identifiers. Wellsphere does not store full payment card numbers.

3.4 Disclosure. When you apply to or message about job post, you direct us to disclose your Applicant profile/CV and related information to the Employer you select. Employers act as independent controllers of the Personal Data they receive and must provide their own privacy notices. Identically, when Eapply or message about any CV posted, you direct us to disclose your Employer profile/job postings and related information to the Applicant you select.

3.5 Service Providers. We receive fraud-prevention and security signals, aggregated analytics, and error/crash reports from vendors engaged to host, secure, measure, or operate the Platform.

3.6 No Special-Category. We do not request for or intend to process Special-Category Data. Please do not include such information into your profiles, CVs, or messages. If such data is provided inadvertently, we may delete or minimize it. Applicants and Employers are prohibited from including Special-Category Data in profiles, applications, or communications unless strictly lawful and necessary (e.g., reasonable accommodation requests handled directly with the Employer). Wellsphere may delete or minimize such data if received inadvertently

‍

4. Categories of Personal Data 

4.1. Personal Data collected:

‍

‍

4.2. Principles. Wellsphere applies data minimization and storage limitation consistent with applicable law. Retention periods are described above. Where necessary to comply with law, enforce agreements, or resolve disputes, Wellsphere may retain relevant data beyond the periods above and will delete or de-identify it when the basis for extended retention ends.

4.3. Backups. Backup personal data is stored encrypted, time-limited rolling cycles, after which data is overwritten or destroyed.

‍

5. Legal Bases

‍

‍

6. Purpose of Processing

‍

‍

7. Processing Limitations

7.1 No Sale or Sharing. Wellsphere does not “sell” or “share” Personal Information, as those terms are defined under the CRPA  including for purposes of cross-context behavioral advertising. 

7.2 No Automated Decision-Making. Wellsphere does not subject individuals to decisions based solely on automated processing, including profiling, that produce legal effects concerning them or similarly significantly affect them within the meaning of Article 22 of GDPR and the UK GDPR.

7.3 No Profiling. Wellsphere does not engage in profiling of Applicants, Employers, or Visitors other than limited, non-intrusive processing necessary to provide core Platform functionality (e.g., keyword matching, deduplication, and ordering of search results by recency/relevance). Such processing does not produce legal or similarly significant effects.

7.4. Disclosures of Personal Data. Wellsphere may disclose Personal Data to the following categories of recipients, subject to appropriate safeguards and only to the extent reasonably necessary for the purposes described in this Policy:

1. Service Providers and Processors. Third-party vendors acting as processors on Wellsphere’s behalf, including hosting, storage, CDNs, communications tools, analytics, customer support, error logging, and payment processing. Such processors are contractually bound to process Personal Data only in accordance with Wellsphere’s documented instructions and applicable law. For California residents, these vendors are engaged as ‘service providers’ or ‘contractors’ under the CPRA and are contractually prohibited from retaining, using, or disclosing Personal Information for any purpose other than performing services for Wellsphere, consistent with Cal. Civ. Code §1798.140.
2. Employers. Where an Applicant elects to apply for, or otherwise communicate regarding, an Opportunity, Wellsphere will disclose relevant Personal Data to the selected Employer. Employers act as independent controllers of such data and are responsible for their own privacy notices and compliance obligations.
3. Corporate Transactions. In connection with a merger, acquisition, restructuring, financing, insolvency, or sale of assets, where Personal Data may be transferred as part of the transaction, subject to the recipient’s commitment to respect this Policy or to provide an equivalent level of protection consistent with applicable law.
4. Legal and Compliance. Where required to comply with applicable law, regulation, legal process, or governmental request, or where necessary to enforce Wellsphere’s rights, protect the safety of users or third parties, or investigate suspected unlawful activity.
5. Aggregated and De-Identified Data. Aggregated, anonymized, or de-identified information that cannot reasonably be used to identify an individual, for reporting, analytics, research, or benchmarking.

‍

8. Security

8.1 Measures. Wellsphere implements appropriate administrative, technical, and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Such measures include, without limitation, encryption in transit (and at rest where feasible), role-based access controls, least-privilege policies, audit logging, vulnerability management, monitoring, backups, regular security reviews, and rate-limiting/anti-automation controls to deter scraping and bulk extraction.

8.2 No Absolute Security. No system can be guaranteed 100% secure. You acknowledge that you share Personal Data at your own risk. If you become aware of any unauthorized access or suspected compromise of your account, you must notify Wellsphere promptly.

8.3 Incident Response. If Wellsphere becomes aware of a personal-data breach affecting your information, Wellsphere will investigate and notify affected users and, where applicable, supervisory authorities without undue delay, consistent with applicable law.

‍

9. EMEA and UK data subject rights

9.1 Scope. If you are located in the European Economic Area or the United Kingdom, you have the rights set out in this Section 9, subject to the conditions and exemptions in the EU GDPR/UK GDPR and other applicable law. These rights apply to Personal Data that Wellsphere processes as a controller. Under these laws you have the following rights:

1. Access. You have the right to obtain confirmation whether we process your Personal Data and receive a copy, including certain metadata about our processing.
2. Rectification. You have the right to correct inaccurate Personal Data and have incomplete data completed.
3. Erasure (“Right to be Forgotten”). You  request deletion of Personal Data where, for example, it is no longer necessary for the purposes collected, you withdraw consent (where consent is the legal basis), or you successfully object (see below). We may retain data where an exception applies (e.g., legal obligations, establishment/exercise/defense of legal claims).
4. Restriction. You have the right to request that we restrict processing in specific circumstances (e.g., while we verify accuracy or assess an objection). During restriction we will mark the data and process it only for limited purposes.
5. Portability. You have the right to receive Personal Data that you provided to us, in a structured, commonly used, machine-readable format, and transmit it to another controller where processing is based on consent or contract and carried out by automated means, or have us transmit it directly where technically feasible.
6. Objection. You have the right to object at any time to processing based on legitimate interests (including our limited relevance/sorting). We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms or the processing is for legal claims.
7. Consent Withdrawal. You have the right to, where processing is based on consent (e.g., non-essential cookies/SDKs, optional marketing), withdraw consent at any time without affecting the lawfulness of processing before withdrawal. For cookies, use the Cookie Settings link at any time.
8. Information about Recipients. You have the right to request information about the recipients or categories of recipients to whom Personal Data has been disclosed.
9. Complaint. You have the right to lodge a complaint with a supervisory authority.
   
   

9.2 Execution. In order to execute your rights you may submit a request via in-product tools or by emailing hello@joinwellsphere.com We may request information necessary to verify your identity (and authority, if acting on behalf of another) before we act on a request. Stronger verification is required for sensitive actions (e.g., deletion or portability). We may ask you to specify the processing activities or data sets to which your request relates (e.g., account data, messages, billing history). Deletion, restriction, or objection may affect your ability to use some features (e.g., messaging, stored CV).

9.3 Response. We will respond within one (1) month of receiving a verifiable request. We may extend by up to two (2) further months where necessary due to complexity or number of requests; if so, we will notify you within one month of receipt. We do not charge a fee to handle your request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act. If we decline all or part of a request, we will explain the reasons and your options to complain.

‍

10. US State Privacy Rights 

10.1 Scope. If you are a resident of a U.S. state with a comprehensive consumer privacy law, you may have the rights described in this Section 10, subject to statutory exceptions and our obligation to reasonably verify your identity.

10.2 Categories Collected. In the preceding 12 months we have collected the following categories of “personal information” as defined by the California Consumer Privacy Act:

1. Identifiers (e.g., name, email address, account ID).
2. Internet or other electronic network activity information (e.g., usage logs, device/OS/browser data, cookie and consent strings).
3. Professional or employment-related information (e.g., CV/resumé, education, experience you upload).
4. Commercial information (e.g., plan type, transaction amounts, payment status; we do not store full card numbers; our processor provides tokens/IDs).
5. Approximate geolocation (derived from IP address; no precise geolocation).
6. Sensitive personal information (SPI) limited to account log-in credentials (email plus password hash) used solely for authentication and security. We do not use SPI to infer characteristics. We do not create inferences about you.

10.3 Your Rights. Subject to applicable law, you may have the right to:

1.  Know/Access the personal information we hold about you (including a portable copy);
2. Delete personal information we collected from you;
3. Correct inaccuracies in your personal information;
4. Portability (receive certain information in a portable format); and
5. Opt out of any “sale” or “sharing” (for cross-context behavioral advertising), targeted advertising, or profiling used to make decisions that produce legal or similarly significant effects. We do not sell or share personal information for cross-context behavioral advertising and we do not engage in targeted advertising or decision-making profiling. If this changes, we will provide a “Do Not Sell/Share My Personal Information” link and will honor recognized Global Privacy Control (GPC) / universal opt-out signals where required.

10.4 How to Exercise. Submit a request through your account portal (where available) or by email to hello@joinwellsphere.com If you use an authorized agent, we require written authorization, and we may ask you to verify your identity directly with us.  We will respond to verifiable consumer requests within 45 days; we may extend once by an additional 45 days where reasonably necessary and permitted by law, and we will inform you of any extension. If we deny your request, you may appeal within the timeframe required by your state law (45–60 days, depending on the state). Appeal instructions will accompany our response. If your appeal is denied, you may contact your state attorney general.

10.5 Non-Discrimination. We will not discriminate against you for exercising your rights. Where permitted by law, we may offer price or service differences reasonably related to the value of your data (we currently do not operate any financial-incentive program).

‍

11. General
11.1 Do Not Track. Wellsphere does not respond to browser Do Not Track signals except where response is legally required.

11.2 Disclosures. Cookie categories, purposes, and durations are maintained in Cookiebot’s live cookie declaration, which is accessible from the Platform’s persistent Cookie Settings link.

11.3 Minors. The Platform is intended only for individuals aged eighteen (18) and older. If we become aware that Personal Data has been collected in violation of this restriction, we will delete such data promptly.

11.4 Updates to This Policy. Wellsphere may amend or update this Privacy Policy from time to time to reflect changes in law, regulatory guidance, our practices, or the features of the Platform. The “Last Updated” date at the top of the Policy indicates when the latest revisions were made. If material changes are made, Wellsphere will provide notice by reasonable means, which may include posting a prominent notice on the Platform, displaying an in-app/banner notification, or emailing registered users. Continued use of the Platform after the effective date of any updated Policy constitutes acknowledgment of the changes.

11.5 Severability. If any provision of this Privacy Policy is found invalid or unenforceable by a competent authority, the remaining provisions shall remain valid, binding, and enforceable to the fullest extent permitted by law.

11.6. Transfers. Personal Data may be processed in the United States and other jurisdictions where our service providers operate. For transfers from the EEA, UK, or Switzerland, we implement appropriate safeguards including (i) adequacy decisions, (ii) Standard Contractual Clauses (SCCs) with the UK Addendum/IDTA as applicable, and (iii) participation in the EU–U.S. Data Privacy Framework (if and when certified). A copy or summary of transfer mechanisms may be requested via hello@joinwellsphere.com