Privacy
Policy.

This Privacy Policy explains how Aros Hair Institute LLC ("Aros," "we," "our," or "us") collects, uses, stores, and protects your personal information when you visit our website at aros.institute (the "Site"), submit an application, or enroll in any of our programs.

By using our Site or submitting any information to us, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Site or services.

We are committed to handling your personal data with care, transparency, and respect. We do not sell your information to third parties.

We collect information you provide directly to us, including:

Application Information: When you apply to a program, we collect your name, email address, phone number, date of birth, location (city and state), years of experience, current role or employment setting, program interest, goals, challenges, and any other information you provide in your application.

Account Information: If you are accepted and enroll, we collect account credentials (username and password), payment information (processed securely via our payment provider), and program progress data.

Communication Data: Any messages, emails, or correspondence you send to us.

Automatically Collected Data: When you visit our Site, we may automatically collect your IP address, browser type, operating system, referring URLs, pages viewed, and time spent on the Site through standard web technologies such as cookies and server logs.

We do not collect: Social Security numbers, government-issued ID numbers, financial account information beyond what is necessary to process program payments, or sensitive health information.

We use the information we collect for the following purposes:

Program Operations: To review your application, communicate decisions, onboard accepted applicants, deliver program content, schedule mentorship sessions, and track your progress through the curriculum.

CRM & Communication: We store your contact information and application data in our Customer Relationship Management (CRM) system to manage our relationship with you — including follow-up communications, application status updates, enrollment coordination, and ongoing program support. We use this system to ensure you receive timely, relevant communication throughout your experience with Aros.

Transactional Emails: To send you application confirmations, acceptance or rejection notices, enrollment details, payment receipts, session reminders, and other communications necessary to deliver our services.

Marketing (with consent): If you opt in, we may send you information about new programs, resources, or updates from Aros. You may unsubscribe at any time.

Site Improvement: To understand how visitors use our Site and to improve its content, performance, and functionality.

Legal Compliance: To comply with applicable laws, respond to legal requests, and protect the rights and safety of Aros, our staff, and our members.

Your personal information is stored in a secure CRM (Customer Relationship Management) platform used to manage applicant and member records. This system is used by authorized Aros staff only and is protected by industry-standard security measures including encryption at rest and in transit.

Data stored in our CRM includes: your name, contact information, application responses, enrollment status, program tier, session notes (non-medical), and communication history with Aros staff.

We retain your data for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law. If you request deletion of your data (see Section 8), we will remove your personally identifiable information from our active systems within 30 days, subject to any legal retention requirements.

We do not sell, trade, or rent your personal information to third parties for their own marketing purposes.

We may share your information with:

Service Providers: Trusted third-party companies that help us operate our business, including our CRM provider, email delivery service, payment processor, and website hosting provider. These parties are contractually obligated to protect your information and may only use it to provide services on our behalf.

Mentors: If you are enrolled in an Advanced Mentorship program, relevant information (your name, program details, and goals) is shared with your assigned mentor to facilitate your sessions. Mentors are bound by confidentiality obligations.

Legal Requirements: We may disclose your information if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Aros, our members, or the public.

Business Transfers: In the event of a merger, acquisition, or sale of all or part of our assets, your information may be transferred as part of that transaction. We will notify you of any such change.

Our Site uses cookies — small text files stored on your device — to improve your browsing experience and understand how visitors interact with our content.

Essential Cookies: Required for the Site to function, including session management and security features. These cannot be disabled.

Analytics Cookies: Used to understand traffic patterns, page performance, and visitor behavior in aggregate. This data is anonymized and does not identify you personally.

Preference Cookies: Used to remember your choices and settings on the Site.

You can control cookie settings through your browser preferences. Disabling non-essential cookies will not affect your ability to access our Site, though some features may function differently.

We do not use cross-site advertising trackers or sell cookie data to third parties.

We take reasonable technical and organizational measures to protect your personal information from unauthorized access, loss, misuse, disclosure, or alteration. These measures include:

• —Encrypted data transmission (HTTPS/TLS)
• —Encrypted storage for sensitive data
• —Access controls limiting who can view personal data
• —Regular review of our data handling practices

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you believe your information has been compromised, please contact us immediately at privacy@aros.institute.

Depending on your location, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you.

Correction: Request that we correct inaccurate or incomplete information.

Deletion: Request that we delete your personal data. Note that we may retain certain information as required by law or for legitimate business purposes (e.g., records of completed transactions).

Opt-Out of Marketing: Unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any email or contacting us directly.

Data Portability: Request that your data be provided in a structured, commonly used format.

To exercise any of these rights, contact us at privacy@aros.institute. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are located in the European Economic Area (EEA), United Kingdom, or California, you may have additional rights under GDPR or the California Consumer Privacy Act (CCPA). Please contact us for details.

Our programs and services are intended for individuals who are at least 18 years of age. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have inadvertently collected personal information from a minor, we will take steps to delete it promptly. If you believe a minor has submitted information to us, please contact us at privacy@aros.institute.

Our Site may contain links to third-party websites or platforms (such as social media). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through a notice on our Site.

Your continued use of the Site after any update constitutes your acceptance of the revised Privacy Policy.