Privacy Policy

1. Introduction

This Privacy Policy applies to the MindBreathe mobile application and related website.

This Privacy Policy describes how MindBreathe ("we", "us", or "our") collects, uses, stores, and discloses your information when you use the MindBreathe mobile application (the "Service"), and explains your privacy rights and how applicable laws protect you.

MindBreathe is operated by independent developers based in Warsaw, Poland.

By creating an account or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data We Collect

We collect only the data that is necessary to provide, maintain, and improve the Service.

2.1 Personal Data

When you create an account, we may collect:

• Email address
• First name
• Last name
• Profile picture (optional)
• Encrypted password (hashed)
• OAuth authentication data (Google / Apple Sign-In)
• Internal User ID

This information is required to create and manage your account.

2.2 Usage Data

To improve user experience and personalize content, we collect limited in-app activity data, including:

• Sections opened
• Content listened to
• Favorites
• Interaction events within the application
• Error logs

This data is used solely for internal analytics, service improvement, and personalization.

We do not use third-party analytics or advertising tracking services.

2.3 Contact and Support Data

If you contact us via the website contact form or email, we may collect:

• Your name (if provided)
• Your email address
• The content of your message

We use this information solely to respond to your inquiry and provide support.

We do not collect:

• Geolocation data
• Device identifiers
• Advertising identifiers
• Payment data
• IP addresses for tracking or profiling purposes

3. How We Use Your Data

We use your data to:

• Create and manage your account
• Provide access to meditation content
• Personalize content recommendations
• Improve application performance and stability
• Maintain security and prevent abuse
• Respond to support requests and contact form inquiries

We do not sell, rent, or share your personal data for advertising purposes.

4. Legal Basis for Processing (GDPR)

If you are located in the European Union, we process your personal data in accordance with the General Data Protection Regulation (GDPR) based on the following legal grounds:

• Your consent (for account creation and optional profile information)
• Performance of a contract (to provide access to the Service)
• Legitimate interest (to ensure security, prevent abuse, and improve the Service)

We process only the minimum amount of personal data necessary for these purposes.

You may withdraw your consent at any time by deleting your account or contacting us.

5. Data Storage and Security

Your data is securely stored on cloud infrastructure located in the European Union (Netherlands).

We implement appropriate technical and organizational measures to protect your data, including:

• HTTPS encryption
• Secure password hashing
• JWT-based authentication
• Token expiration and automatic refresh mechanisms
• Rate limiting and protection against brute-force attacks
• Access control and restricted administrative access

We take reasonable steps to protect your personal data. However, no method of electronic storage or transmission over the Internet can be guaranteed to be 100% secure.

6. Third-Party Services

We use trusted third-party service providers to operate and support the Service. These providers process limited data strictly on our behalf and only as necessary to provide their services.

We currently use:

• Google Sign-In (authentication)
• Apple Sign-In (authentication)
• Cloudflare (content delivery network and infrastructure security)
• DigitalOcean (cloud hosting infrastructure)
• Mailgun / Mailtrap (email delivery services)
• Redis (secure caching and performance optimization)

These providers may process technical and account-related data solely for the purpose of delivering infrastructure, authentication, and communication services. We do not authorize them to use your data for advertising or independent marketing purposes.

7. Data Retention

We retain your personal data only for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy.

We retain your data in the following cases:

Account Data

Personal information associated with your account (such as email address and account preferences) is retained while your account remains active.

Usage Data

Information about how you interact with the application may be retained for analytical and service improvement purposes.

Legal Requirements

We may retain certain information where necessary to comply with legal obligations, resolve disputes, enforce agreements, or comply with regulatory requirements.

Account Deletion Requests

When you submit a request to delete your account through the application settings, your account is scheduled for deletion after a 14-day waiting period. During this period, you may cancel the deletion request from your account settings.

If the deletion request is not canceled within this period, your account and associated personal data will be permanently deleted.

Security and System Logs

Certain technical logs or security-related information may be retained for a limited period (up to 30 days) to help detect abuse, troubleshoot technical issues, and ensure system security.

After these retention periods expire, the data is either securely deleted or anonymized so that it can no longer be associated with you.

8. Your Rights (GDPR)

If you are located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

• The right to access your personal data
• The right to request correction of inaccurate or incomplete data
• The right to request deletion of your personal data
• The right to restrict or object to processing
• The right to data portability (where applicable)
• The right to withdraw consent at any time

If you believe your data is being processed unlawfully, you also have the right to lodge a complaint with your local data protection authority.

To exercise your rights, please contact us at: [email protected]

We may request verification of your identity before processing certain requests.

9. Account Deletion

You may request deletion of your account at any time within the application via:

Settings -> Request Account Deletion (Request deletion)

After you confirm the deletion request, your account will be scheduled for deletion 14 days later. During this 14-day period, you may cancel the deletion request in the application settings. If the request is not canceled, your account and personal data will be deleted after the 14-day period.

Following deletion, certain minimal technical or legal records may be retained for a limited period as described in Section 7.

10. Children's Privacy

The Service is not intended for individuals under the age of 13.

We do not knowingly collect personal data from children under 13. If we become aware that such data has been collected without verified parental consent, we will take reasonable steps to delete it promptly.

11. International Transfers

Your data is primarily processed within the European Union (Netherlands). However, some of our service providers may operate in other jurisdictions.

Where personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place in accordance with applicable data protection laws.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or improvements to the Service.

Any updates will be published within the application and on our website with an updated "Last updated" date.

Continued use of the Service after such updates constitutes acceptance of the revised Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or your personal data, you may contact us at: [email protected]