Privacy Policy – Eunai

Last updated: November 10, 2025

Thank you for trusting Eunai – the mobile and web application (eunai.zone). Protecting your privacy is our top priority.

The data controller is:
Eunai SAMUEL KĘDZIORA
Zimorodka 10/10, 44-122 Gliwice, Poland
Contact: contact@eunai.zone

1. Data we collect

We collect data solely to provide services and ensure the proper functioning of the Eunai application.
We may collect the following information:

• Email address – for login and communication,
• Health data – heart rate (HR), heart rate variability (HRV), and workout data, collected only with your explicit consent through Apple HealthKit,
• Session and usage data – such as meditation logs, session results, notes, and personalization settings,
• Device and technical data – such as language, app version, and device type,
• Login and session data – cookies and local cache used to maintain login and improve UX (e.g. storing images and basic data).

We do not collect location data, contacts, photos, microphone recordings, or any financial information.
We do not collect any marketing or tracking data beyond what is strictly necessary for app functionality.

2. How we use your data

Your data is used to:

• enable core app functionality (heart rate sync, session logging, personalization),
• manage user login and account access,
• handle subscriptions (via Apple App Store only),
• communicate important account or update information,
• improve the app through anonymous usage statistics.

We never sell or share your data with third parties for advertising purposes.

3. Third-party services

We rely on trusted providers:

• Supabase – database and authentication (policy),
• Apple HealthKit – health data on supported devices (policy),
• Apple App Store – subscriptions and payments (policy),
• Google, Apple, Facebook – third-party login (Google, Apple, Facebook).

These providers only have access to the data necessary to perform their services.
All data transfers occur securely and only within the limits necessary to operate the app in compliance with provider policies.

4. Legal basis for data processing

Your data is processed based on:

• your consent – e.g. when granting access to HealthKit,
• contract performance – login, app usage, subscriptions,
• legitimate interest – ensuring app stability, performance, and security.

5. Cookies and local storage

• On eunai.zone website – cookies are used solely to maintain login sessions,
• In the mobile app – local storage/cache is used for session handling, image caching, and UX improvements.

We do not use cookies or cache for marketing or profiling purposes.

6. Data storage and security

• Data is stored securely in the Supabase cloud, with encryption and access control.
• Health data remains on your device unless you explicitly allow synchronization.
• Data access is strictly limited to features required for core functionality.
• All transfers are encrypted via TLS/SSL and protected through secure token authorization.
• HealthKit data is never shared, sold, or used for marketing, analytics, or advertising.

7. Your rights

You have the right to:

• access your data,
• correct or update your data,
• delete your account and/or stored session data,
• restrict or object to data processing,
• withdraw consent at any time.

You may also file a complaint with the President of the Personal Data Protection Office (UODO) if you believe your rights have been violated.

To exercise your rights, contact us at support@eunai.zone.

8. Data deletion and account removal

You can manage your data directly in the Eunai app.

• Deleting session data and health metrics
  Within the app, you can remove all stored session results, personal notes, and health-related measurements (such as heart rate or HRV).
  This option allows you to clear your saved insights and meditation history while keeping your account active.

• Deleting your entire account
  You can permanently delete your account and all associated personal data via:
  Settings → Account → Delete Account.

For security reasons, the process requires confirmation via password or biometric authentication (Face ID or Touch ID).
Once confirmed, deletion is irreversible, and all associated session data, notes, and health metrics are permanently removed from our systems.

If you have an active subscription, it must be canceled separately through your Apple ID → Subscriptions settings.

9. Data retention

• We retain your data only as long as necessary to provide our services or as required by law.
• When you delete session data, only that specific information is removed; your account remains active.
• When you delete your account, all associated data is permanently erased from our systems.
• Backups are securely purged within a reasonable time after account deletion.

10. Minimum user age

Eunai is not intended for children under 13 years of age.
Users aged 13–17 may use the app only with parental or guardian consent.

11. Changes to this Privacy Policy

We may update this Privacy Policy periodically.
The most recent version will always be available at eunai.zone, and the app will link directly to this page.
Significant updates will be communicated within the app or via email when required by law.

12. Contact

For privacy or data-related inquiries:
support@eunai.zone

🙏 Thank you for choosing Eunai — your safe space for inner connection.