Privacy Policy
1. Introduction
This Privacy Policy explains how Namedi (“Namedi,” “we,” “us,” or “our”) handles information in connection with the Namedi mobile application (the “App”), our website at namedi.app (the “Site”), and related services (together, the “Services”).
Namedi is a wellness app. It is not a medical device and does not diagnose, treat, cure, or prevent any disease or health condition, and it is not a substitute for professional medical advice. Please see our Terms & Conditions for the full wellness disclaimer.
A core principle of Namedi is data minimization: your sensitive health and biometric data is processed only on your device and is never sent to our servers or to any third party. We explain exactly what this means below.
2. Who we are and how to contact us
Data controller: Namedi
Registered address: AL10 9AB, United Kingdom
Privacy contact / email: privacy@namedi.app
3. What data we collect and how
We have deliberately built Namedi to collect as little personal data as possible. Here is the full picture.
3.1 Health and biometric data — processed on-device, not collected by us
With your explicit permission, the App reads heart-rate and heart-rate variability (HRV) data from:
- Apple HealthKit (on iOS), and
- Android Health Connect (on Android).
This health data is processed locally on your device to generate your session experience, scores, and insights. We do not transmit this health data to Namedi’s servers or to any third party, and we cannot access it. Your session history, calculated scores, and insights are also stored locally on your device.
You grant this access through your operating system’s permission prompts, and you can withdraw it at any time in your device settings (Apple Health / Health Connect permissions).
3.2 Account and authentication data
If you create an account, we process:
- your account email address, and
- authentication tokens used to keep you signed in.
Authentication is provided through Supabase. You can sign up and sign in with email and password, Google Sign-In, or Sign in with Apple. Authentication tokens are held in your device’s secure store (e.g., the platform keychain/keystore).
3.3 Waitlist data
If you join our launch waitlist on the Site (namedi.app), we collect the email address you provide. Waitlist emails are stored in Supabase and used only to contact you about the launch and related updates.
3.4 Data we do NOT collect
- We do not collect your HealthKit / Health Connect data on our servers.
- We do not use third-party advertising trackers or analytics SDKs that report to our servers. Any analytics we use are on-device only.
- We do not sell your personal data or share it with data brokers.
4. How we use your data and our legal bases
We use the limited data described above for the following purposes. Where the UK GDPR or EU GDPR applies, we rely on the legal bases shown.
| Purpose | Data used | GDPR legal basis |
|---|---|---|
| Create and secure your account; keep you signed in | Account email, auth tokens | Contract (to provide the Services you request) |
| Provide the meditation/wellness experience, scores, and insights | Heart-rate/HRV and session data (on-device only) | Consent (via your device health permission), performed locally |
| Contact you about the launch waitlist | Waitlist email | Consent |
| Maintain, secure, and improve the Services; prevent abuse | Account email, technical/auth data | Legitimate interests (running a secure, reliable service) |
| Comply with legal obligations | As required | Legal obligation |
Because your health data stays on your device, we are not able to use it for any purpose beyond delivering the on-device feature to you.
5. Apple HealthKit and Android Health Connect — specific commitments
We follow the platform health-data rules. In particular:
- Data obtained through Apple HealthKit is used only to provide the meditation/wellness features within the App.
- We do not use HealthKit data for advertising or any use-based data mining beyond providing your health features.
- We do not sell HealthKit data, and we do not share it with third parties for advertising, marketing, or similar purposes.
- We do not disclose HealthKit data to third parties.
Equivalent commitments apply to data read through Android Health Connect: it is used solely to provide the App’s features on your device and is not transmitted to us or to third parties.
6. Sharing and sub-processors
We do not sell or share your personal data for cross-context behavioral advertising, and we do not use ad trackers or data brokers.
We do rely on a small number of service providers (“sub-processors”) to run the Services. The categories are:
| Sub-processor | Purpose | Personal data involved |
|---|---|---|
| Supabase | Authentication and database (account + waitlist) | Account email, auth tokens, waitlist email |
| Google Sign-In | Sign-in identifiers/tokens | |
| Apple | Sign in with Apple | Sign-in identifiers/tokens |
| Apple App Store / Google Play | App distribution and (future) subscription billing | Purchase/billing data handled by the platform |
| ElevenLabs / voice generation provider | Producing the App’s AI-generated guided-session voice as content | None — no user data is sent; used only to create pre-produced audio |
We may also disclose information where required by law, to enforce our Terms, or to protect the rights, safety, and security of our users, the public, or Namedi.
7. AI-generated voice
For transparency: the guided sessions in the App use an AI-generated voice, not a human teacher. The voice content is produced ahead of time and does not involve sending your data to the voice provider.
8. International data transfers
Namedi is offered globally. Our authentication and waitlist data are stored with Supabase in the region Ireland (EU). If your personal data is transferred outside your home country (for example, outside the UK or European Economic Area), we rely on appropriate safeguards such as the UK International Data Transfer Agreement / Addendum and the EU Standard Contractual Clauses (SCCs), or an applicable adequacy decision. You can request more information using the contact details in Section 2.
9. Your privacy rights
9.1 If you are in the UK or EU (UK GDPR / EU GDPR)
You have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data (“right to be forgotten”);
- Restrict processing in certain circumstances;
- Data portability — receive your data in a portable format;
- Object to processing based on legitimate interests;
- Withdraw consent at any time (without affecting prior processing);
- Lodge a complaint with a supervisory authority. In the UK this is the Information Commissioner’s Office (ICO) (ico.org.uk); in the EU it is your local data protection authority.
To exercise these rights, contact us at privacy@namedi.app. Note that most of your health and session data lives only on your device and is under your direct control — you can delete it by deleting the data in the App or uninstalling the App.
9.2 If you are in the United States (CCPA / CPRA and similar state laws)
Subject to applicable law, you have the right to:
- Know / access the categories and specific pieces of personal information we have collected;
- Delete personal information we hold about you;
- Correct inaccurate personal information;
- Opt out of the “sale” or “sharing” of personal information — note: we do not sell or share your personal information, and we do not use it for cross-context behavioral advertising;
- Limit use of sensitive personal information — your sensitive health data is processed only on your device to provide the feature you requested;
- Non-discrimination — we will not discriminate against you for exercising your rights;
- Use an authorized agent to submit a request on your behalf.
To exercise these rights, contact us at privacy@namedi.app. We will verify your request as required by law.
10. Data retention and deleting your account
- On-device data (health data, session history, scores, insights) is retained on your device until you delete it in the App or uninstall the App, which removes locally stored data.
- Account data (email, auth tokens) is retained for as long as your account is active.
- Waitlist emails are retained until you unsubscribe or ask us to delete them, or until the waitlist purpose is fulfilled.
To delete your account and associated server-side data (account email and related records), you can delete your account in the Namedi app under Profile → Delete account, or contact us at privacy@namedi.app. Deleting the App from your device removes locally stored health and session data.
11. Security
We use technical and organizational measures appropriate to the limited data we hold, including storing authentication tokens in the device secure store and relying on reputable providers (such as Supabase) for authentication and storage. Keeping your sensitive health data on-device is itself a core security measure. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Children’s privacy
Namedi is intended for adults. The Services are not directed to children under 13 (United States) or under 16 where a higher minimum age applies (parts of the EU). We do not knowingly collect personal data from children below these ages. If you believe a child has provided us personal data, contact us at privacy@namedi.app and we will delete it.
13. Changes to this Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective date” above and, where appropriate, notify you in the App or by email. Your continued use of the Services after an update means you accept the revised Policy.
14. Contact us
Questions or requests about this Policy or your data:
Namedi
AL10 9AB, United Kingdom
privacy@namedi.app