Namedi
Template notice — please read. This document is a plain-language template prepared to reflect Namedi’s data practices. It is not legal advice and has not been reviewed by a lawyer. Before you publish or rely on it, have a qualified attorney licensed in your jurisdiction review and adapt it.

Privacy Policy


1. Introduction

This Privacy Policy explains how Namedi (“Namedi,” “we,” “us,” or “our”) handles information in connection with the Namedi mobile application (the “App”), our website at namedi.app (the “Site”), and related services (together, the “Services”).

Namedi is a wellness app. It is not a medical device and does not diagnose, treat, cure, or prevent any disease or health condition, and it is not a substitute for professional medical advice. Please see our Terms & Conditions for the full wellness disclaimer.

A core principle of Namedi is data minimization: your sensitive health and biometric data is processed only on your device and is never sent to our servers or to any third party. We explain exactly what this means below.

2. Who we are and how to contact us

Data controller: Namedi
Registered address: AL10 9AB, United Kingdom
Privacy contact / email: privacy@namedi.app

3. What data we collect and how

We have deliberately built Namedi to collect as little personal data as possible. Here is the full picture.

3.1 Health and biometric data — processed on-device, not collected by us

With your explicit permission, the App reads heart-rate and heart-rate variability (HRV) data from:

This health data is processed locally on your device to generate your session experience, scores, and insights. We do not transmit this health data to Namedi’s servers or to any third party, and we cannot access it. Your session history, calculated scores, and insights are also stored locally on your device.

You grant this access through your operating system’s permission prompts, and you can withdraw it at any time in your device settings (Apple Health / Health Connect permissions).

3.2 Account and authentication data

If you create an account, we process:

Authentication is provided through Supabase. You can sign up and sign in with email and password, Google Sign-In, or Sign in with Apple. Authentication tokens are held in your device’s secure store (e.g., the platform keychain/keystore).

3.3 Waitlist data

If you join our launch waitlist on the Site (namedi.app), we collect the email address you provide. Waitlist emails are stored in Supabase and used only to contact you about the launch and related updates.

3.4 Data we do NOT collect

4. How we use your data and our legal bases

We use the limited data described above for the following purposes. Where the UK GDPR or EU GDPR applies, we rely on the legal bases shown.

Purpose Data used GDPR legal basis
Create and secure your account; keep you signed in Account email, auth tokens Contract (to provide the Services you request)
Provide the meditation/wellness experience, scores, and insights Heart-rate/HRV and session data (on-device only) Consent (via your device health permission), performed locally
Contact you about the launch waitlist Waitlist email Consent
Maintain, secure, and improve the Services; prevent abuse Account email, technical/auth data Legitimate interests (running a secure, reliable service)
Comply with legal obligations As required Legal obligation

Because your health data stays on your device, we are not able to use it for any purpose beyond delivering the on-device feature to you.

5. Apple HealthKit and Android Health Connect — specific commitments

We follow the platform health-data rules. In particular:

Equivalent commitments apply to data read through Android Health Connect: it is used solely to provide the App’s features on your device and is not transmitted to us or to third parties.

6. Sharing and sub-processors

We do not sell or share your personal data for cross-context behavioral advertising, and we do not use ad trackers or data brokers.

We do rely on a small number of service providers (“sub-processors”) to run the Services. The categories are:

Sub-processor Purpose Personal data involved
Supabase Authentication and database (account + waitlist) Account email, auth tokens, waitlist email
Google Google Sign-In Sign-in identifiers/tokens
Apple Sign in with Apple Sign-in identifiers/tokens
Apple App Store / Google Play App distribution and (future) subscription billing Purchase/billing data handled by the platform
ElevenLabs / voice generation provider Producing the App’s AI-generated guided-session voice as content None — no user data is sent; used only to create pre-produced audio

We may also disclose information where required by law, to enforce our Terms, or to protect the rights, safety, and security of our users, the public, or Namedi.

7. AI-generated voice

For transparency: the guided sessions in the App use an AI-generated voice, not a human teacher. The voice content is produced ahead of time and does not involve sending your data to the voice provider.

8. International data transfers

Namedi is offered globally. Our authentication and waitlist data are stored with Supabase in the region Ireland (EU). If your personal data is transferred outside your home country (for example, outside the UK or European Economic Area), we rely on appropriate safeguards such as the UK International Data Transfer Agreement / Addendum and the EU Standard Contractual Clauses (SCCs), or an applicable adequacy decision. You can request more information using the contact details in Section 2.

9. Your privacy rights

9.1 If you are in the UK or EU (UK GDPR / EU GDPR)

You have the right to:

To exercise these rights, contact us at privacy@namedi.app. Note that most of your health and session data lives only on your device and is under your direct control — you can delete it by deleting the data in the App or uninstalling the App.

9.2 If you are in the United States (CCPA / CPRA and similar state laws)

Subject to applicable law, you have the right to:

To exercise these rights, contact us at privacy@namedi.app. We will verify your request as required by law.

10. Data retention and deleting your account

To delete your account and associated server-side data (account email and related records), you can delete your account in the Namedi app under Profile → Delete account, or contact us at privacy@namedi.app. Deleting the App from your device removes locally stored health and session data.

11. Security

We use technical and organizational measures appropriate to the limited data we hold, including storing authentication tokens in the device secure store and relying on reputable providers (such as Supabase) for authentication and storage. Keeping your sensitive health data on-device is itself a core security measure. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Children’s privacy

Namedi is intended for adults. The Services are not directed to children under 13 (United States) or under 16 where a higher minimum age applies (parts of the EU). We do not knowingly collect personal data from children below these ages. If you believe a child has provided us personal data, contact us at privacy@namedi.app and we will delete it.

13. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective date” above and, where appropriate, notify you in the App or by email. Your continued use of the Services after an update means you accept the revised Policy.

14. Contact us

Questions or requests about this Policy or your data:

Namedi
AL10 9AB, United Kingdom
privacy@namedi.app