Privacy Policy

Privacy Policy for Soma: Wellness & Meditation

Effective Date: [10.04.25]

Welcome to Soma: Wellness & Meditation ("Soma", "we", "us", or "our"). We are committed to protecting your privacy and personal data. This Privacy Policy outlines how we collect, use, disclose, and protect your information in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant laws.

1. Information We Collect

1.1 Personal Data You Provide

When you interact with our app, we may collect the following information:

  • Name

  • Email address

  • Address (optional)

  • Phone number (optional)

  • Payment information (processed by trusted third parties: Stripe, Braintree, Apple, Google)

You may also provide information by filling out forms, submitting content, or contacting us.

1.2 Automatically Collected Data

We may automatically collect certain information, including:

  • Device information (type, model, operating system)

  • IP address and device identifiers

  • App usage data (pages viewed, features used, time spent)

  • Crash logs and performance data

  • General location data (if permissions are granted)

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Improve app performance and user experience

  • Remember user preferences and login sessions

  • Collect analytics and track marketing effectiveness

You can manage or disable cookies in your browser settings.

2. How We Use Your Data

We use your data to:

  • Provide, manage, and personalise the Soma app experience

  • Communicate with you about services, updates, and promotions (only if you opt in)

  • Process transactions and manage subscriptions

  • Respond to your inquiries and support requests

  • Monitor and improve app functionality and content

  • Detect and prevent fraud or abuse

  • Comply with legal obligations

3. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

  • Consent – when you have given us permission (e.g. for email/text marketing)

  • Contract – to provide services you’ve requested or paid for

  • Legal obligation – for regulatory compliance

  • Legitimate interest – to improve our services and ensure security

You may withdraw consent at any time by contacting us.

4. Sharing Your Information

We do not sell your data. We only share data as necessary:

4.1 Trusted Service Providers

Your data may be shared with:

  • Payment processors (Stripe, Braintree, Apple, Google)

  • Cloud service providers (for secure storage and backups)

  • Email and marketing tools (only if you opt in)

  • Analytics platforms (e.g. Google Analytics)

All third-party providers are contractually bound to keep your data secure.

4.2 Legal Compliance

We may disclose your data if required to:

  • Comply with UK law, legal process, or government requests

  • Prevent or detect fraud, abuse, or security threats

  • Protect Soma's rights, property, or safety of users

4.3 CRM & Customer Support

We use System Scaling (https://systemscaling.online) as our CRM platform to manage client relationships, support tickets, and service delivery. Personal data stored within System Scaling is limited to what is necessary to provide these services, such as contact information and session history.

System Scaling operates under strict contractual and technical safeguards to ensure the secure handling of your data.

4.4 Business Transfers

If Soma is sold, merged, or restructured, your data may be transferred to the new entity, provided it remains under the same privacy commitments.

5. Analytics and Performance Tracking

We use tools like Google Analytics and app-based analytics to collect anonymised data about usage patterns. This helps us:

  • Understand how users interact with the app

  • Fix bugs and improve performance

  • Optimise user experience

You can opt out of Google Analytics with this tool.

6. Cookies and Tracking Technologies

Cookies are small data files stored on your device. We use:

  • Session cookies: deleted when you close the app

  • Persistent cookies: remain on your device to help personalise experiences

You can manage cookie preferences in your browser or device settings.

7. Data Storage, Transfers & Security

Your data is stored securely within the UK or EEA. If data is transferred outside these regions (e.g., cloud processing), we use safeguards like:

  • UK ICO-approved Standard Contractual Clauses

  • Services based in countries with an adequacy decision

We protect your data through:

  • Encrypted storage and data transmission (HTTPS, TLS)

  • Firewalls and access controls

  • Regular security reviews and vulnerability scans

No system is completely secure. Please keep your login credentials confidential.

8. Children’s Privacy

Our services are not intended for users under 18. We do not knowingly collect data from minors. If we learn we have done so, we will delete the information. Parents can contact us at sam@somameditation.co.uk.

9. Your Rights Under UK GDPR

You have the right to:

  • Request access to your data

  • Correct inaccurate or incomplete information

  • Request data deletion (subject to legal obligations)

  • Object to or restrict processing

  • Withdraw consent at any time

  • Request data portability (if applicable)

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of your rights, contact us at: sam@somameditation.co.uk

10. Data Retention

We retain your data:

  • As long as your account is active

  • For as long as necessary for the purposes stated in this policy

  • To meet legal, tax, or regulatory obligations

When no longer needed, your data is securely deleted.

11. Account Deletion

We are committed to providing users with control over their personal data. If you have created an account within the Soma app and wish to delete it, you can request account deletion directly from within the app by visiting the Settings section and tapping Delete My Account.

Alternatively, you may email us at sam@somameditation.co.uk with the subject line "Account Deletion Request." We will process your request within 7 days and delete all associated personal data unless we are legally required to retain it.

12. Updates to This Privacy Policy

We may revise this Privacy Policy to reflect changes to our services or legal requirements. The most recent version will always be published on our website. Major changes will be communicated via the app or email.

13. Contact Details

If you have questions about this policy or your data, please contact:

Sam
Email: sam@somameditation.co.uk
Registered Business Name: Soma Meditation Ltd
Address: Hares Farm, Hares Lane, Hook, Hampshire, UK RG27 8UL

Last updated: [10.04.25]