Privacy Policy for Soma: Wellness & Meditation

1. Information We Collect

1.1 Personal Data You Provide. When you interact with our app, we may collect the following information:

• Name
• Email address
• Address (optional)
• Phone number (optional)
• Payment information (processed by trusted third parties: Stripe, Braintree, Apple, Google)

1.2 Automatically Collected Data

We may automatically collect certain information, including:

• Device information (type, model, operating system)
• IP address and device identifiers
• App usage data (pages viewed, features used, time spent)
• Crash logs and performance data
• General location data (if permissions are granted)

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Improve app performance and user experience
• Remember user preferences and login sessions
• Collect analytics and track marketing effectiveness

2. How We Use Your Data

We use your data to:

• Provide, manage, and personalise the Soma app experience
• Communicate with you about services, updates, and promotions (only if you opt in)
• Process transactions and manage subscriptions
• Respond to your inquiries and support requests
• Monitor and improve app functionality and content
• Detect and prevent fraud or abuse
• Comply with legal obligations

3. Lawful Basis for Processing

Under UK GDPR, we rely on the following lawful bases:

• Consent – when you have given us permission (e.g. for email/text marketing)
• Contract – to provide services you've requested or paid for
• Legal obligation – for regulatory compliance
• Legitimate interest – to improve our services and ensure security

4. Sharing Your Information

We do not sell your data. We only share data as necessary.

4.1 Trusted Service Providers. Your data may be shared with:

• Payment processors (Stripe, Braintree, Apple, Google)
• Cloud service providers (for secure storage and backups)
• Email and marketing tools (only if you opt in)
• Analytics platforms (e.g. Google Analytics)

4.2 Legal Compliance

We may disclose your data if required to:

• Comply with UK law, legal process, or government requests
• Prevent or detect fraud, abuse, or security threats
• Protect Soma's rights, property, or safety of users

4.3 CRM & Customer Support

We use System Scaling as our CRM platform to manage client relationships, support tickets, and service delivery. Personal data stored within System Scaling is limited to what is necessary to provide these services, such as contact information and session history.

System Scaling operates under strict contractual and technical safeguards to ensure the secure handling of your data.

4.4 Business Transfers

If Soma is sold, merged, or restructured, your data may be transferred to the new entity, provided it remains under the same privacy commitments.

5. Analytics and Performance Tracking

We use tools like Google Analytics and app-based analytics to collect anonymised data about usage patterns. This helps us understand how users interact with the app, fix bugs and improve performance, and optimise user experience.

You can opt out of Google Analytics with this tool.

6. Cookies and Tracking Technologies

Cookies are small data files stored on your device. We use:

• Session cookies: deleted when you close the app
• Persistent cookies: remain on your device to help personalise experiences

7. Data Storage, Transfers & Security

Your data is stored securely within the UK or EEA. If data is transferred outside these regions (e.g., cloud processing), we use safeguards like UK ICO-approved Standard Contractual Clauses and services based in countries with an adequacy decision.

We protect your data through encrypted storage and data transmission (HTTPS, TLS), firewalls and access controls, and regular security reviews and vulnerability scans.

No system is completely secure. Please keep your login credentials confidential.

8. Children's Privacy

Our services are not intended for users under 18. We do not knowingly collect data from minors. If we learn we have done so, we will delete the information. Parents can contact us at sam@soma-meditation.com.

9. Your Rights Under UK GDPR

You have the right to:

• Request access to your data
• Correct inaccurate or incomplete information
• Request data deletion (subject to legal obligations)
• Object to or restrict processing
• Withdraw consent at any time
• Request data portability (if applicable)
• Lodge a complaint with the Information Commissioner's Office (ICO)

10. Data Retention

We retain your data:

• As long as your account is active
• For as long as necessary for the purposes stated in this policy
• To meet legal, tax, or regulatory obligations

11. Account Deletion

We are committed to providing users with control over their personal data. If you have created an account within the Soma app and wish to delete it, you can request account deletion directly from within the app by visiting the Settings section and tapping Delete My Account.

Alternatively, you may email us at sam@soma-meditation.comwith the subject line "Account Deletion Request." We will process your request within 7 days and delete all associated personal data unless we are legally required to retain it.

12. Updates to This Privacy Policy

We may revise this Privacy Policy to reflect changes to our services or legal requirements. The most recent version will always be published on our website. Major changes will be communicated via the app or email.

13. Contact Details

If you have questions about this policy or your data, please contact Sam by email at sam@soma-meditation.com.

Registered Business Name: Soma Meditation Ltd. Address: Hares Farm, Hares Lane, Hook, Hampshire, UK RG27 8UL.