Privacy Policy

Effective Date: April 11, 2026 — Last Updated: April 18, 2026

IDAKIM LTD (“we,” “us,” or “our”), a company registered in the United Kingdom, operates the Breathara mobile application for iOS and Android and this website (collectively, the “Service”). This Privacy Policy explains in detail what information we collect, how we collect it, how we use it, with whom we share it, how we store and protect it, and what rights and choices you have regarding your data.

This Privacy Policy has been drafted in strict compliance with Apple App Store Review Guidelines (including but not limited to Guidelines 1.2, 1.3, 1.4, 1.5, 1.6, 2.3, 3.1, 4.8, 5.1, 5.2, and 5.6), the European Union General Data Protection Regulation (GDPR), the United Kingdom GDPR (UK GDPR), the U.S. Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), and all other applicable privacy and data protection laws worldwide.

By downloading, installing, or using Breathara, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.

1. Scope of This Policy

This Privacy Policy applies to:

• The Breathara mobile application available on Apple’s App Store and Google Play Store.
• All features within the app, including meditation, breathing exercises, yoga sessions, sleep support, AI wellness coaching, community features, mood logging, and subscription management.
• This website (evrenhaznedaroglu2024-ops.github.io/Breathara/).
• All communications between you and IDAKIM LTD, including support emails and in-app feedback.

2. Data Controller Information

The data controller responsible for your personal data is:

• Company: IDAKIM LTD
• Contact Person: Evren Haznedaroglu
• Email: info@idakimi.com
• Phone: +44 744 19222077

3. Information We Collect

We practice strict data minimization (Apple Guideline 5.1.1(iii)). We only collect and process data that is directly relevant to providing the core functionality of the Service. Below is an exhaustive list of the categories of data we may collect:

3.1 Information You Provide Directly

• Account Registration Data: If you choose to create an account, we collect your name and email address. Account creation is optional for basic features. If you use Sign in with Apple, we receive only the information Apple provides based on your preferences (you may choose to hide your email address). We do not require social network login for core functionality (Guideline 4.8, 5.1.1(v)).
• Profile Information: Optional profile details you may provide, such as a display name or profile picture for community features.
• AI Coaching Conversations: Text messages you voluntarily send to the AI wellness coach. These inputs are processed solely to generate supportive, reflective responses. They are not used for advertising, profiling, or any purpose beyond providing the coaching feature.
• Mood and Wellness Logs: Optional mood entries, journal notes, and wellness reflections you choose to record within the app.
• Support Communications: Information you provide when contacting our support team, including your name, email address, and the content of your message.
• Community Content: If you participate in community features, any content you post (text, reactions) within moderated community spaces.

3.2 Information Collected with Your Explicit Permission

• Apple HealthKit Data (iOS): With your explicit, informed, and revocable consent granted through Apple’s native HealthKit permission dialog, Breathara may read and/or write the following specific HealthKit data types:
  • Mindful Minutes — to log completed meditation or breathing sessions.
  We will never access HealthKit data without your prior explicit authorization via the iOS permission prompt. You may revoke this permission at any time through your device’s Settings > Privacy & Security > Health > Breathara. HealthKit data is never used for advertising, marketing, data mining, or shared with third parties (Guidelines 5.1.2(vi), 5.1.3).
• Google Health Connect Data (Android): On Android devices with Health Connect, with your explicit consent, Breathara may read/write Mindful Minutes data. The same strict protections apply as with HealthKit.
• Notifications Permission: We request notification permission only to deliver meditation reminders, session completions, and other app-related alerts you configure. Push Notifications are never required for the app to function (Guideline 4.5.4).

3.3 Information Collected Automatically

• Crash and Diagnostic Data: We may collect anonymized crash logs and performance diagnostics to maintain app stability and fix bugs. This data does not contain personally identifiable information.
• Subscription Status: We use RevenueCat to manage subscription state. RevenueCat receives an anonymous app user ID and subscription transaction data processed through Apple’s App Store or Google Play. RevenueCat does not receive your name, email, or health data.

3.4 Information We Do NOT Collect

To be absolutely clear, Breathara does NOT collect:

• Precise or coarse location data (we do not use Location Services).
• Contact lists, address books, or phone numbers from your device.
• Photos, videos, or media files from your device library.
• Browsing history or data from other applications on your device.
• Device advertising identifiers (IDFA/GAID) for tracking or advertising purposes.
• Biometric data (fingerprints, face scans, voice prints).
• Financial information, banking details, or payment card numbers (all payments are processed exclusively through Apple In-App Purchase or Google Play Billing).

4. How We Use Your Information

We use collected data exclusively for the following purposes:

• Providing Core Services: Delivering guided meditations, breathing exercises, yoga sessions, sleep content, mood tracking, and subscription management.
• AI Wellness Coaching: Processing your text inputs to generate supportive, reflective AI responses. The AI coach is designed for general wellness reflection and habit support. It does not provide medical diagnoses, mental health treatment, or emergency guidance (Guideline 1.4.1). Users are reminded within the app to consult qualified healthcare professionals for medical, mental health, or emergency concerns.
• HealthKit/Health Connect Integration: Writing Mindful Minutes data to your health app, solely to help you track your wellness habits. This data is used only to provide a direct benefit to you (Guideline 5.1.3(i)).
• App Improvement: Using anonymized crash and performance data to fix bugs, improve reliability, and enhance user experience.
• Subscription Management: Verifying your subscription status to unlock appropriate features. All subscriptions use Apple In-App Purchase or Google Play Billing (Guideline 3.1.1).
• Community Moderation: Monitoring community spaces for objectionable content, enforcing community guidelines, and responding to user reports (Guideline 1.2).
• Customer Support: Responding to your inquiries, feedback, and support requests.
• Legal Compliance: Complying with applicable laws, regulations, legal processes, or governmental requests.

We do NOT use your data for:

• Advertising, marketing, or targeted/behavioral advertising of any kind.
• Selling, renting, or trading personal data to third parties.
• Building user profiles for purposes unrelated to the Service.
• Tracking your activity across other apps or websites (we do not use App Tracking Transparency tracking).
• Data mining, data brokerage, or any form of data monetization.

5. Health and Sensitive Data Protections

Breathara takes the handling of health-related data with the utmost seriousness, in full compliance with Apple Guidelines 5.1.2(vi) and 5.1.3:

• Data gathered from HealthKit, Health Connect, or any health-related context is never used for advertising, marketing, or use-based data mining, including by third parties.
• We do not write false or inaccurate data into HealthKit or any health management system (Guideline 5.1.3(ii)).
• We do not store personal health information in iCloud (Guideline 5.1.3(ii)).
• Health data is used exclusively to provide a direct benefit to you — specifically, tracking your mindfulness practice within the Apple Health or Google Health Connect ecosystem.
• We disclose the specific health data types we access: Mindful Minutes (read/write).
• Breathara is not a medical device. It does not provide medical diagnoses, treatment recommendations, drug dosage calculations, or emergency services. It does not claim to measure blood pressure, blood glucose, body temperature, blood oxygen, or any other physiological measurement using device sensors (Guideline 1.4.1).
• Users are reminded within the app to consult qualified healthcare professionals before making medical decisions.

6. AI Wellness Coach Disclaimer

The AI wellness coach feature uses artificial intelligence to provide general wellness reflections, habit-building suggestions, and mindfulness guidance. Important limitations:

• AI responses are not medical advice, psychiatric counseling, psychological therapy, legal advice, or emergency guidance.
• AI responses may be imperfect, incomplete, or inaccurate. They should not be relied upon as a substitute for professional care.
• AI conversation data is processed to generate responses and is not shared with third parties for marketing, advertising, or profiling purposes.
• If AI processing involves third-party AI service providers, those providers are contractually bound to process data solely for the purpose of generating responses and are prohibited from using the data for any other purpose, including training their own models on your personal data.
• Users experiencing mental health crises should contact local emergency services or a qualified mental health professional immediately.

7. Third-Party Services and Data Sharing

We do not sell, rent, or trade your personal data to any third party. We share data only in the following limited circumstances, and only as necessary:

7.1 Service Providers (Data Processors)

We work with a limited number of trusted third-party service providers who process data on our behalf to operate the Service. Each provider is bound by a Data Processing Agreement (DPA) that requires them to provide the same or equal protection of user data as stated in this Privacy Policy, as required by Apple Guidelines 5.1.1(i):

• RevenueCat: Subscription management and receipt validation. Receives anonymous app user IDs and transaction metadata. Does not receive your name, email, health data, or AI conversation data.
• Cloud Hosting Providers: Secure server infrastructure for backend services. Data is encrypted in transit (TLS 1.2+) and at rest.
• AI Inference Providers: If applicable, external AI services process text inputs solely to generate coaching responses. They are contractually prohibited from retaining, sharing, or using your data for any other purpose.

7.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of IDAKIM LTD, our users, or the public.

7.3 No Advertising or Analytics Tracking

• Breathara does not contain third-party advertising.
• Breathara does not use third-party analytics SDKs that collect personal data, device identifiers, or usage profiles.
• We do not engage in App Tracking (as defined by Apple’s App Tracking Transparency framework). We do not track users across apps or websites owned by other companies.
• We do not share data with advertising networks, data brokers, or information resellers.

8. In-App Purchases and Subscriptions

All in-app purchases and subscriptions in Breathara are processed exclusively through Apple In-App Purchase (on iOS) and Google Play Billing (on Android), in full compliance with Apple Guideline 3.1.1:

• We do not collect or store your credit card numbers, bank account information, or any other financial payment data.
• Subscription features are clearly described before purchase. Users know exactly what they are paying for (Guideline 3.1.2(c)).
• Subscriptions can be managed and cancelled at any time through your Apple ID or Google Play account settings.
• We provide a restore mechanism for all restorable in-app purchases (Guideline 3.1.1).
• In-app purchase credits do not expire (Guideline 3.1.1).

9. User-Generated Content and Community Safety

Where Breathara includes community features allowing user-generated content, we implement the following safeguards in full compliance with Apple Guideline 1.2:

• Content Filtering: Automated and/or manual methods to filter objectionable material from being posted.
• Reporting Mechanism: Users can report offensive, harmful, or inappropriate content directly within the app. We respond to all reports in a timely manner.
• Blocking: Users can block abusive users to prevent further interaction.
• Published Contact Information: Users can easily reach us regarding moderation concerns at info@idakimi.com.
• Enforcement: We reserve the right to remove content and permanently ban users who violate our community guidelines.

10. User Consent, Permissions, and Access Controls

We strictly respect your permission settings and will never manipulate, trick, or force you into granting unnecessary data access (Guideline 5.1.1(iv)):

• Explicit Consent: We request permission for optional features (such as HealthKit, notifications) through Apple’s and Google’s native permission dialogs. Purpose strings clearly and completely describe why we need access.
• No Forced Permissions: Paid functionality is never dependent on granting access to optional data (Guideline 5.1.1(ii)). You can use Breathara without granting HealthKit access or notification permission.
• Withdraw Consent: You can revoke any permission at any time through your device’s Settings app. The app continues to function (with reduced functionality for features that depend on the revoked permission).
• Alternative Solutions: Where possible, we provide alternative experiences for users who decline optional permissions.
• No System Requirement Forcing: We do not require you to enable push notifications, location services, or tracking to access functionality, content, or use the app (Guideline 5.1.2(i)).

11. Account Creation and Deletion

In compliance with Apple Guideline 5.1.1(v):

• Optional Account: Breathara can be used for basic features without creating an account. Account creation is only required for features that genuinely depend on it (community participation, cross-device sync, AI coaching history).
• Sign in with Apple: We offer Sign in with Apple as a login option, which allows you to keep your email address private and limits the data we receive.
• Account Deletion: If you create an account, you can delete your account and all associated data directly within the app by navigating to Settings → My Account → Delete Account. Upon deletion:
  • Your profile information is permanently removed from our active databases.
  • Your AI conversation history is permanently deleted.
  • Your mood logs and wellness data are permanently deleted.
  • Your community posts may be anonymized or removed.
  • Deletion is processed within 30 days. Some data may be retained in encrypted backups for up to 90 days for legal compliance purposes, after which it is permanently purged.
• We do not store social network credentials or tokens off-device (Guideline 5.1.1(v)).

12. Data Retention

We retain your personal data only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy:

• Active Account Data: Retained while your account is active and for up to 30 days after account deletion request.
• AI Conversation Data: Retained while your account is active. Permanently deleted upon account deletion.
• Crash and Diagnostic Data: Retained in anonymized form for up to 12 months, then automatically purged.
• Subscription Data: Transaction records may be retained as required by tax and financial regulations for up to 7 years.
• Support Communications: Retained for up to 24 months after your last communication to ensure continuity of support.
• Legal Obligations: Certain data may be retained longer if required by applicable law, regulation, or legal proceedings.

13. Data Security

We implement robust, industry-standard security measures to protect your data from unauthorized access, use, alteration, or disclosure (Guideline 1.6):

• All data transmitted between the app and our servers is encrypted using TLS 1.2 or higher.
• Sensitive data stored on our servers is encrypted at rest using AES-256 encryption.
• Access to user data is restricted to authorized personnel on a need-to-know basis.
• We conduct regular security reviews of our infrastructure and third-party integrations.
• Authentication tokens and session credentials are handled securely and are never stored inappropriately off-device.
• We never use SafariViewController in hidden or obscured contexts (Guideline 5.1.1(vii)).

14. Children’s Privacy

Breathara takes children’s privacy very seriously, in full compliance with Apple Guidelines 1.3, 5.1.4, COPPA, and GDPR:

• Breathara is not placed in the Kids Category on the App Store and is not designed for or directed at children under 13 years of age (or the applicable minimum age in your jurisdiction, such as 16 in certain EU member states).
• We do not use terms like “For Kids” or “For Children” in our app metadata (Guideline 2.3.8).
• We do not knowingly collect personal information from children under 13.
• If we become aware that we have inadvertently collected personal data from a child under 13 without verified parental consent, we will take immediate steps to delete that information from our servers.
• If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at info@idakimi.com and we will promptly delete the data.

15. Your Rights Under GDPR, UK GDPR, and Other Laws

Depending on your location, you may have the following rights regarding your personal data:

• Right of Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure (“Right to be Forgotten”): You have the right to request deletion of your personal data. You can do this directly within the app or by contacting us.
• Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You have the right to object to the processing of your personal data for certain purposes.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (such as the UK Information Commissioner’s Office).

To exercise any of these rights, please contact us at info@idakimi.com. We will respond to all verifiable requests within 30 days.

16. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• The right to know what personal information is collected, used, shared, or sold.
• The right to delete personal information held by us.
• The right to opt-out of the sale or sharing of personal information. We do not sell or share your personal information.
• The right to non-discrimination for exercising your privacy rights.

To make a request, contact us at info@idakimi.com.

17. International Data Transfers

Your data may be processed on servers located outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• The UK International Data Transfer Agreement (IDTA) where applicable.
• Ensuring that receiving jurisdictions provide adequate levels of data protection.

18. Cookies and Website Tracking

This website is a static informational site hosted on GitHub Pages. It does not use cookies, tracking pixels, analytics scripts, or any form of user tracking. No personal data is collected through this website.

19. App Store Privacy Nutrition Labels

In compliance with Apple’s App Privacy requirements, we accurately disclose all data collection practices in our App Store Connect privacy labels. The disclosures in our App Store listing match the practices described in this Privacy Policy. We update our privacy labels whenever our data practices change.

20. Third-Party SDKs and Libraries

We are responsible for ensuring all third-party SDKs, libraries, and services integrated into Breathara comply with Apple’s App Store Review Guidelines and this Privacy Policy. We carefully review and select third-party components, and ensure they:

• Do not collect data beyond what is necessary for their stated function.
• Do not transmit personal data without user consent.
• Provide the same or equal protection of user data as stated in this Policy.
• Do not engage in user tracking without ATT consent.

21. No False Information or Misleading Features

In compliance with Apple Guidelines 1.1.6 and 2.3.1:

• Breathara does not contain false information, fake functionality, or misleading features.
• All features described in the App Store listing and within the app are real, functional, and accurately represented.
• The app does not contain hidden, dormant, or undocumented features.

22. Intellectual Property

In compliance with Apple Guideline 5.2:

• All content in Breathara (including meditations, yoga guidance, sound content, and written material) is either original content created by IDAKIM LTD or used under valid license.
• We do not use protected third-party material without permission.
• We do not suggest or imply Apple endorsement of Breathara (Guideline 5.2.4).

23. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes:

• We will update the “Last Updated” date at the top of this page.
• We will notify you through the app or via email if the changes are significant.
• Continued use of the Service after changes constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically.

24. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, data deletion, or any privacy-related matter, please do not hesitate to contact us:

• Developer / Data Controller: Evren Haznedaroglu
• Company: IDAKIM LTD
• Email: info@idakimi.com
• Phone: +44 744 19222077

We aim to respond to all inquiries within 48 hours on business days.

Copyright © 2026 IDAKIM LTD. All rights reserved.
This Privacy Policy is provided in English. If there is a conflict between the English version and any translated version, the English version shall prevail.