Privacy Policy

This Privacy Policy describes how Koviez ("Company," "we," "us," or "our") collects, uses, and discloses information about you when you use the Breathly iOS application and associated marketing website (collectively, the "Service").

Koviez is the controller responsible for personal information collected through the Service. By using the Service, you acknowledge the practices described in this Privacy Policy. If you do not agree, please discontinue use.

This Privacy Policy does not apply to information collected by third parties, including Apple, Inc., which processes transactions and device data under its own privacy policy.

2.1 Identifiers and Contact Information

If you create an account or contact us for support, we may collect your email address and any other information you voluntarily provide (e.g., name, support message content).

2.2 Device and App Usage Information

We automatically collect the following when you use the Service:

• Device type, model, and operating system version;
• App version and crash/diagnostic reports;
• Session data: which exercises you use, session duration, and frequency of use;
• General performance and stability analytics (aggregated or anonymized where possible).

2.3 Transaction and Subscription Metadata

If you purchase a subscription, Apple processes the payment and acts as the merchant of record. We receive limited transaction metadata from Apple (e.g., subscription status, purchase date, and renewal status) to manage your access to premium features. We do not receive your full payment card details.

2.4 Health-Related Data (Apple Health / HealthKit)

With your explicit, separate permission granted through iOS, Breathly may interact with Apple HealthKit as follows:

• Data We Read: Heart rate and heart rate variability (HRV), to provide contextual feedback during or after breathing sessions.
• Data We Write: Mindful minutes, to log completed breathing sessions to your Apple Health record.

HealthKit data is processed on-device only and is never transmitted to our servers, shared with third parties, used for advertising, or sold. You may revoke HealthKit permissions at any time in iOS Settings > Privacy & Security > Health > Breathly.

2.5 Website Information

When you visit our marketing website, we may collect standard server log data (IP address, browser type, referring URLs, pages visited, and timestamps) and analytics data through third-party tools described in Section 7.

We collect information from the following sources:

• Directly from you — when you create an account, contact support, or submit feedback;
• Automatically from your device — through the App, device sensors, and operating system APIs;
• From Apple — HealthKit data (with your permission) and subscription metadata via App Store Connect;
• From analytics providers — as described in Section 7.

We use the information we collect for the following purposes:

• Provide and operate the Service — to deliver guided breathing sessions and related features;
• Manage subscriptions — to verify purchase status and deliver Premium features;
• Improve the Service — to understand how users interact with the App and fix issues;
• Personalize your experience — to surface relevant exercises or reminders based on your usage;
• Communicate with you — to respond to support requests and send operational notices;
• Ensure safety and integrity — to detect fraud, abuse, and security incidents; and
• Comply with legal obligations — to respond to lawful requests from government authorities.

5.1 Service Providers and Processors

We share information with trusted third-party vendors who perform services on our behalf, such as cloud hosting, analytics, and crash reporting. These vendors are contractually obligated to use your information only as directed by us and to maintain appropriate security.

5.2 Legal Compliance

We may disclose information if we believe in good faith that disclosure is required to comply with applicable law, regulation, legal process, or enforceable governmental request, or to protect the rights, property, or safety of Koviez, our users, or the public.

5.3 Business Transfers

If Koviez is involved in a merger, acquisition, asset sale, or bankruptcy proceeding, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5.4 With Your Consent

We may share information in other circumstances with your explicit prior consent.

We do not sell, rent, license, or trade your personal information — and we specifically do not sell your health or wellness data — to any third party for monetary or other valuable consideration.

Health data accessed through Apple HealthKit is used solely to provide features you have requested within the App. It is never used for advertising, sold to data brokers, or shared with insurers, employers, or any other third party outside of what is described in this Privacy Policy.

7.1 Website

Our marketing website may use cookies and similar tracking technologies (e.g., pixel tags, web beacons) to collect usage information and improve site performance. You can control cookies through your browser settings. Note that disabling cookies may affect certain site functionality.

7.2 App

The App may incorporate third-party SDKs for analytics and crash reporting (for example, Apple's App Store analytics or similar tools). These SDKs may collect device identifiers, usage events, and diagnostic data. We configure such SDKs to collect the minimum data necessary. We do not use advertising SDKs or cross-app tracking without your separate consent.

You may opt out of Apple's measurement tools through iOS Settings > Privacy & Security > Apple Advertising.

We retain personal information only as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law.

• Account and profile data is retained while your account is active and for up to 30 days after a deletion request to allow for error recovery, then permanently deleted.
• Usage and analytics data is retained in aggregated or anonymized form for up to 24 months to support product improvement.
• Support communications are retained for up to 2 years to resolve disputes and improve support quality.
• HealthKit datais processed on-device and is not stored on our servers; it is subject to Apple's own retention controls.
• Transaction metadata may be retained for up to 7 years to comply with financial recordkeeping obligations.

To request deletion of your data, contact us at contact@koviez.com.

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS) and at rest, role-based access controls, regular security reviews, and secure software development practices.

Despite our efforts, no security system is impenetrable. We cannot guarantee the absolute security of your information. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify affected users as required by applicable law.

10.1 General Rights

Depending on where you reside, you may have the right to:

• Know / Access: Request a copy of the personal information we hold about you and how we use it;
• Correction: Request correction of inaccurate information;
• Deletion: Request that we delete your personal information, subject to certain legal exceptions;
• Portability: Receive a copy of your data in a structured, machine-readable format; and
• Non-Discrimination: We will not deny you services, charge different prices, or provide a different level of service because you exercised a privacy right.

10.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you in the past 12 months, the categories of sources, the business or commercial purpose for collecting it, and the categories of third parties with whom it is shared.
• Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out action is required, but you may contact us to confirm.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information (including health data) for purposes beyond what is necessary to provide the Service.

Notice at Collection: At or before the point of collection, California residents are informed that we collect the categories described in Section 2 for the purposes described in Section 4. We do not sell or share personal information as defined under CCPA/CPRA.

To exercise any California privacy right, submit a verifiable consumer request to contact@koviez.com. We will respond within 45 days (extendable by an additional 45 days with notice).

10.3 Exercising Your Rights

To submit a privacy request, email us at contact@koviez.com with the subject line "Privacy Request." We may need to verify your identity before processing your request. We will not fulfill a request to the extent it conflicts with applicable law or our legal obligations.

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at contact@koviez.com and we will promptly delete such information.

Users between the ages of 13 and 18 should use the Service only with parental consent. If we become aware that we have collected information from a child under 13 without verifiable parental consent, we will take steps to remove that information and terminate the child's account.

Koviez is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the U.S. or other countries where our service providers operate.

Data protection laws in the U.S. and other countries may differ from those in your home country. By using the Service, you consent to the transfer of your information to the U.S. and other countries as described in this Privacy Policy. We take appropriate safeguards to ensure that your information remains protected in accordance with this Privacy Policy.

We may update this Privacy Policy from time to time. When we make material changes, we will update the Effective Date at the top of this page and, where reasonably practicable, provide notice through the App or via email.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the updated Effective Date constitutes acceptance of the revised Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all legitimate requests within a reasonable timeframe.