Privacy Policy

Last updated: June 16, 2026 — added Apple Ads (App Store Search Ads) attribution to the iOS App via Apple's first-party AdServices framework and SKAdNetwork (no IDFA, no App Tracking Transparency prompt); the resulting campaign/keyword identifiers are recorded in our analytics to measure sign-ups and subscriptions per campaign. Disclosed in § 3 (sub-processor categories) and § 6 (“In the App”). Previous revision (May 23, 2026): added the Meta (Facebook) SDK to the mobile App for app-install ad attribution (on iOS, SKAdNetwork only — no IDFA, no App Tracking Transparency prompt).

Comads OÜ (registry code 17276947), located at Ahtri St. 12, 15551 Tallinn, Estonia ("we", "us", or "our"), operates the Elynd mobile application ("the App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

By using Elynd, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the App.

1. Information We Collect

1.1 Information You Provide

When you create an account or use our App, you may provide us with:

• Name and email address (when registering via email, Google Sign-In, or Apple Sign-In)
• Profile information you choose to add
• Meditation preferences and settings
• Feedback and correspondence you send to us

1.2 Information Collected Automatically

When you use the App, we automatically collect certain information, including:

• Device information (device type, operating system, unique device identifiers)
• Usage data (features accessed, session duration, meditation sessions completed)
• Push notification tokens (for delivering notifications)
• Log data (IP address, access times, app crashes and errors)

1.3 Analytics Data

We use Firebase Analytics (provided by Google) to collect anonymised usage data about how you interact with the App. This may include:

• Screen views and navigation patterns
• Feature usage frequency and engagement metrics
• Session length and retention data
• App performance and crash reports
• General demographic information (age range, gender, interests) if available through your device settings
• Approximate location (country/region level, not precise location)

Analytics data is collected in aggregate and is used solely to understand usage patterns and improve the App. You can opt out of analytics data collection through your device settings.

1.4 AI-Generated Content Data

When the App generates personalised meditation content or provides AI-powered features, your inputs and preferences may be sent to our AI service providers for processing. We do not use your personal data to train AI models.

1.5 Health and Wellness Data

The App may collect wellness-related information such as meditation session history, session duration, mood and emotional state indicators, and personal progress data. Under the EU General Data Protection Regulation (GDPR), some of this information may be considered health-related data, which is a special category of personal data. We process this data based on your explicit consent, which you provide during the account registration process. This data is used solely to provide and personalise your meditation experience. You may withdraw your consent at any time by contacting us at [email protected]. Please note that withdrawing consent will limit or prevent access to core App features that rely on wellness data processing, such as personalised meditations and progress tracking. For information about refunds and cancellations, please refer to our Terms of Service.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App and its features
• Create and manage your account
• Personalise your meditation experience using AI-powered content generation
• Generate personalised meditation scripts, audio content, and recommendations
• Provide AI-powered conversational assistance and guidance
• Send push notifications (with your consent) such as session reminders and updates
• Track your meditation progress and provide insights
• Respond to your requests and support inquiries
• Analyse usage patterns and app performance through analytics
• Ensure the security and integrity of the App
• Comply with legal obligations

3. Third-Party Services (Sub-processors)

We rely on a small number of carefully selected third-party vendors ("sub-processors") to operate the App. These vendors process personal data on our behalf, under contractual data-processing terms.

The authoritative, always-current list of our sub-processors — including each vendor's name, role, location, and legal transfer mechanism — is published at elynd.app/subprocessors. We maintain that page as the single source of truth so that the sub-processor list can be updated without a full Privacy Policy revision.

At a high level, our sub-processors fall into the following categories:

• Authentication and backend services (account creation, sign-in, secure cloud storage, push notifications)
• Analytics (anonymised usage measurement and app-performance monitoring)
• Advertising measurement and attribution (measuring how many people who saw an Elynd ad installed and registered — via Meta and Apple Ads (App Store Search Ads); on iOS this uses Apple's first-party AdServices framework and SKAdNetwork, with no IDFA and no App Tracking Transparency prompt)
• AI content generation (personalised meditation scripts, recommendations, conversational features — the AI providers do not use our API inputs or outputs to train their models)
• Text-to-speech synthesis (turning meditation scripts into audio narration)
• Hosting, object storage, and content delivery (serving audio to your device)
• App Store in-app purchases and Sign in with Apple (iOS)

4. Data Storage and Security

Your data is stored and processed using the following infrastructure:

• Backend server -- Our application backend is hosted on Amazon Web Services in Frankfurt, Germany (AWS region eu-central-1), within the European Economic Area. This backend stores meditation-session audio and processes API requests, user authentication, content generation, and push-notification delivery
• Firebase Cloud Firestore -- User account data and session history are stored securely on Google Cloud infrastructure
• Local device storage -- Certain preferences and cached content may be stored locally on your device

We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (HTTPS/TLS), secure authentication tokens, and access controls.

5. Legal Basis for Processing (GDPR)

• Contract performance -- Processing necessary to provide you with the App and its features
• Explicit consent (Article 9(2)(a) GDPR) -- For the processing of health and wellness data, including meditation session history, mood indicators, and personal progress data. This consent is obtained during account registration
• Consent -- Where you have given consent for specific processing activities, such as push notifications and analytics
• Legitimate interests -- Processing necessary for our legitimate interests, such as improving the App and ensuring security
• Legal obligation -- Processing necessary to comply with legal requirements

6. Cookies and Website Tracking

In the App. The Elynd mobile app does not use browser cookies — native mobile apps do not have a cookie jar. Firebase Analytics and the Meta (Facebook) SDK use device identifiers and similar technologies to collect usage and app-event data; these are covered in the sub-processors list. The Meta SDK is used solely to measure and attribute our app-install advertising — on iOS via Apple's privacy-preserving SKAdNetwork (we do not request App Tracking Transparency and collect no IDFA), and on Android via the device advertising ID. On iOS we also use Apple's first-party AdServices framework to attribute Apple Ads (App Store Search Ads) campaigns — this likewise uses no IDFA and shows no App Tracking Transparency prompt; the campaign/keyword identifiers (never your name, email, mood notes, or session content) are recorded in our analytics to measure sign-ups and subscriptions per campaign. We do not display ads inside the App.

On this website (elynd.app). We operate a three-category consent model. When you first visit the site we show a banner, and nothing in the Analytics or Marketing categories runs until you make a choice.

• Strictly necessary — a small set of cookies and local-storage items required for the site to function (security, and remembering your consent choice itself). These are always on and cannot be disabled; under Article 5(3) of the ePrivacy Directive they do not require prior consent.
• Analytics — off by default, loaded only after you grant consent. When enabled, we use a privacy-hardened Google Analytics 4 configuration (IP anonymisation on, Google Signals off) to understand aggregate website usage.
• Marketing — off by default, loaded only after you grant consent. When enabled, we use Meta Pixel to measure the effectiveness of Elynd advertising on Facebook and Instagram.

We also apply Google Consent Mode v2: until you grant the relevant category, Google-family tags are instructed to deny storage and ad signals. If a category has never been populated with a provider ID in our configuration, no script for that category is loaded at all — not even after consent.

You can change your decision at any time via Cookie Settings. For the full, current list of cookies the website may set and the live status of each category, see our Cookie Policy. For the vendors that power these categories, see the sub-processors page.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

8. Your Rights

Under the EU General Data Protection Regulation (GDPR) and other applicable laws, you have the right to:

• Access -- Request a copy of the personal data we hold about you
• Rectification -- Request that we correct any inaccurate or incomplete data
• Erasure -- Request that we delete your personal data
• Restriction -- Request that we restrict the processing of your data
• Portability -- Request a copy of your data in a structured, commonly used format
• Objection -- Object to the processing of your personal data
• Withdraw consent -- Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, contact us at [email protected].

9. Children's Privacy

The App is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16.

10. International Data Transfers

Comads OÜ is established in Estonia (EU), and our application backend (API servers, object storage of meditation-session audio, and content delivery) is hosted in the European Union — specifically in Frankfurt, Germany, on Amazon Web Services. That processing therefore remains within the European Economic Area (EEA).

Some of your data is, however, transferred to and processed in countries outside the EEA — specifically the United States — where Google's infrastructure (Firebase and the Gemini API), OpenAI's servers, our text-to-speech service providers, and Meta (for app-install ad attribution) are located. Where such transfers occur, we ensure appropriate safeguards are in place, including the EU-U.S. Data Privacy Framework (DPF) for transfers to certified U.S. organisations, and Standard Contractual Clauses (SCCs) approved by the European Commission.

The per-vendor location and transfer mechanism is listed on our sub-processors page.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy, contact us: