Privacy Policy

Last updated: 28 March 2026

Who We Are
What Data We Collect
How We Use Your Data
Legal Basis for Processing
Data Anonymisation
Your Rights
Cookies & Local Storage
Data Retention
Third-Party Services
Data Security
Children's Privacy
Changes to This Policy
Contact Us

1. Who We Are

BREATHE is a UK-based wellness platform founded by David Boot. We offer breathwork instruction, cold-exposure guidance, whole-food nutrition resources, retreats, workshops, and AI-powered wellness coaching.

For the purposes of data protection law, BREATHE is the data controller. If you have any questions about how we handle your data, you can reach us at privacy@breathe.app.

2. What Data We Collect

Account information

When you create an account we collect your name, email address, and a securely hashed version of your password. We never store your password in plain text.

Wellness tracking data

If you choose to use our tracking features, we collect data about your breath sessions, cold-exposure sessions, and food check-ins. All wellness tracking is entirely voluntary.

AI coach conversations

When you interact with the BREATHE AI coach, we store conversation history to personalise your experience and provide continuity between sessions. You can delete this history at any time via your account settings.

Behavioural and analytics data

With your consent, we collect anonymised behavioural data such as page views and feature usage. This data is used solely to improve the platform and is never tied to your identity.

Energy type quiz results

If you take the BREATHE energy type quiz, we store your results to personalise content recommendations and your AI coaching experience.

Payment information

Payments are processed securely by our payment provider, Mollie. We never store your card details, bank account numbers, or other payment credentials on our servers. We only retain a transaction reference for order management.

3. How We Use Your Data

We use the data we collect to:

Personalise your wellness journey and AI coach recommendations
Improve content recommendations based on your interests and energy type
Track your progress, including streaks, badges, and Vitality Points (VP)
Process bookings, orders, and payments
Send transactional emails (order confirmations, password resets)
Analyse anonymised, aggregate data to improve the platform
Ensure the security and integrity of our services

4. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data on the following legal bases:

Consent — behavioural tracking, AI personalisation, and marketing communications. You can withdraw consent at any time.
Performance of a contract — account management, service delivery, processing bookings and orders.
Legitimate interest — platform improvement, fraud prevention, and maintaining the security of our services.

5. Data Anonymisation

We take anonymisation seriously:

Behavioural and analytics data is anonymised before analysis — we cannot trace it back to individual users.
AI conversation summaries used for platform improvement are stored without personally identifiable information (PII).
No raw tracking data is ever tied to identifiable users. Identifiers are stripped or hashed before storage.

6. Your Rights

Under GDPR Articles 15–22, you have the following rights over your personal data:

Right to access — request a copy of the personal data we hold about you.
Right to rectification — ask us to correct inaccurate or incomplete data.
Right to erasure — ask us to delete your data (the "right to be forgotten"). We will comply unless we have a legal obligation to retain it.
Right to data portability — receive your data in a structured, machine-readable format.
Right to withdraw consent — withdraw any consent you have given, at any time, without affecting the lawfulness of processing prior to withdrawal.
Right to object — object to processing based on legitimate interest.
Right to lodge a complaint — you have the right to complain to a data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).

To exercise any of these rights, email us at privacy@breathe.app. We will respond within 30 days.

7. Cookies & Local Storage

Essential cookies

We use essential cookies for authentication and session management. These are strictly necessary for the platform to function and do not require consent.

Consent preference

Your tracking consent choice is stored in your browser's local storage and as a cookie so that we can remember your decision across visits.

What we do not use

No third-party tracking cookies
No advertising cookies
No social media tracking pixels

8. Data Retention

Account data — retained while your account is active, plus 30 days after deletion to allow for account recovery.
Wellness tracking data — retained while your account is active. Deleted upon request or account deletion.
AI coach memories — deletable at any time via your account settings, in line with your right to erasure.
Anonymised analytics — because this data cannot be linked to individuals, it is retained indefinitely to help us improve the platform.

9. Third-Party Services

We share data with the following third-party processors, each under appropriate data processing agreements:

Mollie — payment processing. Mollie handles your payment data directly; we never see or store your card details.
Anthropic — powers the BREATHE AI coach. Only anonymised context is sent; no personally identifiable information is shared.
Cal.com — booking and scheduling for workshops and retreats.
Resend — transactional email delivery (e.g. order confirmations, password resets).

10. Data Security

We take the security of your data seriously. Measures we have in place include:

All data transmitted over HTTPS (TLS encryption in transit)
Passwords are hashed using bcrypt — we never store plain-text passwords
Refresh tokens and magic links are SHA-256 hashed before database storage
Refresh token reuse detection to protect against token theft
Rate limiting on authentication endpoints
Regular security reviews of our codebase and infrastructure

While no system is 100% secure, we continuously work to protect your data and will notify you promptly in the unlikely event of a breach.

11. Children's Privacy

BREATHE is not directed at anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@breathe.app and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by a prominent notice on the platform. The "last updated" date at the top of this page will always reflect the most recent revision.

13. Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, please get in touch:

BREATHE — Data Protection

Email: privacy@breathe.app

Privacy Policy

Last updated: 28 March 2026

Who We Are
What Data We Collect
How We Use Your Data
Legal Basis for Processing
Data Anonymisation
Your Rights
Cookies & Local Storage
Data Retention
Third-Party Services
Data Security
Children's Privacy
Changes to This Policy
Contact Us

1. Who We Are

For the purposes of data protection law, BREATHE is the data controller. If you have any questions about how we handle your data, you can reach us at privacy@breathe.app.

2. What Data We Collect

Account information

When you create an account we collect your name, email address, and a securely hashed version of your password. We never store your password in plain text.

Wellness tracking data

If you choose to use our tracking features, we collect data about your breath sessions, cold-exposure sessions, and food check-ins. All wellness tracking is entirely voluntary.

AI coach conversations

Behavioural and analytics data

With your consent, we collect anonymised behavioural data such as page views and feature usage. This data is used solely to improve the platform and is never tied to your identity.

Energy type quiz results

If you take the BREATHE energy type quiz, we store your results to personalise content recommendations and your AI coaching experience.

Payment information

3. How We Use Your Data

We use the data we collect to:

Personalise your wellness journey and AI coach recommendations
Improve content recommendations based on your interests and energy type
Track your progress, including streaks, badges, and Vitality Points (VP)
Process bookings, orders, and payments
Send transactional emails (order confirmations, password resets)
Analyse anonymised, aggregate data to improve the platform
Ensure the security and integrity of our services

4. Legal Basis for Processing

Under Article 6 of the GDPR, we process your personal data on the following legal bases:

Consent — behavioural tracking, AI personalisation, and marketing communications. You can withdraw consent at any time.
Performance of a contract — account management, service delivery, processing bookings and orders.
Legitimate interest — platform improvement, fraud prevention, and maintaining the security of our services.

5. Data Anonymisation

We take anonymisation seriously:

Behavioural and analytics data is anonymised before analysis — we cannot trace it back to individual users.
AI conversation summaries used for platform improvement are stored without personally identifiable information (PII).
No raw tracking data is ever tied to identifiable users. Identifiers are stripped or hashed before storage.

6. Your Rights

Under GDPR Articles 15–22, you have the following rights over your personal data:

Right to access — request a copy of the personal data we hold about you.
Right to rectification — ask us to correct inaccurate or incomplete data.
Right to erasure — ask us to delete your data (the "right to be forgotten"). We will comply unless we have a legal obligation to retain it.
Right to data portability — receive your data in a structured, machine-readable format.
Right to withdraw consent — withdraw any consent you have given, at any time, without affecting the lawfulness of processing prior to withdrawal.
Right to object — object to processing based on legitimate interest.
Right to lodge a complaint — you have the right to complain to a data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).

To exercise any of these rights, email us at privacy@breathe.app. We will respond within 30 days.

7. Cookies & Local Storage

Essential cookies

We use essential cookies for authentication and session management. These are strictly necessary for the platform to function and do not require consent.

Consent preference

Your tracking consent choice is stored in your browser's local storage and as a cookie so that we can remember your decision across visits.

What we do not use

No third-party tracking cookies
No advertising cookies
No social media tracking pixels

8. Data Retention

Account data — retained while your account is active, plus 30 days after deletion to allow for account recovery.
Wellness tracking data — retained while your account is active. Deleted upon request or account deletion.
AI coach memories — deletable at any time via your account settings, in line with your right to erasure.
Anonymised analytics — because this data cannot be linked to individuals, it is retained indefinitely to help us improve the platform.

9. Third-Party Services

We share data with the following third-party processors, each under appropriate data processing agreements:

Mollie — payment processing. Mollie handles your payment data directly; we never see or store your card details.
Anthropic — powers the BREATHE AI coach. Only anonymised context is sent; no personally identifiable information is shared.
Cal.com — booking and scheduling for workshops and retreats.
Resend — transactional email delivery (e.g. order confirmations, password resets).

10. Data Security

We take the security of your data seriously. Measures we have in place include:

All data transmitted over HTTPS (TLS encryption in transit)
Passwords are hashed using bcrypt — we never store plain-text passwords
Refresh tokens and magic links are SHA-256 hashed before database storage
Refresh token reuse detection to protect against token theft
Rate limiting on authentication endpoints
Regular security reviews of our codebase and infrastructure

While no system is 100% secure, we continuously work to protect your data and will notify you promptly in the unlikely event of a breach.

11. Children's Privacy

12. Changes to This Policy

13. Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, please get in touch:

BREATHE — Data Protection

Email: privacy@breathe.app

Help us personalise your BREATHE experience

Privacy Policy

Contents

1. Who We Are

2. What Data We Collect

Account information

Wellness tracking data

AI coach conversations

Behavioural and analytics data

Energy type quiz results

Payment information

3. How We Use Your Data

4. Legal Basis for Processing

5. Data Anonymisation

6. Your Rights

7. Cookies & Local Storage

Essential cookies

Consent preference

What we do not use

8. Data Retention

9. Third-Party Services

10. Data Security

11. Children's Privacy

12. Changes to This Policy

13. Contact Us

Privacy Policy

Contents

1. Who We Are

2. What Data We Collect

Account information

Wellness tracking data

AI coach conversations

Behavioural and analytics data

Energy type quiz results

Payment information

3. How We Use Your Data

4. Legal Basis for Processing

5. Data Anonymisation

6. Your Rights

7. Cookies & Local Storage

Essential cookies

Consent preference

What we do not use

8. Data Retention

9. Third-Party Services

10. Data Security

11. Children's Privacy

12. Changes to This Policy

13. Contact Us