Privacy Policy

Galinia creates short, personalised meditations from what you tell it in your own words. That can include sensitive wellbeing information. This policy explains what we collect, why, how long we keep it, who we share it with, where we store it, and the rights you have globally.

This policy applies to the Galinia mobile apps (iOS/Android), website(s), and related services, worldwide. We operate from Australia and comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Because we serve a global audience, we also align with GDPR/UK GDPR, CCPA/CPRA (California), LGPD (Brazil), and PIPEDA (Canada).

Galinia is intended for users aged 16 and over. We do not knowingly collect personal information from anyone under 16. If you believe a person under 16 has provided us with personal information, please contact privacy@galinia.app and we will delete it promptly.

• Account & Billing Data: name, email, country/region, language preference; hashed passwords or SSO IDs; subscription plan; payment token/last 4 digits and transactions (handled by our payment processors — we do not store full card numbers).
• Content you provide to create meditations (may be sensitive): prompt text; generated script/audio; preferences (voice, background audio, pacing, language, optional tags).
• By entering personal or wellbeing-related information into Galinia, you explicitly consent to its processing for the purpose of generating your personalised meditation. You may withdraw this consent at any time by deleting your content or account.
• Usage & device data: app events, crash logs, device type/OS, app version, time zone, coarse location (from IP), analytics identifiers.
• Communications: emails/support chats, feedback, beta surveys, marketing preferences, affiliate/corporate enquiries.

• Prompt text & generated meditations: retained for as long as you have an account. All content is permanently deleted when you delete your account.
• Account & billing: retained while active and up to 7 years thereafter for tax, accounting, fraud prevention.
• Analytics & logs: 12–24 months, de-identified where possible.
• Support records: up to 3 years, or longer if required to resolve an issue or comply with law.
• Backups: retained for 30 days in an isolated region and then overwritten.
• Users can delete their account directly within the app under Profile → FAQ & Support → Delete My Account. Upon deletion, personal data is removed from live systems promptly and from backups within the 30-day backup retention window.
• Any human review is conducted under strict confidentiality agreements and only when necessary for security, abuse prevention, or technical troubleshooting.

We never sell personal information. We share only with:

• Service providers/processors acting under our instructions, such as: cloud hosting & storage provider; AI text generation provider; synthetic voice provider; payment processors; product analytics provider; email/communications provider; security/logging/crash-reporting providers.
• Business partners: affiliates/influencers (aggregated or attribution-limited info only — never your prompts); and corporate wellness customers administering your access (limited administrative usage metrics only, never your prompt text or meditation content unless you explicitly opt in and local law allows).
• Authorities & advisors: to comply with law, protect rights/safety, or obtain legal advice.

All recipients must implement appropriate confidentiality and security measures. All are subject to contractual confidentiality and security obligations.

Your data may be processed in Australia, the United States, the EEA, the UK, and other countries. Safeguards include Standard Contractual Clauses (SCCs) for EEA transfers and the UK IDTA/Addendum, encryption in transit/at rest, access controls, and data minimisation.

• TLS 1.2+ in transit and managed key encryption at rest.
• Role-based access controls, audit logging, least-privilege.
• Network segmentation and regular backups to an isolated region.
• Vendor due diligence and contractual security obligations.
• Incident response aligned to Australia's NDB scheme and GDPR.

No system is perfectly secure; if a breach poses a risk of harm, we will notify you and regulators as required.

• Access your data and obtain a copy.
• Correction of inaccurate data.
• Deletion (erasure).
• Portability (structured, machine-readable copy).
• Restriction or objection to certain processing (especially where based on legitimate interests).
• Withdraw consent at any time (does not affect past processing).
• Opt-out of marketing communications.

To exercise your rights, use in-app controls or email privacy@galinia.app. We may need to verify your identity.

We use cookies/SDKs for authentication, preferences, analytics, and (with consent) marketing.

Your choices: Manage cookies in your browser/device settings. We honour Global Privacy Control (GPC) where legally required. Do Not Track (DNT) is not standardised; we do not respond to DNT signals. In mobile OS settings, you can reset advertising/analytics identifiers or disable personalised ads.

We do not "sell" personal information. We also do not "share" personal information for cross-context behavioural advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" control and update this notice.

If we process sensitive personal information, we use it only to provide the services you request and for permitted security/anti-fraud purposes. California residents may request we limit use/disclosure; in practice we already limit use as described.

We use analytics and ML to personalise non-medical meditation content (e.g., voice/tone). You can object/opt out where your local law provides that right.

If your access is provided by an employer/partner, we may share limited administrative usage data with that organisation to run the program. We do not share your prompts or meditation content without your explicit consent and where permitted by law.

Our services may link to or integrate third-party services we do not control. Their privacy practices are their own; review their policies.

International users can contact privacy@galinia.app. Where a local representative is required by law, we will designate one and update this policy.

We invite you to contact us first at privacy@galinia.app so we can try to resolve your concern. You may also contact your local regulator:

We may update this policy from time to time. We will provide reasonable notice of material changes (e.g., in-app notice or email). Your continued

We may update this policy from time to time. We will provide reasonable notice of material changes (e.g., in-app notice or email). Your continued use of the Services after the effective date constitutes acceptance of the updated policy.