Privacy Policy
Eunoia Labs Pty Ltd (Australia)
Why This Matters
Galinia creates short, personalised meditations from what you tell it in your own words. That can include sensitive wellbeing information. This policy explains what we collect, why, how long we keep it, who we share it with, where we store it, and the rights you have globally.
Scope
This policy applies to the Galinia mobile apps (iOS/Android), website(s), and related services, worldwide. We operate from Australia and comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Because we serve a global audience, we also align with GDPR/UK GDPR, CCPA/CPRA (California), LGPD (Brazil), and PIPEDA (Canada).
Children
Galinia is not intended for children under 16 in the EEA/UK (or the age of digital consent in your country) and not for children under 13 elsewhere. We do not knowingly collect personal information from children below those ages. Parents/guardians can contact to delete any such data.
What We Collect
Account & Billing Data: name, email, country/region, language preference; hashed passwords or SSO IDs; subscription plan; payment token/last 4 digits and transactions (handled by our payment processors—we do not store full card numbers).
Content you provide to create meditations (may be sensitive): prompt text; generated script/audio; preferences (voice, background audio, pacing, language, optional tags).
Sensitive information / health data: Your prompt may reveal mental wellbeing or life circumstances. Where required by law (e.g., GDPR Art. 9), we process this with your explicit consent to deliver the service; you may withdraw consent in-app.
Usage & device data: app events, crash logs, device type/OS, app version, time zone, coarse location (from IP), analytics identifiers.
Communications: emails/support chats, feedback, beta surveys, marketing preferences, affiliate/corporate enquiries.
Prompt text & generated meditations: kept 30 days for replays/quality checks; you can choose “Process‑only (no retention)” in Settings to avoid storage after delivery. Items you save remain until you delete them.
Account & billing: retained while active and up to 7 years thereafter for tax, accounting, fraud prevention.
Analytics & logs: 12–24 months, de‑identified where possible.
Support records: up to 3 years, or longer if required to resolve an issue or comply with law.
You may request deletion at any time; some data may be retained as required by law or to resolve disputes.
We never sell personal information. We share only with:
Service providers/processors acting under our instructions, such as: cloud hosting & storage provider; AI text generation provider; synthetic voice provider; payment processors; product analytics provider; email/communications provider; security/logging/crash‑reporting providers.
Business partners: affiliates/influencers (aggregated or attribution‑limited info only—never your prompts); and corporate wellness customers administering your access (limited administrative usage metrics only, never your prompt text or meditation content unless you explicitly opt in and local law allows).
Authorities & advisors: to comply with law, protect rights/safety, or obtain legal advice.
All recipients must implement appropriate confidentiality and security measures. A current list of sub‑processors is available on request under confidentiality.
Your data may be processed in Australia, the United States, the EEA, the UK, and other countries. Safeguards include Standard Contractual Clauses (SCCs) for EEA transfers and the UK IDTA/Addendum, encryption in transit/at rest, access controls, and data minimisation.
TLS 1.2+ in transit and managed key encryption at rest.
Role‑based access controls, audit logging, least‑privilege.
Network segmentation and regular backups to an isolated region.
Vendor due diligence and contractual security obligations.
Incident response aligned to Australia’s NDB scheme and GDPR.
No system is perfectly secure; if a breach poses a risk of harm, we will notify you and regulators as required.
Access your data and obtain a copy.
Correction of inaccurate data.
Deletion (erasure).
Portability (structured, machine‑readable copy).
Restriction or objection to certain processing (especially where based on legitimate interests).
Withdraw consent at any time (does not affect past processing).
Opt‑out of marketing communications.
How to exercise: use in‑app controls or email privacy@galinia.app. We may need to verify your identity.
We use cookies/SDKs for authentication, preferences, analytics, and (with consent) marketing.
Choices: Manage cookies in your browser/device settings. We honour Global Privacy Control (GPC) where legally required. Do Not Track (DNT) is not standardised; we do not respond to DNT signals. In mobile OS settings, you can reset advertising/analytics identifiers or disable personalised ads.
We do not “sell” personal information. We also do not “share” personal information for cross‑context behavioural advertising. If this changes, we will provide a “Do Not Sell or Share My Personal Information” control and update this notice.
If we process sensitive personal information, we use it only to provide the services you request and for permitted security/anti‑fraud purposes. California residents may request we limit use/disclosure; in practice we already limit use as described.
We use analytics and ML to personalise non‑medical meditation content (e.g., voice/tone). You can object/opt out where your local law provides that right.
If your access is provided by an employer/partner, we may share limited administrative usage data with that organisation to run the programme. We do not share your prompts or meditation content without your explicit consent and where permitted by law.
Our services may link to or integrate third‑party services we do not control. Their privacy practices are their own; review their policies.
Primary retention periods are listed in §5. Backups are retained for 30 days in an isolated region and then overwritten. If you delete content, it will be removed from live systems promptly and from backups within the backup retention window.
International users can contact privacy@galinia.app. Where a local representative is required by law, we will designate one and update this policy.
Australia (OAIC): oaic.gov.au
EU/EEA: your local Data Protection Authority
UK (ICO): ico.org.uk
Canada (OPC): priv.gc.ca
California: California Attorney General
We invite you to contact us first so we can try to resolve your concern.
We may update this policy from time to time. We will provide reasonable notice of material changes (e.g., in‑app notice or email). Your continued use after the effective date constitutes acceptance.
Privacy enquiries & rights requests: privacy@galinia.app
Security incidents: security@galinia.app
DMCA/IP: legal@galinia.app