Privacy Policy

Last updated: March 23, 2026

1. Introduction

Shunyah (“we,” “us,” or “our”) operates the Shunyah mobile application (the “App”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

2. Information We Collect

Account Information

  • Name, email address, and profile information provided during registration
  • Authentication data (via Google Sign-In or email/password)

Meditation & Session Data

  • Your responses during the meditation generation flow (situation, feeling, intention, personal notes)
  • Sleep preferences and conversation inputs
  • Generated meditation scripts and associated metadata (duration, technique, timestamps)
  • Favorites, bookmarks, and listening history

Device & Technical Data

  • Firebase Cloud Messaging (FCM) token for push notifications
  • Device type and operating system version (sent with API requests)

Local Storage

  • Cached audio files for offline playback
  • App preferences (ambient sound selection, notification settings, tutorial completion status)

3. What We Do NOT Collect

We are committed to minimal data collection. We do not:

  • Use analytics SDKs (no Google Analytics, Mixpanel, Amplitude, or similar)
  • Use crash reporting tools (no Crashlytics, Sentry, or similar)
  • Use advertising SDKs or ad networks
  • Track your location
  • Sell, rent, or trade your personal data
  • Use tracking pixels or fingerprinting
  • Share data with data brokers

4. How We Use Your Information

  • To generate personalized meditation scripts and audio using AI
  • To maintain your account and meditation history
  • To deliver push notifications (sleep reminders, if enabled)
  • To process subscription payments through Apple's in-app purchase system
  • To respond to support requests

5. Third-Party Services

We use the following third-party services to operate the App:

Anthropic (Claude API)

Generates personalized meditation scripts. Your situation, feeling, and intention inputs are sent to Anthropic's API. Anthropic does not use API inputs to train models.

fal.ai (Text-to-Speech)

Converts generated scripts into audio. The text of your meditation is sent for synthesis.

Supabase

Provides authentication, database, and file storage. Your account data and meditation history are stored in Supabase-hosted infrastructure.

Firebase Cloud Messaging (FCM)

Used solely for delivering push notifications. We do not use Firebase Analytics or any other Firebase services.

RevenueCat

Manages subscription status and purchase verification. Receives your anonymous app user ID and purchase receipts.

Apple / Google

Handle authentication (Sign in with Apple, Google Sign-In) and in-app payment processing.

6. Data Retention

Your account data and meditation history are retained as long as your account is active. When you delete your account, all associated data is permanently removed from our servers within 30 days. Cached audio files on your device are removed when you uninstall the App.

7. Your Rights

All Users

  • Access your personal data through the App
  • Delete your account and all associated data at any time
  • Opt out of push notifications through device settings

EEA/UK Residents (GDPR)

If you are in the European Economic Area or United Kingdom, you have additional rights including:

  • Right to access, rectify, or erase your personal data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge a complaint with your local data protection authority

Our legal basis for processing is contract performance (providing the service you signed up for) and legitimate interest (improving the App).

California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Non-discrimination for exercising your privacy rights

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (TLS), secure authentication tokens, and row-level database security policies. However, no method of electronic transmission or storage is 100% secure.

9. Children's Privacy

Shunyah is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App or on our website. Your continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

privacy@shunyah.app