Privacy Policy – Hana Breathe

Last updated: 19 March 2026

This Privacy Policy explains how the Hana Breathe application (“app” or “Hana Breathe”) and the service operator handle your data. By using the app, you agree to this policy.

1. Data controller

The controller of personal data is David Vurbs, Horní Slivno 25, 294 79, Czech Republic, ID No.: 05405289.
Contact for privacy matters: david@hanabreathe.com.

2. What data we process

• Account and sign-in
  Email address (sign-in with email and code, or via Apple/Google). For sign-in with Apple or Google, we process the data those services provide (identifier and email) to the extent necessary to create and manage your account.
• Sessions and device
  Device type and data needed for authentication. Optionally, data for push notifications if you use that feature.
• Breathing exercises
  Exercise name, start time, and session duration. Used to show history and statistics (including streaks) and to operate the service.
• Hana Journey subscription
  Subscription status and App Store transaction data needed to verify subscription and manage access to paid content.

3. Purposes and legal bases

• Contract performance – providing the app, account, exercise history, and subscription.
• Legitimate interests – securing the service, preventing abuse, and technical support.
• Consent – where we explicitly require it.

We do not sell your data or share it with third parties for their marketing.

4. Recipients and third parties

• Servers and infrastructure – hosted in the EU; processing takes place within the European Union.
• Apple – Sign in with Apple, App Store, and payments; Apple’s privacy policy applies.
• Google – Google sign-in; Google’s privacy policy applies.
• Email – an external service sends sign-in codes; processing complies with applicable law.

5. Retention

• Account and sessions – for the lifetime of the account and thereafter as required by law.
• Breathing session history – for the lifetime of the account; after account deletion, data may be erased or anonymised upon your request.
• Sign-in codes – only briefly, until used or expired.
• Subscription and transaction data – as long as needed for accounting and legal obligations.

6. Your rights (GDPR)

Where the law provides, you have the right of access, rectification, erasure, restriction of processing, data portability, objection to processing, and withdrawal of consent. You may also lodge a complaint with a supervisory authority (in the Czech Republic, the Office for Personal Data Protection, uoou.cz).

Please send requests to david@hanabreathe.com. We will respond without undue delay and within 30 days at the latest.

7. Security

We transmit data encrypted. Sign-in uses one-time codes or Apple/Google. We protect sensitive data with appropriate technical and organisational measures.

8. Website and cookies

The website hanabreathe.com does not use cookies, and we do not plan to use them.

9. Changes to this policy

We may update this policy from time to time. We will inform you of material changes in the app or by email. The current version is always available on this page.

10. Children

The service is not intended for children under 16. If we learn that we have processed a child’s data without consent from a legal guardian, we will delete that data.

Contact: david@hanabreathe.com