Privacy policy

Mobile Application Meditateeasy

Effective date: 24/04/2026

Last updated: 24/04/2026

1. DATA CONTROLLER

Data controller:

  • Company: “International World IT Solutions FZ LLC”
  • Jurisdiction: United Arab Emirates
  • Address: Office 303-302, DMC5, Dubai Media City, Dubai, UAE.
  • Privacy contact: [email protected]

This Policy explains what personal data we collect through the mobile application “Meditateeasy” (the “Application”), on what legal basis we process it, to whom we disclose it, and the rights that You have.

The Policy has been prepared in accordance with:

  • UAE Federal Decree-Law No. 45 of 2021 (PDPL);
  • Regulation (EU) 2016/679 (GDPR), for users located in the EEA, UK, or Switzerland;
  • California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), for California residents;
  • other applicable international privacy laws.

2. DATA WE COLLECT

2.1. DATA PROVIDED BY THE USER (PROFILE):

  • name;
  • gender;
  • date of birth;
  • e-mail address;

2.2. SUBSCRIPTION AND PAYMENT DATA:

  • transaction identifier and subscription status (received from the Apple App Store / Google Play);
  • WE DO NOT COLLECT or store payment-card numbers. Payments are processed exclusively by Apple Inc. and Google LLC.

2.3. TECHNICAL AND USAGE DATA (via Firebase):

  • device identifiers (IDFA / AAID with user consent, Firebase Installation ID);
  • device model, operating system and version;
  • language, time zone, country;
  • IP address (truncated, for analytics);
  • crash reports, including stack traces;
  • in-app events: screens viewed, taps, meditation listening time.

2.4. PUSH-NOTIFICATION DATA:

  • device push token.

2.5. WE DO NOT COLLECT:

  • health data (HealthKit / Google Fit) without explicit consent;
  • biometric data;
  • precise geolocation (GPS);
  • communications content;
  • data of children under 13 (knowingly).

3. PURPOSES AND LEGAL BASES OF PROCESSING

Purpose Data Legal basis (GDPR)
Account creation and management Name, e-mail, password Contract performance (Art. 6(1)(b))
Delivery of the Service and subscriptions Profile data, subscription data Contract performance (Art. 6(1)(b))
Content personalisation Gender, date of birth Consent (Art. 6(1)(a))
Analytics (Firebase Analytics) Technical data, events Legitimate interest (Art. 6(1)(f)) / Consent
Crash diagnostics (Firebase Crashlytics) Crash logs, identifiers Legitimate interest (Art. 6(1)(f))
Push notifications Push token Consent (Art. 6(1)(a))
Marketing communications E-mail Consent (Art. 6(1)(a))
Compliance with legal obligations All categories Legal obligation (Art. 6(1)(c))
Protection of rights and prevention of abuse All categories Legitimate interest (Art. 6(1)(f))

 

For users subject to UAE PDPL, the legal bases are consent of the data subject, contract performance, and legitimate interests of the controller under Federal Decree-Law No. 45 of 2021.

4. DATA RECIPIENTS

We disclose data to the following categories of recipients strictly for the purposes listed above and under data-processing agreements:

  • (a) Apple Inc. (USA) – processing of App Store subscriptions.
  • (b) Google LLC (USA) – processing of Google Play subscriptions, Firebase Analytics, Firebase Crashlytics, push notifications (FCM).
  • (c) Cloud-hosting providers – for data storage.
  • (d) Legal and audit advisors – where necessary.
  • (e) Public authorities – only pursuant to a lawful request.

We do NOT sell personal data within the meaning of the CCPA/CPRA.

5. INTERNATIONAL DATA TRANSFERS

Data may be transferred outside the UAE, including to the USA and other jurisdictions. Such transfers are safeguarded by:

  • European Commission Standard Contractual Clauses (for EEA/UK);
  • adequate contractual safeguards under UAE PDPL;
  • UK International Data Transfer Agreement.

A copy of the applicable safeguards is available upon request at [email protected]

6. RETENTION PERIODS

Data Retention period
Profile data until deletion of the Account
Subscription / payment data 5 (five) years from the last transaction -tax / accounting requirements
Analytics data up to 14 months (Firebase Analytics)
Crash logs up to 90 days
Push tokens until consent is withdrawn / the Application is uninstalled
Marketing consents until withdrawal

After the above periods, data is deleted or anonymised.

7. YOUR RIGHTS

7.1. Irrespective of jurisdiction, You have the right to:

  • (a) know what data we process;
  • (b) access Your data and obtain a copy;
  • (c) request the correction of inaccurate data;
  • (d) request erasure (“right to be forgotten”);
  • (e) restrict processing;
  • (f) object to processing based on legitimate interest;
  • (g) withdraw consent at any time (without affecting the lawfulness of prior processing);
  • (h) data portability;
  • (i) lodge a complaint with a supervisory authority.

7.2. FOR CALIFORNIA RESIDENTS (CCPA/CPRA):

  • right to know what categories of data are collected;
  • right to deletion;
  •  right to correction;
  • right to opt out of the sale or sharing (we do not sell data);
  • right to non-discrimination for exercising privacy rights.

7.3. FOR UAE RESIDENTS (PDPL):

  • rights provided in Articles 13 to 18 of the PDPL, including the
  • right to lodge a complaint with the UAE Data Office.

7.4. To exercise Your rights, please contact [email protected]. We will respond within 30 days (extendable to 60 days for complex requests, with prior notice).

8. SECURITY

We apply reasonable organisational and technical measures to protect data, including TLS encryption in transit, encryption at rest, access control on a least-privilege basis, and regular audits. However, no method of transmission or storage over the Internet is completely secure.

In case of a personal-data breach, we will notify affected users and the relevant supervisory authority within the statutory deadlines (72 hours under the GDPR; in accordance with Article 9 of the PDPL for the UAE).

9. CHILDREN

The Application is intended for persons aged 13 and over (16 for users in the EEA/UK, unless national law provides otherwise). We do not knowingly collect data from children below the applicable age. If You become aware that a child has provided us with data without parental consent, please contact us for its deletion.

10. COOKIES AND TRACKING

The Application does not use HTML cookies but relies on similar technologies (mobile identifiers, Firebase SDKs). For more details, see the Cookie Policy.

On iOS, we request tracking permission via App Tracking Transparency (ATT) in accordance with Apple’s requirements.

11. CHANGES TO THE POLICY

We may update this Policy. Material changes will be notified via the Application or by e-mail at least 30 days before they take effect. Continued use of the Application after the changes take effect constitutes Your acceptance.

12. CONTACT

Controller: Company “International World IT Solutions FZ LLC”

Address: Office 303-302, DMC5, Dubai Media City, Dubai, UAE.

E-mail: [email protected]

DPO / privacy: [email protected]