Last updated: March 25, 2026 — Version 2.0
Nala (“we”, “us”, “our”) is a wellness companion application published by Mathias Robin, sole proprietor, domiciled in France.
Data protection contact: privacy@nala-meditation.com
| Processing | Legal basis |
|---|---|
| Account creation & authentication | Performance of contract (Art. 6(1)(b)) |
| Wellness scores, journal, micro-actions | Performance of contract (Art. 6(1)(b)) |
| AI chat conversations | Explicit consent (Art. 6(1)(a) & Art. 9(2)(a)) |
| Analytics (usage events) | Consent (Art. 6(1)(a)) |
| Push notifications | Consent (Art. 6(1)(a)) |
| Subscription & billing | Performance of contract (Art. 6(1)(b)) |
| Crash reports | Legitimate interest (Art. 6(1)(f)) — app stability |
Account data: Email address, display name (via Firebase Authentication), language preference (e.g. “fr” or “en”), and country code derived from your device settings (e.g. “FR”). These are used to display the app in your language.
Wellness data: Conversation transcripts with the AI, journal entries, wellness scores, mood selections, micro-actions. This data may include information relating to your emotional state, sleep habits, stress levels, or general well-being. While not strictly “health data” under GDPR Article 9, we treat it with the same level of protection as sensitive data.
Analytics data: Only collected with your explicit consent. Includes anonymized usage events (content played, features used, session duration). We do not collect your name or email in analytics events.
Technical data: Device type, app version, crash reports (Firebase Crashlytics). No IP addresses are stored permanently.
Payment data: Handled entirely by Google Play. We never see, process, or store your card details.
Push notification token: Collected only when you opt in to notifications. Used solely to deliver reminders you configured.
When you use Nala’s AI chat feature, your messages are sent to the Anthropic API (Claude) for processing. This means:
Before your first AI conversation, the app asks for your explicit consent to this processing. You can use all other Nala features without using the AI chat.
We never sell your data. We never share it with advertisers. We never use your data for profiling or automated decision-making.
Your data is stored on Supabase (PostgreSQL, EU region) with:
Your primary data is stored in the EU (Supabase, EU region). Some processing involves sub-processors located in the United States. These transfers are protected by:
We use the following third-party services to operate Nala:
| Provider | Location | Purpose | Data shared |
|---|---|---|---|
| Supabase | EU | Database & data hosting | All account and content data |
| Firebase (Google) | US | Authentication, push notifications, crash reports | Email, push token, crash logs |
| Anthropic | US | AI conversation processing (Claude API) | Chat messages, first name, wellness context |
| Railway | US | Backend server hosting | Requests in transit (encrypted) |
| ElevenLabs | US | Voice generation for audio content | No personal data (scripts only) |
| Upstash (Redis) | EU | Temporary caching (authentication tokens) | Encrypted tokens, TTL 30 seconds |
| Data type | Retention period |
|---|---|
| Account data (email, name) | Until account deletion |
| AI conversation messages | 90 days, then automatically deleted (summaries retained) |
| Wellness scores | Until account deletion |
| Journal entries | Until account deletion |
| Analytics events | 1 year, then automatically purged |
| Push notification tokens | Until account deletion or opt-out |
| Crash reports | 90 days (Firebase Crashlytics default) |
When you delete your account, all data is permanently erased immediately. Any residual backups are purged within 30 days.
You have the right to:
To exercise your rights, use the in-app settings or email privacy@nala-meditation.com. We will respond within 30 days as required by GDPR.
The Nala website uses no third-party cookies, no tracking cookies, and no advertising cookies. We use a minimal server-side analytics system that does not track individual users across sessions and does not use cookies.
Nala is designed for users aged 13 and above. For users under 16 in the European Union, parental or guardian consent is required per GDPR Article 8. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us with personal data, contact us immediately at privacy@nala-meditation.com.
In the event of a personal data breach that poses a risk to your rights and freedoms:
We may update this policy. Significant changes will be communicated via the app and/or email. The “last updated” date at the top will be revised. Continued use after 30 days constitutes acceptance of the updated policy.