Data Retention Policy
Effective Date: 3rd February 2025
Last Updated: 30th June 2025
At Breezi, we are committed to protecting your privacy and ensuring your data is stored securely. This Data Retention Policy explains what data we collect, how long we store it, where it is stored, and what happens to data that is no longer needed.
Note: Breezi is a preventative mental wellness tool, not a clinical therapy service. We do not collect or store diagnostic or medical records. All data is processed in alignment with GDPR, and we are preparing for HIPAA-compliant infrastructure for U.S. users.
1. What Data We Collect
- Account Information: Name, email address, and encrypted password.
- Session Data: AI-generated summaries and user-entered reflections or notes during therapy chats.
- Health Sync Data: Step count, hours slept, and phone screen time (if connected via Apple Health or Google Fit). This data is accessed in read-only mode and not stored permanently.
- Device Data: IP address, device type, operating system, app usage patterns, and crash logs.
- Payment Metadata: Transaction details (e.g., date, amount) processed by third-party providers (Stripe, Apple Pay, Google Pay).
- Support Data: Messages and emails sent to Breezi’s support team.
2. How Long We Store Data
2.1 Account Information
- Active Accounts: Retained indefinitely while your account remains active.
- Deleted Accounts: Retained for up to 90 days post-deletion to allow for reactivation or troubleshooting, then permanently deleted.
2.2 Therapy Notes & Session Data
Retained while the account is active. Includes user-entered notes and AI-generated summaries. Securely deleted within 90 days of account deletion.
2.3 Device & Analytics Data
Retained in anonymised form for up to 2 years for research and app improvement purposes.
2.4 Payment Metadata
Managed by Stripe, Apple, and Google. Breezi does not store payment card details. Transaction metadata is retained for up to 7 years to meet tax and accounting obligations.
2.5 Support Communications
Retained for up to 2 years for quality assurance and dispute resolution.
3. Where Data is Stored
Data is stored on secure, GDPR-compliant servers hosted by Firebase (Google Cloud) in the United Kingdom and European Economic Area (EEA).
Some anonymised analytics data may be processed outside these regions (e.g., in the United States). These transfers are protected using GDPR-approved safeguards such as Standard Contractual Clauses (SCCs).
4. What Happens to Data That is No Longer Needed?
When a data retention period ends, Breezi will:
- Permanently delete personal data from active systems within 90 days.
- Anonymise data that can no longer identify users, which may be retained for research purposes indefinitely.
- Ensure that data in backups is securely deleted within 90 days.
5. User Rights (UK & EEA)
Under the UK GDPR and EU GDPR, you have the right to:
- Access: Request a copy of your stored personal data.
- Deletion: Request permanent removal of your personal data.
- Portability: Request a machine-readable copy of your data for transfer to another provider.
- Restriction: Ask us to limit processing of your data in specific circumstances.
- Correction: Request that we correct any inaccurate or incomplete data.
To exercise your rights, contact us at support@talktobreezi.com.
6. Security of Retained Data
- Encryption: All sensitive data is encrypted in transit and at rest.
- Access Control: Only authorised personnel can access personal data.
- Audits: Security policies and infrastructure are regularly reviewed and updated.
- HIPAA Readiness: While not currently subject to HIPAA, Breezi applies similar security principles and is preparing for HIPAA compliance for U.S. users.
7. Automated Processing Note
Breezi uses AI to generate personalised summaries and suggestions based on your input. These outputs are intended for wellbeing support and self-reflection only, and do not constitute clinical advice. No legally binding decisions are made automatically based on your data.
8. Updates to This Policy
We may revise this Data Retention Policy from time to time. The latest version will always be available on our website and include the updated “Last Updated” date at the top of the document.
9. Contact Information
If you have any questions or concerns about this Data Retention Policy, contact us at support@talktobreezi.com.
🌍 Website: talktobreezi.com