Skip to content
Breathing for Now

Privacy

Last updated 1 June 2026

Short version: we collect the bare minimum, we don't sell anything, you can export or delete it any time. Long version below.

Who we are

Breathing for Now is operated by Voll Studios Ltd, a company registered in England and Wales (no. 09302803). Registered office: 5 Brayford Square, London, E1 0SG. We are the data controller for the data described here.

What we collect

  • Your email address (when you sign in).
  • Your breathing session history (pattern, duration, timestamp).
  • Your preferences (audio settings, theme, reminder time).
  • If you upgrade to Premium: a Stripe customer ID and subscription ID. We do not see or store your card details.
  • Standard server logs (IP address, user agent, request paths) retained for short periods for security and debugging.

We do not use third-party analytics or trackers. No Google Analytics, no Facebook pixel, no behavioural tracking.

Why we collect it

  • To sign you in and remember you between devices.
  • To show your practice history and streak.
  • To process your Premium subscription if you choose to upgrade.
  • To send transactional emails (sign-in links, welcome, milestone notes, your chosen reminders).
  • To keep the service running and secure.

Who we share it with

We use a small number of trusted processors. They handle data on our instructions:

  • Supabase (EU region): hosts the database storing your account, sessions, and preferences.
  • Vercel: hosts the web application.
  • Stripe: processes payments if you subscribe. Stripe is the controller of your card data; we never see it.
  • Resend: delivers transactional email.
  • Cloudflare: DNS and edge caching.

We do not sell, rent, or share your data with advertisers or data brokers. Ever.

Your rights

Under UK GDPR you can access, correct, export, or delete the data we hold on you. Most of this is one click on your account page: export your full history as JSON, or delete your account entirely. For anything else, email hello@breathingfornow.com.

You can also complain to the Information Commissioner's Office (ico.org.uk) if you think we've mishandled your data.

Cookies

One cookie, named bfn-session. It holds your signed session token so you stay signed in. It's HttpOnly, SameSite=Lax, and expires after 30 days. We do not use cookies for tracking or advertising.

Data retention

We keep your account and sessions until you delete them. If you delete your account, everything is removed from our database within 30 days. Stripe retains payment records under its own retention rules (typically 7 years for tax and compliance).

Changes to this policy

If we make material changes, we'll update the date at the top and email you. Trivial changes (typos, link fixes) might happen without notice.

Contact

Privacy questions: hello@breathingfornow.com.