Effective Date: August 21, 2025
Last Updated: August 21, 2025

1. INTRODUCTION

SoulFlow (“SoulFlow,” “we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, process, store, share, and protect your information when you access or use:

Our website at https://soul-flow.app (the “Website”)
Our mobile applications (the “App”)
All related services, features, and content (collectively, the “Services”)

By using our Services, you acknowledge that you have read and understood this Privacy Policy and agree to our data practices as described herein. If you do not agree with this Privacy Policy, please do not use our Services.

This Privacy Policy is incorporated into and forms part of our Terms of Service. Capitalized terms not defined in this Privacy Policy have the meanings given in our Terms of Service.

2. INFORMATION WE COLLECT

We collect information about you in various ways when you use our Services. The categories of information we collect include:

2.1 Information You Provide Directly

Account Information:

Name, email address, and username
Password and security credentials
Profile information and preferences
Date of birth (for age verification and personalized features)
Location information (city, country, timezone)

Personal Development Information:

Birth data for Human Design, astrology, or numerology calculations (date, time, and place of birth)
Personal goals, intentions, and wellness preferences
Journal entries, reflections, and personal notes
Survey responses and assessment results
Progress tracking and milestone data

Communication Information:

Messages you send through our Services
Customer support inquiries and correspondence
Feedback, reviews, and testimonials
Newsletter and marketing preferences

Payment Information:

Billing address and payment method details
Transaction history and purchase records
Subscription preferences and status
Note: Credit card information is processed securely by our third-party payment processors and is not stored on our servers

2.2 Information Collected Automatically

Device and Technical Information:

Device type, model, operating system, and version
Unique device identifiers (UDID, advertising ID)
Browser type and version
Screen resolution and display characteristics
Network connection type and speed

Usage and Analytics Information:

Pages visited, features accessed, and content viewed
Time spent on different sections of our Services
Click-through rates and user interactions
Navigation patterns and user journey flows
Session duration and frequency of use
Error logs and performance data

Location Information:

IP address and approximate geographic location (city, region, country)
Timezone and language preferences
GPS coordinates (only if you explicitly grant location permissions)

Cookies and Tracking Technologies:

Session cookies and persistent cookies
Web beacons and pixel tags
Local storage and cached data
Analytics and performance tracking data

2.3 Information from Third Parties

Social Media and Third-Party Accounts:

Profile information when you connect social media accounts
Authentication data from third-party login services (Google, Apple, Facebook)
Public information from social media platforms (with your consent)

Third-Party Service Providers:

Payment processing information from payment providers
Analytics data from third-party analytics services
Marketing and advertising data from advertising partners
App store information and download data

Other Sources:

Information from business partners and affiliates
Publicly available information from online sources
Referral information from other users

3. HOW WE USE YOUR INFORMATION

We process your personal information for the following purposes, based on legitimate interests, contractual necessity, consent, or legal obligations:

3.1 Service Provision and Improvement

Provide and operate our Services: Deliver core features, functionality, and content
Personalize your experience: Create customized Human Design readings, recommendations, and content
Process transactions: Handle subscriptions, payments, and billing
Customer support: Respond to inquiries, resolve issues, and provide assistance
Service improvement: Analyze usage patterns to enhance features and user experience
Product development: Develop new features, services, and content

3.2 Communication and Marketing

Account notifications: Send important updates about your account and our Services
Educational content: Provide newsletters, tips, and wellness resources
Marketing communications: Share promotional offers, new features, and relevant content (with your consent)
Community features: Enable user interactions and community participation
Surveys and research: Conduct user research to improve our Services

3.3 Security and Legal Compliance

Security monitoring: Detect and prevent fraud, abuse, and security threats
Access control: Authenticate users and protect account security
Legal compliance: Meet legal obligations and regulatory requirements
Terms enforcement: Enforce our Terms of Service and Community Guidelines
Data backup: Maintain backup copies for data recovery and business continuity

3.4 Analytics and Business Operations

Usage analytics: Understand how users interact with our Services
Performance monitoring: Track app performance, errors, and technical issues
Business intelligence: Generate insights for strategic decision-making
Quality assurance: Test and improve our Services’ functionality and reliability

4. LEGAL BASIS FOR PROCESSING (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds:

Contractual Necessity: Processing necessary to perform our contract with you (providing the Services you’ve requested)

Legitimate Interests: Processing for our legitimate business interests, such as:

Improving and developing our Services
Ensuring security and preventing fraud
Direct marketing (where you haven’t objected)
Analytics and business intelligence

Consent: Where you have explicitly consented to processing, such as:

Marketing communications
Location tracking
Sharing certain information with third parties
Optional data collection for enhanced features

Legal Obligation: Where we must process data to comply with legal requirements, such as:

Tax and accounting obligations
Regulatory compliance
Responding to legal requests

5. COOKIES AND TRACKING TECHNOLOGIES

5.1 Types of Cookies We Use

Essential Cookies: Required for basic Service functionality, including:

Authentication and session management
Security features and fraud prevention
Load balancing and performance optimization

Analytics Cookies: Help us understand Service usage, including:

Google Analytics and similar services
User behavior and interaction tracking
Performance and error monitoring

Functional Cookies: Enhance your experience, including:

Preference settings and customization
Language and region selection
Feature optimization and personalization

Marketing Cookies: Support marketing activities, including:

Advertising campaign tracking
Social media integration
Retargeting and conversion tracking

5.2 Managing Cookie Preferences

You can control cookies through:

Your browser settings and preferences
Our cookie consent management tool
Third-party opt-out mechanisms
Mobile device advertising settings

Note that disabling certain cookies may limit Service functionality.

6. INFORMATION SHARING AND DISCLOSURE

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

6.1 Service Providers and Business Partners

We work with trusted third-party service providers who help us operate our Services:

Technology Providers:

Cloud hosting and infrastructure services (AWS, Google Cloud)
Content delivery networks and performance optimization
Database management and backup services

Analytics and Marketing:

Google Analytics, Firebase Analytics
Email marketing platforms (Mailchimp, SendGrid)
Customer support tools and help desk systems

Payment Processing:

Stripe, PayPal, Apple Pay, Google Pay
Subscription management platforms
Fraud detection and prevention services

Professional Services:

Legal and accounting firms
Security and compliance consultants
Customer research and survey providers

All service providers are bound by strict confidentiality agreements and are required to protect your information in accordance with this Privacy Policy.

6.2 Legal and Regulatory Requirements

We may disclose your information when required by law or in good faith belief that such disclosure is necessary to:

Comply with legal processes, court orders, or governmental requests
Enforce our Terms of Service and other agreements
Protect our rights, property, or safety, or that of our users or the public
Investigate or prevent illegal activities, fraud, or security threats
Respond to emergency situations involving danger to life or safety

6.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6.4 Consent-Based Sharing

We may share your information with your explicit consent for specific purposes not covered in this Privacy Policy.

7. INTERNATIONAL DATA TRANSFERS

SoulFlow is based in Israel, and our Services are hosted on servers located in various countries. Your information may be processed and stored outside your country of residence, including in countries that may not provide the same level of data protection as your home country.

7.1 Safeguards for International Transfers

When transferring data internationally, we implement appropriate safeguards, including:

Standard Contractual Clauses: EU-approved contractual terms with service providers
Adequacy Decisions: Transfers to countries deemed adequate by relevant authorities
Binding Corporate Rules: Internal policies for multinational organizations
Certification Schemes: Participation in recognized privacy certification programs

7.2 EEA, UK, and Swiss Residents

For residents of the European Economic Area, United Kingdom, and Switzerland, we ensure that any international data transfers comply with applicable data protection laws, including GDPR and the UK Data Protection Act.

8. DATA RETENTION

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

Account Information: Retained while your account is active and for up to 3 years after account closure

Usage and Analytics Data: Typically retained for 2-3 years for business analytics and improvement purposes

Payment Information: Retained as required by financial regulations and tax laws (typically 7 years)

Communication Records: Customer support communications retained for up to 3 years

Legal and Compliance Data: Retained as required by applicable laws and regulations

Marketing Data: Retained until you unsubscribe or for up to 2 years of inactivity

8.2 Secure Deletion

When information is no longer needed, we securely delete or anonymize it using industry-standard methods to ensure it cannot be recovered or reconstructed.

9. DATA SECURITY

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

9.1 Technical Safeguards

Encryption: Data encrypted in transit using TLS/SSL and at rest using AES-256
Access Controls: Role-based access controls and multi-factor authentication
Network Security: Firewalls, intrusion detection, and DDoS protection
Secure Development: Security-focused development practices and code reviews
Regular Updates: Timely security patches and system updates

9.2 Organizational Safeguards

Employee Training: Regular privacy and security training for all personnel
Access Limitations: Employee access limited to necessary information only
Background Checks: Screening of personnel with access to sensitive data
Incident Response: Comprehensive data breach response procedures
Third-Party Audits: Regular security assessments and penetration testing

9.3 Limitations

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information, but we are committed to protecting it using industry best practices.

10. YOUR PRIVACY RIGHTS

Depending on your location, you may have certain rights regarding your personal information. These rights may include:

10.1 Universal Rights

Access: Request information about how we process your personal data and obtain a copy of your data

Correction: Request correction of inaccurate or incomplete personal information

Deletion: Request deletion of your personal information in certain circumstances

Portability: Request transfer of your data to another service provider in a structured format

Objection: Object to certain types of processing, particularly for marketing purposes

Restriction: Request limitation of processing in certain circumstances

10.2 Additional Rights for EEA, UK, and Swiss Residents (GDPR)

Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Lodge Complaints: File complaints with supervisory authorities

Automated Decision-Making: Object to automated decision-making and profiling

10.3 California Residents (CCPA/CPRA)

Right to Know: Detailed information about data collection and sharing practices

Right to Delete: Request deletion of personal information

Right to Opt-Out: Opt-out of the sale or sharing of personal information for targeted advertising

Right to Non-Discrimination: Equal service regardless of privacy choices

Right to Correct: Request correction of inaccurate personal information

Right to Limit: Limit the use of sensitive personal information

10.4 Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@soul-flow.app
Subject Line: “Privacy Rights Request”
Include: Your full name, email address, and specific request

We will respond to your request within the timeframes required by applicable law (typically 30 days for GDPR and 45 days for CCPA).

11. CHILDREN’S PRIVACY

Our Services are not intended for children under the age of 18, and we do not knowingly collect personal information from children under 18.

11.1 Age Verification

We implement age verification measures during account registration to prevent underage access.

11.2 Inadvertent Collection

If we learn that we have collected personal information from a child under 18, we will:

Delete the information immediately
Terminate the associated account
Notify the appropriate parties as required by law

11.3 Parental Rights

Parents or guardians who believe their child has provided personal information to us may contact us to request review and deletion of such information.

12. THIRD-PARTY SERVICES AND LINKS

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by SoulFlow.

12.1 Third-Party Privacy Practices

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before providing any personal information.

12.2 Social Media Integration

When you connect social media accounts or share content through social platforms, your interactions are governed by the privacy policies of those platforms.

12.3 Third-Party Analytics

We use third-party analytics services that may collect information about your use of our Services and other websites. These services include:

Google Analytics (privacy policy: https://policies.google.com/privacy)
Firebase Analytics (privacy policy: https://firebase.google.com/policies/analytics)

13. MARKETING AND COMMUNICATIONS

13.1 Marketing Communications

With your consent, we may send you marketing communications about our Services, including:

Newsletter and educational content
Product updates and new features
Special offers and promotions
Wellness tips and personalized recommendations

13.2 Opt-Out Options

You can opt out of marketing communications at any time by:

Clicking the unsubscribe link in emails
Adjusting your account preferences
Contacting us directly
Using third-party marketing preference services

13.3 Transactional Communications

You cannot opt out of certain service-related communications that are necessary for the operation of your account, such as:

Account security notifications
Billing and payment confirmations
Important service updates
Legal notices

14. CALIFORNIA PRIVACY DISCLOSURES

This section provides additional information for California residents as required by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

14.1 Categories of Personal Information

In the past 12 months, we have collected the following categories of personal information:

Identifiers: Name, email, username, device IDs
Commercial Information: Purchase history, subscription data
Internet Activity: Browsing history, app usage, interactions
Geolocation Data: Approximate location from IP address
Sensory Data: Audio recordings (customer support calls, with consent)
Professional Information: Industry, job title (if provided)
Inferences: Preferences, characteristics, behavior patterns

14.2 Sources and Purposes

We collect this information from:

Directly from you
Your devices and usage of our Services
Third-party service providers
Social media platforms (with consent)

We use this information for the business purposes described in Section 3 of this Privacy Policy.

14.3 Sharing and Sales

We do not sell personal information as traditionally defined. We may share information with service providers for business purposes as described in Section 6.

14.4 Retention

We retain personal information as described in Section 8 of this Privacy Policy.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, or applicable laws.

15.1 Notification of Changes

When we make material changes to this Privacy Policy, we will:

Post the updated Privacy Policy on our Website and App
Update the “Last Updated” date at the top of this Privacy Policy
Send email notifications to registered users (for significant changes)
Provide in-app notifications when you next use our Services
Maintain previous versions for your reference

15.2 Types of Changes

Minor Changes: Clarifications, formatting, or non-material updates take effect immediately upon posting.

Material Changes: Significant changes to our data practices will be announced with advance notice (typically 30 days) before taking effect.

15.3 Continued Use

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

16. CONTACT INFORMATION

16.1 General Privacy Inquiries

Email: privacy@soul-flow.app
Subject Line: “Privacy Inquiry”
Website: https://soul-flow.app

16.2 Data Protection Officer

For GDPR-related inquiries:
Email: dpo@soul-flow.app
Subject Line: “Data Protection Inquiry”

16.3 Privacy Rights Requests

Email: privacy@soul-flow.app
Subject Line: “Privacy Rights Request”

16.4 Mailing Address

SoulFlow Privacy Team
[Physical Address]
[City, State/Province, Postal Code]
[Country]

16.5 Response Times

General inquiries: 5-7 business days
Privacy rights requests: 30 days (GDPR) / 45 days (CCPA)
Urgent security matters: 24-48 hours

17. SUPERVISORY AUTHORITY CONTACTS

17.1 EEA Residents

You have the right to lodge a complaint with your local data protection authority. Contact information for EU data protection authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en

17.2 UK Residents

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

17.3 Swiss Residents

Federal Data Protection and Information Commissioner (FDPIC)
Website: https://www.edoeb.admin.ch
Email: info@edoeb.admin.ch

18. EFFECTIVE DATE AND ACKNOWLEDGMENT

This Privacy Policy is effective as of the date stated at the top of this document and applies to all information collected by SoulFlow on or after such date.

By using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

This Privacy Policy was last updated on August 21, 2025. We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.