Breezi – Data Retention Policy

Effective Date: 3rd February 2025

Last Updated: 3rd February 2025

At Breezi, we are committed to protecting your privacy and ensuring that your data is stored securely. This Data Retention Policy explains what data we collect, how long we store it, where it is stored, and what happens to data that is no longer needed.

1. What Data We Collect

• Account Information: Name, email address, and encrypted password.
• Session Data: Therapy notes and session summaries entered by users.
• Device Data: IP address, device type, operating system, app usage patterns, and crash logs.
• Payment Metadata: Transaction details (e.g., date, amount) processed by third-party providers (Stripe, Apple Pay, Google Pay).
• Support Data: Messages and emails sent to Breezi’s support team.

2. How Long We Store Data

2.1 Account Information

• Active Accounts: Retained indefinitely while your account remains active.
• Deleted Accounts: Retained for 90 days after account deletion to allow for reactivation or troubleshooting before being permanently deleted.

2.2 Therapy Notes & Session Data

• Retained as long as the account remains active.
• Upon account deletion, notes and session data are securely deleted within 90 days.

2.3 Device & Analytics Data

Retained in anonymised form for up to 2 years for research and app improvement purposes.

2.4 Payment Metadata

• Payment details are managed by third-party providers (Stripe, Apple, Google). Breezi does not store payment card details.
• Transaction metadata is retained for up to 7 years to comply with tax and accounting regulations.

2.5 Support Communications

Retained for up to 2 years for quality assurance and dispute resolution purposes.

3. Where Data is Stored

Breezi’s data is stored on secure, GDPR-compliant servers located in the United Kingdom and the European Economic Area (EEA).

Some anonymised data used for analytics may be processed by third-party services like Google Analytics, which may store data outside the UK/EEA. These providers comply with GDPR through data transfer mechanisms such as Standard Contractual Clauses (SCCs).

4. What Happens to Data That is No Longer Needed?

When a retention period expires, Breezi will:

• Permanently delete personal data from active systems within 90 days.
• Anonymise data that can no longer identify users, which may be retained indefinitely for research purposes.
• Ensure that data in backups is securely deleted within a maximum of 90 days.

5. User Rights

Under GDPR and other applicable laws, you have the following rights regarding your personal data:

• Access Your Data: Request a copy of the personal data stored by Breezi.
• Request Data Deletion: Request permanent removal of your personal data.
• Data Portability: Request a machine-readable copy of your data to transfer to another service.

To exercise these rights, please contact us at support@talktobreezi.com.

6. Security of Retained Data

We take the following steps to secure your data:

• Encryption: All sensitive data is encrypted during storage and transmission.
• Access Control: Only authorised personnel have access to personal data.
• Regular Audits: Security measures are regularly reviewed and updated.

7. Updates to This Policy

We may update this Data Retention Policy from time to time. Changes will be posted on our website with an updated "Last Updated" date.

8. Contact Information

For questions about this policy or requests regarding your data, please contact us:

📧 Email: support@talktobreezi.com

🌍 Website: talktobreezi.com