Privacy Policy
Effective Date: April 08, 2025
Company name: EMPTY BOWL LTD
Business registration number: 15966458
Email: reself5966@re-self.co.uk
Address: 85 Great Portland Street, First Floor, London, England, W1W 7LT
EMPTY BOWL LTD ("we," "us," or "our") is committed to protecting the privacy and personal information of our users. This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our mobile application Reself and website re-self.co.uk (collectively, the "Service"). By accessing or using the Service, you agree to the practices outlined in this Privacy Policy. If you do not agree with this policy, please discontinue the use of our Service.

We recognize that privacy is a fundamental right and take our responsibility seriously to ensure that your data is treated securely and in accordance with applicable data protection standards. This policy is designed to provide transparency and clarity on how your information is handled.

1. Data We Collect
We collect a range of personal and technical data to ensure the Service functions properly, to support account-related activities, and to analyze user interactions for continuous improvement. The types of data we collect include both information you provide to us and data collected automatically during your use of the Service.

Personal data that may be collected includes your name, email address, and user identifiers. These are primarily used to personalize your experience, facilitate communication between you and our development team, and manage your account within the Service.

We also collect diagnostic information such as crash logs and performance reports to monitor the stability and functionality of the app. Additionally, we may gather analytics data including user interactions, device identifiers, and anonymized location information such as country, city, carrier, and operating system version. This helps us to understand how the Service is used and to identify areas for improvement.

All data is collected with the principle of data minimization in mind—only the necessary data for fulfilling the specified purposes is collected and retained.

2. Purposes for Data Processing
Your data is used solely for purposes that are relevant, lawful, and necessary for the proper delivery and maintenance of our Service. We collect and process your personal data to enable key features such as authentication, secure access, and user communication.

One of our core purposes is to personalize your experience. By understanding your interactions and preferences, we can tailor the content and features to make the Service more relevant and effective for you. This includes customizing journaling tools, recommending exercises, and enhancing community interaction features.

Analytics data collected through Amplitude enables us to evaluate how users engage with the Service, which features are most popular, and how we can optimize the user journey. We use this data to guide our design and development decisions, ensuring we deliver the most value to our users.

Crash logs and diagnostic data collected via Firebase help us maintain the stability and performance of the Service. This allows us to detect, investigate, and resolve issues that might affect your experience.

We do not sell your data or use it for third-party marketing purposes. All processing is carried out in accordance with strict privacy principles and internal safeguards.

3. Data Storage and Transfers
We store your data using reputable third-party service providers that maintain high standards of security and compliance. Our chosen platforms are Google Firebase and Amplitude.

Google Firebase is used for authentication, data storage, and certain analytics functions. All data managed by Firebase is stored in the London-based data center (Europe-west2 region), ensuring that your data remains within the European Economic Area (EEA).

Amplitude is used for product analytics and stores its data on AWS servers located in Frankfurt, Germany. Amplitude allows us to track anonymized user behavior to improve our product features and user engagement without compromising individual privacy.

Both providers implement strict access controls, encryption standards, and industry best practices to protect your data. We carefully vet all vendors and ensure that they are committed to maintaining the confidentiality and integrity of user data.

In certain cases, your data may be transferred to and processed in countries outside the EEA. When such international transfers occur, we ensure that appropriate safeguards are in place, such as approved standard contractual clauses or other lawful mechanisms, to guarantee an adequate level of data protection.

4. Legal Basis for Processing
We process your personal data on several lawful bases, including your consent, our legitimate interests, and the necessity of processing for the performance of our contractual obligations to you.

When you voluntarily provide information such as your name or email address, your consent serves as the basis for processing. You have the right to withdraw this consent at any time. For example, if you choose to unsubscribe from communications, we will honor that choice promptly.

We also rely on legitimate interests to process technical data and analytics. This includes processing necessary to maintain the functionality, security, and continuous improvement of the Service. We assess our legitimate interests to ensure they do not override your rights and freedoms.

Finally, when processing is necessary to provide core features of the Service, such as logging in or accessing journal entries, we do so under the lawful basis of contract fulfillment. Without such processing, we would be unable to provide the Service as intended.

5. Data Retention
We retain your personal data only for as long as is necessary to achieve the purposes described in this policy. This means we keep data for the duration of your use of the Service, and in some cases, for a reasonable period thereafter to comply with legal obligations or for legitimate business purposes.

For example, crash logs and diagnostic data are retained temporarily to ensure timely troubleshooting, while account-related data such as your name and email address may be retained longer to facilitate account recovery or support communication.

Once data is no longer required, we securely delete or anonymize it in accordance with our data retention procedures. You may request deletion of your personal data at any time by contacting us through the methods provided in Section 9.

6. User Rights
As a user, you have several rights regarding your personal data. These rights give you control over how your data is used and provide transparency in our processing activities.
  • Right to Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: If any data we hold is inaccurate or incomplete, you may request that it be corrected.
  • Right to Erasure: You can request that we delete your personal data under certain conditions, such as when it is no longer necessary for the purposes collected.
  • Right to Restrict Processing: You may request temporary suspension of processing if you contest its accuracy or object to its use.
  • Right to Data Portability: You can request a copy of your data in a structured, commonly used format.
  • Right to Object: You can object to processing that is based on our legitimate interests, including analytics or personalization features.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw it at any time.
To exercise your rights, contact us using the details provided in Section 9. We will respond to all requests in a timely and lawful manner.

If you have concerns about how your personal data is being handled, you have the right to lodge a complaint with a data protection authority. If you are located in the United Kingdom, you may contact the Information Commissioner's Office (ICO) at www.ico.org.uk

7. Data Security
We take the security of your personal data seriously. We implement a range of technical and organizational measures to prevent unauthorized access, use, or disclosure of your information.
These measures include encryption of data in transit and at rest, role-based access controls, and secure server infrastructure maintained by our partners. Firebase and Amplitude both adhere to strict compliance standards and conduct regular audits to verify the effectiveness of their security programs.

Internally, we restrict access to personal data only to authorized personnel who require it to perform their duties. All staff members receive training on privacy best practices and are bound by confidentiality agreements.

While we make every effort to ensure the security of your data, no digital platform can guarantee absolute protection. You are responsible for safeguarding your account credentials and ensuring your device is secure.

8. Children’s Privacy
Our Service is not intended for use by individuals under the age of 16. We do not knowingly collect or solicit personal information from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately.
If we become aware that we have inadvertently collected data from a user under the age of 16, we will take prompt steps to delete that information and prevent further use of the account.
We encourage parents to monitor their children’s online activities and educate them on safe internet practices.

9. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or improvements to our Service. When updates are made, we will revise the "Effective Date" at the top of this document.

In the event of significant changes, we may also notify you through in-app notifications, email, or other means. We encourage you to review this policy periodically to stay informed about how we protect your data.

Continued use of the Service following the publication of any updates constitutes acceptance of those changes.

In case of any discrepancies or inconsistencies between the English version of this document and any translation, the English version shall prevail.

Made on
Tilda