Privacy Policy

Last Updated: February 14, 2026

1. Introduction

This Privacy Policy explains how Subtide ("we", "us", or "our"), operated by Andre Schweighofer, collects, uses, and protects your personal information when you use our breathwork journey platform.

We are committed to protecting your privacy and complying with the European Union General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Andre Schweighofer, based in Austria, EU, is the data controller responsible for your personal data collected through the Subtide platform.

3. Information We Collect

3.1 Information You Provide Directly

Teachers:

  • Email address (for account creation and authentication)
  • Name and professional information (for profile and journey attribution)
  • Payment information (processed by third-party payment providers)
  • Content you upload (videos, audio, text, journey descriptions)

Students:

  • Email address (for magic link authentication)
  • Consent records (waiver acceptance with timestamp and IP address)
  • Journey progress information (which days you've completed)
  • Email sharing preferences (whether you've opted in to share your email with specific teachers)

3.2 Information Collected Automatically

  • IP addresses (collected when accepting waivers, for consent verification)
  • Usage analytics (page views, journey enrollments, completion rates - aggregated and anonymized)
  • Device and browser information (for service delivery and technical support)

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 Service Provision (Legal Basis: Contract Performance)

  • Creating and managing your account
  • Authenticating you via magic links or password
  • Delivering journey content to students
  • Tracking your progress through journeys
  • Processing subscription payments for teachers

4.2 Legal Compliance (Legal Basis: Legal Obligation)

  • Recording waiver acceptance with timestamp and IP address for legal protection
  • Maintaining records as required by law
  • Responding to legal requests from authorities

4.3 Email Sharing (Legal Basis: Consent)

  • If you opt-in during enrollment, we share your email address with the teacher of that specific journey
  • This consent is voluntary, specific to each journey, and can be withdrawn at any time

4.4 Service Improvement (Legal Basis: Legitimate Interest)

  • Analyzing aggregated, anonymized usage patterns to improve the platform
  • Providing teachers with anonymized journey statistics (e.g., completion rates)
  • Troubleshooting technical issues

5. Data Sharing and Disclosure

We do not sell your personal data. We share data only in the following circumstances:

5.1 With Teachers (Consent-Based)

If you consent during journey enrollment, we will share your email address with the teacher who created that journey. Teachers can view your progress through the platform but cannot export lists of student email addresses or personal data without individual consent.

5.2 With Service Providers

We may share data with trusted third-party service providers who help us operate the platform:

  • Cloud hosting providers (for data storage and service delivery)
  • Payment processors (for subscription billing - they handle payment information directly)
  • Email delivery services (for sending authentication magic links)

These providers are contractually bound to protect your data and use it only for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or to protect our legal rights and safety.

6. Data Retention

We retain your personal data as follows:

  • Active accounts: Data is retained for as long as your account remains active
  • After last activity: Personal data is retained for three (3) years following your last journey activity, allowing teachers to access historical data and students to review past journeys
  • User-requested deletion: You can request deletion of your data at any time by contacting us
  • Waiver records: Consent records (waiver acceptance, IP addresses, timestamps) may be retained longer for legal protection purposes

After the retention period expires or upon your deletion request (whichever comes first), we will delete or anonymize your personal data in accordance with GDPR requirements.

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Request a copy of your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw email sharing consent or other consents at any time

To exercise any of these rights, please contact us at the email address provided in Section 12.

You also have the right to lodge a complaint with your national data protection authority if you believe we have violated your privacy rights.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure authentication mechanisms (magic links, password hashing)
  • Access controls and authentication for administrative functions
  • Regular security reviews and updates

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

Your data may be stored and processed on servers located outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or using service providers certified under recognized data protection frameworks.

10. Cookies and Tracking

We use essential cookies and similar technologies to:

  • Keep you logged in (session cookies)
  • Remember your preferences
  • Ensure the platform functions correctly

We do not use third-party advertising or tracking cookies. You can configure your browser to refuse cookies, but this may limit your ability to use certain features of the Service.

11. Children's Privacy

Our Service is intended for users who are at least 18 years of age. We do not knowingly collect personal data from individuals under 18. If we become aware that we have inadvertently collected data from someone under 18, we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by updating the "Last Updated" date and, where appropriate, by email or prominent notice on the platform.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your GDPR rights, or want to request deletion of your data, please contact us at:

Email: support@subtide.app

Data Protection Officer: Andre Schweighofer