Kundalini Timer 11:11

Privacy Policy

Last updated: May 7, 2026 · Effective: May 7, 2026

This Privacy Policy describes how Roksolana Myshkovska (“Roxonia”, “we”, “our”) handles your personal data when you use the iOS application Kundalini Timer 11:11(the “App”, Bundle ID com.roxonia.kundalinitimer).

We designed this app to be private by default. We collect the minimum amount of data needed to run the service. We do not sell your data, and we do not use any third-party advertising or behavioural-analytics SDKs.

1. Who we are

Data controller: Roksolana Myshkovska, individual entrepreneur, based in Ukraine.

Primary contact: dev@roxonia.app

Our registered postal address is available on request to the email above for legitimate legal or data-rights purposes.

2. Data we collect

We only collect what is necessary for the App to function:

  • Account data: email address, display name (if provided), and authentication identifiers from Apple Sign-In or Google Sign-In if you choose those options.
  • Practice data: kriya / mantra selections, timer session length, sadhana streak, completed practices. Stored to power your personal progress and reminders.
  • Device data: push notification tokens (only if you grant permission), app version, iOS version, language, and time zone.
  • Subscription data: Apple-issued, anonymous subscription identifiers and entitlement state. We do not receive your payment card details — those are processed by Apple.
  • Support communications: if you email us at dev@roxonia.app, we keep that correspondence to respond to your request.

We do not use Firebase Analytics, Mixpanel, Amplitude, Sentry, or any other behavioural / crash-analytics SDK in the App.

3. HealthKit (Apple Health)

If you grant the App permission, we write Mindful Sessions to your Apple Health database after each completed practice. We use this exclusively to log your meditation time so it appears in the iOS Health app.

  • We do not read any health data from your device.
  • HealthKit data never leaves your device — it is not transmitted to our servers or to any third party.
  • You can revoke HealthKit access at any time via iOS Settings → Privacy & Security → Health → Kundalini Timer 11:11.

HealthKit data is never used for advertising, marketing, or shared with third parties — as required by Apple’s HealthKit policies.

4. How your data is used

  • To create and maintain your account
  • To synchronise your practice progress between sessions
  • To send transactional email (e.g. email confirmation, password reset)
  • To send practice reminders and, with your consent, occasional marketing notifications about new content or features
  • To process and validate App Store subscriptions
  • To respond to your support requests
  • To detect, prevent and respond to fraud, abuse, or security issues

Legal basis (GDPR): performance of contract for account and subscription features; consent for marketing notifications and HealthKit; legitimate interest for security monitoring.

5. Service providers we use

We share the minimum data necessary with the following sub-processors. Each is bound by appropriate data-protection agreements.

ProviderPurposeRegion
SupabaseAuthentication, database, storage of practice progressEU
ResendTransactional email delivery (account confirmation, password reset)USA / EU
RevenueCatSubscription state management and entitlement validationUSA
AppleSign in with Apple, App Store payments, push notification deliveryGlobal
GoogleSign in with Google (only if you choose this option)Global

International data transfers outside the EU rely on Standard Contractual Clauses (SCCs) where applicable.

6. We don’t sell or transfer your data

Roxonia is an independent studio. We do not sell, rent, or trade your personal data, and we do not transfer it to anyone as part of a business deal. There are no plans to sell or merge the company. If that ever changed, we would tell you in advance — in the App or by email — so you could export or delete your data first.

7. Push notifications

With your permission, we send two types of push notifications:

  • Practice reminders: gentle nudges to keep your sadhana consistent
  • Content & feature updates: occasional announcements about new kriyas, mantras, or app improvements

You can disable either type from inside the App, or revoke push permission entirely via iOS Settings → Notifications → Kundalini Timer 11:11.

8. Data retention

We retain your account data for as long as your account is active. If you delete your account, we erase your personal data from Supabase within 30 days, except where retention is legally required (e.g. tax records relating to subscription transactions, kept for up to 7 years per applicable tax law).

9. Your rights

Subject to applicable law (GDPR, UK GDPR, CCPA / CPRA, and other comparable regimes), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data (“right to be forgotten”)
  • Request a portable copy of your data
  • Object to or restrict certain processing
  • Withdraw consent at any time (without affecting prior processing)
  • Lodge a complaint with your local data-protection authority

To exercise any of these rights, email dev@roxonia.app. You can also delete your account directly from the App: Profile → Settings → Delete Account. You may submit requests through an authorised agent; we will verify the agent’s identity and authority before processing.

Do Not Sell or Share (CCPA): We do not sell or share your personal information for cross-context behavioural advertising.

U.S. state privacy laws. If you reside in California, Colorado, Connecticut, Virginia, Utah, or another U.S. state that has enacted a consumer data privacy law, you may have additional rights (such as the right to opt out of certain data sharing, or to appeal a decision we make about your request). To exercise these rights or learn more, contact us at dev@roxonia.app.

11. Children

Kundalini Timer 11:11 is not intended for children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Security

Connections between the App and our servers use TLS encryption. Authentication is handled by Supabase Auth; credentials are stored using industry-standard hashing. We use Apple’s App Group and Keychain APIs for sensitive on-device data. No system is perfectly secure, but we make reasonable efforts to protect your data.

13. Changes to this policy

We may update this policy as the App evolves. Material changes will be highlighted in the App or via email at least 14 days before taking effect. The current version is always available at this URL.

14. Contact

Questions, concerns, or data-rights requests: dev@roxonia.app