Privacy Policy

1. Data Controller

Aspasia is operated from Denmark. We are the data controller responsible for your personal data collected through the Aspasia mobile application (the "App").

2. Introduction

We are committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Danish Data Protection Act (Databeskyttelsesloven).

This Privacy Policy explains what personal data we collect, how we use it, your rights, and how to contact us. Please read this policy carefully before using the App.

3. Personal Data We Collect

3.1 Data You Provide

• Account Data: Name, email address, password — to create and manage your account
• Profile Data: Goals, preferences, progress — to personalize your experience
• Communication Data: Support requests, feedback — to respond to your inquiries

3.2 Data Collected Automatically

• Usage Data: Features used, sessions completed, progress — to improve the App
• Device Data: Device type, OS version, device identifiers — to ensure compatibility
• Log Data: Access times, error logs — to maintain and troubleshoot the App

3.3 Payment Data

If you make purchases within the App, payment processing is handled entirely by Apple through In-App Purchases. We do not collect, process, or store your credit card details or payment information.

4. Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

• Contract (Article 6(1)(b)): To provide our services — creating your account, delivering App functionality, managing subscriptions.
• Legitimate Interests (Article 6(1)(f)): To improve and secure our App, analyze usage patterns, and prevent fraud.
• Consent (Article 6(1)(a)): For optional features like marketing communications. You can withdraw consent at any time.
• Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulations.

5. How We Use Your Data

We use your personal data to:

• Create and manage your account
• Provide and personalize the App experience
• Track your progress and deliver relevant content
• Respond to your inquiries and provide support
• Process transactions (via Apple)
• Improve our services based on usage patterns
• Ensure security and prevent fraud
• Comply with legal obligations

6. Data Sharing

We do not sell your personal data.

We may share your data only with:

• Service Providers: Trusted third parties who help us operate the App (cloud hosting, analytics, customer support). All are bound by data processing agreements.
• Apple: For payment processing via In-App Purchases.
• Legal Requirements: If required by law, court order, or to protect legal rights or safety.
• Business Transfers: If our business is acquired or merged, you will be notified.

7. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or adequacy decisions.

8. Data Retention

• Account data: Retained while your account is active and for 30 days after deletion request.
• Usage data: Retained in anonymized/aggregated form for analytics.
• Communication data: Retained for up to 2 years for support history.

9. Your Rights Under GDPR

As a data subject, you have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("Right to be Forgotten").
• Restriction: Request that we limit how we use your data.
• Data Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at support@aspasiaapp.com. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption, secure authentication, regular security assessments, and access controls. If a data breach occurs that poses a risk to your rights, we will notify you and the relevant authorities as required by GDPR.

11. Children's Privacy

The App is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly.

12. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last Updated" date and notify you via email or in-app notification for material changes.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

15. Additional Information for Users Outside the EU

California Residents (CCPA)

If you are a California resident, you have additional rights: the right to know what personal information we collect, the right to request deletion, the right to opt-out of sales (we do not sell your data), and the right to non-discrimination.

This Privacy Policy is effective as of January 21, 2026 and is governed by Danish law and the GDPR.