End Suffer — Privacy Policy
Effective date: [Effective date] Last updated: [Effective date]
Template notice — not yet legal advice. This document is a comprehensive drafting template prepared for End Suffer Pty Ltd. Bracketed items in the form
[LIKE THIS]are business-specific facts that must be completed before publication. This template must be reviewed and finalised by a qualified privacy/legal adviser — against the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (“APPs”), and against the data-protection laws of the other jurisdictions where the App is offered (including the EU/UK GDPR) — before it is published atendsuffer.com/privacyor relied upon. Nothing in this document is itself legal advice.
This Privacy Policy explains how End Suffer Pty Ltd (ABN [ABN]), a company registered in Australia with its registered office at [Registered office address] (“End Suffer”, “we”, “us”, or “our”), collects, uses, discloses, and protects your personal information when you use the End Suffer mobile application for iOS and Android (the “App”), the website at endsuffer.com, and related services (together, the “Services”).
This Policy forms part of, and should be read together with, our Terms of Service (endsuffer.com/terms). By using the Services you acknowledge this Policy. If you do not agree with it, please do not use the Services.
We are committed to handling personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and, where they apply to you, other data-protection laws such as the EU and UK GDPR.
1. A quick summary
This summary is for convenience only; please read the full Policy below.
- We collect the information needed to give you an account, run your meditation practice, personalise your path, process subscriptions, and improve the Services.
- We never send your name, email, or the raw text of your journal to any AI system. Personalisation uses only a de-identified profile and anonymised, aggregated signals.
- We do not sell your personal information, and we do not use it for third-party advertising.
- Marketing messages are off by default and sent only if you opt in.
- Product analytics can be turned off, and you can delete your account and personal data at any time from within the App.
- We describe the service providers we rely on by category (for example, cloud hosting, content delivery, payments, messaging, analytics, AI processing); we do not publish the names of individual vendors.
2. Scope
2.1 This Policy applies to personal information we handle about users of the Services worldwide. Some parts (for example, Section 11) describe rights that depend on where you live.
2.2 The Services integrate third-party platforms (including the Apple App Store and Google Play) that have their own privacy policies. We are not responsible for the privacy practices of third parties, and we encourage you to review their policies.
3. Information We Collect
We collect the following categories of personal information.
3.1 Information you provide
- Account information — your email address, chosen sign-in method (for example, Google, Apple, or email/password), and an email-verification status. Where you sign in with a third-party provider, we receive basic account identifiers from that provider as permitted by your settings.
- Profile information — your first and last name, an optional display name, and (optionally) your city.
- Onboarding survey responses — your answers to the questions used to understand your practice preferences. Answers are optional and may be skipped.
- Your Content — journal entries, after-session reflections and feedback, mood check-ins, and the techniques you mark as favourites.
- Support communications — the subject and message you send us through in-app Contact Support, and any correspondence that follows.
3.2 Information generated through your use of the Services
- Practice and progress data — sessions started and completed, elapsed/resume positions, durations, streaks, history, and technique progress.
- Personalisation data — a person-type profile (a set of numeric practice-preference scores derived automatically from your survey answers) and your personalised path.
- Mood and reflection signals — the after-session feedback you record (for example, which hindrances you noticed and their intensity) and a non-identifying summary of your reflections, used to personalise your path (see Sections 5 and 6).
3.3 Subscription and purchase information
- If you subscribe, your payment is processed by the Apple App Store or Google Play under their terms. We do not receive or store your full payment-card details.
- We keep a limited record of your subscription status (for example, whether a subscription or trial is active, the plan, renewal/expiry dates, and a store-provided identifier) so we can give you the right access and support.
3.4 Device and technical information
- Device and app data — device type, operating system and version, app version, language, time zone, and connectivity status (for example, online/offline).
- Diagnostics — crash reports and error/diagnostic data used to keep the App stable.
- Product analytics — de-identified usage events tied to an opaque analytics identifier, not to your name or email. Analytics can be turned off (see Section 11).
- Notification identifiers — device push tokens used to deliver notifications you have enabled.
3.5 Sensitive information
Some information you choose to record — such as mood, emotional state, or reflections that touch on your wellbeing — may be considered sensitive information (health-related) under the Privacy Act, or special-category data under the GDPR. We collect and use it only with your consent, only to provide and personalise the Services as described in this Policy, and we do not use it for advertising or sell it. You can stop providing it, and delete it, at any time.
3.6 Information we do not seek
The Services are for adults (18+) and are not directed to children. We do not knowingly collect personal information from anyone under 18 (see Section 13).
4. How We Use Your Information, and Our Legal Bases
We use personal information for the purposes below. For users in the EEA/UK, the relevant GDPR legal basis is shown in brackets.
| Purpose | Details | GDPR legal basis |
|---|---|---|
| Provide the Services | Create and secure your account, deliver audio and features, remember your progress, enable offline downloads | Performance of a contract |
| Personalise your path | Generate and adapt “Your Path” from your survey answers and de-identified practice signals (Sections 5–6) | Consent (for health-related signals); otherwise legitimate interests / contract |
| Process subscriptions | Grant the right level of access, reflect your subscription status, provide billing support | Performance of a contract |
| Functional notifications | Send practice reminders and Daily Wisdom you have enabled, and service/account messages | Consent (optional notifications); contract (essential service messages) |
| Support | Respond to your enquiries and resolve issues | Contract / legitimate interests |
| Improve and secure the Services | Diagnostics, de-identified analytics (opt-out available), fraud/abuse prevention, debugging | Legitimate interests |
| Marketing | Send product announcements, offers, and promotions only if you opt in | Consent |
| Comply with law | Meet legal, tax, and regulatory obligations, and respond to lawful requests | Legal obligation |
Where we rely on consent, you may withdraw it at any time (see Section 11); withdrawal does not affect processing already carried out.
5. AI Personalisation and the No-PII Guarantee
5.1 “Your Path” is generated using a combination of deterministic scoring of your onboarding answers and automated/AI-assisted suggestions based on de-identified signals from your practice.
5.2 We do not send your name, email address, city, account identifiers, or the raw text of your journal entries to any AI system. The only inputs used for AI-assisted generation are a de-identified practice-preference profile, anonymised, aggregated and recency-weighted signals (for example, summarised feedback), and our catalogue of techniques.
5.3 AI-assisted output is a suggestion only. It may be incomplete or unsuitable and is not professional advice (see the Terms of Service, “Health, Wellness & Medical Disclaimer”). You decide what to practise.
5.4 The personalisation described here does not produce legal or similarly significant effects about you. You can practise without following the suggestions, and you can contact us with any questions about how a path was generated.
6. Mood and Reflection Analysis — Disclosure
6.1 To personalise your path, we use your after-session feedback (the hindrances you noticed and their intensity) and a non-identifying summary of your reflections.
6.2 The raw text of your journal entries is never used to generate suggestions and is never sent to any AI system — only the de-identified summary and aggregated signals described in Section 5 are used. Your raw entries remain your private content, stored under access controls (Section 10).
6.3 This analysis is used solely to help you practise. We do not use it for advertising, and we do not sell it. Because this information can be health-related, we rely on your consent, which you can withdraw at any time by disabling the relevant feature or deleting your account.
7. How We Share Information
We share personal information only as described here. We do not sell your personal information.
7.1 Service providers (by category). We use trusted third parties to run the Services, and share only the information each needs to perform its function under confidentiality and data-protection obligations. We describe them by category rather than by name:
- Cloud hosting and database — securely stores your account and practice data.
- Content delivery — delivers audio and media to your device via time-limited, secured links.
- Subscription and payment processing — the app stores and a subscription-management provider handle billing and entitlement (the app stores are the merchants of record; we do not receive your card details).
- Push-notification and email delivery — sends the notifications and emails you have enabled.
- Product analytics — receives de-identified usage events only (no name/email), and is subject to your opt-out.
- Automated/AI processing — generates path suggestions from de-identified inputs only (Section 5).
7.2 App stores. Apple and Google process your purchases and may collect information under their own privacy policies.
7.3 Legal and safety. We may disclose information if required by law, regulation, legal process, or enforceable governmental request, or where necessary to protect the rights, safety, or property of End Suffer, our users, or others.
7.4 Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this Policy or a policy at least as protective; we will notify you of any material change in how your information is handled.
7.5 With your direction. We may share information at your request or with your consent.
8. International Data Transfers
8.1 We are based in Australia and use service providers that may store or process personal information in Australia and other countries. This means your personal information may be disclosed to, and processed by, recipients located overseas (APP 8).
8.2 Where we transfer personal information internationally, we take reasonable steps to ensure it is handled consistently with this Policy and applicable law. For transfers of EEA/UK personal data to countries without an adequacy decision, we rely on appropriate safeguards (such as Standard Contractual Clauses). You can contact us for more information about these safeguards.
9. Data Retention
9.1 We keep personal information only for as long as needed for the purposes in this Policy, to provide the Services to you, and to meet legal, accounting, or reporting obligations.
9.2 When you delete your account (Section 11), we permanently delete or irreversibly de-identify your personal information from our live systems, and instruct our service providers to do the same, except where we are required to retain certain records by law or for the establishment or defence of legal claims. Residual copies may persist briefly in routine backups before being overwritten on the normal backup cycle.
9.3 De-identified and aggregated data that can no longer be linked to you may be retained and used for analytics and improvement.
10. How We Protect Your Information
10.1 We use technical and organisational measures appropriate to the risk, including per-user access controls (row-level security) on your data, encryption in transit, time-limited signed links for audio content, server-side handling of secrets, and access limited to those who need it.
10.2 No method of transmission or storage is completely secure. While we work to protect your information, we cannot guarantee absolute security, and you use the Services at your own risk to that extent. Please keep your credentials confidential and notify us of any suspected compromise.
11. Your Rights and Choices
Subject to applicable law, you have the following rights over your personal information.
11.1 Access and portability. You can request a copy of the personal information we hold about you, in a portable format, excluding other users’ data.
11.2 Correction. You can update your profile in the App. Your account email is fixed after sign-up; to change it, contact us via Contact Support. You may ask us to correct information that is inaccurate.
11.3 Deletion. You can delete your account and associated personal data at any time in the App (Settings → Delete Account). Deletion is permanent and irreversible and removes your data across our systems and service providers, subject to Section 9. Deleting your account does not cancel an app-store subscription — cancel that separately in your app store account.
11.4 Withdraw consent. Where we rely on consent (including for mood/health-related signals and marketing), you can withdraw it at any time by changing the relevant setting or deleting your account.
11.5 Marketing opt-out. Marketing is off by default. If you have opted in, you can opt out at any time via the App’s notification settings or an unsubscribe link.
11.6 Analytics opt-out. You can turn off product analytics in the App; when off, usage events and error reports are not sent, and the App continues to function.
11.7 Notification controls. You control functional notifications (push/email) in the App and at the operating-system level.
11.8 Additional GDPR rights (EEA/UK users). You also have the right to restrict or object to certain processing, and rights relating to automated decision-making. Because our personalisation does not produce legal or similarly significant effects and is not fully automated in a way that does so, general automated-decision rules generally do not restrict it; you can still contact us with questions or objections.
11.9 How to exercise your rights. Use the in-app controls where available, or contact us (Section 18). We may need to verify your identity. We will respond within the timeframe required by applicable law (generally within 30 days; we will tell you if we need longer).
11.10 Complaints. If you have a privacy concern, please contact us first (Section 18) and we will try to resolve it. If you are not satisfied, you may complain to a data-protection authority:
- Australia — the Office of the Australian Information Commissioner (OAIC),
oaic.gov.au. - EEA — your local supervisory authority.
- UK — the Information Commissioner’s Office (ICO),
ico.org.uk.
11.11 Region-specific note (California and other regions). If your local law grants specific rights (for example, to know, delete, correct, or opt out of “sale”/“sharing” of personal information), we honour those rights where they apply to you. We do not sell or share personal information for cross-context behavioural advertising.
12. Consent and Communication Preferences
12.1 We keep functional communications (such as practice reminders and Daily Wisdom you enable) separate from marketing communications (product announcements, offers, promotions).
12.2 Marketing consent is off by default, recorded separately, and independently revocable. Withdrawing marketing consent does not affect your account or the functional messages you have chosen. Essential service and security messages are not marketing and may still be sent while you have an account.
13. Children’s Privacy
The Services are intended for adults aged 18 or over and are not directed to children. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us personal information, please contact us and we will take steps to delete it. (Note: the App’s store age rating reflects certain optional contemplative imagery and is separate from this 18+ account requirement.)
14. Website and Cookies
14.1 The App itself does not rely on advertising cookies. Our website (endsuffer.com) may use strictly-necessary and, where applicable, analytics cookies or similar technologies to operate and understand site usage.
14.2 Where required by law, we will seek your consent for non-essential cookies and provide controls to manage them. You can also manage cookies through your browser settings.
15. Data Breach Notification
If a data breach occurs that is likely to result in serious harm (under the Australian Notifiable Data Breaches scheme) or a high risk to your rights and freedoms (under the GDPR), we will notify the relevant authority and affected users as required by applicable law and without undue delay.
16. Third-Party Links
The Services may contain links to third-party sites or services (for example, the app stores or legal information pages). This Policy does not apply to those third parties, and we are not responsible for their content or privacy practices. Please review their policies.
17. Changes to This Policy
We may update this Policy from time to time. When we make material changes, we will take reasonable steps to notify you (for example, in the App or by email) and will update the “Last updated” date. Your continued use of the Services after the effective date indicates your acknowledgement of the updated Policy.
18. Contact Us
For privacy questions, requests, or complaints, contact our Privacy Officer:
End Suffer Pty Ltd — Privacy Officer
ABN: [ABN]
Registered office: [Registered office address]
Email: [privacy email — e.g. privacy@endsuffer.com]
Support: in-app Settings → Contact Support, or [support email — e.g. support@endsuffer.com]
Website: endsuffer.com
If you are in the EEA or UK and we are required to designate a representative, our representative’s details are: [EU/UK representative, if applicable].
This Privacy Policy was last updated on [Effective date]. This document is a drafting template and must be reviewed by a qualified privacy/legal adviser before publication.