Privacy

Last updated: April 2026

In one paragraph

BreathSesh is a zero-server app. There is no account to create, no email to enter, no password to remember. Your sessions and streak live in SwiftData on your iPhone. If you have iCloud signed in, CloudKit quietly syncs that history to your personal iCloud account — not to us. We have no servers, no analytics, and no advertising.

What stays on your device

  • Completed breathing sessions, durations, and streak history (SwiftData).
  • Your settings, chosen ambient sound, and onboarding state (UserDefaults).
  • Your one-time unlock state, verified against Apple StoreKit.

What syncs (only if you have iCloud enabled)

BreathSesh uses CloudKit so that your session history and streak are available across your iPhone and iPad when you sign into the same Apple ID. This data is stored in the private database of your personal iCloud account. Apple handles the storage and encryption. BreathSesh has no servers and cannot see or access this data. Sign out of iCloud on your device and the sync stops.

What we do not collect

  • No analytics SDKs, no advertising SDKs, no third-party trackers.
  • No IP addresses, no device identifiers, no event telemetry.
  • No microphone, camera, location, or contacts access.
  • No crash reports from us (Apple may collect these only if you opt in via iOS Settings → Privacy → Analytics & Improvements).

Payment

The one-time $7.99 unlock for Box Breathing, 4-7-8, and Wim Hof is handled entirely by Apple through the App Store. We never see your card, billing address, or Apple ID. BreathSesh only receives a signed receipt from StoreKit confirming the purchase.

Push notifications

BreathSesh can send an optional daily reminder to help you keep your streak. You opt in explicitly from iOS. The reminder is scheduled locally on your iPhone — no push server is involved, and no notification content ever leaves your device.

Children

BreathSesh is not directed at children under 13. It does not collect any personal information from anyone.

Your rights under GDPR / DSGVO

If you are in the European Economic Area, the UK, or Switzerland, the General Data Protection Regulation (Art. 15–22 GDPR) gives you the following rights over your personal data:

  • Access (Art. 15) — confirmation of whether we process data about you, and a copy of it.
  • Rectification (Art. 16) — correction of inaccurate data.
  • Erasure (Art. 17) — deletion of your data.
  • Restriction (Art. 18) — pause processing in certain cases.
  • Data portability (Art. 20) — a machine-readable export.
  • Objection (Art. 21) — object to processing.
  • Withdraw consent (Art. 7(3)) — at any time, without affecting prior lawful processing.
  • Lodge a complaint (Art. 77) — with your local supervisory authority.

Because BreathSesh holds no personal data on our side, most rights are satisfied by deleting the app (removes on-device data) or removing the BreathSesh container from iCloud via iOS Settings → your name → iCloud → Manage Account Storage → BreathSesh. For rights concerning the email contact data you provide when writing to us, email support@breathsesh.app.

Data controller

The data controller under Art. 4(7) GDPR is:

Pascal Lindenau
Forddamm 7
12107 Berlin
Germany
support@breathsesh.app

Changes to this policy

If we ever change this policy, the updated version will be published at https://breathsesh.app/privacy and the "Last updated" date above will change.

Contact

Questions about privacy? support@breathsesh.app