Your privacy, clearly explained.

Who we are

Sanctum (“we”, “us”, “our”) provides a premium audio experience for peace, focus, sleep, and renewal. This Privacy Policy explains what we collect, why we collect it, and how you can exercise your rights.

We operate globally and provide this notice for users in the EEA/UK (GDPR/UK GDPR) and California (CCPA/CPRA).

Data we collect

Information you provide

• Account & profile (e.g., name or alias, email).
• Support messages and feedback you send us.
• Purchase details (metadata only; card data handled by Stripe/Apple).

Information collected automatically

• Usage & diagnostics (features used, session duration, performance, crash logs).
• Device & app info (app version, device model, OS, language, approximate location from IP).
• Cookies/SDK events for authentication, analytics, and site reliability.

How we use data

• Provide & maintain the service (accounts, sessions, content delivery, reliability).
• Process purchases and manage subscriptions.
• Improve Sanctum via aggregated analytics and diagnostics.
• Communicate about updates, features, and support.
• Protect against abuse, fraud, and misuse.
• Comply with legal obligations and enforce terms.

Lawful bases (GDPR/UK)

Where GDPR/UK GDPR applies, we process personal data on one or more of the following legal bases:

• Contract to provide the app, features, and purchases you request.
• Legitimate interests to improve, secure, and operate Sanctum proportionately.
• Consent where required (e.g., certain analytics/cookies). You can withdraw at any time.
• Legal obligation for tax, accounting, fraud prevention, and compliance.

Sharing & third parties

We share data with service providers who help us run Sanctum. They act as processors (or independent controllers where applicable) and are contractually bound to protect your information.

We may disclose information if required by law, to protect rights/safety, or as part of a merger, acquisition, or asset transfer.

Cookies & analytics

We use limited cookies/SDK events to keep you signed in, measure usage, and improve stability. Where required, we obtain consent for optional analytics.

• Strictly necessary: auth/session, security, load balancing.
• Analytics (Firebase/first-party): usage patterns to reduce bugs & improve features.

You can manage cookies in your browser settings and (where available) via our in-app/site consent controls.

International transfers

When data is transferred outside your country (including from the UK/EEA), we use appropriate safeguards such as the EU/UK Standard Contractual Clauses and technical measures.

Retention

We keep personal data only as long as necessary for the purposes above, and as required by law. We also apply aggregation/anonymization where possible.

Security

We take reasonable technical and organizational measures to protect your data, including encryption in transit, access controls, logging, and regular backups.

Your rights

GDPR/UK GDPR

Where applicable, you may have rights to access, correct, delete, port, restrict, or object to processing. You can also withdraw consent at any time without affecting prior lawful processing.

California (CCPA/CPRA)

California residents may request to know/access, correct, delete, and opt-out of “selling” or “sharing” of personal information (as defined by law). Sanctum does not sell personal information.

To exercise rights, contact us at [email protected]. We may verify identity as required.

Children & sensitive data

Sanctum is designed for general audiences and does not knowingly collect sensitive categories of personal data. If you believe a child provided personal data, contact us and we’ll take appropriate steps.

Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We’ll update the Effective date above and, where appropriate, notify you in-app or by email.

Contact

If you have questions or requests about this policy, email us at [email protected].

Controller: Sanctum