Privacy Policy

Last updated: 5/6/2025

1. INTRODUCTION

NAAYYA S.A.R.L.-S ("Naayya," "we," "us," or "our") is a company registered in Luxembourg under business number B293244. This Privacy Policy describes how we collect, use, and protect your personal data when you use our platform available at https://www.naayya.com (the "Website").

By using our Website, you consent to the collection and use of your personal data as outlined in this Privacy Policy. We may update this policy periodically, and significant changes will be communicated on our Website.

2. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?

NAAYYA is the data controller, as defined under the General Data Protection Regulation ("GDPR"). If you have any questions regarding your personal data, you can contact us at:

Email: support@naayya.com

3. WHAT PERSONAL DATA DO WE COLLECT?

We collect and process different types of personal data depending on how you interact with our platform. This includes:

  • Account Information: Name, email address, age, language preferences.
  • Payment Information: Processed securely via Stripe; we do not store payment details.
  • Health Information: If you voluntarily share health-related information (e.g., injuries), we collect it to inform service providers.
  • Website Usage Data: IP address, device/browser type, and interaction data collected via PostHog and Google Analytics.
  • Communication Data: Messages or inquiries sent via email or contact forms.

In the future, we may collect additional personal data related to job applications.

4. HOW DO WE USE YOUR DATA?

We process personal data to provide a smooth experience on our platform. Specifically, we use data for:

  • Platform Functionality & User Experience: Ensuring seamless authentication and service availability.
  • Customer Support: Responding to inquiries and troubleshooting issues.
  • Marketing Communications: Sending newsletters and promotions (you may opt out at any time).
  • Payments & Transactions: Secure processing via Stripe.
  • Analytics & Performance Monitoring: Using PostHog and Google Analytics to improve the platform.
  • Regulatory Compliance: Fulfilling legal obligations, such as fraud prevention.

5. LEGAL BASIS FOR PROCESSING DATA

We process data under the following legal bases:

  • Performance of a Contract: To provide and manage services for registered users.
  • Legitimate Interests: Improving platform functionality, marketing communications, and analytics.
  • Legal Compliance: Meeting regulatory requirements (e.g., financial record-keeping for payments).
  • User Consent: Where applicable (e.g., marketing emails, collection of health-related information).

6. DATA STORAGE & RETENTION

Your personal data is securely stored on Supabase servers in Frankfurt, EU. We do not transfer data outside the European Economic Area (EEA).

Retention periods:

  • Account data: Retained as long as your account is active.
  • Marketing data: Retained until you opt out.
  • Communication records: Retained for 2 years.
  • Payment transactions: Retained for legal compliance (up to 10 years).
  • Health information: Retained as long as necessary for providing services.

Upon request, we will delete all personal data from our system.

7. DATA SHARING & THIRD-PARTY SERVICES

We share personal data only with trusted third parties necessary to operate our platform, including:

  • Hosting & Infrastructure: Vercel, AWS.
  • Payment Processing: Stripe.
  • Marketing & Email Services: MailChimp, SendGrid.
  • Analytics: Google Analytics, PostHog.
  • Advertising Platforms: Meta Ads, Google Ads.
  • Legal & Regulatory Authorities: If required by law.

All third-party providers comply with GDPR and apply appropriate data security measures.

8. YOUR RIGHTS UNDER GDPR

As a data subject under GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete information.
  • Right to Erasure: Request deletion of your data under certain conditions.
  • Right to Restrict Processing: Limit how we process your data.
  • Right to Data Portability: Request your data in a structured format.
  • Right to Object: Object to data processing in certain situations.
  • Right to Withdraw Consent: Withdraw consent for marketing communications at any time.

To exercise your rights, email support@naayya.com with your request.

9. SECURITY MEASURES

We implement technical and organizational security measures to protect your data, including:

  • Encrypted data storage.
  • Secure authentication methods (email login, planned Google authentication).
  • Regular audits and compliance checks.

10. COOKIES & TRACKING TECHNOLOGIES

We use cookies to enhance user experience and improve platform functionality. These include:

  • Essential Cookies: Required for authentication and security.
  • Analytics Cookies: Used for performance tracking via PostHog and Google Analytics.
  • Marketing Cookies: Used for personalized advertising on Meta and Google.

You can manage cookie preferences in your browser settings.

11. CHANGES TO THIS PRIVACY POLICY

We may update this policy periodically. Significant changes will be communicated on our Website. We encourage you to review this page regularly.

For questions or concerns regarding this Privacy Policy, contact us at:📧 support@naayya.com