Legal

Privacy Policy

Effective 1 July 2026 Last updated 2 June 2026 Version 1.0
Healing Soul Pty Ltd (ABN 79 511 598 831) ("we", "us", "our") operates the Healing Soul mobile application ("App"). This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use the App, and sets out your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By creating an account or using the App, you consent to the practices described in this policy.
Section 01

Who We Are

Healing Soul Pty Ltd

ABN: 79 511 598 831

239/21 Arches Crescent, Alderley, 4051, QLD

Email: admin@healingsoul.com.au

If you have a question or complaint about how we handle your information, please contact us at the address above.

Section 02

What Personal Information We Collect

We collect information that you provide directly, information generated by your use of the App, and limited technical information.

2.1 Account Information

  • Email address
  • Display name
  • Profile photo or tone-colour preference (optional)
  • Focus areas you select (Mind, Body, Soul pillars)
  • Timezone and preferred check-in time

2.2 Wellness and Content Information (sensitive information)

Your mood check-ins, journal entries, healing tool completions, and lunar ritual reflections contain information about your mental and emotional wellbeing. Under the Privacy Act 1988, this is sensitive information — specifically, information about your health and psychological state.

We collect:

  • Mood check-in data: emotional state, sentiment rating, personal notes, emotional themes
  • Journal entries: text you write and photos you choose to attach
  • Healing tool and release completion records and reflections
  • Lunar ritual entry text

You provide this information voluntarily for the sole purpose of delivering the App's features. We use it only for that purpose and do not analyse, share, or sell it. No Healing Soul staff member, support agent, or administrator can read the text of your journal entries. Access is blocked at the database level.

2.3 Subscription and Payment Information

  • Subscription status (active, trialling, cancelled)
  • Purchase history (plan type and period)

We do not receive or store your payment card details. All payment processing is handled by Apple (App Store) or Google (Play Store). We receive only a transaction confirmation and entitlement status from RevenueCat.

2.4 Device and Notification Information

  • Push notification token (to send you reminders you have requested)
  • Device type (iOS or Android) — inferred from the platform only

2.5 Analytics and Crash Data

  • Feature usage events (e.g. which screens you visit, when a tool completion occurs) via PostHog
  • Crash reports and performance traces via Sentry

These events are linked to your user account for the purpose of improving app stability and features. We do not use this data for advertising or sell it to any third party.

Section 03

How We Collect Your Information

We collect information:

  • Directly from you when you create an account, complete onboarding, or use the App's features
  • Automatically through your use of the App (analytics events, crash reports)
  • From Apple or Google when you complete an in-app purchase (subscription confirmation only)

We do not purchase, source, or infer personal information from data brokers or third-party databases.

Section 04

Why We Collect and Use Your Information

We only use your personal information for the purpose for which it was collected, or a directly related purpose.

Information Primary purpose
Account information Create and manage your account; authenticate your identity; personalise the experience
Mood, journal, tool, and ritual data Deliver the core wellness features; generate mood-based content recommendations; calculate your streak
Subscription data Verify your entitlement to premium features; maintain accurate subscription records
Push notification token Send reminders and lunar notifications that you have opted into
Analytics events Understand aggregate feature usage to improve the App; detect and fix bugs
Crash and performance data Diagnose and resolve technical errors

We will never use your wellness data (mood check-ins, journal entries, ritual reflections) for advertising, profiling for sale to third parties, or any purpose other than delivering the features you use.

Section 05

Disclosure of Your Information

We do not sell, rent, or trade your personal information.

We disclose personal information to the following third-party service providers who help us operate the App. Each provider acts under contractual obligations to protect your information and may process data in countries outside Australia (see section 7).

Provider Purpose Data shared
Supabase Inc (USA / Australia) Database, authentication, file storage All App data except payment card details
RevenueCat Inc (USA) Subscription and in-app purchase management User ID, subscription status, purchase events
Sentry Inc (USA) Error tracking and performance monitoring User ID, crash reports, performance traces
PostHog Inc (USA / EU) Product analytics User ID, anonymised usage events
Apple Inc (USA) Push notification delivery (APNs) Device push token
Google LLC (USA) Push notification delivery (FCM) Device push token
Resend Inc (USA) Transactional email (data export delivery) Email address, signed download link

We do not disclose your information to any other third party except:

  • Where required by Australian law, a court order, or a regulator (e.g. the Office of the Australian Information Commissioner)
  • To professional advisers (lawyers, accountants) bound by confidentiality obligations
  • In connection with a sale or merger of our business, where we will notify you in advance
Section 06

Sensitive Information

Your mood and journal data is sensitive information within the meaning of the Privacy Act 1988 because it relates to your mental health and psychological wellbeing.

We collect this information only with your consent (given when you create your account and use the relevant features). We take additional precautions:

  • Sensitive data is encrypted in transit (TLS 1.2+) and at rest (AES-256 at the storage layer)
  • Journal entry content is excluded from the persistent local cache on your device
  • No administrative or support access path exists to read your journal text — this restriction is enforced at the database level, not just by policy
  • Sensitive data is excluded from aggregate analytics exports
Section 07

Overseas Disclosure

Some of our service providers (listed in section 5) are based in the United States. Your personal information may be stored on and processed by servers located in the United States and, in the case of Supabase, potentially Australia (AWS Asia Pacific — Sydney region).

Before disclosing your information to overseas recipients, we take reasonable steps to ensure those recipients are subject to a law, binding scheme, or contractual obligations that uphold privacy protections comparable to the APPs. However, we cannot guarantee that foreign laws will always offer equivalent protections to Australian law.

By using the App, you acknowledge that your information may be transferred to and stored in the United States.

Section 08

How We Store and Protect Your Information

  • All data is transmitted over encrypted connections (HTTPS / TLS)
  • Data at rest is encrypted using AES-256 at the storage layer (Supabase)
  • Photos you upload are stored in a private, access-controlled storage bucket; they are only accessible via short-lived signed URLs that expire after a defined period
  • Push notification tokens are automatically deleted if your device has not been active for 60 days
  • We use multi-factor authentication for all administrative access to our systems

No method of transmission or storage is 100% secure. If we become aware of a data breach that is likely to result in serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by the Notifiable Data Breaches scheme under the Privacy Act 1988.

Section 09

Data Retention

We retain your personal information for as long as your account is active, or as long as necessary to provide the App's services.

If you delete your account:

  • Your profile, mood check-ins, journal entries, tool completions, lunar ritual entries, and uploaded photos are permanently deleted from our systems within 14 days of your deletion request
  • A record containing a cryptographic hash of your email address (not the address itself) is retained in a secure audit log for a period of 7 years to comply with our legal obligations and to prevent re-registration abuse
  • Aggregate, de-identified analytics data that has already been incorporated into reports may be retained
Section 10

Your Rights

Under the Privacy Act 1988 and the Australian Privacy Principles, you have the right to:

Access your information

You can export a copy of all your personal data — profile, mood history, journal entries, tool completions, lunar ritual entries, and a manifest of uploaded photos — at any time from Settings - Data export within the App. We will deliver a download link to your registered email address.

Correct your information

If your personal information is inaccurate, outdated, or incomplete, you can update it from Settings - Edit profile. If you believe other information we hold is incorrect, contact us at admin@healingsoul.com.au.

Delete your account

You can permanently delete your account and all associated data from Settings - Account deletion within the App. This cannot be undone.

Withdraw consent for analytics

You can opt out of product analytics at any time from Settings - Privacy - Analytics. Crash reporting cannot be disabled as it is necessary for app stability.

Withdraw consent for push notifications

You can manage notification preferences at Settings - Notifications, or through your device's system settings.

To exercise any right not directly available in the App, email admin@healingsoul.com.au. We will respond within 30 days.

Section 11

Children's Privacy

The App is intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a person under 18 has provided us with personal information, please contact us immediately at admin@healingsoul.com.au and we will delete it.

Section 12

Not Medical Advice

Healing Soul is a wellness and self-reflection tool. Nothing in the App — including mood tracking results, healing tool content, journaling prompts, or lunar ritual guidance — constitutes medical advice, psychological diagnosis, or treatment. If you are experiencing a mental health crisis, please contact a qualified health professional or emergency services.

Section 13

Links and Third-Party Content

The App may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing any personal information.

Section 14

Changes to This Privacy Policy

We may update this policy from time to time. When we do, we will:

  • Update the "Last updated" date at the top of this page
  • Increment the version number
  • Display an in-app notification asking you to review and accept the new version before continuing to use the App

Continued use of the App after accepting an updated policy constitutes your consent to the changes.

Section 15

Complaints

If you have a complaint about how we have handled your personal information, please contact us first at admin@healingsoul.com.au. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au

Phone: 1300 363 992

Post: GPO Box 5218, Sydney NSW 2001

Section 16

Contact Us

Healing Soul Pty Ltd

ABN: 79 511 598 831

239/21 Arches Crescent, Alderley, 4051, QLD

Email: admin@healingsoul.com.au