Bestill Meditation Logo

Privacy Policy

Effective Date: 9/9/2025

Bestill Meditation LLC (“Bestill Meditation,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how and why we might access, collect, store, use, disclose, and safeguard (“process”) your personal information when you use our services (“Services”), including when you:

  • Visit our website at bestillmeditationapp.com
  • Download and use our mobile application (Bestill Meditation)
  • Engage with us in other related ways, including any sales, marketing, or events

By using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use immediately.

You can understand your privacy rights and options by reading this Privacy Notice. If you still have any questions or concerns, please contact us at support@bestillmeditationapp.com.

1. Information We Collect

Summary: We collect personal information you provide directly to us.

Information You Provide

We collect personal information you provide to us when you express interest in obtaining information about us or our products and Services, register an account, sign up for communications, use our Services, or contact us for support. This includes:

Personal Information:
  • First and last name
  • Mailing address and/or physical address
  • Phone number
Account Information:
  • Username
  • Password
  • Email address
Payment Data

If you make purchases through our Services, we may collect payment and billing information, such as your credit card number, billing address, and transaction details. Payment processing is handled securely by third-party payment processors, and we do not store your full payment card information on our servers. The payment processors we use are listed below with links to their privacy notices:

Social Media Login Data

If you choose to register or log in using a social media account (such as Google, Apple, or Facebook), we may receive information from those platforms, such as your name, email address, profile picture, and friends list (depending on your privacy settings with that platform). We encourage you to review the social media provider’s privacy policy to understand what information they make available to us.

We will only use the information we receive from social media providers for the purposes described in this Privacy Policy. Please note that we are not responsible for, and cannot control, how your social media provider uses, stores, or shares your personal information. Your use of those platforms is governed by their own privacy policies and terms of service.

Your Responsibility for Accuracy

You are required to provide true, accurate, current, and complete information when creating an account or otherwise interacting with our Services. You must also promptly update your information if it changes, so we can maintain accurate records and deliver the best possible experience.

Information Collected Automatically

Summary: We automatically collect certain information when you use our Services.

We and our third-party service providers use cookies, log files, mobile identifiers, and similar tracking technologies to collect information automatically when you interact with our website or app. This information helps us analyze trends, administer the Services, track user activity, and gather demographic insights.

The types of data we collect automatically include:

Usage Data

Information about your activity on our Services, such as the pages or screens you view, the features you use, the time and date of your visits, links you click, search queries, and session duration. This helps us understand how you use our Services so we can improve performance and content.

Device Data

Information about the device and browser you use, such as your IP address, operating system, hardware model, browser type, app version, unique device identifiers, and mobile network information. This allows us to optimize the Services for your device and maintain security.

Location Data

Approximate or precise geolocation information, depending on your device settings. We may use this data to deliver localized content, comply with legal requirements, and detect fraudulent or unauthorized activity.

Use of Google API Information

We use data received through Google APIs only for the purposes described in this Privacy Policy and in compliance with the Google API Services User Data Policy, including its Limited Use requirements. We do not sell or share Google user data with third parties for advertising purposes.

To learn how you can access, correct, or delete this information, please see Section 13, Your Privacy Rights Requests & Exercising Them.

2. Processing Your Information

Summary: We process the information we collect to provide, improve, and protect our Services, and to meet our legal and contractual obligations.

We process your information for many purposes, depending on how you interact with our Services, including:

  • To Provide and Maintain the Services: We process your information to create and maintain your account, process your transactions, and deliver the features and functionality of our website and app.
  • To Personalize Your Experience: We process your information to customize content, recommendations, and advertisements based on your preferences and activity.
  • To Process Transactions and Payments: We process your payment and billing information to complete purchases securely and keep records of financial transactions.
  • To Conduct Analytics and Research: We process your information for statistical analysis, business planning, and service optimization, including the use of third-party analytics tools such as Google Analytics.
  • To Send Communications: We process your information to send you service-related messages (such as account updates and confirmations), marketing communications (with your consent where required), and newsletters.
  • To Enable Communications Between Users: Some features of our Services may allow users to connect or communicate with one another, and we process your information to make these interactions possible.
  • To Respond Accurately to Inquiries and Support Requests: When you contact us by email or through our contact form, we process your information to verify your identity, respond accurately to your questions, and provide support.
  • To Protect Security and Prevent Fraud: We process your information to maintain the security of your account and our Services, prevent unauthorized access, and detect fraudulent or harmful activity.
  • To Protect Vital Interests: In rare cases, we may process your information to protect your vital interests or the vital interests of others, such as in emergency situations involving health or safety.
  • To Comply with Legal Requirements: We process your information to meet applicable legal, regulatory, and tax obligations, to enforce our Terms of Service, and to cooperate with lawful investigations or requests.

For information on how to exercise your rights related to these processing activities, see Section 13, Your Privacy Rights Requests & Exercising Them.

3. Sharing Your Information

Summary: We only share your information in limited circumstances, and always for legitimate business, legal, or contractual reasons.

Our Sharing Policy: We respect your privacy and limit the sharing of your personal information to only what is necessary to operate our Services, meet our legal obligations, and protect our users. When we share your information, we do so under strict agreements with trusted third parties, and we require them to handle your information in accordance with this Privacy Policy and applicable data protection laws.

Categories of Sharing

Service Providers:

We may share your information with third-party service providers who perform services on our behalf. These providers are only authorized to use your information as necessary to provide services to us and are prohibited from using it for their own independent purposes.

These service providers may include:

  • Hosting Services
  • Cloud Services
  • Data Analytics Services
  • Email Marketing Platforms
  • Customer Support Tools
  • Account Management Services
  • Advertising Networks
  • Payment Processors
  • Affiliate Marketing Programs
  • AI Platforms
  • Database Service Providers
  • Sales and Marketing Tools
  • Social Networks
  • Testing Tools
Legal and Compliance:

We may share your information when required to comply with applicable laws, regulations, legal processes, or enforceable government requests. We may also share information to enforce our Terms of Service, protect our rights, security, and property, or to prevent fraud, abuse, or harm to our users or others.

Business Transfers:

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor or acquiring entity. In such cases, we will ensure that your information continues to be managed in accordance with this Privacy Policy, and you will be notified of any material changes to the ownership or control of your personal information.

Business Partners:

We may share your information with our business partners to enable us to offer you additional products, services, or promotions.

4. Legal Basis for Processing (GDPR)

Summary: We process your information only when necessary and for valid legal bases in compliance with the GDPR.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we only process your personal information when we have a valid legal reason to do so under the General Data Protection Regulation (GDPR) and UK data protection laws. We will not process your personal information for purposes unrelated to these legal bases.

Our Legal Bases for Processing

  • Consent: We process your information when you give us clear permission to do so. This includes sending marketing emails, using non-essential cookies, and enabling certain personalization features. You may withdraw your consent at any time.
  • Contract: We process your information when it is necessary to fulfill our contractual obligations to you. For example, we process your data to create and manage your account, provide access to paid features, and deliver the Services you request.
  • Legal Obligation: We process your information when it is required to comply with applicable laws and regulations. This may include tax reporting, responding to lawful government requests, or maintaining proper business records.
  • Legitimate Interests: We process your information when it is reasonably necessary to achieve our legitimate business interests, provided those interests do not override your rights and freedoms. Examples include improving the Services, maintaining security, and preventing fraud or misuse.
  • Vital Interests: In rare circumstances, we may process your information to protect your vital interests or the vital interests of another person. For example, this could occur in emergency situations involving health or safety.

EEA/UK users may exercise their GDPR rights as described in Section 13, Your Privacy Rights Requests & Exercising Them.

5. Your Privacy Rights

Summary: Depending on where you live, you may have specific privacy rights under applicable laws. We respect these rights and provide ways for you to exercise them, whether through your account settings or by contacting us directly.

Rights of Users in the European Economic Area (EEA) and United Kingdom (UK) – GDPR

If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: You may request a copy of the personal information we hold about you.
  • Right to Rectification: You may request corrections if your personal information is inaccurate or incomplete.
  • Right to Erasure: You may request that we delete your personal information when it is no longer needed or when consent has been withdrawn.
  • Right to Restrict Processing: You may request that we limit the processing of your personal information in certain circumstances.
  • Right to Object: You may object to processing based on our legitimate interests, including direct marketing.
  • Right to Data Portability: You may request a copy of your personal information in a structured, commonly used, and machine-readable format.
  • Right to Withdraw Consent: Where we rely on your consent to process your information, you may withdraw it at any time.
  • Right to Lodge a Complaint: You may file a complaint with your local data protection authority if you believe your rights are not being respected.

Rights of California Users – CCPA and CPRA

If you are a resident of California, you have rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we collect, use, and share.
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions (such as completing transactions or complying with legal obligations).
  • Right to Correct: You may request corrections to inaccurate personal information.
  • Right to Opt Out of Sale or Sharing: You may opt out of the sale or “sharing” of your personal information for cross-context behavioral advertising. We provide a “Do Not Sell or Share My Personal Information” page for this purpose.
  • Right to Limit Use of Sensitive Personal Information: You may restrict our use of sensitive information to only what is necessary for providing the Services.
  • Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

Rights of California Users – CalOPPA

Under the California Online Privacy Protection Act (CalOPPA), we:

  • Provide a clear Privacy Policy posted on our website.
  • Update the “Effective Date” when changes are made.
  • Allow users to review and change personal information by contacting us.
  • Honor browser Do Not Track (DNT) signals where technically feasible.

Rights of Canadian Users – PIPEDA and Provincial Privacy Laws

If you are a resident of Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), and in some provinces, additional rights under provincial privacy laws (such as Quebec’s Law 25, Alberta PIPA, or British Columbia PIPA):

  • Right of Access: You may request access to the personal information we hold about you.
  • Right to Correction: You may request that we correct or update inaccurate or incomplete information.
  • Right to Withdraw Consent: You may withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal and contractual restrictions.
  • Right to Challenge Compliance: You may challenge our handling of your personal information by contacting us or filing a complaint with the Office of the Privacy Commissioner of Canada (or your provincial privacy authority).

How to Exercise Your Rights

To understand how you may exercise your rights under GDPR, CCPA/CPRA, CalOPPA, or PIPEDA, please see Section 12, Your Privacy Rights Requests & Exercising Them.

For verification purposes, we may request additional information to confirm your identity before responding to your request. If you are making a request on behalf of another person, we may require proof of authorization.

6. U.S. State Privacy Rights

Summary: As of September 9, 2025, numerous U.S. states have enacted comprehensive consumer privacy laws that grant residents specific rights concerning their personal data. These rights may include access, correction, deletion, data portability, and the ability to opt out of certain data processing activities. The specific rights and obligations vary by state.

States with Comprehensive Consumer Privacy Laws Effective as of September 9, 2025:

  • California – California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
  • Colorado – Colorado Privacy Act (CPA).
  • Connecticut – Connecticut Data Privacy Act (CDPA).
  • Delaware – Delaware Personal Data Privacy Act (DPDPA).
  • Florida – Florida Digital Bill of Rights (FDBR).
  • Iowa – Iowa Consumer Data Protection Act (ICDPA).
  • Maryland – Maryland Online Data Privacy Act (MODPA).
  • Minnesota – Minnesota Consumer Data Privacy Act (MN CDPA).
  • Montana – Montana Consumer Data Privacy Act (MT CDPA).
  • Nebraska – Nebraska Data Privacy Act (NDPA).
  • New Hampshire – New Hampshire Privacy Act (NHPA).
  • New Jersey – New Jersey Data Privacy Law (NJDPL).
  • Oregon – Oregon Consumer Privacy Act (OR CPA).
  • Tennessee – Tennessee Information Protection Act (TIPA).
  • Texas – Texas Data Privacy & Security Act (TX DPSA).
  • Utah – Utah Consumer Privacy Act (UCPA).
  • Virginia – Virginia Consumer Data Protection Act (VCDPA).

Your Rights Under State Privacy Laws

  • Right to Access: Request access to the personal data we have collected about you.
  • Right to Correction: Request correction of inaccurate personal data.
  • Right to Deletion: Request deletion of your personal data, subject to certain exceptions.
  • Right to Data Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format.
  • Right to Opt-Out: Opt out of the sale of your personal data or the processing of your personal data for targeted advertising or profiling.

Exercising Your Rights

To exercise your rights under applicable state laws, please contact us at support@bestillmeditationapp.com. We will respond to your request in accordance with the applicable state law requirements.

Please note that we may need to verify your identity before processing certain requests to ensure the security of your personal information.

7. Cookies and Tracking Technologies

Summary: We use cookies and similar tracking technologies to understand how our Services are used, improve functionality, and deliver relevant content and advertising. You can manage your cookie preferences at any time.

What Are Cookies?

Cookies are small text files placed on your device by your browser when you visit a website. They allow us and our third-party partners to recognize your device, remember your preferences, and collect information about your browsing activity.

We also use similar technologies, such as pixels, local storage, and mobile identifiers, which work like cookies to track activity and improve your experience.

How We Use Cookies

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required to provide core features of our Services, such as logging in, maintaining sessions, and ensuring site security. These cannot be disabled.
  • Performance and Analytics Cookies: Collect information about how you interact with our Services (e.g., pages viewed, time spent, links clicked) to help us understand performance and improve functionality. Tools such as Google Analytics and Firebase Analytics may be used for this purpose.
  • Functional Cookies: Remember your settings and choices, such as language preferences, to make your experience smoother.
  • Advertising and Targeting Cookies: Track your activity across websites and apps to deliver personalized ads and measure the effectiveness of ad campaigns.

Your Choices

You can control or limit cookies in several ways:

  • Adjust your browser settings to refuse or delete cookies.
  • Opt out of cookies using the consent banner. Note: clearing site cookies and reloading the page will re-trigger the banner.
  • Opt out of Google Analytics by using the Google Analytics Opt-Out Browser Add-on.
  • Opt out of personalized advertising through Google Ad Settings or Facebook Ad Preferences.
  • For mobile devices, adjust your device-level privacy or ad tracking settings.

Please note that disabling cookies may affect the availability and functionality of certain features of our Services.

8. Do Not Track

Summary: Currently, our Services do not respond to Do Not Track (DNT) signals because there is no widely accepted standard for doing so.

Our Approach to Do Not Track

We care about your privacy and support the development of a consistent industry standard for responding to DNT signals. However, at this time, there is no uniform technology or agreement among industry participants that allows us to reliably interpret and respond to these signals.

Until such a standard is established, our Services will continue to operate without responding to browser-based DNT signals. In the meantime, you may use the cookie and tracking control options described in the Cookies and Tracking Technologies section to manage your privacy preferences.

9. Data Retention

Summary: We only keep your personal information for as long as it is needed to provide our Services, fulfill legal and regulatory obligations, resolve disputes, and enforce agreements. After that, we securely delete or anonymize your information.

Retention Periods

We strive to keep your personal data only for the shortest time necessary. In general, we will retain your information for no more than 36 months from the termination or deactivation of your account, unless a longer retention period is required by law or is necessary to:

  • Comply with Legal Obligations: Meet record-keeping requirements under tax, financial, and consumer protection laws.
  • Resolve Disputes: Retain necessary records to handle complaints, disputes, or investigations.
  • Enforce Agreements: Retain data as needed to enforce our Terms of Service or protect our legal rights.

Anonymization and Aggregation

When your personal data is no longer needed, we will either delete it securely or anonymize it so it can no longer be linked back to you. We may retain aggregated or de-identified information indefinitely for research, analytics, and business purposes.

User Requests

You may request deletion of your personal information at any time, as explained in Section 12, Your Privacy Rights Requests & Exercising Them.

10. Data Transfers

Summary: Because we are based in the United States, your personal information may be transferred to and processed in countries other than the one in which you live. We take steps to ensure that these transfers are lawful and that your information remains protected.

International Transfers

Our Services are operated by Bestill Meditation LLC in the United States. If you access our website or app from outside the U.S., please be aware that your personal information may be transferred to, stored, and processed in the United States and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from those in your home country.

Safeguards for EU/UK Users

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we will ensure that any international transfer of your personal information is carried out in compliance with applicable data protection laws. This may include:

  • Adequacy Decisions: Relying on countries that the European Commission or UK government has determined provide an adequate level of protection.
  • Standard Contractual Clauses (SCCs): Using approved contractual clauses that obligate the recipient to protect your personal information.
  • Additional Measures: Applying supplementary safeguards where necessary to protect transferred data.

You may request a copy of the Standard Contractual Clauses or information about applicable safeguards by contacting us at support@bestillmeditationapp.com.

Canadian Users

If you are located in Canada, your personal information may be transferred outside of your province or country. When we transfer personal information across borders, we ensure that appropriate contractual and technical safeguards are in place, consistent with PIPEDA and applicable provincial privacy laws.

Other Regions

For users in other countries, we will transfer and process your information only in accordance with applicable data protection laws and with appropriate safeguards to protect your privacy.

11. Data Security

Summary: We take the security of your personal information seriously and use a combination of technical, organizational, and administrative safeguards to protect it. However, no system or method of transmission over the internet can be guaranteed to be 100% secure.

Safeguards We Use

To help protect your personal information against unauthorized access, use, disclosure, alteration, or destruction, we employ measures such as:

  • Encryption: Sensitive information (such as payment data) is encrypted during transmission using SSL/TLS or comparable technology.
  • Access Controls: Access to personal data is limited to authorized personnel who require it to perform their duties.
  • Monitoring: We monitor our systems for vulnerabilities and apply security updates to help protect against threats.
  • Data Minimization: We collect and store only the personal information necessary to provide our Services.
  • Secure Storage: Data is stored on secure servers and, where appropriate, in encrypted databases.

User Responsibilities

While we take steps to secure your information, security is also a shared responsibility. Most importantly, do not share your credentials with anyone. We will never contact you and ask for your login information.

You can help protect your account by:

  • Choosing a strong, unique password and keeping it confidential.
  • Logging out of your account when using a shared device.
  • Immediately notifying us at support@bestillmeditationapp.com if you suspect any unauthorized use of your account or a security breach.

Limitations

Despite our efforts, please understand that no method of data transmission or electronic storage is entirely secure. We cannot guarantee the absolute security of your personal information, and you use our Services at your own risk.

12. Children’s Privacy

Summary: Our Services are not directed to children, and we do not knowingly collect personal information from users who do not meet the minimum age requirements under applicable law. The minimum age requirement can vary by jurisdiction.

Minimum Age Requirements

  • United States: We comply with the Children’s Online Privacy Protection Act (COPPA) and do not knowingly collect information from children under 13 years of age without verified parental consent.
  • European Economic Area (EEA): Under the GDPR, users must generally be at least 16 years old to consent to the processing of personal data. Some EU member states allow a lower minimum age between 13–15.
  • United Kingdom: Under the UK GDPR, the minimum age for consent is 13.
  • Canada: Under PIPEDA, we require “meaningful consent,” which typically means parental consent if a child is under 13.
  • California and Certain U.S. States: For children under 13, parental consent is required for data collection. For users aged 13–15, affirmative opt-in consent is required before personal information can be shared or sold, as required by the CPRA/CCPA.
  • Other Regions: In some jurisdictions, individuals under 18 may be considered minors and may need parental or guardian consent before using online services.

Parental or Guardian Consent

If you are under the minimum age of consent required in your country, you must not use our Services unless your parent or legal guardian provides consent. We may request verification of parental consent when legally required.

Accidental Collection

If we learn that we have inadvertently collected personal information from a child without the proper consent, we will take steps to delete that information as quickly as possible. Parents or guardians may exercise their rights regarding their child’s information as described in Section 12, Your Privacy Rights Requests & Exercising Them.

13. Your Privacy Rights Requests & Exercising Them

Summary: You have the right to access, correct, delete, or limit the processing of your personal information under various privacy laws, including GDPR (EEA/UK), CCPA/CPRA and other state laws (including Florida), CalOPPA, and PIPEDA (Canada). This section explains how to submit a request and what to expect.

How to Submit a Request

You may exercise your privacy rights by contacting us:

Email: support@bestillmeditationapp.com

When submitting a request, please include your name and the email address connected to the account. If you are a parent or guardian making the request on behalf of a minor or an authorized agent making the request on behalf of someone else, please also include that in your request.

Verification of Requests

To protect your privacy and the security of your information, we may request additional details to verify your identity before processing your request. This helps ensure that personal information is only disclosed to the correct individual.

Response Timeframes

We aim to respond to your request within 30–45 days of receipt, as required by applicable law. In some cases, we may need an extension if the request is complex or involves multiple requests. If so, we will notify you of the reason for the delay and the estimated timeframe.

Rights Covered by This Process

The following requests can be submitted through this process:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request updates or corrections to inaccurate or incomplete information.
  • Deletion: Request the deletion of personal information, subject to legal or contractual obligations.
  • Data Portability: Request a copy of your personal information in a structured, commonly used, machine-readable format.
  • Opt-Out of Targeted Advertising or Sale/Sharing: Request to limit or opt out of processing for targeted advertising or sale/sharing of your personal data.
  • Withdraw Consent: Withdraw previously granted consent where applicable.
  • Other Rights: Any other rights granted under applicable law.

Exceptions

Please note that we may be unable to fully comply with certain requests if:

  • The information is required to comply with legal obligations.
  • Retention of the information is necessary for legitimate business purposes (e.g., preventing fraud, maintaining security).
  • Fulfilling the request would violate another individual’s rights or applicable law.

14. Changes to This Privacy Policy

How We Update the Policy

Material Changes: If we make material changes that affect your rights or the way we handle personal information, we will notify you prominently on our website and/or within the app before the changes take effect.

Non-Material Changes: Minor updates, such as clarifying language or updating contact information, may be made without prior notice.

Effective Date

The “Effective Date” at the top of this Privacy Policy indicates when the current version went into effect. Any changes to the policy will update the Effective Date accordingly.

Your Responsibility

By continuing to use our website and app after a revised Privacy Policy goes into effect, you agree to the updated terms. If you do not agree with the changes, you should stop using the Services and may request deletion of your personal information using the process described in the Your Privacy Rights Requests & Exercising Them section.

Contact Us

If you have questions or requests about this Privacy Policy, please contact us:

Bestill Meditation LLC
Email: support@bestillmeditationapp.com

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by