Privacy Policy

Zeno Apps LLC ("we", "us", or "our") built the Stoa app (Stoa: Meditation & Stoicism) as a Freemium app. This SERVICE is provided by Zeno Apps LLC at no cost and is intended for use as is.

This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service.

If you choose to use our Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible at Stoa unless otherwise defined in this Privacy Policy.

For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information. The information we collect depends on how you use the Service and is detailed below.

We do not sell your personal and sensitive user data to third parties.

The app uses third-party services that may collect information used to identify you, such as Google Play Services and the iOS App Store.

We use the data we collect for the following purposes:

Account & Authentication: To create and manage your account, authenticate your identity, and provide personalized features. Sign-in data is shared with authentication providers (Google, Apple) only to verify your identity.

Device Information: To ensure compatibility, provide technical support, and identify your device for account association. Shared with crash reporting and analytics services to diagnose issues.

App Usage & Meditation Data: To provide meditation tracking features, personalize content recommendations, and improve the app experience. Shared with analytics providers in aggregated or pseudonymized form.

Subscription & Purchases: To manage your subscription, verify purchases, and provide access to premium content. Shared with RevenueCat (our payment processor) to manage subscriptions.

Health Data (iOS Only): To allow you to track meditation as a mindful activity in Apple Health, only when you grant HealthKit permission. We do not transmit your health data to our servers or any third party.

Timezone & Locale: To deliver content at appropriate times, localize the app experience, and schedule reminders correctly. Sent to our servers for content delivery, not shared with third parties.

Advertising & Attribution: To measure the effectiveness of advertising campaigns and attribute app installs to marketing channels. On iOS, advertising identifiers are only collected with your explicit consent via the App Tracking Transparency prompt. Shared with Adjust (attribution) and Facebook SDK (ad measurement) only when tracking permission is granted.

Push Notifications: To send meditation reminders and other notifications you have opted in to receive. Device tokens are shared with Firebase Cloud Messaging to deliver notifications.

Our app integrates third-party software development kits (SDKs) that may collect data from your device. We ensure that all third-party code used in our app complies with applicable privacy policies and data protection requirements. None of our third-party SDK providers are permitted to sell your personal and sensitive user data.

Firebase (Google) — Analytics, Crashlytics, Cloud Messaging, Performance Monitoring: Accesses device information, app usage events, crash logs, performance metrics, and push notification tokens for app analytics, crash reporting, push notification delivery, and performance monitoring. Privacy policy: https://firebase.google.com/support/privacy

Amplitude — Product Analytics: Accesses user ID, email, app usage events, subscription status, and device information for understanding how users interact with the app. Privacy policy: https://amplitude.com/privacy

PostHog — Product Analytics and Feature Flags: Accesses user ID, app usage events, and feature flag evaluations for product analytics and A/B testing. Privacy policy: https://posthog.com/privacy

Bugsnag — Error Tracking and Performance Monitoring: Accesses user ID, email, crash and error data, and navigation performance metrics for identifying and fixing app errors. Privacy policy: https://smartbear.com/privacy/

Sentry — Error Tracking: Accesses error and exception data and device information for monitoring and diagnosing app errors. Privacy policy: https://sentry.io/privacy/

Adjust — Mobile Attribution: Accesses advertising identifiers, install attribution data, and conversion events for measuring advertising campaign effectiveness. Privacy policy: https://www.adjust.com/terms/privacy-policy/

Facebook SDK (Meta) — Ad Measurement: Accesses advertiser tracking status and purchase events (when tracking is permitted) for measuring ad campaign performance. Privacy policy: https://www.facebook.com/privacy/policy/

RevenueCat — In-App Purchase Management: Accesses purchase receipts, subscription status, and customer identifiers for managing subscriptions and in-app purchases. Privacy policy: https://www.revenuecat.com/privacy/

Google Sign-In — Authentication: Accesses Google account email, name, and authentication tokens for enabling sign-in with your Google account. Privacy policy: https://policies.google.com/privacy

Apple Authentication — Authentication: Accesses Apple identity token and email (if shared by user) for enabling sign-in with your Apple ID. Privacy policy: https://www.apple.com/legal/privacy/

Stoa collects advertising identifiers to measure the effectiveness of advertising campaigns and attribute app installs to marketing channels.

On iOS, we request your permission via the App Tracking Transparency (ATT) prompt before accessing your device's advertising identifier (IDFA). If you decline, we will not collect or share your IDFA.

On Android, we may access the Google Advertising ID for attribution and ad measurement purposes. You can reset or opt out of personalized advertising through your device settings (Settings > Google > Ads).

We do not serve ads within the app. Advertising data is used solely for install attribution and campaign measurement.

The Google Advertising ID is not linked to persistent device identifiers or other personal data for advertising purposes. We comply with Google Play's policies regarding the use of the App Set ID and advertising identifiers.

We do not sell your personal and sensitive user data. We share user data only in the following circumstances:

With service providers: We share data with the third-party services listed in this policy solely for the purposes described (analytics, crash reporting, authentication, payment processing, and attribution). Each provider is contractually obligated to protect your data and use it only for the services they provide to us.

For legal compliance: We may disclose your data if required to do so by law or in response to valid governmental requests (e.g., a court order or government agency request).

Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

With your consent: We may share your data with third parties when you have given us explicit consent to do so.

Stoa collects app usage data, device information, and meditation session history to enable meditation tracking, personalized content, and app improvement, even when the app is running in the background for audio playback.

Stoa collects advertising identifiers to enable install attribution and campaign measurement, only with your consent on iOS.

Stoa accesses Apple HealthKit data (iOS only) to enable mindful session tracking, only with your explicit permission.

Stoa collects push notification tokens to enable meditation reminders and app notifications, only with your permission.

We request your consent before accessing sensitive data through the following mechanisms:

Runtime permissions: Where available, we use runtime permission requests before accessing data gated by Android and iOS permissions (e.g., notifications, HealthKit, media library, microphone, and tracking transparency).

In-app consent: For advertising tracking on iOS, we present the App Tracking Transparency prompt, which requires your affirmative action (tap to allow) before we collect advertising identifiers. Navigating away from or dismissing this prompt is treated as a denial of consent.

You may withdraw consent at any time by adjusting permissions in your device settings. Withdrawing consent may limit certain app functionality.

Whenever you use our Service, in the case of an error in the app, we collect data and information (through third-party products) on your device called Log Data. This Log Data may include information such as your device Internet Protocol ("IP") address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.

Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

This Service does not use these "cookies" explicitly. However, the app may use third-party code and libraries that use "cookies" to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

We may employ third-party companies and individuals due to the following reasons:

To facilitate our Service; to provide the Service on our behalf; to perform Service-related services; or to assist us in analyzing how our Service is used.

We want to inform users of this Service that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.

We may also transfer data as necessary to service providers or for legal reasons such as to comply with a valid governmental request, applicable law, or as part of a merger or acquisition with legally adequate notice to users.

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. All personal and sensitive user data is transmitted using modern cryptography (HTTPS/TLS). Sensitive credentials are stored using secure, encrypted storage on your device.

However, no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you no longer wish to use our Service, you may delete your account and associated data in one of the following ways:

Through the App: Navigate to the Account screen and tap "Delete" to permanently delete your account and associated data.

By email: Contact us at stoa@stoameditation.com to request deletion of your account and data.

When you delete your account, we delete all personal data associated with your account, including meditation history, preferences, and profile information. Some data may be retained for a limited period where required by law, for fraud prevention, or to resolve disputes. Temporary account deactivation or freezing does not qualify as account deletion.

Third-party services may retain some data according to their own retention policies. Please refer to the privacy policies of the third-party services listed above for more information.

Our Service is not directed to children under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If we discover that a child under 13 has provided us with personal information, we will immediately delete it from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us at stoa@stoameditation.com so that we can take the necessary action.

Your information may be transferred to and processed in countries other than your own. These countries may have data protection laws that are different from the laws of your country.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that any transfer of your personal data complies with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). We implement appropriate organizational and technical measures to protect your data against loss, misuse, and unauthorized access.

We comply with applicable privacy, data security, and data protection laws, directives, regulations, and rules in all jurisdictions where we offer our services.

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at stoa@stoameditation.com.