1. Who We Are
Nawaya, Inc. (“Nawaya”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect personal information when you use our website, platform, and services.
- Company name: Nawaya, Inc.
- Legal form: Delaware C Corporation
- Address: c/o Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, United States
- Contact email: info@nawaya.io
Although Nawaya is incorporated in the United States, we offer our services internationally and comply with the EU General Data Protection Regulation (GDPR) and other applicable data-protection laws where required.
2. Data We Collect
We collect the following categories of personal data:
a) Account & Profile Data
- Name
- Email address
- Username
- Profile information
- Preferences and settings
b) User-Generated Content
- Journals & reflections
- Uploads
- Comments & interactions within the platform
c) Usage & Technical Data
- IP address
- Device and browser information
- Log files
- Usage patterns and interaction data
d) Payment & Transaction Data
Payments are processed by third-party payment providers (e.g. Stripe). We do not store full payment card details. Transaction-related metadata (e.g. payment status, timestamps) may be stored for accounting and legal purposes.
3. How We Use Your Data
- To operate and provide the platform and its features
- To create and manage user accounts
- To enable journaling, content creation, and participation in sessions or programs
- To improve our services, functionality, and user experience
- To communicate service-related updates and important information
- To process payments and manage subscriptions or access rights
- To ensure platform security, prevent misuse, and detect fraud
- To comply with legal and regulatory obligations
4. Legal Basis for Processing (GDPR)
We process personal data only where permitted by law. Depending on the context, processing is based on one or more of the following legal grounds under Article 6 GDPR:
- Contractual necessity – where processing is required to provide our services
- User consent – particularly for analytics, marketing, and optional features
- Legitimate interests – such as platform security, service improvement, and operational efficiency
- Legal obligations – where processing is required to comply with applicable laws
You may withdraw your consent at any time with future effect.
5. Cookies & Analytics
We use cookies and similar technologies to operate our website, analyze usage, and improve performance. Non-essential cookies and tracking technologies are only used with your explicit consent.
Depending on your consent choices, we may use the following tools:
- Google Tag Manager: used to manage and deploy website tags.
- Google Analytics / Google identifiers: to analyze website usage and performance.
- Meta (Facebook) Pixel & Conversion API: to measure advertising effectiveness and conversions.
- Contentsquare: to analyze user behavior and improve usability and user experience.
These tools may collect information such as IP address, device data, pages visited, interaction patterns, and event data. Detailed information about cookies, providers, purposes, and retention periods is available in our Cookie Policy. You may adjust or withdraw your consent at any time via the cookie settings on our website.
6. Data Sharing
We only share personal data where necessary and in accordance with applicable laws, including with:
- Infrastructure & hosting providers
- Payment processors (e.g. Stripe)
- Analytics and optimization providers (e.g. Google, Meta, Contentsquare)
- Legal authorities where disclosure is legally required
All service providers process data on our behalf under appropriate data-processing agreements where required.
7. International Data Transfers
Your personal data may be processed outside your country of residence, including in the United States. Where required under GDPR, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure an adequate level of data protection.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including providing our services, complying with legal obligations, and resolving disputes.
Account-related data is generally retained for the duration of your account. Certain data may be retained longer where legally required (e.g. accounting or compliance obligations).
Users may request deletion of their data at any time, subject to legal retention requirements.
9. Your Rights
Under the GDPR, you have the following rights:
- Access personal data
- Rectify inaccurate or incomplete data
- Request deletion of your data
- Restrict processing
- Request data portability
- Object to processing
- Withdraw consent at any time
To exercise your rights, contact us at info@nawaya.io. You also have the right to lodge a complaint with a supervisory data-protection authority, in particular in your country of residence or place of alleged infringement.
10. Security
We implement appropriate organizational and technical measures to protect personal data against unauthorized access, loss, or misuse. However, no system is completely secure, and we cannot guarantee absolute security.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the platform or via other appropriate means.