HeadRest
Privacy Policy
Last Updated: February 22, 2026
Introduction
HeadRest ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our meditation mobile application ("App").
Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.
Information We Collect
Information You Provide
- Account Information
- Email address (used for authentication via one-time password)
- No password is stored - we use passwordless authentication
- Meditation Context
- The text you enter describing your emotional situation
- This is used solely to generate personalized meditations
- Your mechanism selections (the option you choose when asked a follow-up question)
- Journal Entries
- Personal text entries written after meditations
- Stored until you delete the entry or your account
- Push Notification Device Tokens
- Used solely to deliver meditation-ready alerts
- Removed when you delete your account or uninstall the App
- Usage Data
- Duration preferences (5 or 15 minutes)
- Meditation history (which meditations you've generated)
Information Collected Automatically
- Device Information
- Device type and operating system version
- App version
- Product Interaction Analytics
- Screen views and navigation patterns
- Feature usage (e.g., which meditations you play, how long you listen, creation flow steps completed)
- Session data (app opens, backgrounding, foregrounding)
- These events are linked to your user ID to provide personalized insights and are not used for cross-app tracking or advertising
- Speech-to-Text
- Voice input is processed entirely on-device via Apple's Speech framework
- Audio never leaves your device — only the transcribed text is sent to our servers
How We Use Your Information
We use your information to:
- Provide the Service
- Authenticate your account
- Generate personalized meditation scripts based on your context
- Store and retrieve your meditation library
- Improve the Service
- Analyze aggregate usage patterns
- Fix bugs and improve performance
- Develop new features
- Safety & Compliance
- Detect and prevent misuse
- Comply with legal obligations
Third-Party Services
We use the following third-party services to provide our App:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & Database | Email, user ID, meditation metadata |
| Anthropic (Claude) | AI-powered story selection and script generation | Your context text (anonymized, not linked to your identity) |
| ElevenLabs | Text-to-speech audio generation | Meditation script text (anonymized) |
| Cloudflare R2 | Audio file storage | Meditation audio files |
| Sentry | Error tracking | Crash reports, error logs (no personal content) |
| PostHog (EU Cloud) | Product analytics | Feature usage events, screen views, linked to user ID |
| OpenAI | Content moderation API | Your context text (anonymized, not linked to identity) |
| OAuth sign-in | Email, profile name | |
| Apple | Sign in with Apple | Email, name (as you choose to share) |
| Upstash | Job queue (Redis) | Job metadata (emotion, duration — no personal text) |
| Railway | Backend hosting | Server logs (truncated user IDs only) |
Important: When your context text is sent to AI services (Anthropic) for meditation generation, it is:
- Not linked to your email or identity
- Not stored permanently by the AI service
- Used only to generate your meditation in that session
Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Meditation audio files | Until you delete your account |
| Journal entries | Until you delete the entry or your account |
| Context text | Processed and discarded after meditation generation |
| Device tokens | Until you delete your account or uninstall the App |
| Error logs | 30 days |
| Product analytics | Until you delete your account (stored in PostHog EU) |
Your Rights
You have the right to:
- Access - Request a copy of your personal data
- Correction - Request correction of inaccurate data
- Deletion - Request deletion of your account and all associated data
- Portability - Request your data in a machine-readable format
To exercise these rights, contact us at: support@tryheadrest.com
Data Deletion
To delete your account and all associated data:
- Open the App
- Go to Settings
- Tap "Delete Account"
- Confirm deletion
Alternatively, email us at support@tryheadrest.com with your account email.
Upon deletion:
- Your account and all personal data are immediately and permanently deleted
- Your meditation audio files are immediately deleted from our servers
- Your journal entries, meditation history, and device tokens are immediately removed
- Your analytics data is deleted from PostHog (EU-hosted) via their deletion API
- Anonymized aggregate data may be retained for service improvement
Security
We implement appropriate security measures including:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for sensitive data
- Secure authentication via one-time passwords
- Regular security audits
However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
Children's Privacy
HeadRest is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
Crisis Content
HeadRest includes automatic detection of crisis-related content. If you express thoughts of self-harm or suicide:
- The App will not generate a meditation
- You will be shown crisis support resources including hotline numbers
- No meditation or audio is created for this content
We do not store or report crisis content. This detection is solely to provide you with appropriate resources.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Updating the "Last Updated" date
- Displaying a notice in the App
Your continued use of the App after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy, contact us at:
Email: support@tryheadrest.com
Mailing Address:
Aaditya Menon
Ground Floor, 297, 15th B Main Road
Sector 3 HSR Layout
Bangalore 560102, Karnataka, India
California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know - What personal information we collect and how it's used
- Right to Delete - Request deletion of your personal information
- Right to Non-Discrimination - We will not discriminate against you for exercising your rights
To exercise these rights, email us at support@tryheadrest.com.
European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Legal Basis: We process your data based on your consent (when you use the App) and our legitimate interests (to provide and improve the service)
- EU Data Hosting: Product analytics data is processed and stored exclusively in the European Union via PostHog EU Cloud (Frankfurt). Your analytics data never leaves EU jurisdiction.
- Data Protection Officer: Contact support@tryheadrest.com
- Supervisory Authority: You have the right to lodge a complaint with your local data protection authority