Legal

Privacy Policy

Effective May 6, 2026 · Last updated May 6, 2026

Contents

  1. Introduction
  2. Who We Are
  3. Information We Collect
  4. How We Use Information
  5. Legal Bases (GDPR)
  6. Sharing & Disclosure
  7. Third-Party Services
  8. Apple HealthKit
  9. Data Retention
  10. Security
  11. Your Rights & Choices
  12. California Privacy Rights
  13. Children's Privacy
  14. International Transfers
  15. Do Not Track
  16. Changes to This Policy
  17. Contact Us

1. Introduction

This Privacy Policy ("Policy") describes how Gen X Girl Club LLC ("Sovereign," "we," "us," or "our") collects, uses, and discloses information about you when you use the Sovereign mobile application (the "App"), our website at genxgirlclub.com, and related services (collectively, the "Services").

We respect your privacy. This Policy explains in plain language what data the App collects, why we collect it, who we share it with (and who we don't), and the choices you have. By using the Services, you agree to the terms of this Policy. If you do not agree, please do not use the Services.

The short version: We collect only what we need to make the App work for you. We never sell your personal information. We never share your wellness or scan data with advertisers. You can request to delete your data at any time.

2. Who We Are

The data controller responsible for your personal information is:

Gen X Girl Club LLC
Vail Valley, Colorado, USA
Email: sarah@genxgirlclub.com

3. Information We Collect

We collect information in three ways: (a) information you provide directly, (b) information we collect automatically when you use the Services, and (c) information from third-party sources (limited and described below).

3.1 Information You Provide

  • Account information: name, email address, password (stored as a one-way hash), and optional profile details such as your age range and the name you'd like Sarah and the community to use.
  • Subscription information: if you purchase a premium subscription, the transaction is processed by Apple. We receive a transaction receipt and subscription status — we do not see your payment card or banking details.
  • Wellness inputs: any information you voluntarily enter into the App, such as journal notes, mood check-ins, session feedback, and personal goals.
  • Community content: posts, comments, replies, and reactions you choose to share inside the private in-app community.
  • Support communications: messages you send to us via email or in-app support, including any details you choose to share.

3.2 Information Collected Automatically

  • Nervous System Scan data: the App's Nervous System Scanner records readings (e.g., heart-rate variability, breathing rhythm, motion stability) during a scan and computes a state classification (Storm Mode, Shifting, Recovery Mode) and a numeric Calm Index.
  • Device & usage information: device model, operating system version, app version, language, time zone, anonymized device identifier, crash logs, and aggregated feature-usage events.
  • Log data: on the website, our servers automatically log requests including IP address, browser type, referring page, and timestamps. We use this information for security monitoring and aggregate analytics.
  • Cookies and similar technologies: the website uses essential cookies to keep you signed in and a small number of analytics cookies to understand site usage. The App does not use browser cookies.

3.3 Information from Third Parties

  • Apple: when you sign in with Apple or restore a subscription, we receive a verified email (or a relay address you choose) and your subscription status.
  • Apple HealthKit (optional): if you grant permission, the App can read selected health metrics from HealthKit to improve scan accuracy. See Section 8.

4. How We Use Information

We use your information to:

  • Provide, operate, and maintain the Services and your account.
  • Run the Nervous System Scanner and produce your personalized state readings, trend charts, and session recommendations.
  • Deliver subscription content (Audio Vault, Self-Hypnosis Studio, Live Coaching, and The Sanctuary community) and remind you about upcoming coaching calls.
  • Operate the private community, including moderation and abuse prevention.
  • Communicate with you about your account, important changes, security issues, and (with your consent) news from Sarah and the team.
  • Improve the App by analyzing aggregated, de-identified usage patterns.
  • Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service.
  • Comply with legal obligations.

What we do NOT do: we do not use your scan data, journal entries, community posts, or any health-adjacent inputs to target advertising. We do not sell your personal information. We do not share your scan results or wellness inputs with insurers, employers, or any data broker.

If you are in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal information depend on the data and the context. They include:

  • Contract: processing necessary to deliver the Services you've requested.
  • Consent: for optional features such as marketing emails, push notifications, and HealthKit access. You may withdraw consent at any time.
  • Legitimate interests: to operate, secure, and improve the Services in ways that are not overridden by your rights.
  • Legal obligation: to comply with applicable law.

6. Sharing & Disclosure

We share personal information only in these limited circumstances:

  • Service providers: trusted vendors that help us run the App (e.g., cloud hosting, email delivery, error monitoring, customer support tooling). They process information on our behalf under written contracts and may not use it for their own purposes.
  • Legal & safety: when required by law, subpoena, or court order, or where we believe disclosure is necessary to protect rights, property, or safety.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, your information may be transferred subject to this Policy.
  • With your direction: when you choose to publish content in the community or share content outside the App.

We do not sell, rent, or trade your personal information to third parties for their marketing.

7. Third-Party Services We Use

Our principal subprocessors include:

  • Apple Inc. — App distribution, sign-in, in-app purchases, and (optionally) HealthKit.
  • Cloud hosting provider — secure storage and compute for App data.
  • Email service provider — transactional email and (with consent) newsletters.
  • Analytics provider — aggregated, privacy-respecting product analytics; we do not enable advertising features.
  • Crash & performance monitoring — to keep the App stable.

We will publish an updated subprocessor list on request.

8. Apple HealthKit

If you grant the App permission to access Apple HealthKit, the App may read selected metrics (such as heart-rate variability and resting heart rate) to enrich your Nervous System Scanner readings.

  • HealthKit data stays on your device and in your iCloud (under your Apple ID). The App reads only what you explicitly allow.
  • We do not use HealthKit data for advertising or marketing.
  • We do not share or sell HealthKit data to any third party.
  • We do not use HealthKit data for any purpose unrelated to providing or improving the Sovereign Services.
  • You can revoke HealthKit access at any time in iOS Settings > Privacy & Security > Health > Sovereign.

Our use of HealthKit follows Apple's HealthKit data use policies.

9. Data Retention

We retain your personal information for as long as your account is active and as needed to provide the Services. After account deletion, we delete or de-identify your personal information within 60 days, except where retention is required by law (for example, for tax, accounting, fraud-prevention, or dispute-resolution purposes), in which case the retained data is access-restricted and deleted when no longer required.

10. Security

We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS 1.2+) and encryption at rest for stored data. Passwords are stored using a one-way hash. Access to production systems is limited to authorized personnel and audited.

No method of transmission or storage is 100% secure. If we ever experience a security incident affecting your personal information, we will notify you and applicable authorities as required by law.

11. Your Rights & Choices

You have the following rights with respect to your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct information that is inaccurate or incomplete.
  • Deletion: ask us to delete your account and personal information.
  • Portability: request a machine-readable export of your data.
  • Objection & restriction: object to, or ask us to restrict, certain processing.
  • Consent withdrawal: withdraw any consent you have given (e.g., for marketing emails or HealthKit access).
  • Complaint: lodge a complaint with your local data-protection authority.

To exercise any of these rights, email sarah@genxgirlclub.com. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

12. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended:

  • The right to know what categories of personal information we have collected, the sources, the business purposes, and the categories of recipients.
  • The right to request deletion of personal information we have collected from you.
  • The right to correct inaccurate personal information.
  • The right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA.
  • The right to limit the use of "sensitive personal information." We do not use sensitive personal information for purposes that would trigger this right.
  • The right not to be discriminated against for exercising these rights.

To exercise California rights, email sarah@genxgirlclub.com with the subject line "California Privacy Request." Authorized agents must provide written, signed authorization.

13. Children's Privacy

The Services are intended for adults aged 18 and over. We do not knowingly collect personal information from children under 13 (or 16 in the EEA/UK). If you believe a child has provided us with personal information, please contact us and we will delete it.

14. International Transfers

Sovereign is operated from the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States. Where required, we implement appropriate safeguards such as Standard Contractual Clauses for transfers from the EEA, UK, and Switzerland.

15. Do Not Track

Our website does not respond differently to "Do Not Track" browser signals at this time, because there is no industry-standard interpretation. We do, however, honor Global Privacy Control (GPC) signals as an opt-out of any "sale" or "sharing" under California law.

16. Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top, and — for material changes — provide notice through the App or by email before the change takes effect. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

17. Contact Us

For questions about this Policy or to exercise your rights, contact:

Gen X Girl Club LLC
Attn: Privacy
Email: sarah@genxgirlclub.com
Vail Valley, Colorado, USA