Condri

Condri Ltd Privacy Policy

Last Updated: June 2026

Welcome to Condri. We’re a health & wellness company focused on providing support for health anxiety through practical, accessible tools. Our goal is to help people navigate health anxiety by giving them tools that help them manage their health anxiety. Condri is not intended as a substitute for professional care, but rather as a toolkit that can be used alongside any such care.

Condri Ltd from this point on “Condri,” “we,” “our,” or “us” operates the Condri app, associated websites, and all related services and support materials (collectively, the “Services”). We can be reached for support, legal notices, regulatory issues or questions at:

hello@condri.app

We care about transparency, responsibility, and building something that makes a meaningful difference in people’s lives. That begins here, by helping you understand exactly how we handle your personal information.

Our website is here, https://condri.app.

1. Information We Collect

1.1 Information You Provide

When you create an account or use our Services, we collect information that you provide directly to us, including:

  • Account Information: Name, email address, date of birth, and password
  • Health Information: Symptoms, feelings, check-ins, exercise responses, and journal entries you choose to record
  • Subscription Information: Payment details processed through RevenueCat and payment platforms (we do not store full payment card information)
  • Support Communications: Information you provide when contacting us for support

1.2 Information We Collect Automatically

When you use our Services, we automatically collect certain information, including:

  • Device Information: Device type, operating system, unique device identifiers
  • Usage Information: How you interact with the app, features used, time spent, and navigation patterns
  • Technical Information: IP address, browser type, app version, and crash reports
  • Location Information: General location data (country/region level) based on IP address, if applicable
  • Ad Attribution: To help us understand which marketing efforts are effective, we may use anonymised ad attribution data from AppsFlyer and other attribution providers.

1.3 Information from Third-Party Services

We may receive information from third-party services you connect to our app:

  • RevenueCat: Subscription status, purchase history, and subscription management
  • Stripe: Payment processing for web purchases. Card details are entered directly into Stripe’s secure checkout and are not stored on Condri’s systems. We receive transaction status, last-4 digits, and billing country.
  • Payment Processors: Transaction information and payment status
  • Postmark: Email delivery status and engagement metrics
  • PostHog (EU region): Product analytics. Events, feature usage, and pseudonymous user identifiers used to understand how the app is used and improve features. PostHog data is processed and stored in PostHog’s EU region.
  • Sentry: Error and crash reporting. Stack traces and limited device and user context captured when the app crashes, used to diagnose and fix bugs.
  • AppsFlyer: Ad attribution data, app install attribution, and in-app event tracking to help us understand which marketing efforts are effective. With your consent, AppsFlyer may also receive your user ID for attribution purposes.
  • Meta: Anonymised ad attribution data to help us understand which marketing efforts are effective.

1.4 Anonymised and Aggregated Information

We may create anonymised information and aggregated information from the personal information, health information, usage information, and exercise responses described above. This means we remove, transform, or combine information so it no longer identifies you and cannot reasonably be used to identify you.

Anonymised information does not have to be aggregated. Where effective anonymisation is possible, we may use non-aggregate anonymised information, such as anonymised exercise responses, check-in patterns, or feature interactions, for research, analysis, product development, safety monitoring, and improving Condri for everyone. For example, we may study which exercises are completed most often, where users tend to get stuck, which features appear most helpful, or broader patterns in health anxiety practice.

Where information needs to be combined, generalised, or aggregated to prevent identification, we will do that before using it as anonymous information.

We do not treat pseudonymised information as anonymous. If information can still be linked back to you by using additional information we hold separately, we treat it as personal information and protect it under this Privacy Policy.

2. How We Use Your Information

We use the information we collect to:

  • Provide and Improve Services: Deliver personalized content, exercises, and features tailored to your needs
  • Process Subscriptions: Manage your subscription, process payments, and handle renewals
  • Communicate with You: Send service updates, security alerts, support responses, important account information, and emails about the app, including feature updates, tips, and relevant information. By creating an account, you agree to receive these communications. You can unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us at hello@condri.app
  • Ensure Security: Detect and prevent fraud, abuse, and security threats
  • Comply with Legal Obligations: Meet legal requirements and respond to legal processes
  • Analytics and Improvement: Analyze usage patterns to improve our Services and develop new features
  • Research and Product Development: Create and use anonymised information, including non-aggregate anonymised information where appropriate, aggregated information, and de-identified usage data such as exercise responses, check-ins, and community activity, to understand how people use Condri, identify common patterns in health anxiety, improve the app, evaluate feature quality and safety, and develop new tools. This analysis may include statistical modelling and machine-learning techniques applied to de-identified data. We do not sell your data, and we do not share identifiable user content with third-party AI providers for model training.

3. Data Storage and Location

Your data is primarily stored in Europe:

  • Primary Storage: Railway infrastructure with primary storage in Amsterdam, Netherlands
  • Backup and Redundancy: Data may be replicated to other European data centers for reliability
  • Third-Party Services: Some data may be processed by services with global infrastructure, but we ensure they comply with applicable data protection laws

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted service providers who assist us in operating our Services:

  • RevenueCat: Subscription management and payment processing
  • Stripe: Payment processing for web purchases
  • Railway: Cloud infrastructure and data hosting
  • Postmark: Email delivery services
  • PostHog (EU region): Product analytics, processed and stored in the EU
  • Sentry: Error and crash reporting
  • AppsFlyer: We share ad attribution data and in-app event information with AppsFlyer to help us understand which marketing efforts are effective. With your consent, we may also share your user ID with AppsFlyer for attribution purposes. This information helps us measure the effectiveness of our marketing campaigns and improve our services.
  • Meta: We share anonymous ad conversion data with Meta in order to understand which marketing efforts are effective. This information is provided in a privacy-preserving format and cannot be used to personally identify you
  • These providers are contractually obligated to protect your information and use it only for the purposes we specify

We may disclose your information if required by law, court order, or government regulation, or to:

  • Comply with legal processes or respond to government requests
  • Protect our rights, privacy, safety, or property
  • Enforce our Terms of Service
  • Prevent or investigate fraud or security issues
  • Protect the vital interests of any person, including disclosing information to emergency services or law enforcement where we believe in good faith that there is an imminent risk of harm to you or others

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control and give you the opportunity to export your data and exclude yourself from the transfer.

We may share your information in other ways with your explicit consent.

4.5 Anonymised or Aggregated Information

We may use or share anonymised information, including non-aggregate anonymised information where appropriate, and aggregated information that does not identify you for research, reporting, product development, or to explain general trends about how Condri is used. We will not publish or share information in a form that could reasonably identify you, and we do not attempt to re-identify anonymised information.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: Data at rest is encrypted using AES-256, and all network traffic containing private information is protected by TLS/SSL.
  • Access Controls: Limited access to personal information on a need-to-know basis.
  • Regular Security Assessments: Ongoing monitoring and assessment of our security practices.
  • Secure Infrastructure: Hosting on secure, compliant cloud infrastructure.

5.1 Railway Infrastructure Security

Our primary data storage and hosting infrastructure is provided by Railway, which implements comprehensive security measures:

  • Data at Rest Encryption: All data at rest within Railway’s systems, including our database, is encrypted using AES-256, providing robust protection against unauthorized access and ensuring data confidentiality.

  • Data in Transit Protection: All data transmitted between Railway and us is protected using Transport Layer Security (TLS). If encrypted communication is interrupted, the Railway application remains inaccessible to ensure data security.

6. Your Rights and Choices

We support your privacy rights regardless of where you are located. All users of our Services have the following rights regarding their personal information:

6.1 Right to Access

You can access and download your personal data through the app settings or by contacting us at hello@condri.app. You have the right to know what personal information we collect, use, and disclose about you. For more information about how to access and manage your data, see our Data Policy.

6.2 Right to Correction

You can update your account information directly in the app or by contacting us. You have the right to request correction of inaccurate or incomplete personal information.

6.3 Right to Deletion

You can delete your account directly from within the app (Settings, then Account Details, then Delete Account). For full instructions, see our Data Policy and Support pages. We delete personal information within 30 days of account deletion, subject to legal retention requirements (such as obligations to retain certain data for legal, tax, or regulatory purposes). You can also request deletion by contacting us at hello@condri.app.

Note that community posts you have made may already have been seen or copied by other users before deletion. We can remove the post from our active systems but cannot retrieve copies held by others.

6.4 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format. We will provide your data in a commonly used format that allows you to transfer it to another service.

6.5 Right to Object and Restriction

You can object to certain processing activities or request restriction of processing where applicable. We will respect your preferences and work with you to find a solution that meets your needs while allowing us to provide our Services.

Where processing is based on consent, you can withdraw consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

6.7 Email Communication Preferences

You can unsubscribe from marketing emails at any time by clicking the unsubscribe link included in any email we send, or by contacting us at hello@condri.app. Please note that even if you unsubscribe from marketing emails, we may still send you essential service-related communications, such as security alerts, account notifications, and important updates about your subscription.

6.8 Right to Opt-Out of Sale or Sharing

We do not sell your personal information. We also do not share your personal information for cross-context behavioral advertising. If our practices change in the future, we will notify you and provide you with the ability to opt-out.

6.9 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge you different prices, or provide you with a different level or quality of services because you exercised your privacy rights.

6.10 How to Exercise Your Rights

To exercise any of these rights, please contact us at hello@condri.app. We will verify your identity before processing your request to protect your privacy and security. We will respond to your request within a reasonable timeframe, typically within 30 days, though some jurisdictions may require faster responses.

While we support these rights for all users, certain jurisdictions have specific legal frameworks that provide additional protections:

  • United Kingdom: If you are located in the UK, you have rights under the UK GDPR and the Data Protection Act 2018, including the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.

  • European Economic Area (EEA): If you are located in the EEA, you have rights under the EU General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

  • United States: If you are a resident of the United States, you may have additional rights under state privacy laws such as the California Consumer Privacy Act (CCPA) and other applicable state and federal privacy laws. We do not sell your personal information and do not share it for cross-context behavioral advertising; California residents have the “right to opt out of sale or sharing” by default as a result.

6.12 Special Category Data

Some information you provide to Condri (such as content describing your health anxiety, symptoms, or mental wellbeing) is treated as special category data under UK GDPR and EU GDPR. We process this data on the basis of your explicit consent, given when you create an account and use the relevant features. You may withdraw consent at any time by deleting your account, after which we will delete the relevant data as described in Section 6.3.

Regardless of your location, we are committed to protecting your privacy and will work with you to address any concerns you may have.

7. Children’s Privacy

Condri is intended for individuals who are 18 years of age or older.

  • If you are 13 to 17 years old, you may only use Condri’s self-guided tools with the supervision of a parent, legal guardian, or licensed mental health professional
  • Community access is restricted to users 18 years of age or older, regardless of guardian supervision. Users aged 13 to 17 may not access, post in, or view the community features
  • Children under 13 years old are not permitted to use Condri under any circumstances

If we learn that an account has been created by someone under 13, or without appropriate consent in the 13–17 range, we will terminate the account and remove any related data.

7A. Community Content

Where Condri offers community features, the way we handle the content you share there differs from your private app data.

  • Public to all Condri users. Posts, replies, and reactions in the community are visible to every other Condri user with access to the feature. They are not private or confidential.
  • Pseudonymous, not anonymous. Your handle is the only identifier other users see by default. However, details you share about yourself in your posts can identify you. Treat anything you post as a public broadcast that could be tied back to you.
  • What we store. Your handle, post body, reactions, timestamps, and any moderation history (including reports made by or against you) are stored alongside your account.
  • What we do with it. We use community content to operate the feature, moderate, enforce these policies, and (in aggregated, de-identified form) to understand patterns and improve the Services. We do not sell community content and do not share identifiable community content with third-party AI providers for model training.
  • Deletion. Deleting a post or your account removes the content from our active systems within 30 days. We cannot retrieve copies that have already been seen, screenshotted, quoted, or shared outside the app.

8. International Data Transfers

Your data is primarily stored and processed in Europe. If we transfer data outside the UK or the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission, with the UK International Data Transfer Addendum where applicable
  • The UK International Data Transfer Agreement for transfers out of the UK
  • Adequacy decisions by the UK Government or the European Commission
  • Other legally recognised transfer mechanisms

9. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Maintain security and prevent fraud

When you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes. Aggregated and fully de-identified data (which can no longer be linked to you) may be retained for product research and analytics.

9.1 Data Breach Notification

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay and report to the relevant supervisory authority (the ICO in the UK, or your local data protection authority in the EEA) as required by UK GDPR and EU GDPR.

We may retain anonymised information, including non-aggregate anonymised information where appropriate, and aggregated information after account deletion because it no longer identifies you and cannot reasonably be linked back to you.

10. Cookies and Tracking Technologies

Our website and app may use cookies and similar tracking technologies:

  • Functional Cookies: Essential for the app to function properly
  • Analytics Cookies: Help us understand how users interact with our Services (with your consent)
  • Preferences: Remember your settings and preferences

You can control cookies through your browser or device settings. Note that disabling certain cookies may affect app functionality.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email to the address associated with your account
  • Displaying a notice in the app

Your continued use of our Services after such changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: hello@condri.app

We will respond to your inquiry within a reasonable timeframe.

13. Governing Law

This Privacy Policy is governed by the laws of England and Wales. We comply with applicable data protection regulations worldwide, including:

  • UK GDPR and the Data Protection Act 2018 for users in the United Kingdom
  • General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA)
  • California Consumer Privacy Act (CCPA) and other applicable state and federal privacy laws in the United States
  • Other applicable privacy and data protection laws in jurisdictions where we operate

Company details. Condri Ltd is a company registered in England and Wales, company number 17275888. Registered office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.

As stated throughout this policy, we support privacy rights for all users regardless of their location, and we comply with the most protective standards applicable to your data.