Medito Foundation Medito Foundation

Legal

Privacy Policy

Effective Date: 20 April 2026

Welcome, and thank you for your interest in Medito ("Medito", "we", or "us"). This Privacy Policy (the "Policy") explains how Stichting Medito and its affiliates and subsidiaries collect, use, and disclose Personal Information in the context of the Medito mobile app (the "App"), our website at www.meditofoundation.org (the "Website"), our online community platforms, and other services (collectively, the "Services"). This Policy also describes your rights and choices with respect to your personal information, and how you can contact us if you have any questions or concerns.

1. Personal Information We Collect

We may collect Personal Information about you directly from you, from third parties, or automatically through your use of the Services. In this Policy, "Personal Information" means any information relating to an identified or identifiable individual.

Information Provided by You

  • Contact information: When you contact us, sign up for our newsletter, or register with the Services, you may provide us with contact information, such as your name and email address.
  • Correspondence and feedback: When you contact us via a contact form, email, survey, through the App, or by other means, you provide us with your contact information and the contents and nature of your correspondence or survey responses.
  • Contributions: When you volunteer with or otherwise contribute to Medito, you may provide us with contributor information, such as the code, documentation or other material you contribute, the time and date of your contributions, your username and profile information, and any related comments and discussions.

Information Collected via Automated Means

For Both App and Website:

  • Device information: When you use the Services, we automatically receive information about your device, including your IP address, device type, web browser, screen resolution, and operating system.
  • Coarse location information: When you use the Services, we estimate your location at city/country level based on your IP address and browser language.

App-Specific:

  • App usage information: We collect information about your use of the App, including the date, time, and duration of your sessions, the App version, what you tapped on, the content you accessed, what you listened to, and the route you took to navigate through the App. This information is collected automatically when you use the App, even without an account. We rely on our legitimate interest in operating, securing, and improving the App as the legal basis for this collection. You can learn more about your rights, including the right to object, in Section 6.

Website-Specific:

  • Website usage information: When you use the Website, we automatically receive information about your use of the Website, including the web pages that you visit just before or just after you use the Website, as well as information about your interactions with the Website, including the date, time and duration of your visit, where you clicked, and the route you took to navigate through the Website.
  • Cookie information: We and third parties may automatically collect information about your visit to and use of the Website via cookies (see section 4 below for more information).

Information Collected from Third Parties

  • Donation information: When you donate to Medito, we receive your contact information and donation amount from our payment providers.
  • Social media information: When you engage with Medito on social media, we may receive your profile information, posts, and other information from the social media platform.
  • Community platform information: When you participate in our community platforms (such as WhatsApp or Telegram groups), we may collect information you provide in these communities, as well as information provided by the platform itself.

2. How We Use Personal Information

We use your Personal Information for the following purposes:

  • Providing the Services: We rely on vendors and service providers for the provision of our Services, such as cloud service providers and analytics providers.
  • Communicating with you: We use your Personal Information as necessary to contact you for administrative purposes, including to provide information that you request, to respond to comments and questions, and to provide you with customer support.
  • Marketing: If you have opted in, we use your email address and other Personal Information to send marketing communications, including updates on promotions and events relating to Medito and the Services. You can opt out of receiving promotional communications as described under section 6 below.
  • Processing donations: We use your Personal Information as necessary to process your donation.
  • Understanding usage and improving the Services: We have a legitimate interest to use your Personal Information to understand and analyze the usage trends and preferences of our users, to improve the Services, and to develop new products, services, features, and functionality.
  • Administrative and legal purposes: We may be legally required or have a legitimate interest to use your Personal Information to address administrative or legal issues pertaining to Medito, including to enforcing our contracts, complying with legal obligations, and defending against legal claims or disputes.

3. When We Disclose Personal Information

We disclose Personal Information about you to the following recipients and in the following circumstances:

  • Vendors and service providers: We rely on vendors and service providers for the provision of our Services, including cloud hosting providers, customer support providers, and the analytics, crash-reporting, donation, and advertising-measurement services listed in Sections 4 and 12 (notably Google Firebase Analytics, Firebase Crashlytics, Google Analytics, Superwall, and Meta).
  • Payment processors: We disclose your information to payment processors, such as Stripe, in order to process donations and other payments.
  • Legal: Information about our users, including Personal Information, will be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of Medito, our users, a third party, or the public.
  • Medito group: We may disclose personal information about you to our affiliates and subsidiaries.
  • Change of corporate ownership: If we are involved in a merger, acquisition, bankruptcy, reorganization, partnership, asset sale or other transaction, we may disclose your Personal Information as part of that transaction.
  • Researchers: We may share your data with researchers only if you have agreed to it by registering to a research project/study.

We do not sell your Personal Information to third parties.

4. How We Use Cookies and Similar Technologies

Cookies are small pieces of data that may be stored in and retrieved from your web browser while you browse a website. In this Policy, cookies and similar storage technologies, such as JavaScript localStorage, are collectively referred to as "cookies".

Our Website uses cookies primarily for analytics, to help us understand how visitors use the Website so we can improve it.

  • Analytical or performance cookies: We use Google Analytics (GA4), which sets first-party cookies to measure page views, sessions, and interactions in aggregated form. The resulting reports show Website trends without identifying individual visitors. You can opt out of Google Analytics at tools.google.com/dlpage/gaoptout without affecting how you visit our Website.

You can block or delete cookies through your browser settings. Cookies expire after 12 months.

5. How Long We Retain Personal Information

We retain Personal Information only for as long as needed for the purposes set out in this Policy. Specific retention periods depend on the type of information:

  • Newsletter subscribers: Until you unsubscribe, after which your email is removed from our mailing list.
  • Donation and payment records: Retained for the period required by Dutch tax and accounting law (currently 7 years).
  • Correspondence and support communications: Up to 3 years from the last contact, unless a longer period is required to resolve a legal or regulatory matter.
  • Analytics data (Website and App): Retained according to the default settings of the underlying analytics provider. For Google Analytics (GA4), user-level data is retained for up to 14 months.
  • Crash and diagnostic data (Firebase Crashlytics): Retained for up to 90 days from the date of collection.
  • Community platform participation: As long as you remain a member of the relevant group or platform.

When deleting Personal Information, we take measures to render it irrecoverable or irreproducible, and electronic files containing Personal Information are permanently deleted.

6. Your Rights and Choices

In certain circumstances, you have the following rights in relation to your Personal Information that we hold:

  • Access: You have the right to access the Personal Information we hold about you, and to receive an explanation of how we use it and who we share it with.
  • Correction: You have the right to correct any Personal Information we hold about you that is inaccurate or incomplete.
  • Erasure: You have the right to request for your Personal Information to be erased or deleted.
  • Object to processing: You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest or if we are processing your Personal Information for direct marketing purposes.
  • Restrict processing: You have a right in certain circumstances to stop us processing your Personal Information other than for storage purposes.
  • Portability: You have the right to receive, in a structured, commonly used and machine-readable format, Personal Information that you have provided to us if we process it on the basis of our contract with you, or with your consent, or to request that we transfer such Personal Information to a third party.

Please note that, prior to any response to the exercise of such rights, we may need to verify your identity. In addition, we may have valid legal reasons to refuse your request, and will inform you if that is the case. You always have the right to file a complaint with the national data protection authority, but we hope that you contact us first so we can address your concerns. For more information, or to exercise your rights, please contact us at the contact details below.

7. International Visitors and Data Transfers

Stichting Medito is based in the Netherlands. Some of the vendors we rely on — including Google (Firebase Analytics, Firebase Crashlytics, and Google Analytics), Meta, Superwall, and Stripe — process data in the United States or other countries outside the European Economic Area (EEA).

For these transfers, we rely on the standard data processing terms that each vendor makes available to its customers. Major providers such as Google, Meta, and Stripe typically include transfer mechanisms in those terms, such as the European Commission's Standard Contractual Clauses or the EU-US Data Privacy Framework. For the specific safeguards applied by any given vendor, please refer to that vendor's own privacy policy.

8. Children's Privacy

Our Services are not directed to children, and we do not knowingly collect, maintain, or use Personal Information from children under the age of 16. If you learn that a child has provided us with Personal Information in violation of this Policy, please contact us as indicated below.

9. Information Security

We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of Personal Information that we collect and maintain. We cannot, however, ensure or warrant the security of any information you transmit to us and you do so at your own risk.

10. Changes to this Policy

We will notify you of any material changes so that you have time to review the changes.

11. Contact us

Please contact us with any questions or comments about this Policy, your Personal Information, our use and disclosure practices, or your consent choices by email at privacy@meditofoundation.org or by postal mail at:

Stichting Medito
Attn: Privacy
Bogortuin 203
1019 PE Amsterdam
Netherlands

12. App-Specific Information

  • No Account Required: You can use the App without creating an account. Where we do not rely on your explicit consent, we rely on our legitimate interest (or another applicable legal basis under the GDPR) for the processing described in this Policy. Your rights under Section 6, including the right to object, continue to apply.
  • Automatic Data Collection: The App automatically collects usage, device, and location information as described in Section 1. This first-party collection is required to operate the App and cannot be disabled while using the App. Third-party services used in the App can be deactivated as described below.
  • Push Notifications: We may send push notifications to your device. You can manage these in your device settings.
  • Offline Use: Some features of the App may be available offline. We will sync data collected offline when you reconnect to the internet.

Third-Party Services Used in the App

To operate, improve, and promote the App, we rely on a small set of third-party services. We consider these the minimum necessary to run the service responsibly, which is why they are enabled by default. You can deactivate any of them at any time in the App's privacy settings.

  • Firebase Analytics (Google): Understand how the App is used so we can improve it.
  • Firebase Crashlytics (Google): Detect crashes and diagnose bugs so we can fix them.
  • Superwall: Display and measure our in-app donation prompts (paywalls). Via the Superwall SDK, this typically includes a Superwall-generated user identifier, device and app information, and events related to paywall impressions, interactions, and conversions. Data sent to Superwall is also governed by Superwall's own privacy policy.
  • Meta (Facebook): Measure the performance of our advertising campaigns so we can reach people who may benefit from the App. Via the Meta SDK, this typically includes your device's advertising identifier, app install and event data (such as when you open the App or complete key in-app actions), and limited device information. Data sent to Meta is also governed by Meta's Privacy Policy.

We use these services to understand usage, diagnose problems, and measure whether our outreach is working. We do not sell your data.

13. Website-Specific Information

  • Cookies: The Website uses cookies as described in Section 4. You can manage your cookie preferences through your browser settings or by using the opt-out tools referenced in Section 4.
  • Newsletter: If you sign up for our newsletter on the Website, we will use your email address to send you updates about Medito. You can unsubscribe at any time using the link provided in each email.
  • Donations: When you make a donation through our Website, we collect and process the necessary information to complete the transaction.

Third-Party Services Used on the Website

The services below are activated when you visit the Website. You can opt out using your browser settings or the tools linked below.

  • Google Analytics (GA4): Understand how visitors use the Website so we can improve it and measure the effectiveness of outreach — including campaigns run under the Google Ad Grants programme for non-profits, which requires us to operate analytics. Google Analytics uses cookies and similar technologies to measure page views, sessions, and interactions in aggregated form. You can opt out at tools.google.com/dlpage/gaoptout.

14. Community Platforms

Medito maintains community spaces on various platforms, including but not limited to WhatsApp and Telegram. When you join and participate in these communities:

  • Information Collection: We may collect information that you provide in these communities, as well as information provided by the platform itself (such as your username, profile picture, or activity status).
  • Platform Policies: Your use of these platforms is also subject to the respective privacy policies and terms of service of WhatsApp, Telegram, or any other platform we may use in the future.
  • Linking Information: If you choose to link your community profile with your Medito app account, we may associate the information from these platforms with your app usage data. This allows us to provide a more personalized experience and improve our services.
  • Data Usage: Information collected from community platforms may be used to understand user preferences, improve our services, and communicate important updates or offers.
  • Opting Out: You can choose to leave our community groups at any time. However, please note that some information may have already been collected and associated with your account.

15. Research Participation

If you choose to participate in research studies:

  • You will be asked for explicit consent before any research-specific data collection begins.
  • The types of data collected and how they will be used will be explained in the specific research consent form.
  • You can withdraw from a study at any time.
  • Data shared with researchers will be anonymized or pseudonymized to protect your privacy.

For more information about our research practices, please contact us.

16. Data Linking and Integration

  • Account Linking: If you choose to create an account in the Medito app, we may offer the option to link this account with your profiles on our community platforms (such as WhatsApp or Telegram groups).
  • Data Integration: When accounts are linked, we may integrate data from different sources (app usage, community participation, etc.) to create a more comprehensive user profile. This helps us to provide more personalized content and recommendations, improve our services based on a better understanding of user behavior across platforms, and facilitate seamless experiences between the app and community spaces.
  • Control Over Linking: You have control over whether to link your accounts. You can also unlink them at any time through your app settings or by contacting us.
  • Data Separation: If you choose not to link accounts or to unlink them, we will maintain separate data sets for your app usage and community participation.

17. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes through the App, Website, or community platforms, as appropriate.

Unless otherwise indicated, Stichting Medito is the entity responsible or "data controller" for the processing of Personal Information described in this Policy.