NEWNEI® is built in the European Union and designed around the EU GDPR. This page explains, in plain words, what we hold, why, who else touches it, how we keep it safe, and the rights you always have over your own information.
Hosted in European Union (Frankfurt, Germany). Your data is never sold.
Personal data is stored in the European Union (Frankfurt). It is never sold.
All connections use TLS, and data is encrypted at rest by our EU database provider.
Postgres row-level security is locked by default: a member can only ever read their own record. Staff data work runs server-side under least privilege.
Every staff account must clear two-factor authentication (TOTP) to reach any back-office screen.
One account per person, one login, with role-based access so people see only what their job needs.
Payments run through an EU merchant-of-record; NEWNEI never stores card numbers.
Under the GDPR you can exercise any of these at any time. To make a request, email hi@newnei.com and we will respond within one month.
Each area of the app processes only what it needs, on a clear legal basis. Areas marked with a heart may involve health-related information, which we treat with extra care and only with your consent.
Create and secure your NEWNEI account so you can sign in once and reach everything behind it.
Data: Name, Email, Password (hashed), Sign-in activity. Kept: For the life of the account; removed on erasure request.
Sell and activate membership and programs, issue invoices, and record payments.
Data: Name, Email, Invoices, Payment records, Plan. Kept: Financial records kept ~7 years to meet accounting/tax law, then removed.
Answer your questions and keep a history of your conversations with us across email and chat.
Data: Name, Email, Message content, Contact preferences. Kept: Kept while relevant to support you, reviewed periodically.
Give you access to your courses, track your progress, and issue certificates.
Data: Enrolments, Lesson progress, Completion. Kept: For the life of the account; removed on erasure request.
Schedule sessions with facilitators and coaches and send reminders.
Data: Name, Email, Appointments, Intake answers. Kept: Kept while you use the service, reviewed periodically.
Support self-healing protocols and acupuncture self-treatment guidance chosen by you or run with a facilitator.
Data: Protocol sessions, Self-reported wellbeing scores. Kept: Kept while relevant; removed on erasure request.
Run cohorts, groups, and Q&A so the family can support each other.
Data: Name, Posts & replies, Group membership. Kept: Kept while you are a member of a group.
Send newsletters and campaign emails you have opted into, and let you unsubscribe at any time.
Data: Name, Email, Consent status, Open/click events. Kept: Until you withdraw consent or unsubscribe.
Run the referral program: personal links, attribution, and commissions.
Data: Referral code, Clicks, Referrals, Payout details. Kept: Kept while you take part; financial parts follow billing rules.
Understand whether programs help, using an anonymized dataset. No personal identifiers are included, and only with consent.
Data: Anonymized outcome scores (no personal identifiers). Kept: Anonymized; not linked back to you.
When AI features are on, message and content text may be sent to our AI provider to draft replies and content. A human always reviews before anything is sent.
Data: Message/content text passed to the model at draft time. Kept: Not retained for model training by the provider; drafts kept with the record they belong to.
We use a small set of trusted providers to run the service. Each is bound by a data-processing agreement.
| Provider | What they do | Region |
|---|---|---|
| Supabase | Database, authentication, and file storageThe primary data store. Row-level security isolates each account. | EU (Frankfurt) |
| Vercel | Application hosting and content delivery | EU region, global edge |
| Resend | Transactional and inbound email delivery | EU (Ireland) |
| Cloudflare | DNS, network security, and real-time call relay | Global edge |
| Digistore24 | Payment processing and EU merchant-of-record (VAT)Handles card/payment data so NEWNEI never stores card numbers. | EU (Germany) |
| Anthropic (Claude)when enabled | AI drafting for replies and contentOnly when AI features are enabled; a human reviews every draft. | United States |
| Meta (WhatsApp Cloud API)when enabled | WhatsApp messaging channelOnly if the WhatsApp support channel is switched on (dormant today). | United States / EU |
Email hi@newnei.com for anything about your data, including data requests and any security concern. If a personal-data breach ever affects you, we notify affected people and the supervisory authority as the GDPR requires.
The full Privacy Policy and the naming of our formal data-controller entity and Data Protection contact are being finalized with legal review. NEWNEI is EU-hosted and GDPR-aligned; it does not claim any certification it does not hold.
NEWNEI® is a registered trademark (EUTM No. 019272571).