← Home
Trust Center

Your data, protected.

NEWNEI® is built in the European Union and designed around the EU GDPR. This page explains, in plain words, what we hold, why, who else touches it, how we keep it safe, and the rights you always have over your own information.

Hosted in European Union (Frankfurt, Germany). Your data is never sold.

How we protect it

EU data residency

Personal data is stored in the European Union (Frankfurt). It is never sold.

Encryption in transit and at rest

All connections use TLS, and data is encrypted at rest by our EU database provider.

Row-level isolation

Postgres row-level security is locked by default: a member can only ever read their own record. Staff data work runs server-side under least privilege.

Two-factor for staff

Every staff account must clear two-factor authentication (TOTP) to reach any back-office screen.

One login, least privilege

One account per person, one login, with role-based access so people see only what their job needs.

No card data stored

Payments run through an EU merchant-of-record; NEWNEI never stores card numbers.

Your rights

Under the GDPR you can exercise any of these at any time. To make a request, email hi@newnei.com and we will respond within one month.

Access
Get a copy of the personal data we hold about you.
Rectification
Correct data that is wrong or out of date.
Erasure
Ask us to delete your data (where no law requires us to keep it).
Portability
Receive your data in a portable, machine-readable file.
Restriction
Ask us to pause certain processing while a question is resolved.
Objection
Object to processing based on legitimate interest, and to marketing at any time.
Withdraw consent
Withdraw consent (e.g. unsubscribe) whenever you like.
Complain
Lodge a complaint with your local data-protection supervisory authority.

What we hold, and why

Each area of the app processes only what it needs, on a clear legal basis. Areas marked with a heart may involve health-related information, which we treat with extra care and only with your consent.

Account & sign-in

Contract

Create and secure your NEWNEI account so you can sign in once and reach everything behind it.

Data: Name, Email, Password (hashed), Sign-in activity. Kept: For the life of the account; removed on erasure request.

Membership & billing

ContractLegal obligation

Sell and activate membership and programs, issue invoices, and record payments.

Data: Name, Email, Invoices, Payment records, Plan. Kept: Financial records kept ~7 years to meet accounting/tax law, then removed.

Customer care & support

ContractLegitimate interest

Answer your questions and keep a history of your conversations with us across email and chat.

Data: Name, Email, Message content, Contact preferences. Kept: Kept while relevant to support you, reviewed periodically.

Courses & learning

Contract

Give you access to your courses, track your progress, and issue certificates.

Data: Enrolments, Lesson progress, Completion. Kept: For the life of the account; removed on erasure request.

Bookings & sessions

♥ sensitiveContract

Schedule sessions with facilitators and coaches and send reminders.

Data: Name, Email, Appointments, Intake answers. Kept: Kept while you use the service, reviewed periodically.

Protocols & self-treatment

♥ sensitiveConsentContract

Support self-healing protocols and acupuncture self-treatment guidance chosen by you or run with a facilitator.

Data: Protocol sessions, Self-reported wellbeing scores. Kept: Kept while relevant; removed on erasure request.

Community

ContractConsent

Run cohorts, groups, and Q&A so the family can support each other.

Data: Name, Posts & replies, Group membership. Kept: Kept while you are a member of a group.

Email & newsletters

Consent

Send newsletters and campaign emails you have opted into, and let you unsubscribe at any time.

Data: Name, Email, Consent status, Open/click events. Kept: Until you withdraw consent or unsubscribe.

Referrals & affiliates

ContractLegitimate interest

Run the referral program: personal links, attribution, and commissions.

Data: Referral code, Clicks, Referrals, Payout details. Kept: Kept while you take part; financial parts follow billing rules.

Outcomes & research

Consent

Understand whether programs help, using an anonymized dataset. No personal identifiers are included, and only with consent.

Data: Anonymized outcome scores (no personal identifiers). Kept: Anonymized; not linked back to you.

AI-assisted drafting

Legitimate interest

When AI features are on, message and content text may be sent to our AI provider to draft replies and content. A human always reviews before anything is sent.

Data: Message/content text passed to the model at draft time. Kept: Not retained for model training by the provider; drafts kept with the record they belong to.

Who else touches your data

We use a small set of trusted providers to run the service. Each is bound by a data-processing agreement.

ProviderWhat they doRegion
SupabaseDatabase, authentication, and file storageThe primary data store. Row-level security isolates each account.EU (Frankfurt)
VercelApplication hosting and content deliveryEU region, global edge
ResendTransactional and inbound email deliveryEU (Ireland)
CloudflareDNS, network security, and real-time call relayGlobal edge
Digistore24Payment processing and EU merchant-of-record (VAT)Handles card/payment data so NEWNEI never stores card numbers.EU (Germany)
Anthropic (Claude)when enabledAI drafting for replies and contentOnly when AI features are enabled; a human reviews every draft.United States
Meta (WhatsApp Cloud API)when enabledWhatsApp messaging channelOnly if the WhatsApp support channel is switched on (dormant today).United States / EU

Questions or a request?

Email hi@newnei.com for anything about your data, including data requests and any security concern. If a personal-data breach ever affects you, we notify affected people and the supervisory authority as the GDPR requires.

The full Privacy Policy and the naming of our formal data-controller entity and Data Protection contact are being finalized with legal review. NEWNEI is EU-hosted and GDPR-aligned; it does not claim any certification it does not hold.

NEWNEI® is a registered trademark (EUTM No. 019272571).