Get It

🧾 GDPR Policy

Last updated: November 2025

At Get Recovered, privacy is not an add-on — it’s a core principle.
We follow a strict data-minimalism approach: we collect as little as possible, protect everything we do collect, and give you full control over your recovery journey and information.

This page explains how we comply with the General Data Protection Regulation (GDPR), what data we process, and how we protect your rights as you use Get Recovered.

🇪🇺 1. Who This Applies To

This policy applies to all users in the European Union (EU) and European Economic Area (EEA) who use Get Recovered through our website, app, or premium service.

Even if you’re outside the EU, we uphold the same privacy standards — because your right to control your personal data should never depend on geography.

🧭 2. Who We Are

Data Controller:
Get Recovered (the company operating www.getrecovered.com)
📧 [email protected]

We decide how and why your personal data is processed.
When offering mood tracking, recovery programs, or AI-assisted support, we may also act as a Data Processor for the wellbeing information you voluntarily provide.

💡 3. What Data We Collect

We collect only what is necessary to deliver secure, personalized recovery tools:

When using the free features:

  • Reflections, check-ins, and wellbeing notes (processed for insights)
  • Technical data (browser/app version, device, performance metrics)
  • Optional email if you create an account or sync progress

When using Premium:

  • Program data, progress logs, exercises, and journal entries
  • Account details (name, email, subscription ID)
  • Payment reference via a third-party processor (we never store card details)

We do not collect external browsing data, sell personal information, or track behavior unrelated to your use of Get Recovered.

⚖️ 4. Lawful Basis for Processing

We process your personal data based on established GDPR principles:

  • Consent: When you submit reflections, wellbeing notes, or create an account.
  • Contractual Necessity: To provide programs, tracking tools, and personalized insights.
  • Legitimate Interest: Maintaining security, improving quality, and preventing misuse.
  • Legal Obligation: When required for compliance or regulatory purposes.

You may withdraw consent at any time by deleting your account or contacting us.

🔐 5. Data Storage & Security

Your wellbeing data is encrypted, safeguarded, and never shared for advertising or resale.
Our infrastructure is hosted in GDPR-compliant data centers within the EU (or approved jurisdictions).

We use:

  • Full HTTPS/TLS encryption
  • Automatic short-term processing for sensitive entries
  • Strict access controls limited to essential operational staff

Your reflections remain private. Always.

📤 6. Data Transfers

If any processing involves servers or partners outside the EU/EEA, we use Standard Contractual Clauses (SCCs) and equivalent safeguards.

All sub-processors undergo a GDPR compliance review.

🧾 7. Your Rights Under GDPR

You have full control over your personal data. You may:

  • Access – Request a full export of your stored data
  • Rectify – Correct inaccurate profile or account info
  • Erase – Delete your account and all associated data
  • Restrict – Limit how your data is processed
  • Port – Request data in machine-readable format
  • Object – Object to certain types of processing
  • Withdraw Consent – Stop processing at any time

To exercise your rights, email [email protected].
We respond within 30 days of verifying your identity.

💳 8. Payments & Third-Party Processors

Payments are securely handled by trusted processors (e.g., Stripe or Paddle).
We never store card details — only non-sensitive transaction references.

All processors operate under Data Processing Agreements (DPAs) to ensure GDPR compliance.

🧹 9. Data Retention

We keep personal data only as long as needed to deliver the service:

  • Free-tier wellbeing entries are deleted immediately if you remove them manually.
  • Account and program data are deleted within 7 days of account deletion.
  • System backups purge data within 30 days.

Aggregate, anonymized trends (e.g., total completed exercises) may be retained without identifiers.

🚫 10. Automated Decision-Making

We do not engage in automated profiling or decision-making.
AI features analyze submitted inputs to provide suggestions — not to evaluate, classify, or profile you.

🧩 11. Children’s Data

Get Recovered is not intended for individuals under 16 years of age.
If underage data is discovered, contact us and we will delete it immediately.

✉️ 12. Contact & Complaints

For GDPR questions or data requests:
📧 [email protected]

If you believe your data rights aren’t being respected, you may contact your local Data Protection Authority (DPA).

🧭 In Short

We support recovery — not surveillance.
Your data belongs to you, your privacy is protected, and your wellbeing insights remain confidential.

Get Recovered — support, clarity, and full respect for your privacy.