Effective date: 03/07/2026
WeRemidy (accessible at weremidy.com and on mobile devices, collectively "WeRemidy") is owned and operated by:
Cornelis Vermeer, trading as WeRemidy (sole trader)
Derrykinnigh More, Cloughfin, Emyvale, Co. Monaghan, H18 EF25, Ireland
For the purposes of the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, Cornelis Vermeer is the data controller responsible for your personal data. WeRemidy's servers are located in Germany, within the EU, so your data is processed inside the EU/EEA except where this Policy states otherwise (see Section 9, International Data Transfers).
Contact for any privacy question or request: hello@weremidy.com.
We collect the following categories of data, all directly tied to your account:
We currently do not process payments or collect payment details — WeRemidy is free to use. (Levels 6-10 have a paid-upgrade feature built into the app that is switched off while the app is new; if that changes, this Policy will be updated first to describe how payment data is handled before that feature is turned on.)
From Level 3 onward, WeRemidy's content becomes sexually explicit. Alongside the date-of-birth check at registration, we ask some users to confirm their age again before Level 3 unlocks — either by a simple self-attestation, or, for closer verification, by uploading a government-issued ID document (such as a passport or driving licence).
Several of the categories in Section 2 — data revealing your sex life or sexual orientation (event ratings, teaser content, the private note field, AI chat history) and health data (period tracking) — are treated as "special category" personal data under GDPR Article 9. We only process this data with your explicit, separate consent, collected at registration and recorded with a timestamp. You can withdraw this consent at any time by deleting your account (see Section 8); withdrawing consent without deleting your account isn't currently supported as a separate action, since this data is foundational to how the app functions.
Under GDPR, we may only process your personal data where we have a valid legal basis:
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Creating and authenticating your account; core features (events, scheduling, scoring, reminders, AI coach, cycle tracking, partner linking) | Performance of a contract with you |
| Special-category data (Section 4): event ratings, teaser content, private notes, AI chat, period tracking | Explicit consent (Art. 9(2)(a)) |
| Age verification for Level 3, including ID document review (Section 3) | Performance of a contract / legal obligation |
| Retaining evidence that age verification occurred | Legitimate interest |
| Customer support and account communications | Performance of a contract / legitimate interest |
| Protecting our rights, preventing fraud, enforcing our Terms | Legitimate interest / legal obligation |
| Improving and developing WeRemidy's features | Legitimate interest |
| Sending marketing emails, offers, or surveys (not currently sent, see Section 6) | Consent |
| Complying with legal obligations (e.g. tax, law enforcement requests) | Legal obligation |
Where we rely on legitimate interest, we have considered that this interest is not overridden by your rights and freedoms. Where we rely on consent, you may withdraw it at any time.
We do not sell your personal data, and we do not share it with third parties for their own marketing purposes. We share narrow slices of it with the following processors, only as needed to operate the app:
Age-verification ID documents (Section 3) are never shared with third parties. Only the retained thumbnail may be disclosed where required by law or a competent authority. We may also disclose information where we reasonably believe it's necessary to comply with the law, a court order, or a governmental request; to enforce our Terms; or to protect the rights, property, or safety of WeRemidy, our users, or the public. If WeRemidy is ever involved in a merger, acquisition, or sale of assets, your information may be transferred, subject to the receiving party agreeing to handle it consistently with this Policy.
WeRemidy does not currently use tracking, advertising, or analytics cookies, on weremidy.com or in the mobile app. The only thing stored on your device is your own login session (an authentication token kept in your browser's local storage or the app's secure device storage), which exists solely to keep you signed in and is not used to track you across other sites or shared with anyone. If we introduce analytics or non-essential cookies in future, we'll update this section and add a consent mechanism before doing so.
We retain your data for as long as your account is active. You can permanently delete your account at any time from Settings → Delete My Account, which requires re-entering your password. Deleting your account:
This action is irreversible.
Account inactivity: if you haven't logged in for 12 consecutive months, we'll email you a warning 7 days beforehand; if you don't log back in during that window, your account is closed automatically, with the same effect as deleting it yourself above. Logging in at any point resets this clock.
WeRemidy's infrastructure is hosted in Germany, within the EU/EEA, so in most cases your personal data does not leave the EU/EEA. If we ever use a service provider located outside the EU/EEA, we will only transfer personal data to them where an adequate safeguard is in place, such as an EU adequacy decision (e.g. the EU-US Data Privacy Framework, for providers self-certified under it) or Standard Contractual Clauses (SCCs) approved by the European Commission, together with any additional safeguards required. You can request more information about these safeguards by contacting hello@weremidy.com.
As a data subject under GDPR, you have the right to:
US residents in states with consumer privacy laws (e.g. California's CCPA/CPRA) have equivalent rights to know what personal information is collected, request deletion, and opt out of sale or sharing of personal information. We do not sell or share personal information as defined under these laws, so there is no sale to opt out of.
To exercise any of these rights beyond what's available directly in the app, contact hello@weremidy.com. We will respond in accordance with GDPR timelines (generally within one month). We may decline requests that are unfounded, excessive, or not required by law. In particular, we retain the Level 3 verification thumbnail (Section 3) for as long as your account is open, as evidence that age verification took place.
WeRemidy is for adults only. You must be 18 or older to create an account, and we verify date of birth at registration; Level 3 content requires a further age re-confirmation (Section 3). We are not directed at, and do not knowingly collect personal data from, anyone under 18 — a higher bar than GDPR's general "under 16" children's-data provisions, reflecting the age-restricted nature of this app's content. If you believe a minor has provided us with personal data, contact hello@weremidy.com so we can delete it.
Passwords are hashed with bcrypt before storage. Authentication uses time-limited tokens. All production traffic is served over HTTPS/TLS. ID documents submitted for Level 3 verification receive additional safeguards as described in Section 3. No security measure is perfect, and we can't guarantee absolute security of your data. If we become aware of a personal data breach that poses a risk to your rights, we will notify the Irish DPC and affected individuals as required under GDPR Articles 33–34.
We may update this Privacy Policy from time to time. We will post the updated version on weremidy.com with a new effective date, and where changes are material, we'll notify you in-app before they take effect.
Cornelis Vermeer, trading as WeRemidy
Derrykinnigh More, Cloughfin, Emyvale, Co. Monaghan, H18 EF25, Ireland
Email: hello@weremidy.com