Draft notice: This document describes WeRemidy's data practices as actually implemented in the app. Identity, jurisdiction, and hosting details below are finalized; it has not yet been reviewed by a qualified lawyer and should not be relied on as a certified compliance document until that review happens, particularly given the sensitive (health and intimate) data categories WeRemidy processes.

WeRemidy Privacy Policy

Effective date: 03/07/2026

1. Who We Are

WeRemidy (accessible at weremidy.com and on mobile devices, collectively "WeRemidy") is owned and operated by:

Cornelis Vermeer, trading as WeRemidy (sole trader)
Derrykinnigh More, Cloughfin, Emyvale, Co. Monaghan, H18 EF25, Ireland

For the purposes of the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, Cornelis Vermeer is the data controller responsible for your personal data. WeRemidy's servers are located in Germany, within the EU, so your data is processed inside the EU/EEA except where this Policy states otherwise (see Section 9, International Data Transfers).

Contact for any privacy question or request: hello@weremidy.com.

2. Data We Collect

We collect the following categories of data, all directly tied to your account:

We currently do not process payments or collect payment details — WeRemidy is free to use. (Levels 6-10 have a paid-upgrade feature built into the app that is switched off while the app is new; if that changes, this Policy will be updated first to describe how payment data is handled before that feature is turned on.)

3. Age Verification for Level 3 Access

From Level 3 onward, WeRemidy's content becomes sexually explicit. Alongside the date-of-birth check at registration, we ask some users to confirm their age again before Level 3 unlocks — either by a simple self-attestation, or, for closer verification, by uploading a government-issued ID document (such as a passport or driving licence).

4. Special Category Data and Your Explicit Consent

Several of the categories in Section 2 — data revealing your sex life or sexual orientation (event ratings, teaser content, the private note field, AI chat history) and health data (period tracking) — are treated as "special category" personal data under GDPR Article 9. We only process this data with your explicit, separate consent, collected at registration and recorded with a timestamp. You can withdraw this consent at any time by deleting your account (see Section 8); withdrawing consent without deleting your account isn't currently supported as a separate action, since this data is foundational to how the app functions.

5. How We Use Your Information and Our Legal Basis

Under GDPR, we may only process your personal data where we have a valid legal basis:

PurposeLegal basis (GDPR Art. 6)
Creating and authenticating your account; core features (events, scheduling, scoring, reminders, AI coach, cycle tracking, partner linking)Performance of a contract with you
Special-category data (Section 4): event ratings, teaser content, private notes, AI chat, period trackingExplicit consent (Art. 9(2)(a))
Age verification for Level 3, including ID document review (Section 3)Performance of a contract / legal obligation
Retaining evidence that age verification occurredLegitimate interest
Customer support and account communicationsPerformance of a contract / legitimate interest
Protecting our rights, preventing fraud, enforcing our TermsLegitimate interest / legal obligation
Improving and developing WeRemidy's featuresLegitimate interest
Sending marketing emails, offers, or surveys (not currently sent, see Section 6)Consent
Complying with legal obligations (e.g. tax, law enforcement requests)Legal obligation

Where we rely on legitimate interest, we have considered that this interest is not overridden by your rights and freedoms. Where we rely on consent, you may withdraw it at any time.

6. Who We Share Data With

We do not sell your personal data, and we do not share it with third parties for their own marketing purposes. We share narrow slices of it with the following processors, only as needed to operate the app:

Age-verification ID documents (Section 3) are never shared with third parties. Only the retained thumbnail may be disclosed where required by law or a competent authority. We may also disclose information where we reasonably believe it's necessary to comply with the law, a court order, or a governmental request; to enforce our Terms; or to protect the rights, property, or safety of WeRemidy, our users, or the public. If WeRemidy is ever involved in a merger, acquisition, or sale of assets, your information may be transferred, subject to the receiving party agreeing to handle it consistently with this Policy.

7. Cookies and Local Storage

WeRemidy does not currently use tracking, advertising, or analytics cookies, on weremidy.com or in the mobile app. The only thing stored on your device is your own login session (an authentication token kept in your browser's local storage or the app's secure device storage), which exists solely to keep you signed in and is not used to track you across other sites or shared with anyone. If we introduce analytics or non-essential cookies in future, we'll update this section and add a consent mechanism before doing so.

8. Data Retention and Deletion

We retain your data for as long as your account is active. You can permanently delete your account at any time from Settings → Delete My Account, which requires re-entering your password. Deleting your account:

This action is irreversible.

Account inactivity: if you haven't logged in for 12 consecutive months, we'll email you a warning 7 days beforehand; if you don't log back in during that window, your account is closed automatically, with the same effect as deleting it yourself above. Logging in at any point resets this clock.

9. International Data Transfers

WeRemidy's infrastructure is hosted in Germany, within the EU/EEA, so in most cases your personal data does not leave the EU/EEA. If we ever use a service provider located outside the EU/EEA, we will only transfer personal data to them where an adequate safeguard is in place, such as an EU adequacy decision (e.g. the EU-US Data Privacy Framework, for providers self-certified under it) or Standard Contractual Clauses (SCCs) approved by the European Commission, together with any additional safeguards required. You can request more information about these safeguards by contacting hello@weremidy.com.

10. Your Rights Under GDPR

As a data subject under GDPR, you have the right to:

US residents in states with consumer privacy laws (e.g. California's CCPA/CPRA) have equivalent rights to know what personal information is collected, request deletion, and opt out of sale or sharing of personal information. We do not sell or share personal information as defined under these laws, so there is no sale to opt out of.

To exercise any of these rights beyond what's available directly in the app, contact hello@weremidy.com. We will respond in accordance with GDPR timelines (generally within one month). We may decline requests that are unfounded, excessive, or not required by law. In particular, we retain the Level 3 verification thumbnail (Section 3) for as long as your account is open, as evidence that age verification took place.

11. Children

WeRemidy is for adults only. You must be 18 or older to create an account, and we verify date of birth at registration; Level 3 content requires a further age re-confirmation (Section 3). We are not directed at, and do not knowingly collect personal data from, anyone under 18 — a higher bar than GDPR's general "under 16" children's-data provisions, reflecting the age-restricted nature of this app's content. If you believe a minor has provided us with personal data, contact hello@weremidy.com so we can delete it.

12. Security

Passwords are hashed with bcrypt before storage. Authentication uses time-limited tokens. All production traffic is served over HTTPS/TLS. ID documents submitted for Level 3 verification receive additional safeguards as described in Section 3. No security measure is perfect, and we can't guarantee absolute security of your data. If we become aware of a personal data breach that poses a risk to your rights, we will notify the Irish DPC and affected individuals as required under GDPR Articles 33–34.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on weremidy.com with a new effective date, and where changes are material, we'll notify you in-app before they take effect.

14. Contact

Cornelis Vermeer, trading as WeRemidy
Derrykinnigh More, Cloughfin, Emyvale, Co. Monaghan, H18 EF25, Ireland
Email: hello@weremidy.com