Last updated: 20 June 2026
Privacy Policy
Royal Regulation
ABN 89 700 819 725
1. Who We Are
Royal Regulation ("we", "us", "our") is a health and wellness coaching service operated by Nasim van Veenendaal (ABN 89 700 819 725), based in Byron Bay, NSW, Australia. We provide a personalised 8-week nervous system regulation program supported by biometric data from Garmin wearable devices.
This Privacy Policy explains how we collect, use, store, and disclose your personal information, including sensitive health information, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
For privacy enquiries, contact us at: info@royalregulation.com
2. What Data We Collect
We collect information in three ways:
2.1 Information You Provide
- Account information: Full name, email address, phone number
- Health intake assessments: Responses to the Perceived Stress Scale (PSS), Multidimensional Assessment of Interoceptive Awareness (MAIA), and BOLT breathing assessment
- Program information: Your program start date, current week, package type, and practitioner notes
2.2 Garmin Wearable Data (via Garmin Health API)
When you connect your Garmin account to Royal Regulation, we access and store the following biometric data from your Garmin device:
| Data Type | Garmin Field | Purpose |
|---|---|---|
| HRV Status (7-day rolling) | hrvStatus | Primary nervous system indicator |
| Overnight HRV (RMSSD) | lastNight in HRV summary | Weekly trend tracking |
| Resting Heart Rate | restingHeartRate | Sympathetic load indicator |
| Sleep Score | overallSleepScore | Overnight recovery assessment |
| Deep Sleep % | deepSleepSeconds / total | HPA axis downregulation indicator |
| REM Sleep % | remSleepSeconds / total | Emotional and cognitive recovery |
| Body Battery (waking) | bodyBatteryDuringSleep | Daily recovery readiness |
| Stress Score (daily average) | averageStressLevel | Autonomic load monitoring |
| Respiration Rate | averageRespirationValue | Vagal tone proxy |
| Pulse Oximetry | averageSpo2 (where supported) | Secondary recovery marker |
This data is retrieved via the Garmin Health API using OAuth 2.0 authorisation, which you control. We only access data you explicitly authorise during the Garmin connection flow.
2.3 Automatically Collected Information
- App usage and login activity (for security and troubleshooting purposes only)
3. Sensitive Information and Your Consent
The biometric and assessment data we collect (including HRV, sleep data, stress scores, and health assessment results) constitutes sensitive information under the Privacy Act 1988 (Cth), specifically health information.
We collect this sensitive information only with your express consent. By enrolling in the Royal Regulation program and connecting your Garmin account, you consent to our collection, use, and storage of your health information as described in this policy. You may withdraw this consent at any time by contacting us or disconnecting your Garmin account — see Section 7.
4. How We Use Your Data
We use your data exclusively to deliver the Royal Regulation program:
- Display your weekly biometric summaries in the client dashboard
- Enable your practitioner (Nasim van Veenendaal) to write personalised weekly reports based on your data
- Track your progress across the 8-week program arc
- Provide context for breathwork, meditation, and yoga nidra practice recommendations
- Send transactional emails (e.g., welcome email, report published notifications) via Resend
We do not use your data for advertising, and we do not sell your data to third parties.
5. Garmin Data — Third-Party Disclosure
Royal Regulation integrates with the Garmin Health API. When you connect your Garmin account:
- Your authorisation is obtained directly through Garmin's OAuth consent flow
- Garmin transfers your health and fitness data to Royal Regulation via the Garmin Health API
- This data is stored in our database (see Section 6 on data storage)
- We use this data solely to support your Royal Regulation program as described in Section 4
Garmin's collection, processing, and transfer of your data is governed by Garmin's own privacy policy. You can review it here:
Garmin Connect Privacy Policy — garmin.com/privacy/connect
You may disconnect your Garmin account at any time via your Royal Regulation dashboard or directly through your Garmin Connect account settings. Disconnecting will stop future data transfers but will not automatically delete data already stored by Royal Regulation — see Section 8 for deletion requests.
6. How and Where We Store Your Data
Your data is stored using Supabase, hosted on Amazon Web Services (AWS) in the Sydney, Australia region (ap-southeast-2). Your personal and health data is stored on servers located in Australia.
Garmin OAuth access and refresh tokens are encrypted at rest.
Email delivery: We use Resend (a US-based email delivery service) to send transactional notifications. Email content is limited to notification metadata (e.g., "Your week 3 report is ready") and does not include your health data. By using the Service, you consent to this limited cross-border disclosure to Resend for email delivery purposes. Resend processes data in accordance with its own privacy policy and data processing agreement.
7. Who Can See Your Data
- You: You can view your own data through the Royal Regulation client dashboard
- Your practitioner (Nasim van Veenendaal): Has access to your biometric data and assessment results in order to write your weekly reports and deliver your program
- No one else: Access is enforced at the database level. Other clients cannot see your data
We do not share your personal or health data with any third party except as described in this policy (Garmin Health API integration, AWS/Supabase infrastructure in Byron Bay, NSW, Australia, Resend for email delivery).
8. Your Rights and Data Deletion
Under the Australian Privacy Principles, you have the right to:
- Access your personal information — contact us to request a copy
- Correct inaccurate information — contact us or update it in your dashboard
- Delete your data — see below
- Withdraw consent for Garmin data access — disconnect your Garmin account via your dashboard or Garmin Connect settings
- Complain to the Office of the Australian Information Commissioner (OAIC) if you are not satisfied with how we handle your personal information — see Section 11
Requesting Data Deletion
To request deletion of your Royal Regulation account and all associated data (including biometric data retrieved from Garmin):
Email: info@royalregulation.com
Subject line: Data Deletion Request
Include: Your full name and the email address associated with your account
We will process your request within 30 days and confirm when deletion is complete. Note that disconnecting your Garmin account does not automatically delete data already stored by Royal Regulation — you must submit a deletion request as above.
9. Data Retention
We retain your data for the duration of your program and for up to 12 months after program completion, unless you request earlier deletion. After this period, your data is deleted or de-identified.
10. Data Breaches
We take the security of your personal information seriously. In the event of an eligible data breach under the Privacy Act 1988 (Cth) Notifiable Data Breaches (NDB) scheme — that is, a breach likely to result in serious harm to you — we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by law.
11. Children's Privacy
Royal Regulation is intended for adults aged 18 and over. We do not knowingly collect data from minors.
12. Complaints
If you have a concern about how we have handled your personal information, please contact us at info@royalregulation.com in the first instance. We will respond within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5288, Sydney NSW 2001
13. Changes to This Policy
We may update this policy from time to time. We will notify you by email if we make material changes. The "Last updated" date at the top of this page reflects the most recent revision.
14. Contact
For any privacy questions, data requests, or concerns:
Royal Regulation
ABN 89 700 819 725
Email: info@royalregulation.com
Website: royalregulation.com
For questions about Garmin's data practices: garmin.com/privacy/connect