Is Loam meditation app free?

Yes. Loam is free to download and free to start. Core tools like breathing exercises, journaling, daily check-ins, and streak tracking are always available at no cost. Premium unlocks the full guided session library, unlimited custom Moments, and advanced features.

What makes Loam different from Calm or Headspace?

Loam composes every session around how you feel right now — the voice, the pace, and the therapeutic approach all adapt in real time. Instead of just a catalog, Loam ships 460+ guided sessions across 60 structured programs (Burnout Recovery, Anxiety Toolkit, Sleep Stories, NSDR, ADHD-friendly practice, Mindful Menopause, and more) AND generates a new meditation tailored to your current emotional state on demand. It also ships with Sage, a wellness coach trained in Motivational Interviewing, and 16 breathing exercises with haptic-synced animations.

Is Loam safe to use alongside therapy or medication?

Yes. Loam is designed with clear clinical guardrails. Sessions never claim to diagnose or treat mental illness, never tell you to stop therapy or medication, and always defer to professional care for symptoms that warrant it. Content is constrained to evidence-based techniques (ACT, self-compassion, MBSR, somatic experiencing, CBT-I) and a carefully reviewed voice and pacing library. Meditation is a complement to care, not a replacement. If you're in crisis, please contact a local crisis line or your care provider.

What research is Loam based on?

Every therapeutic technique in Loam cites primary peer-reviewed research. Loam's breathing library is grounded in work by Balban et al. (Stanford, 2023), Zaccaro et al. (2018), and Lehrer & Gevirtz (2014). The Moment's therapeutic architecture draws on polyvagal theory (Porges), ACT (Hayes), self-compassion (Neff), MBSR (Kabat-Zinn), and somatic experiencing (Levine). A full citation library is available at /research.

Who are the voices in Loam?

Loam uses 14 research-selected voices. Each voice is chosen for the emotional state it handles best, based on polyvagal theory, ASMR research, and voice psychology — low resonant voices for grounding, warm bright voices for light moods, measured voices for heavy ones. Loam automatically picks the voice the research says will work for your current state, or you can override manually.

Does Loam work offline?

Core tools work offline, including downloaded meditations, breathing exercises, and the journal. The Moment — Loam's custom meditation composer — requires an internet connection at the moment of generation, because the session is composed on the fly. Once generated, every Moment is saved to your library and can be replayed offline without using any credits.

Does Loam have sleep stories?

Yes. Loam includes narrated sleep stories, sleep soundscapes, and wind-down rituals. The sleep content uses anti-storytelling techniques — structured to prevent the mind from latching on to narrative — based on CBT-I stimulus control research (Bootzin & Epstein, 2011).

What breathing exercises does Loam offer?

Loam offers 16 breathing techniques across beginner, intermediate, and advanced tiers, including Box Breathing (4-4-4-4), 4-7-8 Relaxation, the Physiological Sigh, Coherent (Resonance) Breathing at 5.5-5.5, Alternate Nostril, Ujjayi, Kapalbhati, and the Wim Hof method. Every technique links to the peer-reviewed research that validates it, so you can read the study if you want to.

Will I lose my streak if I miss a day?

No. Loam's streak system is explicitly wellness-first: streaks pause, they don't break. You get two streak freezes, you can mark rest days, and the app never shames you for missing a session. Anxious users are especially vulnerable to streak mechanics turning self-care into another source of pressure — Loam is designed to avoid that failure mode.

Privacy Policy

Name: Loam
Availability: InStock
Author: Loam

Last updated: April 24, 2026

Effective date: April 24, 2026 · Version 2.0

Withloam Inc. (“Loam,” “we,” “us,” or “our”) operates the Loam mobile application (“App”) and the website at withloam.app (“Site,” together with the App, the “Service”). This Privacy Policy explains what personal data we collect, the legal bases on which we process it, who we share it with, how long we keep it, and what rights you have. It forms part of, and should be read together with, our Terms of Service. By creating an account or using the Service you confirm that you have read and understood this Policy. If you do not agree, please do not use the Service.

Plain-English Summary

The full policy below is written for legal precision. This summary is provided for convenience only and does not replace the binding text that follows.

We do not sell your personal data. We never have and we do not intend to.
We do not share your content with third parties for advertising. The Service contains no third-party advertising networks, ad cookies, or behavioral ad tracking.
Your prompts and journal entries are not used to train any AI model — neither ours, nor any third party's.
Your Sage Voice calls are not recorded as audio. Only an encrypted text transcript is stored, and it is automatically deleted 30 days after the call.
We collect what is necessary to operate the Service, personalize it for you, run safety checks, prevent abuse, fulfill our legal obligations, and enforce our Terms.
You can delete your account at any time by emailing [email protected] or using the in-app deletion flow.

1. Data We Collect

The data we collect depends on how you use the Service. We process the categories of personal data below.

1.1 Account and Identity Data

When you create an account, we receive identifying information from your chosen authentication provider (Apple, Google, or Facebook): your email address, display name, an opaque unique user identifier, and (where you choose to share it) an avatar URL. We do not receive or store your password — authentication is performed entirely through the provider's OAuth flow. We additionally store your recorded affirmation that you are at least 13 years of age (an age-confirmation timestamp), your subscription status, and your chosen profile preferences.

1.2 Wellness, Behavioral, and Practice Data

As you use the Service, we collect data you provide and data generated automatically by your activity. This includes:

Daily check-in responses (mood, energy level, intention, time-of-day signal).
Mood entries, mood notes, and rest-day markers.
Meditation, breathing, sleep, and micro-meditation session history (which content played, duration, completion percentage, completion timestamp).
Streak data, streak-freeze usage, weekly and daily goals, and achievement badges earned.
Favorites and content interactions (browse, search, play, share, completion percentage, plus the hour and day-of-week of the interaction).
Program (collection) progress and program-completion certificates.
Morning and evening ritual completions and their components.
Saved soundscape mixer presets, including the component sounds and your volume settings.
Downloaded-content tracking (for offline playback availability).

1.3 Journal Entries and User-Generated Content

Where you choose to journal in the Service we store the text of your entries, the mood tag you associate with the entry, any AI-generated insight produced for that entry, and an optional link to the meditation session that prompted the entry. We also store AI-generated journal prompts shown to you. Journal entries are private to your account, are not visible to other users, and are not used to train any AI model.

1.4 The Moment — AI Session Generation Data

When you use The Moment, you provide a free-text prompt describing how you feel, an optional mood selection, your preferred voice, and your preferred duration. This input, together with a small set of personalization signals (your experience level, recent practice history, and learned preferences), is sent to our AI providers for script generation and audio synthesis. The resulting script and audio file are stored against your account so you can replay the session without consuming additional credits. Each generation is also logged for quota enforcement and abuse prevention.

1.5 Sage and Sage Voice — Conversational AI Data

Sage is a text-based AI wellness companion. Sage Voice is the optional voice-based version. When you use these features we process:

The text content of your messages or, for Sage Voice, the real-time text transcript of your speech.
Conversation metadata (who spoke, when, what tools the agent invoked).
Context that the system extracts from the conversation (for example: detected mood, stress level, life events you mention) used solely to make subsequent sessions more responsive to what you have already shared.
Post-call summaries generated automatically after a Sage Voice session.
Your acknowledgment timestamp for the Sage Voice safety disclosure shown before your first call.
Voice usage and quota data: per-session minute counts, monthly usage totals, and concurrent-session records.
Records of safety classifier outcomes and the action taken in response, where our automated safety systems flag a conversation for crisis or abuse review.

We never record or store the raw audio of Sage Voice calls. The voice channel is processed in real time and is not written to disk. Transcripts are stored in encrypted form and are automatically deleted 30 days after the call. Aggregated usage counters and conversation-level metadata may be retained longer in accordance with Section 7 (Data Retention).

1.6 Subscription, Credit, and Purchase Data

Premium subscriptions, Moment Credits, and Voice Credits are processed exclusively through the Apple App Store or Google Play Store. We receive a transaction reference, a product identifier, an entitlement status, and a renewal/expiration timestamp. We never receive or store your payment-card number, billing address, or other Store payment details. We maintain an internal append-only ledger of credit balances, credit purchases (with a reference to the Store receipt), and credit transactions to prevent double-spending and to make your balance accurate to you.

1.7 Notifications and Communications Data

Where you opt in to push notifications, we store a device push token, the associated device type, and your per-type notification preferences (daily reminders, streak-protection nudges, program continuation, AI-session-ready alerts, time-aware nudges, Sage nudges) together with any quiet hours you have set. Push tokens are marked inactive when you sign out and rotated when your device or operating system re-issues them. We do not currently send marketing emails; if we add this in the future we will obtain your opt-in consent.

1.8 Device and Technical Data

The App reports device information needed to operate and protect the Service: device model, operating system and version, App version, and the language and time-zone of the device. We do not collect your device serial number, IMEI, MAC address, or any advertising identifier (IDFA / AAID), and we are not integrated with any advertising network.

1.9 Apple Health (HealthKit) Integration

On iOS, where you grant permission, the App writes “mindful minutes” to the Apple Health app for each meditation, breathing exercise, or AI session you complete. This is a one-directional write: we do not read heart rate, heart-rate variability, sleep, respiratory, blood pressure, or any other data from HealthKit. You may revoke this permission at any time in iOS Settings › Health › Data Access & Devices. Data received from HealthKit is not used to advertise to you, sold, shared with third parties, or used for purposes other than the purpose for which you granted permission, in accordance with Apple's HealthKit terms.

1.10 Approximate Location Data

If you enable weather-aware features, the App requests an approximate location (city-level or device time-zone, never precise GPS coordinates) which is used to retrieve current weather conditions for your area. The location is used at request time and is not stored long-term against your account. If you disable weather features the request is not made.

1.11 Product Analytics and Diagnostic Data

We log application events (screen views, feature usage, completion outcomes, error categories, App-session identifiers, and the hour and day-of-week of the event) to understand product usage in aggregate and to diagnose problems. These events are linked to your account so you can request access or deletion, but are aggregated and de-identified before they inform any product decision. We do not use third-party analytics providers (such as Google Analytics, Mixpanel, Amplitude, PostHog, or Segment) and we do not share these logs with any third party.

1.12 Safety and Compliance Signals

To keep the Service safe and compliant we maintain: classification outcomes for Sage and Sage Voice conversations (for example, whether the conversation was flagged for crisis or abuse review), the action our system took in response (for example: gentle redirect, displayed crisis resources, ended the call), and records of consents you have given (such as your acceptance of the Sage Voice disclosure). We also maintain records sufficient to demonstrate compliance with your data-rights requests.

2. How We Use Your Data

We use the categories of data described above to:

Provide, operate, maintain, and personalize the Service — for example, recommending meditations based on your check-in, tracking your streak, saving your journal entries, and remembering your soundscape presets.
Generate personalized AI meditation sessions through The Moment and personalize Sage and Sage Voice based on context you have shared in past sessions.
Deliver time-aware, weather-aware, and circadian-aware content recommendations on the home screen.
Manage your subscription, credit balance, and access entitlements; reconcile receipts with the Stores; and prevent double-spending of credits.
Send you push notifications you have opted into and respect your quiet hours and per-type preferences.
Detect, investigate, and prevent fraud, abuse, security incidents, and policy violations.
Run safety classifiers on Sage and Sage Voice conversations to detect crisis, self-harm, or abuse signals, and respond appropriately (including by ending a call and surfacing crisis resources).
Analyze aggregated, de-identified usage to understand how the Service is performing and to improve it.
Respond to your support requests and communicate with you about the Service.
Comply with our legal obligations (including tax, audit, accounting, response to lawful requests from authorities, and platform-store requirements) and enforce our Terms.

3. Legal Bases for Processing (EEA, UK, Switzerland)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, our legal bases for processing your personal data under Article 6 of the General Data Protection Regulation (GDPR) and equivalent UK and Swiss laws are:

Performance of a contract — to provide the Service you have requested under our Terms (account creation, content delivery, AI session generation, subscription management).
Legitimate interests — to operate, secure, and improve the Service, prevent fraud and abuse, run safety classifiers, and maintain reliable infrastructure. We perform a balancing test before relying on this basis and you may object as described in Section 8.
Consent — for optional features that involve sensitive data (mood and journal data treated as health-adjacent in some jurisdictions), for HealthKit integration, for push notifications, and for use of Sage Voice. You may withdraw consent at any time without affecting prior lawful processing.
Compliance with legal obligations — to meet tax, accounting, regulatory, and lawful-request obligations.

4. Categories of Service Providers

We do not sell your personal data and we do not share your data for cross-context behavioral advertising. To operate the Service we engage carefully selected third-party service providers to perform specific functions on our behalf, in each case under a written data-processing agreement and on a strict need-to-know basis. The categories of providers are:

Cloud infrastructure and storage providers — host our backend (compute, database, object storage) and edge networking and security services. They store your account data, wellness data, generated audio, and encrypted transcripts on our behalf.
Generative AI providers — generate the meditation script that becomes a Moment session and power Sage's text reasoning. They receive only the prompt text, voice description, duration, experience level, and a small set of personalization signals derived from your prior sessions. We have configured these integrations so that your prompts and completions are not used to train the providers' models.
Voice and speech-processing providers — synthesize the audio for The Moment and process your speech in real time during a Sage Voice call. They do not record raw audio to persistent storage.
Real-time audio infrastructure providers — carry the live audio stream between your device and our voice processor during a Sage Voice call. They handle the live channel only and do not have access to your account data.
Subscription and in-app-purchase providers — validate Store receipts and synchronize entitlement state. They receive a stable user identifier and the receipt issued by Apple or Google; they do not receive your journal, transcripts, mood, or other wellness data.
Identity and authentication providers (Apple, Google, Meta) — authenticate you when you sign in and return the basic profile information you have agreed to share. We do not share any of your Loam usage data back with these providers.
App distribution and payment stores (Apple App Store, Google Play Store) — handle billing, refunds, and tax remittance for all purchases under their own terms and privacy policies. We never see or store your payment method.
Push-notification infrastructure providers — deliver notifications you have opted into. They receive a device push token and the notification payload only.
Weather data providers — return current weather conditions when you enable weather features. They receive an approximate location only.
Apple HealthKit (Apple Inc.) — where you grant permission, the App writes mindful-minute summaries to your Apple Health database. HealthKit data is governed by Apple's on-device privacy controls and never leaves your device through us.

The specific named providers we currently use (which form part of our App Store privacy disclosures) are available on request by emailing [email protected].

5. Sensitive and Special-Category Data

Some of the data you provide — including mood entries, daily check-ins, journal text, AI-session prompts, and Sage Voice transcripts — may reveal information about your mental, emotional, or physical wellbeing. In some jurisdictions this is treated as sensitive personal information or as a special category of personal data (for example under GDPR Article 9, KVKK Article 6, the CCPA/CPRA “sensitive personal information” category, and similar provisions in other US state laws). Where such categorization applies, we process this data only with your explicit consent obtained when you enable the relevant feature, we apply additional security safeguards, and we do not use it for any purpose other than the purposes described in this Policy.

6. International Data Transfers

We are based in the United States and our infrastructure providers operate global edge networks. Your personal data may be transferred to, processed in, and stored in countries outside your country of residence, including the United States, that may have different data-protection laws. Where required by law (including for transfers from the EEA, UK, or Switzerland) we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, the Swiss Federal Data Protection and Information Commissioner's recognition of the SCCs, or other lawful transfer mechanisms, together with supplementary technical and organizational safeguards, to ensure an adequate level of protection.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy. Specifically:

Account and profile data — for the life of your account, plus up to 30 days after account deletion to complete the deletion process across our infrastructure (limited copies may persist in encrypted backups for up to 90 days before secure overwrite).
Wellness, behavioral, and journal data — for the life of your account; deleted within 30 days of account deletion.
Generated AI sessions and audio — for the life of your account so you can replay them; deleted within 30 days of account deletion.
Sage Voice transcripts — automatically deleted 30 days after each call. You may request earlier deletion by emailing [email protected].
Conversation-level metadata and safety records — retained up to 24 months for safety auditing and abuse prevention.
Subscription, credit-ledger, and tax records — retained for the period required by applicable tax and accounting law (typically 7 years in the United States) regardless of account deletion.
Aggregated and de-identified analytics — may be retained indefinitely; cannot be linked back to you.

8. Your Privacy Rights

Subject to applicable law, you have the rights described below. To exercise any right, email us at [email protected] from the address associated with your account or use the in-app deletion flow. We will verify your identity (typically by confirming control of the email used to sign in), respond within 30 days (or sooner where required by law), and may extend by a further 60 days for complex requests.

8.1 Universal Rights

Access — request a copy of the personal data we hold about you.
Correction — request that we correct inaccurate or incomplete data.
Deletion — request deletion of your account and associated personal data, subject to retention obligations described in Section 7.
Portability — receive your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
Withdrawal of consent — withdraw your consent at any time where processing is based on consent.
Non-discrimination — exercise these rights without retaliation, denial of service, or different pricing.

8.2 European Economic Area, United Kingdom, Switzerland (GDPR)

In addition to the universal rights above, you have the right to: (a) object to processing on grounds of legitimate interest; (b) obtain restriction of processing; (c) not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (see Section 8.8 on AI rights); and (d) lodge a complaint with your local supervisory authority.

8.3 California Residents (CCPA / CPRA)

California residents have the right to know what categories and specific pieces of personal information we have collected, the purposes for which we use them, the categories of sources, and the categories of third parties with whom we share them; the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising); the right to limit the use of sensitive personal information (we use it only as described in this Policy and do not infer characteristics from it); and the right to non-discrimination.

8.4 Other US States

Residents of Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), Texas (TDPSA), Utah (UCPA), Oregon (OCPA), Montana (MCDPA), and other states with comprehensive privacy laws have substantially similar rights, including access, deletion, correction (where provided by law), portability, and the right to opt out of targeted advertising and the sale of personal data. We do not sell personal data and do not engage in targeted advertising. Where your state provides a right to appeal a denied request, you may appeal by replying to our written response.

8.5 Turkey (KVKK)

If you are located in Turkey, the Personal Data Protection Law (Kişisel Verilerin Korunması Kanunu, “KVKK”) applies. Mood entries, journal text, and Sage Voice transcripts may qualify as “special categories of personal data” under KVKK Article 6 and we process them only with your explicit consent. You may exercise your KVKK rights — including information, access, correction, deletion, restriction of processing, objection to processing, and the right to compensation for unlawful processing — by contacting [email protected], and you may lodge a complaint with the Turkish Personal Data Protection Authority (KVKK Kurumu).

8.6 Brazil (LGPD)

If you are a data subject in Brazil, the Lei Geral de Proteção de Dados (LGPD) applies. You have the rights to confirmation of processing, access, correction, anonymization or deletion, portability, information about sharing, withdrawal of consent, and to lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD).

8.7 Canada (PIPEDA and Quebec Law 25)

Canadian residents have rights of access, correction, and withdrawal of consent under PIPEDA and applicable provincial laws. Quebec residents additionally have rights under An Act Respecting the Protection of Personal Information in the Private Sector (Law 25), including the right to be informed of automated decision-making, to obtain de-indexation of online information, and to data portability.

8.8 Right to Human Review of AI Decisions

The Moment, Sage, and Sage Voice produce AI-generated content automatically without meaningful human review before delivery to you. None of these features make a legally binding decision about you, take any action that has a legal effect on you, or determine access to a contractual benefit. Nevertheless, you have the right at any time to request a qualified human review of any specific AI-generated response that you feel significantly affects you, and to request that we explain, in plain language, the categories of input that informed it. Email [email protected] to make such a request.

9. Security

We apply reasonable and appropriate technical and organizational measures designed to protect your personal data, including encryption of data in transit, encryption-at-rest of sensitive stored data, least-privilege access controls for our personnel, rate limits on sensitive endpoints, logging and monitoring of access, segregation of production and non-production environments, and an incident response plan reviewed periodically. No method of electronic storage or transmission is, however, completely secure, and we cannot guarantee absolute security.

10. Security Incident Notification

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities without undue delay, in accordance with the timelines required by applicable law (including the 72-hour notification requirement under GDPR Article 33 where applicable). Notification will describe the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address it.

11. Children's Privacy

The Service is not directed to children under 13 and we do not knowingly collect personal data from children under 13. We enforce a server-side age gate that requires every account holder to affirm that they are at least 13 years of age (in compliance with the Children's Online Privacy Protection Act, “COPPA”). Where local law requires a higher digital age of consent (for example, age 14, 15, or 16 in certain EU Member States), users below that local age must additionally have the consent of a parent or legal guardian to use the Service. If you believe a child has provided us with personal data without the necessary consent, please contact [email protected] and we will delete the data promptly.

12. Cookies and Web Tracking

The Site (withloam.app) uses only essential cookies needed for the Site to function (for example, to remember your language preference and to maintain a session). The Site does not use third-party advertising cookies, tracking pixels, behavioral retargeting, fingerprinting, or session replay. The App does not use cookies. If we introduce optional analytics cookies in the future we will provide a banner or in-app control allowing you to consent or decline.

13. Notifications and Communications Choices

Push notifications are off by default and require your explicit opt-in. You can change per-type preferences and quiet hours in Settings inside the App, or revoke push permission entirely from your device's system settings. Operational and transactional messages (such as account-deletion confirmations or material changes to this Policy) may be delivered to the email address associated with your account regardless of your push preferences.

14. Account Deletion and Data Erasure

You may delete your account at any time using the in-app deletion flow (Settings › Account › Delete account) or by emailing [email protected]. Account deletion is irreversible and will remove your profile, wellness data, journal entries, generated AI sessions, presets, achievements, and Sage / Sage Voice conversations from active systems within 30 days of the request, subject to the retention exceptions in Section 7. Encrypted backups containing your data are securely overwritten on their regular rotation cycle (typically within 90 days).

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Where we make material changes, we will notify you by posting a notice in the App and on the Site at least 14 days before the changes take effect, and where required by law, by email to the address associated with your account. The version number and effective date at the top of this page reflect the most recent revision. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

16. Contact Us

For privacy questions, requests to exercise your rights, or to report a privacy concern, contact:

Withloam Inc.
Privacy Office
Email: [email protected]

For users in the European Economic Area, the United Kingdom, or Switzerland: where required by Article 27 GDPR, our representative and routing address for data-subject requests can be obtained by emailing the address above.

← Back to home