Legal

Privacy Policy

Last updated 2026-06-04

This product is built on one principle: your data is the product, and it's yours. This page says plainly what we collect, why, and the controls you have.

What we store

Account: your email address, used only to sign you in and (rarely) to reach you about the service.
Your content: your messages, imported notes, and the facts, patterns, and readings derived from them.
Therapist access: invite tokens you create and an audit log of questions asked through them.

Encryption at rest

Your content — messages, memories, the portrait index, patterns, calibrations, open questions, do-not-ask topics, session summaries, analyses, uploaded import files, and the therapist question log — is encrypted with a per-user key. The master key that unwraps it lives in a separate key-management service, not in the application database. Deleting your data destroys your key, which renders your stored content unrecoverable.

One technical exception: the search vectors (embeddings) derived from your memories are stored unencrypted — that is what makes your base searchable. They are not readable text, but they do mathematically reflect the content they were derived from.

Processors we use

A model provider (Anthropic) to run the interviewer, synthesis, and readings.
An embeddings provider (Voyage AI) to make your base searchable.
An email provider (Resend) to send sign-in links.
A hosting/database provider (Railway) to run the service.

Content sent to these processors is used to provide the service to you, not to train their models. We never sell your data.

Your controls

Export: download your entire base as Markdown or JSON from Settings, any time.
Delete: permanently erase all your content and crypto-shred your key from Settings.
Revoke access: kill any therapist invite in one click.

Contact

Questions or a data request? Reach us at [email protected].