Privacy Policy

Your privacy and data security are fundamental to ZenThink AI. This policy explains how we collect, use, and protect your personal information.

Last Updated: January 2025Effective: January 1, 2025

Privacy at a Glance

No Data Selling

We never sell, rent, or share your personal information with third parties for marketing purposes.

End-to-End Encryption

All conversations and personal data are encrypted during transmission and storage.

HIPAA-Grade Security

We follow healthcare-grade security standards to protect your mental health data.

Anonymous AI Processing

AI conversations are processed anonymously without personal identifiers.

Data Control

You have full control over your data with options to export or delete at any time.

Minimal Data Collection

We only collect data necessary to provide and improve our mental wellness services.

Information We Collect

1. Account Information

  • Email address (for account creation and communication)
  • Display name or nickname (optional, for personalization)
  • Password (encrypted and never stored in plain text)
  • Subscription tier and payment information (processed by RevenueCat)

2. Mental Health Data

  • Conversation transcripts with AI (encrypted and anonymized for AI processing)
  • Mood tracking entries and emotional state information
  • Journal entries and personal reflections
  • Crisis intervention interactions and safety assessments
  • Healing pack progress and completion data
  • Affirmation preferences and personalized content

Important: Mental health conversations are processed anonymously by our AI service provider. No personally identifiable information is included in AI processing.

3. Technical Information

  • Device type, operating system, and app version
  • Usage patterns and feature engagement (anonymized)
  • Crash reports and error logs (no personal data included)
  • Network connectivity and performance data
  • Voice recordings (processed locally and with voice synthesis service, not stored)

4. Website Analytics

  • Page views, session duration, and navigation patterns
  • Referral sources and marketing campaign effectiveness
  • Browser type, screen resolution, and device information
  • Geographic location (country/region level only)

How We Use Your Information

Service Delivery

  • Provide AI-powered mental health conversations and support
  • Deliver personalized mood tracking insights and affirmations
  • Enable crisis intervention and emergency support features
  • Sync your data across devices (paid tiers only)
  • Process subscription payments and manage account access

Personalization & Improvement

  • Customize AI responses based on your communication style and needs
  • Generate personalized affirmations and mood insights
  • Improve app features and user experience through anonymous usage analytics
  • Develop new mental health tools and therapeutic approaches
  • Enhance crisis detection and intervention capabilities

Communication & Support

  • Send important account and security notifications
  • Provide customer support and technical assistance
  • Share mental health resources and wellness tips (opt-in only)
  • Notify about app updates and new features

Data Security & Protection

Encryption

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • End-to-end encryption for conversations
  • Encrypted database storage

Access Controls

  • Multi-factor authentication for staff
  • Role-based access permissions
  • Regular security audits and penetration testing
  • HIPAA-compliant infrastructure

Data Anonymization

  • Personal identifiers removed from AI processing
  • Aggregated analytics without individual tracking
  • Pseudonymization for research purposes
  • Automatic data aging and deletion

Infrastructure

  • Cloud hosting with SOC 2 compliance
  • Regular automated backups
  • Disaster recovery procedures
  • 24/7 security monitoring

Third-Party Services

Services We Use

Supabase (Database & Authentication)

Secure database hosting with encryption. Data shared: Account information, encrypted conversation data, mood tracking data.

RevenueCat (Subscription Management)

Subscription processing and management. Data shared: No health data, only subscription status and transaction information.

AI Service Provider (Conversation Processing)

AI conversation processing. Data shared: Anonymized conversation text only, no personal identifiers or health data.

Voice Synthesis Service (Voice Features)

Voice synthesis for AI responses. Data shared: Voice generation requests only, no conversation content stored.

What We DON'T Share

  • Personal identifying information with AI processing services
  • Mental health data with marketing or advertising companies
  • Individual conversation content with any third party
  • Mood tracking data with insurance companies or employers
  • Crisis intervention details with anyone except emergency services (when legally required)

Your Rights & Choices

Data Access & Control

  • View and download your personal data
  • Update or correct your information
  • Delete your account and associated data
  • Export conversation history (paid tiers)
  • Opt-out of analytics (where legally permitted)

Communication Preferences

  • Control notification settings and frequency
  • Opt-out of promotional communications
  • Choose email preferences
  • Set quiet hours for notifications
  • Customize AI personality and response style

Free Tier Limitation: Users on the free "Grounded" tier do not have conversation history saved. Data deletion is automatic after each session. Upgrading to a paid tier enables conversation history and data export features.

Data Retention

Retention Periods

Free Tier ConversationsNot stored (session only)
Paid Tier ConversationsUntil account deletion
Mood Tracking DataUntil account deletion
Account Information30 days after deletion request
Anonymized Analytics3 years (no personal data)
Crisis Intervention Logs7 years (legal requirement)

Automatic Deletion

We automatically delete or anonymize data according to the following schedule:

  • Inactive accounts (no login for 2+ years) receive deletion notice
  • Data deletion completed 30 days after notice (if no response)
  • Voice recordings processed immediately and not stored
  • Temporary cache and logs cleared every 30 days

Legal Compliance

Applicable Laws

ZenThink AI complies with applicable privacy laws and regulations, including:

  • HIPAA (Health Insurance Portability and Accountability Act)
  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • COPPA (Children's Online Privacy Protection Act)
  • SOX (Sarbanes-Oxley Act) - for financial data
  • Various state privacy laws
  • International data protection standards
  • App store privacy requirements (Apple, Google)

Emergency Disclosure

We may disclose personal information without consent only in these specific circumstances:

  • Imminent threat to life or safety (crisis intervention)
  • Legal requirement by court order or subpoena
  • Child abuse or neglect reporting (as required by law)
  • Compliance with law enforcement for serious crimes

Note: We will notify you of any such disclosures unless legally prohibited.

Children's Privacy

ZenThink AI is designed for users aged 13 and older. We do not knowingly collect personal information from children under 13 years of age.

For Users 13-17

  • Parental consent may be required based on local laws
  • Enhanced privacy protections and safeguards
  • Automatic crisis intervention protocols
  • Limited data collection and enhanced deletion policies
  • Special care in AI interactions and content filtering

If we discover we have collected information from a child under 13, we will delete that information immediately.

International Users

Data Transfers

ZenThink AI operates globally and may transfer data across borders to provide our services. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Adequacy decisions and approved transfer mechanisms
  • Data localization where required by local law
  • Enhanced encryption for international data transmission

Regional Rights

Depending on your location, you may have additional privacy rights:

EU/UK Residents (GDPR)

  • Right to rectification and erasure
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing

California Residents (CCPA)

  • Right to know about personal information
  • Right to delete personal information
  • Right to opt-out of sale (we don't sell data)
  • Right to non-discrimination

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. Here's how we handle updates:

  • Material changes will be communicated via email and in-app notification
  • Updated policy will be posted on our website with revision date
  • 30-day notice period for significant changes affecting your rights
  • Continued use of the service constitutes acceptance of updated terms
  • You may delete your account if you disagree with policy changes

Version History: Previous versions of this policy are available upon request. Contact contact@f3ai.dev for historical policy versions.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

General Privacy Questions

Email: contact@f3ai.dev
Response time: 48-72 hours

Data Protection Officer

Email: contact@f3ai.dev
For GDPR and data protection matters

Support & Account Issues

Email: contact@f3ai.dev
In-app support: Settings → Help & Support

Emergency Situations: If you're experiencing a mental health crisis, please contact emergency services immediately. This privacy policy does not apply to emergency disclosures necessary to protect life and safety.

Your Privacy, Our Priority

Experience AI-powered mental wellness with complete peace of mind.