Privacy Policy | Peacify

Last Updated: 21 June 2025

1. Information We Collect

We collect information to provide and personalize our therapeutic services.

Account Information: Your name, email address, and authentication credentials (e.g., via Google or email sign-in).
Onboarding and Profile Information: To tailor your experience, we collect information you provide during onboarding, such as your preferred name, age, primary mental health concerns, previous therapy experience, goals, communication style preferences, stress levels, and optional details about triggers, coping mechanisms, and support systems.
Conversation Data: The content of your chat messages with our AI therapist. This is essential for providing the service.
Payment Information: When you subscribe, our payment processor,iyzico, will collect your payment details. We do not store your full credit card information on our servers.

Usage Data: We may collect information about your interaction with our Services, such as feature usage, session duration, and general activity patterns, to improve our platform.
Device and Technical Data: We collect standard technical information, such as your IP address, browser type, and operating system, for security and operational purposes.

Your information is used for the following purposes:

To Provide and Personalize the Service: We use your profile information and conversation history to tailor the AI's responses and make your sessions more relevant and effective.
For Safety and Crisis Support: We use an automated system to detect potential crisis situations (e.g., mentions of self-harm). If a crisis is detected, our system may provide immediate resources. A confidential log of the event is created in our crisis_logs system to be reviewed by authorized personnel for safety and follow-up purposes only.
To Process Transactions: To manage your subscriptions and process payments through our partner, iyzico.
To Improve Our Services: We may use anonymized and aggregated data to analyze the effectiveness of our AI models and improve the user experience. Your personal chat content is not used for training general AI models without your explicit, separate consent.
To Communicate With You: To send you important information about your account, subscription, or updates to our Services.

We implement advanced, medical-grade security measures to protect your sensitive information.

Encryption: All data, both in transit and at rest, is encrypted using strong protocols (e.g., TLS, AES-256). Sensitive health and profile data is further encrypted in our database using user-specific keys.
Key Management: We operate a robust key management system (healthEncryptionKeys,healthKeyAuditLog) to ensure that access to encrypted health data is strictly controlled and audited.
Access Control: Access to user data is strictly limited to authorized personnel on a need-to-know basis for purposes like customer support or safety reviews. All access to sensitive health data is logged in ourhealthAccessAudits system.
Data Integrity: We use hashing mechanisms (dataHash) to ensure that your stored data has not been altered or tampered with.

We do not sell your personal data. We may share your information only in the following limited circumstances:

With Service Providers: With trusted third-party vendors who perform services for us, such as iyzico for payments, Google for AI processing, and Vercel for hosting. These partners are bound by strict confidentiality and data protection obligations.
For Legal Reasons: If required by law, such as in response to a subpoena or court order.
For Safety: In the event of a severe crisis where we believe there is an imminent risk of harm to you or others, we may be obligated to share limited information with appropriate authorities or emergency services.
With Your Consent: For any other purpose with your explicit consent.

You have control over your personal information.

Access and Correction: You can access and update your profile and onboarding information at any time through your account settings.
Account Deletion: You can delete your account at any time from your settings page. This will permanently delete your user data from our active systems in accordance with our data retention policy.
Data Portability: You may have the right to request a copy of your data in a machine-readable format.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected].