Privacy Policy

We collect several categories of information to provide and improve our AI-powered voice therapy services. This data collection is limited to what is necessary for the functioning of the Aletheia application and is never used for unrelated purposes.

• Account Authentication DataWhen you sign up, we collect your email address, name (if provided), and authentication tokens through Clerk (our authentication provider).
• Voice Audio DataDuring therapy sessions, we capture real-time audio streams through LiveKit integration. This audio is processed momentarily for transcription and AI analysis but is not stored on our servers by default.
• Session TranscriptionsWe generate anonymized text transcripts of your voice sessions to enable our backend to process your input and generate therapeutic responses. These transcripts are temporarily cached during the session.
• Session MetadataWe store anonymized session identifiers, duration, timestamp, and basic interaction logs in our database. This includes sessionId, start/end times, and aggregated emotion scores, but never the actual conversation content.
• Usage AnalyticsWe collect anonymous product analytics including feature usage patterns, session frequency, and technical performance metrics to improve the application experience. This data cannot be linked to individual users.
• Payment InformationIf you subscribe, payment processing is handled entirely by Stripe. We do not store credit card numbers or other sensitive payment data on our servers.

We explicitly do not collect location data, contacts, browsing history, or any information from other apps on your device.

Voice data handling is the cornerstone of our privacy commitment. As a therapy application, we understand that your voice contains not just words, but emotional states, personal stories, and vulnerable moments that require maximum protection.

Real-Time Processing Flow

• LiveKit StreamingAudio is transmitted via WebRTC using LiveKit's end-to-end encrypted channels. TLS 1.3 encryption protects data in transit from your device to our servers.
• Immediate TranscriptionAudio streams are processed by our pipeline for real-time speech-to-text conversion. This transcription happens within seconds of speaking.
• AI Response GenerationThe anonymized transcript is sent to our therapeutic AI models to generate contextual responses. No audio is ever sent to external AI providers.
• Instant DeletionOnce transcription is complete, the original audio buffer is immediately cleared from memory and never written to disk.

We implement multiple layers of security to protect your data throughout its entire lifecycle, from transmission to storage and eventual deletion. Our security architecture is built on enterprise-grade infrastructure with privacy-first design principles.

Infrastructure Security

• Database EncryptionAll data stored in our PostgreSQL database is encrypted at rest using AES-256. Database snapshots and backups are also encrypted.
• Secure TransmissionAll data transmitted between your device, our backend API, and database uses TLS 1.3 (or TLS 1.2 minimum) with perfect forward secrecy.
• SOC 2 Compliant InfrastructureOur entire stack operates on SOC 2 Type II certified infrastructure with regular third-party security audits.

Access Controls

• • Zero-trust architecture with role-based access control (RBAC)
• • All backend API endpoints require valid authentication tokens
• • Database access is restricted to authorized backend services only
• • Two-factor authentication required for all developer accounts
• • Automated access logging and anomaly detection

Data Retention & Deletion

We retain anonymized session metadata for up to 90 days to improve service quality, after which it is automatically purged. If you delete your account, all associated data is permanently erased within 30 days. You can request immediate deletion at privacy@aletheia.app.

Security Audits

We conduct quarterly security assessments, annual penetration testing, and continuous vulnerability scanning. Our codebase undergoes security review before each deployment.

Aletheia Wellness Inc. operates on a transparent subscription-based business model. We generate revenue only from user subscriptions, not from selling or monetizing personal data. This aligns our incentives with your privacy and wellbeing.

Third-Party Processors

We work with carefully vetted service providers who act as data processors (not controllers) under strict contractual obligations:

• ClerkAuthentication services - only receives email/name
• SupabaseDatabase hosting - encrypted data storage
• LiveKitReal-time audio streaming - temporary audio processing
• StripePayment processing - no card data touches our servers

All processors are prohibited from using your data for any purpose other than providing contracted services to us.

Future Business Model

Even if our business model evolves, we pledge never to sell user data or use therapy session content for commercial purposes. Any changes to this policy would require explicit opt-in consent.

You have complete control over your personal data. We respect your rights under GDPR, CCPA, and other applicable privacy laws, regardless of your location. You can exercise these rights directly through the app or by contacting us.

Your Rights Include

• Right to AccessRequest a complete copy of all data we hold about you, including session metadata and account information. We provide this in machine-readable JSON format within 30 days.
• Right to RectificationCorrect any inaccurate personal information through your account settings or by emailing support.
• Right to ErasureDelete your entire account and all associated data immediately. This action is irreversible and confirmed via email.
• Right to Data PortabilityExport your session history and account data to transfer to another service. We provide this in standardized formats.
• Right to Restrict ProcessingTemporarily pause processing of your data while maintaining your account. This will disable AI features but preserve your subscription.
• Right to ObjectOpt-out of any data processing activities that are not essential to service delivery, such as optional analytics.

How to Exercise Your Rights

• • Email privacy@aletheia.app with your request
• • Use the "Data Export" or "Delete Account" buttons in Settings → Privacy
• • Include your user ID (found in Settings → Account) for faster processing
• • We respond to all requests within 30 days; urgent requests within 7 days

Contact Our Data Protection Officer

For privacy-related questions, concerns, or to exercise your rights, contact us at privacy@aletheia.app. For urgent matters, call +1 (555) 123-ALETHEIA. Our DPO responds within 24 hours.