Privacy Policy

Welcome

You're here because you care about your privacy, especially when it comes to sharing your most vulnerable thoughts with a computer program. As the creators and regular users of Dyfna ourselves, privacy is of the utmost importance to us.

Dyfna ("we," "us," or "our") provides a web-based application to enhance self-reflection and personal growth by applying modern AI technology to the process.

This Privacy Policy outlines how we collect, use, maintain, protect, and disclose your information. If anything is unclear, please don't hesitate to contact us for clarification.

Our commitment

Our commitment to your privacy is not just an obligation, but a vital part of our mission to provide a secure and private mental health experience.

When you entrust us with sensitive and personal information, we believe it is our most important responsibility to keep it as safe, secure, and private as we can, while still delivering you effective features and services in our products.

We believe transparency is one of the most important values in building healthy relationships, and that extends to our relationship with our customers. We will do our best to provide clear and open communication about our data practices, giving you the power to make informed decisions about your data and its use within Dyfna.

Why we store data

After thorough consideration of the factors, we concluded that storing data in the cloud is the only way that we can provide an experience that emphasizes user convenience, safety, and reliability.

Here's why:

• Cross-Device Accessibility: By storing data on our secure servers, we enable you to access your journal entries and habit tracking across multiple devices. This means you can start an entry on your smartphone and finish it on your laptop, providing a seamless user experience.
• Data Protection: User-based encryption, while secure, carries a risk of data loss if the encryption key is forgotten or lost. By storing data on our servers, we're able to ensure that even if you lose access to a device or forget a key, your journal entries will not be permanently lost.
• Reliability: Browser-based storage services like IndexedDB can sometimes be unreliable, leading to potential data loss. We use Supabase, a trusted and reliable data storage provider, to ensure your data is safely stored and consistently accessible.

Building an innovative product like Dyfna is difficult, and we appreciate your trust in us as we do our best to pioneer never-before seen experiences. Your participation makes this possible and we greatly appreciate it.

1. Information We Collect

In order to provide our services, we may collect the following types of information:

• User-Provided Information: You provide us with personally identifiable information, such as your email address, when you register for an account or in your use of our services.
• Automatically Collected Information: We automatically collect certain information about the device you use to access our services, including information about the device, IP address, and browser type. We also collect information about your interactions with our services, such as pages viewed and links clicked.

2. Use of Information

We use the information we collect for several purposes aimed at providing and improving our services. Here's a more detailed breakdown:

• Providing Our Services: The information we collect is integral to providing our services. This includes using your account information to allow you access to Dyfna, using your preferences to customize your experience, and using your journal entries to display them back to you on demand.
• Maintaining Our Services: We use the information to ensure our services run smoothly. This includes using technical information about your devices and your interactions with our services to resolve issues, ensure compatibility, and keep our services up and running.
• Improving Our Services: We use aggregated and anonymized data to identify trends, track user behavior, and understand how our users interact with Dyfna. This allows us to identify areas for improvement, develop new features, and optimize the user experience.
• Developing New Services: Information collected can inspire new ideas and help us innovate. It gives us insights into what users value and what new services we might develop to meet user needs and expectations.
• Protecting Dyfna and Our Users: Some information is used in the interest of security to protect our app and our users. For instance, we might use information to verify accounts, prevent fraudulent activity, enforce our terms and conditions, and to comply with legal requirements.
• Offering Tailored Content: We may use your data to personalize your experience on Dyfna. This can range from remembering your settings and preferences, suggesting relevant features, or showing you content that aligns with your interests.

In all instances, we uphold strict data handling practices to ensure your information is handled responsibly and in accordance with this Privacy Policy.

3. Third-Party Services

We use various third-party services to help us provide, improve, protect, and promote our services:

• Supabase: We use Supabase as our data storage provider, a widely trusted data storage provider. Your data is encrypted in transit and at rest. We have appropriate data handling agreements to ensure secure data processing.
• Sentry: This tool is used for error monitoring and performance tracking to help us understand how our users use our app, to improve our services, and to fix bugs. All sensitive data, such as journal entries, are never sent to this service.
• OpenAI and Anthropic: We use these services for advanced computational tasks, including but not limited to, artificial intelligence operations and language processing. All data processed through these services is anonymized, containing only the contents of journal entries without any user-identifying information. We have appropriate data handling agreements with both OpenAI and Anthropic to ensure secure data processing.

Please note that these third-party service providers have their own privacy policies addressing how they use such information.

4. Non-Disclosure of Sensitive Data

Dyfna stands firmly in its commitment to safeguard your sensitive data. It is against our values and company ethos to share, sell, or distribute your sensitive data to any third parties. We will never do this unless absolutely required by law.

5. Security

Ensuring the security of your data is our utmost priority, and we employ a variety of measures to safeguard your information:

• Data Encryption: All data transmitted between you and our services is secured using strong encryption protocols. This includes the use of Secure Socket Layer (SSL) technology, which ensures that your data remains private and integral. Additionally, we use Supabase for data storage, which provides robust encryption for your data.
• Access Control: We implement robust access control measures at the managerial level. Only authorized members of our staff can request access to sensitive user data solely for the purpose of resolving technical issues. Access is protected by a coordinated authentication system with full audit logging.
• Employee Data Access: Our employees do not have access to production data, minimizing the risk of unauthorized access or exposure.
• Training: Our team is trained and updated on the latest security practices and data protection measures. This ensures that everyone who works on Dyfna understands the importance of data security and knows how to handle user information responsibly.

6. Legal Basis and Purpose of Processing

We process personal data on the basis of and in the context of the performance of legal obligations, the contractual relationship between us, the consent given by you, the protection of the interests of data subjects or another natural person, the performance of a task carried out in the public interest and our legitimate interests. We may process personal data for the following purposes:

• Creating a personal profile to make future visits to the App more personalized
• Monitoring and analysing usage and trends to improve your experience with the App
• Notification of App updates
• Requesting feedback and contacting you about your use of the App
• Improving our App and Services based on your feedback
• Sending promotional and marketing emails about new products, special offers or other information that we think may be of interest using the email address you have provided
• Scientific, research, development and creative activities (especially in the field of artificial intelligence) in which we cooperate with scientific and educational institutions

All personal data is processed electronically in an automated manner, stored in anonymised or pseudonymised form in multiple databases to ensure maximum security.

7. Data Retention and Deletion

• User Account Deletion: Users have the right to request account deletion at any time. Upon such a request, all associated data will be permanently deleted.
• Data Retention: We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Deleted data is retained for 30 days for disaster recovery purposes, after which it is permanently removed from our systems.
• Processing Duration: We process your personal data for the duration of the contractual relationship between us and for as long as necessary after the end of the contractual relationship. If there is no longer any purpose for processing certain personal data, this personal data will be deleted.

8. Age Restrictions

Our service is not intended for children under the age of 16. No one under the age of 16 may provide any personal data within the Application. We do not knowingly collect personal data from children under the age of 16. If you are under the age of 16, do not use or provide any information within the App or on any of its features/functions, make any purchases through the Website, use any of the interactive or public comment features that may be available within the App, or provide us with any information about you, including your name, address, phone number, email address, or any nickname or username you may use.

If we discover that we have collected or received personal data from a child under the age of 16 without verifying parental consent, we will delete that data. If you think we may have any information from or about a child under the age of 16, please contact us at [email protected].

9. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of Access: You have the right to request access to your personal data and receive a copy of the data we hold about you.
• Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: You have the right to request restriction of processing of your personal data.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You have the right to object to processing of your personal data.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Data Protection Officer: For any GDPR-related inquiries, you can contact us at [email protected].

10. GDPR Compliance

As a European business, we are committed to full compliance with the General Data Protection Regulation (GDPR). This means:

• We only collect and process personal data that is necessary for providing our services
• We implement appropriate technical and organizational measures to ensure data security
• We provide clear information about data processing activities
• We respect all GDPR rights and respond to requests within 30 days
• We maintain records of processing activities as required by GDPR
• We conduct data protection impact assessments where necessary

International Transfers: When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

11. Your Consent

You may not use our App without first giving your express consent to this Policy. By giving such consent, this Policy becomes binding on you.

12. Changes to This Privacy Policy

We reserve the right to modify this privacy policy at any time. If we make material changes to this policy, we may notify you here, by email, or by means of a notice on our home page.

13. Contact Us

If you have any questions regarding this Privacy Policy or the practices of this Site, please contact us at [email protected].

Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with GDPR.