Privacy Policy

1. Introduction

Alethe ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mental health and consciousness tracking platform at getalethe.io (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use our Service.

2. Information We Collect

Personal Information

When you create an account, we collect:

Email address
Name (optional)
Account preferences and settings

Mental Health Data

When you use our tracking features, we collect:

Daily check-in responses (mood, sleep, stress levels)
Assessment scores (PHQ-9, GAD-7, PSS)
Sleep tracking data (duration, quality, patterns)
Consciousness state notes (meditation, flow states)
Journal entries and personal notes (if you choose to add them)
Timestamps of all activities

Device & Usage Information

We automatically collect certain information about your device and how you use our Service:

Browser type and version
Device information (type, operating system)
IP address (anonymized for analytics)
Pages visited and features used
Time spent on the Service

Wearable Integration Data (If Connected)

If you choose to connect wearable devices:

Sleep data from Oura Ring, Whoop, etc.
Activity data from Apple Health, Google Fit
Heart rate variability data

Important: Data from wearables is imported ONE-WAY only. We never send your ALETHE data back to these services.

3. How We Use Your Information

We use the information we collect to:

Provide the Service: Display your tracking data, calculate scores, generate insights
Identify patterns: Help you understand trends in your mental health and well-being
Improve the Service: Analyze usage patterns to enhance user experience
Communicate with you: Send important updates, reminders, and respond to inquiries
Ensure security: Detect and prevent fraud or abuse
Comply with legal obligations: Meet regulatory requirements

4. Data Ownership & Your Rights

YOU OWN YOUR DATA

Your mental health data, tracking records, and personal insights belong to you. We are the custodian, you are the owner.

You have the right to:

Access: Request a copy of all data we have about you
Export: Download your complete mental health data in portable format (JSON, CSV)
Correct: Update or correct your personal information
Delete: Request deletion of your account and all associated data
Opt-out: Decline participation in optional research programs
Control sharing: Decide what data (if any) you share with therapists or researchers

5. Data Sharing & Disclosure

WE NEVER SELL YOUR DATA

We will never sell, rent, or trade your personal information or mental health data to third parties. Ever.

We may share your information only in these limited circumstances:

With your explicit consent: When you authorize sharing (e.g., with your therapist)
Service providers: Third parties who help us operate (hosting, email). They are bound by confidentiality agreements.
Legal requirements: When required by law, court order, or to protect rights and safety
Business transfers: In connection with a merger or acquisition (you'll be notified in advance)
Anonymized research: ONLY if you opt-in to research participation, and only in aggregated, de-identified form

6. Data Security

We implement industry-standard security measures to protect your sensitive mental health data:

Encryption in transit: All data transmitted using TLS/SSL encryption
Encryption at rest: Data stored with AES-256 encryption
Secure authentication: Password hashing with bcrypt
Regular security audits: Quarterly vulnerability assessments
Access controls: Strict internal access policies and monitoring
Incident response: Procedures for handling security breaches

While we strive to protect your data using commercially reasonable means, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your data:

Active accounts: As long as your account is active
After deletion: Backups retained for 30 days, then permanently deleted
Anonymized data: May be retained indefinitely for research (only if you opted in)
Legal obligations: As required by applicable law

You can delete your account at any time through account settings. Upon deletion, all personally identifiable information will be removed from our active systems.

8. Cookies & Tracking Technologies

We use minimal cookies and similar technologies:

Essential cookies: Required for authentication and preferences (cannot be disabled)
Analytics cookies: Help us understand usage patterns (optional, can be disabled)
No advertising cookies: We do not use cookies for advertising or cross-site tracking
No third-party trackers: No Facebook Pixel, Google Analytics, or similar tracking

You can control cookies through your browser settings. Disabling essential cookies may affect functionality.

9. Third-Party Services

We use the following carefully vetted third-party services:

Vercel: Hosting and deployment (US-based)
Supabase: Database and authentication (data encrypted)
Privacy-focused analytics: Minimal analytics without personal data

These services have their own privacy policies. We carefully vet all third-party providers to ensure they meet our privacy and security standards.

No AI Training: We do not share your data with AI companies for model training purposes.

10. International Users

Alethe is based in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. By using the Service, you consent to this transfer.

GDPR Compliance (EU Users):

Right to data portability
Right to object to processing
Right to erasure ("right to be forgotten")
Right to restrict processing

CCPA Compliance (California Users):

Right to know what data we collect
Right to opt-out of data sales (note: we don't sell data)
Right to deletion
Right to non-discrimination

11. Children's Privacy

Alethe is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from someone under 18, we will delete it immediately.

Parents: If you believe your child has created an account, please contact us immediately at privacy@getalethe.io and we will delete it.

12. Research & Data Contributions

Opt-In Research Participation:

If you choose to participate in research efforts (future):

Your data may be used in anonymized, aggregated research
We may publish findings in academic papers or public reports
You will NEVER be personally identified
Your data contributes to understanding collective mental health patterns

Important: Research participation is 100% OPTIONAL. You can use Alethe without contributing to research.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

Posting the new policy on this page
Updating the "Last updated" date
Sending you an email notification (for material changes)
In-app notification upon your next login

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy. If you disagree with changes, you may delete your account.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Privacy Email: privacy@getalethe.io
General Email: hello@getalethe.io
Website: https://getalethe.io
Response Time: We respond to privacy requests within 7-10 business days

Data Requests:

To exercise your data rights (access, export, delete), email privacy@getalethe.io with "Data Request" in the subject line. We'll verify your identity and respond within 10 business days.

Legal Disclaimer

This Privacy Policy is provided for informational purposes and may not be suitable for your specific situation. We are not lawyers, and this does not constitute legal advice. We recommend consulting with a qualified attorney for legal guidance.