Privacy Policy — EmoFriend
Last updated: 2025-10-05
EmoFriend (“we”, “us”, “our”, or “EmoFriend”) provides an AI-powered emotional support application and related services (the “Service”, “App”, or “Platform”) for iOS and the web. This Privacy Policy explains what information we collect, how we use and share it, how we protect it, and the choices you have regarding your information.
Please read this policy carefully. By using or accessing the Service you accept this Privacy Policy and consent to the collection, use, disclosure, and retention of your information as described herein. If you do not agree, do not use the Service.
1. Scope and Applicability
This policy applies to personal information collected through our iOS app, web app, associated websites, in-app features, customer support, and any other services we operate (collectively, the “Service”). It does not apply to third-party websites or services linked from our Service.
2. Key Principles
- Purpose limitation: We collect personal information only for specific, legitimate purposes and use it only as described in this policy.
- Data minimization: We strive to collect the minimum information necessary to provide and improve the Service.
- User control: You have choices about how your information is used and retained.
- Transparency & accountability: We disclose our practices and commit to reasonable security and governance.
3. Definitions
- Personal Data / Personal Information: Any information that identifies or can reasonably be used to identify an individual.
- Sensitive Personal Data: Includes health, mental health, or other information that reveals emotional state, treatment, or symptoms. Because EmoFriend processes emotional content, parts of your conversation may be treated as Sensitive Personal Data.
- Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion, etc.).
4. Information We Collect
A. Account & Profile Data
- Name (optional), display name, email address, phone number (optional), profile photo (optional), date of birth (optional), and other profile information you choose to provide.
- Purpose: Account management, authentication, personalization, communication.
B. User-Provided Content
- Chat messages, journal entries, mood check-ins, survey answers, uploaded files or images, notes, tags, reaction logs, and any other content you enter into the Service.
- Nature: This content can include sensitive emotional or mental-health-related data.
- Purpose: To provide the Service (generate empathetic responses, mood insights, personalized guidance), to allow you to access your history, and to improve Service quality (see model processing below).
C. Transaction & Payment Data
- When you subscribe or make purchases: billing name, billing address, transaction amount, payment token or masked transaction identifier. Payments processed through App Store / Play Store / third-party providers (we do not receive your full credit card number when processed via platform).
- Purpose: Process subscriptions and payments, refunds, compliance and tax reporting.
D. Device, Usage & Technical Data
- Device type, OS, app version, unique device identifiers (advertising IDs only if you permit), IP address, browser type, timestamps, referral/UTM parameters, logs, crash reports, and usage analytics (pages/screens visited, features used, duration).
- Purpose: Service operation, troubleshooting, analytics, fraud prevention, security.
E. Cookies & Tracking
- Cookies, local storage, and similar technologies used for authentication, preferences, analytics, and improving the user experience. You can control cookies through your browser or device settings (see Cookies section).
F. Third-Party Data
- If you sign in with third-party providers (Apple, Google, Facebook), we may receive basic profile data (name, email, profile picture) per your account settings and provider policies.
- Purpose: Simplified signup and authentication.
5. How We Use Your Information
- Provide & Operate the Service: Generating responses, storing conversations, enabling features (mood insights, journaling, check-ins).
- Personalization: Tailor prompts, guidance, tips, and content to your stated preferences and history.
- Research & Product Improvement: Aggregated or pseudonymized data to improve models, features, and UX. We will not use identifiable personal content to train third-party models without explicit user consent.
- Security, Fraud, & Abuse Prevention: Detecting suspicious behavior, ensuring integrity, defending against attacks.
- Billing & Account Management: Manage subscriptions, payments, invoicing, and refunds.
- Legal Compliance & Enforcement: Complying with legal obligations, responding to lawful requests, enforcing our Terms of Service.
- Communications & Support: Responding to support requests, sending transactional messages and safety notices, optionally sending product updates and marketing (you may opt out).
- Safety Protocols: If messages indicate imminent risk of harm to self/others, we may provide crisis-resource messages and comply with applicable safety and legal obligations.
6. Legal Basis for Processing (GDPR)
If you are an EU/EEA/UK resident, our legal bases for processing your personal data include:
- Performance of a contract: To provide the Service you requested (account, chat, mood insights).
- Consent: Where we ask for explicit consent (e.g., for optional features or using content for model training). You may withdraw consent at any time.
- Legitimate interests: To operate and improve the service, ensure security, and communicate with users, provided these interests are not overridden by your rights.
- Compliance with legal obligations.
7. Sensitive Data & Explicit Consent
- Request explicit consent at account creation, on first use of sensitive features, and/or before using such content for secondary purposes (e.g., research, model training).
- Allow you to opt out of any use of sensitive content beyond delivering the Service (e.g., using content for training models).
- Offer settings to restrict processing of sensitive content for analytics or training.
8. AI, Automated Processing & Model Use
- Your messages are processed by automated systems (our models and/or third-party AI providers) to generate empathetic responses and produce mood analysis.
- We may use third-party model providers or cloud services to process and temporarily store conversation content. We will disclose providers in our Data Processing Addendum and will not supply personal content to third parties for model training without explicit consent.
- Results generated by the Service are automated suggestions and are not professional clinical advice. See Safety & Crisis section below.
9. Sharing & Disclosure
We do not sell your personal information. We may share your information in the following limited circumstances:
A. Service Providers & Processors
- We share personal information with vendors and service providers who perform services on our behalf (hosting, analytics, crash reporting, customer support, payment processors). These providers are contractually bound to protect data and use it only to perform services for us.
B. Legal Requirements & Safety
- We may disclose personal information to comply with legal obligations, respond to lawful requests (subpoenas, court orders), or to protect the rights, property, or safety of EmoFriend, its users, or others.
C. Business Transfers
- If EmoFriend is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify users where required.
D. Aggregated & De-Identified Data
- We may share aggregated or de-identified information that does not identify you for research, marketing, or analytics.
E. With Your Consent
- We will share information if you ask us to (for example, to export data to a third-party app) and explicitly consent.
10. Third-Party Links & Integrations
The Service may contain links to third-party sites or allow integration with third-party services. We are not responsible for third-party privacy practices. Review those third parties’ privacy policies before sharing data with them.
11. Cookies & Similar Technologies
We use cookies and similar technologies to operate the Service and analyze usage. Types of cookies we use include: essential cookies (necessary to operate), performance and analytics cookies (for product improvement), and optional cookies for personalization. You can manage cookies through your device and browser settings. See our Cookie Statement [link to Cookie Policy] for details.
12. Data Retention & Deletion
We retain personal information only as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements.
- Account information: retained while your account is active; no account recovery once deleted.
- Chat messages & journal entries: retained while your account is active; thereafter deleted or anonymized within 180 days unless you opt-in to longer storage.
- Analytics and logs: retained in aggregated or pseudonymized form for up to [12–24] months for product improvement.
- Payment records: retained for [7] years to meet tax and accounting obligations.
Account Deletion: You may request deletion of your account and personal data (see “Your Rights” below). Deletion requests will be processed within a reasonable timeframe (commonly 30–60 days), subject to verification, legal obligations, or content required for safety or dispute resolution.
13. Data Security
We implement reasonable technical, administrative, and physical safeguards to protect your personal information (encryption in transit (TLS), access controls, secure hosting, regular security assessments). However, no system is completely secure. We cannot guarantee absolute security of your data.
Breach Notification: In the event of a data breach affecting personal data, we will notify affected users and regulators as required by applicable law.
14. International Transfers
We operate globally and may transfer your information across borders to the United States and other countries where our service providers operate. When we transfer data from the EEA/UK to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms to protect your data.
15. Children’s Privacy
- Minimum Age: The Service is not intended for children under 13. If you are under 13 (or your country’s applicable age of digital consent), do not use the Service or provide personal data.
- Users aged 13–17: We permit teens in this range only if permitted by law and with parental consent where required. Parents/guardians may contact us to exercise rights on behalf of minors.
- If we become aware we have collected personal data from a child under 13 without verification of parental consent, we will take steps to delete the information.
16. Your Rights & Choices
A. For EU/EEA/UK Residents (GDPR)
- Access the personal data we hold about you.
- Request rectification of inaccurate personal data.
- Request erasure (right to be forgotten) subject to legal exceptions.
- Restrict or object to processing (including for direct marketing).
- Data portability (receive your data in a structured, machine-readable format).
- Withdraw consent at any time (where processing is based on consent).
- Lodge a complaint with your local supervisory authority.
B. For California Residents (CCPA/CPRA)
- Know what categories of personal information we collect, use, disclose, and sell (we do not sell personal information).
- Request access to and deletion of your personal information.
- Opt-out of the sale of your personal information (we do not sell personal information).
- Non-discrimination for exercising privacy rights.
C. How to Exercise Your Rights
To submit requests or withdraw consent:
- Email: mail@techrange.co
- Or use the in-app settings → Privacy → “Request my data / Delete account”
- We will verify identity to process requests and may require additional information. We will respond within applicable statutory timeframes (e.g., 30 days under GDPR/CCPA).
17. How We Verify Requests
To protect your privacy and security, we may require information to verify you are the account owner before fulfilling requests (email verification, two-factor authentication, or other reasonable proof). We will not respond to requests that are manifestly unfounded or excessive.
18. Cross-Border & Law Enforcement Requests
We may disclose personal information in response to lawful government requests, court orders, or to comply with local laws and regulations. If legally permitted, we will attempt to redirect requests to the requesting party or provide notice to you.
19. Data Processing Addendum (DPA)
If you are a business customer or enterprise using our services, our standard DPA is available upon request and includes details on processors, sub-processors, and security obligations.
20. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will post the revised policy with an updated “Last updated” date and, where required by law, provide direct notice (e.g., email). Continued use of the Service after such notification constitutes acceptance.
21. Limitation of Liability & Disclaimer
Important: While we strive to protect your information, we cannot guarantee perfect security. To the maximum extent permitted by law, EmoFriend’s liability for privacy-related claims is limited as set forth in our Terms of Service. This Privacy Policy is not legal advice; consult counsel for regulatory or compliance guidance.
22. Contact Us
Privacy Team
EmoFriend / Techrange Solutions Pvt Ltd
Email: mail@techrange.co
Address: Techrange, Sector 78, Noida, UP, 201301
If you are not satisfied with our response, you may lodge a complaint with your local data protection authority.
23. Appendix — Data Map (Summary Table)
| Data Category | Examples | Purpose | Retention |
|---|
| Account Data | Email, display name | Authentication, contact | While account active; no account recovery once deleted |
| User Content | Chats, journals, mood check-ins | Core service, personalization | While account active; deleted upon request or within 180 days |
| Payment Data | Transaction IDs, billing name | Billing, refunds, tax | 7 years (accounting) |
| Device & Logs | IP, device model, logs | Security, analytics | [6–24] months (aggregate/pseudonymized) |
| Crash Reports | Stack traces, app version | Debugging, product quality | [12] months |
24. Sample Data Request Templates
- Data Access Request: “Please provide all personal data you hold about me (account data, chat logs, analytics). Our account email is mail@techrange.co.”
- Data Deletion Request: “Please delete my account and all personal data associated with it. Our account email is mail@techrange.co.”
- Send requests to: mail@techrange.co
25. Safety & Crisis Disclaimer
EmoFriend provides supportive, AI-driven, non-clinical emotional support. It is not a substitute for professional therapy, diagnosis, or crisis intervention. If you are in immediate danger or experiencing thoughts of self-harm, please contact emergency services or your local crisis hotline immediately. We include crisis resource information in the app and will provide it when messages indicate acute risk.