Privacy Policy

Last updated: April 3, 2026 · Effective date: April 3, 2026

The Short Version

We never sell your data. We never use it for ads. We never train AI on your conversations. Your emotional data is encrypted, protected, and under your control.

Table of Contents

1. Our Commitment to Your Privacy

Cherizh is a wellness companion app that people trust with their most personal thoughts, emotions, and experiences. We don't take that lightly. Your emotional data is sacred to us, and we've built every part of our system with your privacy as a foundational principle — not an afterthought.

This Privacy Policy explains what information we collect, how we use it, and the choices you have. We've written it in plain language because you deserve to actually understand what happens with your data.

2. Information We Collect

A. Information You Provide Directly

  • Account information — email address, name, date of birth
  • Chat conversations with AI companion personas (Eden, Frank, Gene, Heather, Ting, Justin, Lee)
  • Journal entries — text and voice recordings via voice journaling
  • Mood check-ins and emotional check-in responses
  • Feedback, support requests, and survey responses
  • Subscription and payment information — processed by Apple/Google, not stored by us directly

B. Information Collected Automatically

  • AI-inferred emotional states from chat conversations (mood classification, emotional intensity, distress detection, coping style observations)
  • Chat session emotional summaries — emotional arc, situation context — generated by AI to improve your experience
  • Coping style profile — how you process and regulate emotions, inferred over time from interaction patterns, never from direct questions
  • Device information — device type, OS version, app version — for compatibility and rate limiting
  • IP address — used for security and abuse prevention only, not for tracking
  • Push notification tokens — for delivering notifications you've opted into
  • App usage patterns — feature usage frequency, session duration

C. Information from Third-Party Services

  • Apple HealthKit data (sleep data only, if you explicitly grant permission)
    • We NEVER sell HealthKit data
    • HealthKit data is NEVER used for advertising
    • HealthKit data is used solely to correlate sleep patterns with your emotional wellbeing
    • You can revoke HealthKit access at any time in your device Settings
  • Firebase Authentication — authentication tokens and provider info from Google/Apple sign-in
  • RevenueCat — subscription status and entitlements. RevenueCat does not receive your chat or emotional data.

D. Sensitive Data We Recognize

We recognize that much of the data Cherizh collects qualifies as sensitive personal data under various privacy laws. This includes:

  • Mental and emotional health information (mood data, emotional states, distress indicators, coping patterns)
  • Health data from HealthKit (sleep patterns)
  • Content of conversations that may touch on mental health, relationships, trauma, or other deeply personal topics

We classify ALL of this data as sensitive and apply our highest level of protection to it, including:

  • AES-256 encryption at rest for all sensitive fields
  • TLS/HTTPS encryption for all data in transit
  • Strict access controls limiting who can access production data
  • No sharing with third parties for marketing or advertising — ever
  • No use for AI model training — ever

We do not require you to share sensitive information to use Cherizh. Your companion will never ask you to disclose information about your race, religion, sexual orientation, or political beliefs. If you choose to share such information in conversation, it is protected with the same encryption and privacy safeguards as all other data.

3. How We Use Your Information

We use your information to:

  • Provide and personalize your AI companion experience
  • Remember context across conversations — our memory system retains themes and patterns from your conversations so your companion can reference past discussions naturally
  • Detect emotional distress and provide appropriate support resources — our crisis detection system identifies messages indicating potential self-harm or severe distress and ensures support resources are always provided
  • Generate personalized affirmations based on your recent emotional state
  • Build your coping style profile so your companion can adapt to how you process emotions — not a one-size-fits-all response
  • Correlate sleep data with mood patterns (only if you opt into HealthKit)
  • Improve app reliability, fix bugs, and improve features
  • Prevent abuse and enforce rate limits
  • Send you notifications you've opted into (check-in reminders, companion messages)
  • Process your subscription through Apple App Store or Google Play

We NEVER Use Your Data To:

  • Sell to third parties. Ever. Under any circumstances.
  • Target you with advertising. Cherizh has no ads and never will.
  • Train AI models. Your conversations are not used to train or fine-tune any AI model.
  • Make automated decisions that affect your access to services, credit, employment, or any other consequential outcome.
  • Share with your employer, insurer, or any third party without your explicit consent.

4. How AI Processes Your Data

  • Cherizh uses third-party AI services (Anthropic's Claude and OpenAI's models) to generate companion responses, emotional analysis, affirmations, and session summaries.
  • When you send a chat message, it is transmitted to these AI providers along with relevant conversation context so your companion can respond naturally.
  • These AI providers process your messages in real-time and do NOT retain your data after processing. Your conversations are not stored by Anthropic or OpenAI beyond the duration of the API request.
  • Anthropic and OpenAI's data processing agreements prohibit them from using your data to train their models.
  • We minimize what we send to AI providers — only the context necessary for a quality response is transmitted, not your entire history.
  • AI-generated emotional analysis (mood detection, coping style classification, session summaries) is computed and stored on our servers to personalize your experience. You can request deletion of this data at any time.

No Human Review

Your conversations with AI companions are NOT reviewed, read, or monitored by Cherizh employees or contractors unless:

  • You explicitly share a conversation with us (e.g., for a support request)
  • We are required to by a valid legal order (subpoena, court order)
  • Our automated crisis detection system flags a conversation for safety review, in which case only designated safety personnel may review the flagged content solely to ensure appropriate crisis resources were provided

We do not have a team of people reading your conversations. Your chats are between you and your AI companion.

5. Data Storage and Security

  • All data is stored on encrypted, access-controlled servers
  • Sensitive data fields are encrypted at rest using AES-256 encryption, including:
    • Journal entries and personal memories
    • Location data
    • Emotional analysis data
    • Names and identifying information within conversation context
  • All data transmitted between your device and our servers is encrypted via TLS/HTTPS
  • Firebase Authentication handles credential security — we never store your password directly
  • We implement rate limiting and abuse prevention at both device and server levels
  • Access to production databases is restricted and audited
  • We regularly audit our codebase for security vulnerabilities

6. Data Breach Notification

In the unlikely event of a data breach that affects your personal information:

  • We will notify affected users within 72 hours of becoming aware of the breach
  • Notification will be sent via email and in-app notification
  • We will describe: what happened, what data was affected, what we are doing about it, and what steps you can take to protect yourself
  • We will notify relevant regulatory authorities as required by applicable law
  • We maintain an incident response plan and regularly test our security systems

7. Data Retention

  • Your chat history, journal entries, and mood data are retained as long as your account is active
  • Chat session emotional summaries used for real-time personalization (affirmations, mood badge) expire after 4 hours and become historical data only
  • Coping style profiles are maintained as long as your account is active to ensure continuity of your personalized experience

When You Delete Your Account

Phase 1 — Grace Period (14 days):

Your account is deactivated immediately. Your data is preserved but inaccessible for 14 days in case you change your mind. During this window, you can contact support@cherizh.com to reactivate your account and recover your data.

Phase 2 — Permanent Deletion (within 30 days of request):

After the 14-day grace period, ALL personal data is permanently and irreversibly deleted from our servers within 30 days of your original deletion request. This includes:

  • Chat history and conversation data
  • Journal entries (text and voice)
  • Mood and emotional check-in data
  • Emotional analysis and session summaries
  • Coping style profiles
  • Memory data
  • HealthKit correlations
  • Account information

Once permanently deleted, your data cannot be recovered.

Immediate deletion option:

If you do not want the 14-day grace period and want your data deleted immediately, you can email support@cherizh.com with the subject line "Immediate Data Deletion" and we will permanently delete all your data within 48 hours.

Anonymized, aggregated usage statistics that are not linked to any individual may be retained for product improvement. These cannot be used to identify you.

8. Your Rights and Choices

  • Access: You can request a copy of all data we hold about you
  • Deletion: You can delete your account and all associated data at any time from within the app (Settings → Account → Delete Account) or by emailing support@cherizh.com
  • Correction: You can request correction of inaccurate personal information
  • Notification control: You can manage push notification preferences in Settings → Notifications within the app, or disable them entirely in your device settings
  • HealthKit: You can grant or revoke HealthKit access at any time via your device Settings → Privacy → Health
  • Data portability: You can request an export of your data in a standard format
  • Withdraw consent: You can stop using the app at any time. Deleting the app does not delete your account — you must explicitly request account deletion.

9. Age Requirement

  • Cherizh is not intended for anyone under the age of 18
  • We do not knowingly collect personal information from anyone under 18
  • If we discover that a user under 18 has created an account, we will immediately delete the account and all associated data
  • If you believe someone under 18 is using Cherizh, please contact us immediately at support@cherizh.com

10. International Data Transfers

  • Cherizh is operated from the United States
  • If you are accessing Cherizh from outside the United States, your data will be transferred to and processed in the United States
  • AI processing may occur on servers located in various regions as determined by our AI providers (Anthropic and OpenAI)
  • By using Cherizh, you consent to the transfer of your data to the United States

11. Third-Party Services

We use the following third-party services. Each has its own privacy policy governing how they handle data:

Anthropic (Claude AI)AI companion responses Privacy Policy
OpenAIAI processing for session summaries Privacy Policy
Firebase (Google)Authentication and analytics Privacy Policy
RevenueCatSubscription management Privacy Policy
Apple HealthKitSleep data integration Privacy Policy
ExpoPush notifications Privacy Policy
NeonDatabase hosting Privacy Policy
RenderApplication hosting Privacy Policy

12. Cookies and Tracking (Website Only)

The Cherizh website (cherizh.com) uses essential cookies necessary for the website to function. We do not use advertising cookies or tracking pixels on our website. We do not use cookies within the Cherizh mobile app.

For website analytics, we use privacy-respecting analytics that do not track individual users across websites or collect personally identifiable information.

13. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale of personal information — we do not sell personal information, so this right is automatically satisfied
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact support@cherizh.com.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process your data under the following legal bases:

  • Contract performance: Processing necessary to provide the Cherizh service you signed up for (chat, journaling, mood tracking, affirmations)
  • Legitimate interest: Processing necessary for app security, abuse prevention, and service improvement, balanced against your privacy rights
  • Consent: Processing of HealthKit data, push notifications, and optional features you explicitly enable. You may withdraw consent at any time.

Your GDPR Rights

  • Right of access: Request a copy of all personal data we hold about you
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure ("Right to be Forgotten"): Request deletion of your data. We will comply within 30 days unless a legal obligation requires retention.
  • Right to restrict processing: Request that we limit how we use your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interest
  • Right to withdraw consent: Withdraw consent for any consent-based processing at any time
  • Right not to be subject to automated decision-making: Cherizh does not make automated decisions that produce legal or similarly significant effects on you. AI emotional analysis is used to personalize your experience, not to make consequential decisions about you.

How to Exercise Your Rights

Email support@cherizh.com with the subject line "GDPR Request." We will respond within 30 days. If we need additional time (up to 60 additional days for complex requests), we will inform you within the initial 30-day period.

Data Protection Officer

For privacy-specific inquiries, contact our data protection team at support@cherizh.com.

Supervisory Authority

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

International Data Transfers

When your data is transferred from the EEA to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your data. Our AI providers (Anthropic and OpenAI) also maintain appropriate safeguards for international data transfers.

15. Texas Privacy Rights (TDPSA)

Texas residents have rights under the Texas Data Privacy and Security Act:

  • Right to know whether we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to delete your personal data
  • Right to obtain a copy of your data in a portable format
  • Right to opt out of the processing of personal data for targeted advertising, the sale of personal data, or profiling. Cherizh does not engage in any of these activities.

To exercise these rights, contact support@cherizh.com. We will respond within 45 days. If we decline a request, you may appeal by emailing support@cherizh.com with the subject line "TDPSA Appeal."

Sensitive Data

Cherizh processes sensitive personal data, including mental and physical health data. We process this data only with your consent, provided when you create your account and use the service. You may withdraw consent at any time by deleting your account.

16. Security Researchers

If you discover a security vulnerability in Cherizh, please report it responsibly to security@cherizh.com. We appreciate security researchers who help us keep our users safe and will acknowledge your contribution (with your permission) once the vulnerability has been resolved. Please do not publicly disclose vulnerabilities before we have had an opportunity to address them.

17. Changes to This Policy

  • We will notify you of material changes via email or in-app notification before they take effect
  • Continued use of Cherizh after changes constitutes acceptance
  • Previous versions of this policy will be archived and available upon request

18. Contact Us

If you have any questions about this Privacy Policy, please reach out:

See also our Terms of Service.

This document is available in a screen-reader-friendly format. If you need this document in an alternative format, please contact support@cherizh.com.