Privacy Policy

Last updated: January 2025

Introduction

At CalmSpace, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services. We are committed to protecting your mental health data with the highest standards of security and privacy.

HIPAA Compliance

CalmSpace is designed to be HIPAA compliant. We implement appropriate administrative, physical, and technical safeguards to protect your protected health information (PHI). Our practices include:

  • Secure data transmission using TLS 1.3 encryption
  • Access controls and user authentication
  • Regular security assessments and audits
  • Employee training on HIPAA requirements
  • Business Associate Agreements with third-party vendors

SOC 2 Certification

Our infrastructure meets SOC 2 Type II security standards, ensuring that we maintain appropriate controls for security, availability, processing integrity, confidentiality, and privacy of your data.

Data Encryption

We implement end-to-end encryption to protect your data:

  • In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3
  • At Rest: All stored data is encrypted using AES-256 encryption
  • Database: Our database uses encryption at rest with customer-managed keys
  • Backups: All backups are encrypted and stored securely

Information We Collect

Personal Information

  • Email address (for account creation and communication)
  • Profile information you choose to provide
  • Subscription and payment information

Health and Wellness Data

  • Mood tracking entries and emotional state data
  • Journal entries and personal reflections
  • Chat conversations with our AI companion
  • Voice recordings (Premium Plus subscribers only)
  • Usage patterns and app interaction data

Technical Information

  • Device information and operating system
  • App version and performance data
  • Crash reports and error logs (anonymized)

How We Use Your Information

  • Provide personalized AI companion interactions
  • Track your mood and wellness progress
  • Improve our AI models and app functionality
  • Send important updates about your account or our services
  • Provide customer support
  • Ensure app security and prevent fraud

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist in app operations (under strict confidentiality agreements)
  • Legal Requirements: When required by law or to protect our rights and safety
  • Emergency Situations: If we believe disclosure is necessary to prevent harm to you or others
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with continued privacy protection)

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Account data: Retained while your account is active
  • Health data: Retained for up to 7 years after account deletion (as required by healthcare regulations)
  • Chat logs: Retained for 3 years for AI improvement purposes
  • Technical data: Retained for 1 year for security and performance analysis

Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and associated data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your information
  • Objection: Object to certain types of data processing

To exercise these rights, please contact us at privacy@calmspace.app.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data during international transfers, including Standard Contractual Clauses and adequacy decisions.

Children's Privacy

CalmSpace is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

Security Measures

We implement comprehensive security measures to protect your information:

  • Multi-factor authentication for account access
  • Regular security audits and penetration testing
  • Employee background checks and security training
  • Incident response procedures
  • Data loss prevention systems
  • Regular software updates and security patches

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

  • Email: privacy@calmspace.app
  • Support: support@calmspace.app
  • Address: CalmSpace Privacy Team, [Your Business Address]