Back to Home
Privacy Core

This document explains the technical safeguards protecting your mind. In short: Your database rows are locked to your User ID.

Row Level Security (RLS)
AES-256 At Rest
Vectorized Anonymization
Zero-Retention Inference
Last Updated: February 15, 2026

Privacy Policy

We treat your mental health data with higher security standards than financial records.

1. Data Ingestion & Storage

We minimize raw data storage by using a "Dual-Layer Memory" architecture:

  • Short-Term Memory: The last ~20 messages are stored encrypted in the messages table for immediate context.
  • Long-Term Memory: Older conversations are compressed into Vector Embeddings (mathematical representations of concepts) in the conversation_summaries table. The raw text of old messages is permanently deleted from our active database to minimize exposure.
  • Strict Ownership: We enforce Postgres Row Level Security (RLS). This means the database engine itself rejects any query for your data that does not carry your specific Authentication Token.

2. AI & Inference Handling

Your conversations are processed by AI models to generate responses. Here is the strict protocol:

  • Zero-Training Policy: We use Google's Gemini (via Vertex AI) for inference. Your chat data is never used to train their foundation models.
  • Stateless Processing: Data sent to the AI model is "transient." It exists in the model's context window only for the duration of generating your reply, then it is discarded.
  • Risk Engine Scanning: Before any text is generated, your input is scanned by our local Safety Circuit. If immediate self-harm risks are detected, the system bypasses the standard AI to provide crisis resources. These safety events are logged but anonymized.

3. Third-Party Infrastructure

We do not sell your data. We rely on the following secured infrastructure providers:

  • Supabase (AWS): For encrypted database hosting and authentication handling.
  • Google Cloud (Vertex AI): For enterprise-grade LLM inference with HIPAA-compliant data agreements.
  • Redis: For ephemeral rate-limiting to prevent system abuse.

4. Your Sovereign Rights

You retain absolute control over your digital footprint:

  • The "Kill Switch": You can trigger a permanent account deletion from your Settings dashboard. This performs a hard delete on all users, sessions, and summaries rows associated with your ID immediately.
  • Exportability: You may download your entire conversation history in JSON (raw data) or PDF (document) format at any time.
  • Transparency: You have the right to know exactly which "memories" the AI has stored about you. This is visible in the "Memory Management" section of the app.

5. Contact & DPO

For technical inquiries regarding encryption standards or data removal requests, contact our Data Protection Officer:
support@libremind.in