Privacy Policy
Simena Digital LLC · privacy@simena.app
Last updated: May 18, 2026
Simena is an AI-powered mental health coach app made by Simena Digital LLC ("we," "us," or "our"), a Wyoming limited liability company based in the United States. This policy explains what data we collect, why, and how we protect it.
1. Information You Provide
When you use Simena, you may provide the following information:
- Account information: name and email address (via Apple Sign-In)
- Coaching session content: AI chat messages, voice session audio, and voice session transcripts generated during coaching
- Mood check-ins: mood ratings, emotion labels, energy, sleep, anxiety scores, and optional free-text notes
- Journal entries: freeform entries, gratitude logs, reflections, and structured CBT thought records
- Assessment results: responses and scores from validated screening tools (PHQ-9, GAD-7, PCL-5) and onboarding screeners (WHO-5, PHQ-2, GAD-2)
- Onboarding profile: pronouns, age range, presenting concerns, coping strategies, support level, previous diagnoses, medication, goals, and safety screening responses
- Profile preferences: language, timezone, dark mode, and notification settings
- Profile photo: optional profile picture you take or select
2. Information Collected Automatically
When you access Simena, we automatically receive:
- IP address and user agent (standard HTTP request data)
- Session tokens for authentication
We do not use analytics SDKs, crash reporting services, advertising trackers, or the App Tracking Transparency framework. We do not track you across apps or websites.
3. AI Features and Your Data
Simena uses Anthropic's Claude models for AI coaching. All AI features are cloud-based and require an internet connection.
- Claude Haiku handles routine coaching exchanges, journaling prompts, and check-in summarization.
- Claude Sonnet handles complex sessions, including crisis-flagged conversations and assessment interpretation.
Your chat messages and voice transcripts are sent to Anthropic for processing alongside the contextual information needed to coach you (recent session summary, active treatment goals, relevant assessment scores). Anthropic returns the assistant's reply, which we stream back to your device. Anthropic does not use API data to train their models. See anthropic.com/privacy for details.
Voice sessions: when you use voice coaching, your microphone audio is streamed to Deepgram for speech-to-text transcription, and Simena's coaching responses are streamed back as synthesized speech generated by Cartesia. Audio is not stored on our servers beyond the active session — only the resulting transcript text is retained for session continuity.
Crisis detection: session text and voice transcripts are scanned for crisis-indicator keywords (e.g., self-harm references, hopelessness markers, suicidality language). If detected, the app surfaces a crisis-hotline prompt and may escalate the conversation to a Claude Sonnet review so a higher-quality response can be generated. We do not store keyword-match details beyond a session-level crisis flag and an internal severity rating used to support follow-up and abuse prevention.
4. How We Use Your Information
We use your information to:
- Provide and maintain Simena's coaching features (chat, voice, journal, check-ins, assessments)
- Authenticate your account and keep it secure
- Sync your sessions, journal entries, mood data, and assessments across devices
- Power AI coaching responses via Anthropic Claude Haiku and Sonnet
- Run crisis-detection scans on session content and surface crisis-hotline prompts when warranted
- Deliver scheduled local notifications (check-in reminders, session reminders)
- Generate wellness insights (mood trends, assessment trajectories, treatment-arc progress)
- Enforce subscription entitlements and abuse-prevention session limits
5. Third-Party Services
| Service | Purpose | Data shared |
|---|---|---|
| Apple | Authentication (Sign in with Apple) | Name, email |
| Anthropic (Claude Haiku, Claude Sonnet) | AI coaching and crisis-flagged response review | Chat messages and voice transcripts plus the contextual session information described in §3 (active session only) |
| Deepgram | Speech-to-text transcription for voice coaching | Voice session audio (transient, not stored after transcription) |
| Cartesia | Text-to-speech synthesis for voice coaching | Coaching response text (transient, used to generate audio) |
| RevenueCat | Subscription management | Anonymous user ID, purchase history |
| Expo Updates | Over-the-air app updates | Device platform, app version |
All third-party service providers listed above are contractually required to protect your data to a standard equivalent to or greater than described in this policy.
We do not sell your personal data. We do not share data with third parties for advertising.
6. Data Storage and Security
Your data is stored on secure servers within the European Union. All database connections are encrypted, and communication between the app and our servers uses HTTPS (TLS 1.2+). Authentication uses timing-safe token comparison to prevent timing attacks.
On your device, Simena stores data using:
- AsyncStorage: preferences and app state
- expo-sqlite: offline cache for sessions and journal entries, with full-text search
- expo-secure-store: authentication tokens (encrypted by the OS keychain)
7. Data Retention and Deletion
Your data is retained as long as your account is active. You can delete your account at any time from Settings within the app. Deletion is soft-applied immediately — your active session is ended and your Apple refresh token is revoked — and finalized after 30 days. During this 30-day grace window you may restore the account by signing in again with the same Apple ID. After 30 days, your data is permanently and irreversibly removed from our servers through a cascade delete covering: sessions and messages, mood check-ins, journal entries, assessment results, treatment arcs, homework items, session summaries, crisis events, and user profile data.
Data held by third-party services (e.g. RevenueCat purchase records, Apple account data) is subject to those services' own retention policies.
8. International Data Transfers
Your data is primarily stored within the European Union. However, some third-party services operate in the United States, including Anthropic, Deepgram, Cartesia, RevenueCat, and Apple. When your data is transferred to these services, it is protected by Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR and UK GDPR.
9. Legal Basis for Processing (GDPR / UK GDPR)
If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:
- Contract performance: to provide the Simena service you signed up for, including account management, coaching sessions, journal and check-in storage, and progress tracking.
- Consent: for optional features that require your explicit opt-in, including microphone access for voice coaching, camera access for profile photos, and local notifications.
- Legitimate interest: for service security, fraud prevention, crisis-detection scanning of session content for user safety, and delivering over-the-air app updates.
You may withdraw consent for consent-based processing at any time by disabling the relevant feature or contacting us at privacy@simena.app.
10. Your Rights Under GDPR / UK GDPR
If you are in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:
- Access: request a copy of the data we hold about you
- Rectification: correct inaccurate personal data
- Erasure: delete your account and all associated data
- Portability: receive your data in a machine-readable format
- Restriction: limit how we process your data
- Object: object to processing of your data
- Withdraw consent: withdraw consent at any time where processing is based on consent
- Lodge a complaint: file a complaint with your local data protection authority if you believe your data has been mishandled
To exercise any of these rights, email us at privacy@simena.app. You can also delete your account directly in the app under Settings. We will respond to requests within 30 days.
11. Notifications
Simena uses local notifications only (scheduled check-in reminders, session reminders, in-app crisis prompts). No push notification tokens are sent to our servers. All notification scheduling happens on your device.
12. Camera and Microphone
Simena requests camera and photo library access solely for setting your profile photo. We do not scan documents, capture journal images, or take any other photos. Photos you select are uploaded to your account and stored on our servers as part of your profile data. You can remove or change your profile photo at any time.
Simena requests microphone access only for voice coaching sessions. Recording begins only after you start a voice session and ends as soon as you end the session. Audio is streamed to Deepgram for transcription as described in §3; only the resulting transcript text is retained for session continuity.
13. Children's Privacy
Simena is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@simena.app and we will delete it promptly.
14. Your Rights by Jurisdiction
In addition to the GDPR and UK GDPR rights described above, the following rights may apply based on your location:
United States (California — CCPA/CPRA): California residents have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell your personal information. To exercise your rights, contact us at privacy@simena.app.
Canada (PIPEDA): Canadian users have the right to access, correct, and request deletion of their personal data. We only collect personal information for purposes that a reasonable person would consider appropriate. Contact us at privacy@simena.app to exercise your rights.
Australia (Privacy Act 1988): Australian users may access and correct their personal data under the Australian Privacy Principles. If you believe we have breached the APPs, you may lodge a complaint with us at privacy@simena.app or with the Office of the Australian Information Commissioner (OAIC).
Japan (APPI): Japanese users have the right to request disclosure, correction, and deletion of their personal data. We handle personal information in accordance with the Act on the Protection of Personal Information. Contact us at privacy@simena.app.
South Korea (PIPA): Korean users have the right to access, correct, delete, and suspend processing of their personal data under the Personal Information Protection Act. Contact us at privacy@simena.app to exercise your rights.
For all jurisdictions: regardless of where you are located, you can delete your account and all associated data at any time from Settings within the app.
15. Changes to This Policy
We may update this privacy policy from time to time. If we make material changes, we will notify you through the app or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.
16. Contact Us
If you have questions, concerns, or requests regarding this privacy policy or your personal data, contact us at:
Simena Digital LLC
1021 E Lincolnway, Suite 9026
Cheyenne, WY 82001, United States
Email: privacy@simena.app