Privacy Policy
written like we mean it.

Theraseek is operated by TheraSeek Technologies Private Limited, a company incorporated under the Companies Act, 2013, with registered office in India. Theraseek is an AI-powered emotional wellbeing companion designed to provide a private, accessible, and always-available space for reflection — not a replacement for licensed clinical care.

For all privacy-related queries, data requests, or complaints, contact our designated Grievance Officer:

• Email: privacy@theraseek.ai
• Response time: Within 72 hours for acknowledgment; 30 days for resolution
• Postal address: [Registered office address — to be inserted before launch]

We collect as little as technically possible. Every data point below has a direct, stated purpose — we do not collect data "just in case." Here is everything we have access to, split by where it lives:

Waitlist & account data. When you join our waitlist, you provide an email address. This is used only to notify you when Theraseek launches or when your early access slot is ready. It is never sold, never used for profiling, and never shared with advertising partners.

Conversation content. Every word you speak or type to Theraseek is processed entirely on your device using a locally-run model. No audio, no text, and no AI response leaves your phone. We do not have access to the content of your sessions — not now, not ever.

Anonymised usage diagnostics. If you opt into crash reporting, we receive anonymous technical data (crash stack traces, device OS version, app version). This data contains no conversation content and cannot identify you. Opting out has no impact on the service.

We use data only for these specific purposes, under the lawful bases noted:

• Waitlist email — to send you launch notifications and access credentials. Lawful basis: consent (you submitted the form). You can unsubscribe at any time.
• Subscription information — to verify your plan entitlements and process payments via our payment partner. Lawful basis: contract performance.
• Anonymous crash diagnostics — to fix bugs and improve app stability. Lawful basis: legitimate interest (improving safety and reliability). Opt-out available in Settings.
• Aggregate anonymised patterns — to understand general usage (e.g., what features are used most). No conversation content. No individual identification possible. Lawful basis: legitimate interest.

We do not use any data for advertising, behavioural profiling, or sale to third parties — ever. We do not use your conversation data to train AI models, ours or anyone else's.

Most mental health apps process your conversations on remote servers. That means a copy of what you said lives somewhere outside your phone — on a cloud provider, accessible to engineers, potentially discoverable by legal process. Theraseek is designed differently, by technical choice, not just policy.

• Speech recognition (STT) runs on-device. Your voice never travels over the internet.
• AI responses are generated by a locally-hosted, fine-tuned model running on your device. There are no calls to OpenAI, Google, Anthropic, or any third-party LLM API during a session.
• Text-to-speech (TTS) runs on-device. Theraseek's voice is synthesised locally.
• Memory & conversation history are stored in an AES-256 encrypted local database on your device. Only your device's secure enclave holds the decryption key.
• Optional backup — if you choose to back up conversations (e.g., for device migration), backups are zero-knowledge encrypted before leaving your device. We hold the encrypted blob; we do not hold the key.

We share data only with the following categories of third parties, and only the minimum necessary data for each:

• Payment processors (e.g., Razorpay) — your payment details and subscription status. Governed by their own PCI-DSS compliant privacy terms. We never see your full card number.
• Transactional email providers — your email address, to deliver launch notifications and receipts only.
• Crash reporting tool — anonymous technical data only, if you opted in. No conversation content. No PII.
• Legal obligations — we may disclose account-level data (not conversation data, which we don't have) if required by Indian law, court order, or to prevent imminent harm.

We do not sell data. We do not share data with advertisers. We do not participate in data broker networks. We do not share data with your employer, insurer, or any institution unless you are using an institutional version and have separately consented to that arrangement.

• Waitlist email: Until you unsubscribe or 24 months after the waitlist closes, whichever is sooner.
• Account data: For the duration of your subscription plus 90 days after account deletion (to resolve billing disputes), then permanently deleted.
• Conversation data: Stored on your device only. Duration is controlled entirely by you. Delete the app, delete the data.
• Anonymous diagnostics: Retained for 12 months in aggregated, non-identifiable form.
• Payment records: Retained for 8 years as required by the Income Tax Act, 1961. Stored by our payment processor, not us.

Depending on your jurisdiction, you may have the following rights regarding the data we hold on our servers (account and subscription data — not on-device conversation data, which only you control):

• Right to access — request a copy of the data we hold about you
• Right to correction — ask us to correct inaccurate data
• Right to erasure — ask us to delete your account and associated data
• Right to portability — receive your account data in a structured format
• Right to withdraw consent — for waitlist communications and optional diagnostics
• Right to nominate — under DPDPA 2023, you may nominate another person to exercise your rights in the event of your death or incapacity

To exercise any of these rights, email privacy@theraseek.ai. We will acknowledge your request within 72 hours and fulfil it within 30 days. We may ask you to verify your identity before actioning a request. We will not charge a fee for reasonable requests.

If you believe we have handled your data unlawfully, you have the right to lodge a complaint with the Data Protection Board of India (once operational) or the relevant supervisory authority in your jurisdiction.

Theraseek is intended for users aged 18 and above. Users aged 13–17 may only use Theraseek with verifiable parental or guardian consent obtained in writing to privacy@theraseek.ai. In that case, the Terms of Service constitute a contract between Theraseek and the parent or guardian.

Children under 13 years of age are strictly prohibited from creating an account or using the Service. If we discover that a child under 13 has provided personal data without parental consent, we will delete it immediately.

Theraseek includes a crisis detection layer that operates locally on your device. If language patterns suggest you may be at risk of harm to yourself or others, Theraseek will surface emergency helpline information immediately.

This crisis detection is hardcoded and cannot be disabled by any conversation flow. The helpline information presented is static, verified, and does not pass through an AI generation step — it always shows the correct emergency contacts for your region.

India crisis resources:

• iCall (TISS): 9152987821
• Vandrevala Foundation: 1860-2662-345 (24/7)
• AASRA: 9820466627
• National Emergency: 112

In extreme circumstances where we have credible reason to believe there is an imminent risk of serious harm, applicable law may require us to act even with limited data. Our ability to do so is constrained by the fact that we do not have access to conversation content. We cannot surveil your sessions. We urge you to call emergency services directly if you or someone you know is in immediate danger.

We will notify you of material changes to this policy by email (if you have an account) and by an in-app notice at least 14 days before the changes take effect. Continued use of Theraseek after the effective date constitutes acceptance of the revised policy. If you do not accept a material change, you may close your account and request deletion of your data before the effective date.

A full version history of this policy will be maintained and publicly accessible at theraseek.ai/legal/changelog.