Privacy Policy

Last updated: December 2, 2025

Introduction

At ProcessIt, your privacy and emotional safety are our highest priorities. This Privacy Policy explains how we collect, use, protect, and handle your personal information when you use our trauma-informed recovery resource mobile application (iOS App Store).

We understand the sensitive nature of trauma and emotional processing. Your trust is sacred to us, and we are committed to transparency about our data practices.

Information We Collect

Personal Information

• Account Data: Email address, first name, last name (encrypted in database)
• Authentication: Password (hashed), multi-factor authentication codes, refresh tokens
• Subscription Data: Apple ID, subscription status, subscription purchase history (managed through Apple In-App Purchase)

Usage and Conversation Data

• Chat Conversations: All messages, conversation history, and emotional content (encrypted)
• Usage Analytics: Session events, user engagement metrics
• Technical Data: IP addresses, device information, login timestamps, geographic location
• Healing Tracker Data: Daily check-in responses, progress tracking, and healing action logs

What We Do NOT Collect

• Explicit age verification data
• Sensitive health diagnoses or medical records
• Third-party tracking beyond essential services
• Payment card information (all payments processed by Apple)

Mobile App Permissions

Microphone Access

We request microphone access to enable voice-to-text input for conversations with the AI companion. Voice recordings are processed in real-time and are not permanently stored on our servers. The audio is:

• Converted to text using device-based or cloud-based transcription services
• Processed immediately for AI response generation
• Not saved as audio files on our servers
• Only the transcribed text is stored as part of your conversation history

You can disable microphone access at any time through your iOS device settings. The app will continue to function with text-only input.

Push Notifications

We collect device tokens to send optional daily reminder notifications. These notifications:

• Remind you to check in with the app for daily healing tracking
• Are customizable in the app settings (you can set preferred times or disable them entirely)
• Do not contain sensitive personal information
• Can be enabled or disabled at any time in the app settings or iOS device settings

Device tokens are shared with Expo (our push notification service provider) solely for the purpose of delivering notifications. You can revoke notification permissions at any time.

How We Use Your Information

Primary Uses

• Service Provision: To provide emotional support and trauma-informed emotional processing
• Account Management: To create and maintain your account. Payments are processed by Apple through In-App Purchase—we do not directly process payments.
• AI Processing: To enable Claude AI to provide personalized emotional support
• Communication: To send important notifications and support emails

Analytics and Improvement

• To improve our AI responses and emotional support capabilities
• To analyze usage patterns and enhance user experience
• To ensure system security and prevent abuse

Third-Party Services

Essential Services

• Apple In-App Purchase: All payments are processed by Apple through their In-App Purchase system. We do not directly handle your payment information. Your subscription is managed through your Apple ID.
• RevenueCat: We use RevenueCat to manage your subscription and communicate with Apple's In-App Purchase system. RevenueCat processes your Apple ID and subscription status to manage subscription renewals and cancellations.
• Expo: We use Expo services for push notification delivery. Expo processes device tokens to send notifications to your device. Expo does not have access to your conversation content or personal messages.
• Claude AI (Anthropic): AI processing for emotional support conversations. Chat messages are sent to Claude AI for real-time processing to generate trauma-informed responses.
• AWS: Backend infrastructure and data storage (US East 1 region). All user data, conversations, and account information are stored securely on AWS infrastructure.
• Speech-to-Text Services: Used for converting voice input to text. Voice output (text-to-speech) is not currently available—all responses are delivered as text.

Data Sharing with Third Parties

We only share your data with third parties in these specific circumstances:

• Service Providers: To manage subscriptions (RevenueCat), send push notifications (Expo), and provide AI services (Claude AI)
• Payment Processing: Apple processes all payments directly. We do not receive or store your payment card information.
• Legal Requirements: When required by law or to protect our rights
• Emergency Situations: In crisis situations where professional help is needed

We do NOT share your data with:

• Third-party analytics services
• Advertising networks
• Social media platforms
• Unauthorized third parties

Data Storage and Security

Storage Location

• Cloud Storage: AWS US East 1 region (United States) - All conversations, account data, and healing tracker information are stored securely in the cloud
• Local Device Storage: The mobile app stores certain data locally on your device (healing tracker data, notification preferences, cached conversations) to allow the app to work offline. This local data syncs with our cloud servers when you're authenticated and online.
• Database: MongoDB hosted on AWS infrastructure
• Backup: AWS infrastructure with standard redundancy

Offline Functionality: The app can function offline for viewing cached conversations and accessing previously downloaded content. When you reconnect to the internet, your local data automatically syncs with our cloud servers to ensure your data is up-to-date across all devices.

Security Measures

• Encryption at Rest: All sensitive data encrypted using industry-standard encryption
• Encryption in Transit: HTTPS/TLS for all communications
• Password Security: Bcrypt hashing with salt factor of 10
• Authentication: JWT tokens, multi-factor authentication, rate limiting
• Infrastructure: AWS security groups, IAM roles, audit logging

Data Retention

Message Data

• Automatic Deletion: Messages are automatically deleted after 365 days
• Manual Deletion: Users can delete their account and all data immediately
• TTL Indexes: MongoDB Time To Live indexes ensure automatic cleanup

Account Data

• Account Persistence: User accounts remain until manually deleted
• Token Expiration: Refresh tokens expire after 7 days
• Audit Logs: Maintained for security purposes

Your Rights and Choices

Your Rights

• Access: View your profile and chat history
• Deletion: Complete account deletion with removal of all data
• Portability: Export your chat history
• Correction: Update your profile information
• Withdrawal: Cancel subscriptions and delete accounts

How to Exercise Your Rights

• Access your data through your account settings
• Delete your account through the account deletion feature
• Contact us at team@processit.app for assistance

AI and Machine Learning

Claude AI Processing

• Real-time Processing: Chat messages are processed by Claude AI for emotional support
• No Training Data: Conversations are not used to train AI models
• Secure Transmission: Messages are encrypted before sending to AI services
• Privacy Protection: No personal identifiers are shared with AI services

Safety Protocols

• Crisis Detection: AI recognizes crisis indicators and provides appropriate responses
• Grounding Techniques: Built-in safety protocols for overwhelming emotions
• Professional Resources: Direct users to crisis hotlines when needed

Crisis and Emergency Situations

Crisis Recognition

Our AI system is trained to recognize crisis indicators including:

• Self-harm mentions or intentions
• Dissociation or overwhelming emotions
• Suicidal thoughts or ideation
• Severe emotional distress

Crisis Response

• Immediate Response: AI provides grounding techniques and safety checks
• Escalation: Users are directed to professional crisis resources
• Resources Provided: Crisis hotlines and professional mental health services

Available Crisis Resources

• National Suicide Prevention Lifeline: 1-800-273-8255
• Crisis Text Line: Text HOME to 741741
• SAMHSA National Helpline: 1-800-662-HELP
• Trevor Project: For LGBTQ+ youth
• Trans Lifeline: For transgender support

Age Restrictions and Youth Protection

Age Requirements

• Minimum Age: 16 years old
• Parental Consent: Recommended for users under 18 years old
• Professional Disclaimer: This service is not a substitute for professional mental health care

Youth Safety

• Enhanced safety protocols for younger users
• Clear disclaimers about professional mental health care
• Parental guidance recommendations for users under 18

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Sending you an email notification
• Updating the "Last updated" date at the top of this policy

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: team@processit.app
• Response Time: We aim to respond to privacy inquiries within 48 hours

Legal Basis and Compliance

This Privacy Policy complies with applicable data protection laws including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Children's Online Privacy Protection Act (COPPA)
• Health Insurance Portability and Accountability Act (HIPAA) considerations

Important Disclaimers