[ Legal ]

Privacy
Policy

Last Updated: May 16, 2025

1. Introduction

Willow AI ("we," "our," "us") provides a chat-based AI companion that helps users with self-reflection, personal growth, and mental-wellness exercises (the "Service"). This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you have. By using the Service, you agree to the practices described here.

2. Information We Collect and Generate

Account & Profile Data

  • Email address
  • Display name or nickname
  • Password hash

Conversation Summaries & Metadata

  • A short AI-generated summary of each chat (about one to three sentences)
  • Detected feelings (for example: "anxious," "calm," "motivated")
  • High-level topics discussed (for example: "work stress," "relationships")
  • First names of people mentioned

Note: Full chat text is not stored on our servers after your AI response is delivered.

Technical & Usage Information

  • Device model, operating-system version, preferred language
  • Approximate city-level location derived from IP address
  • Screens viewed, buttons tapped, crash logs, and other diagnostics

Health & Fitness Data (optional)

  • Selected Apple HealthKit metrics you choose to share (such as steps or heart rate)
  • We never write data back to HealthKit

Payment Data

  • Apple transaction and subscription identifiers (we do not see your card details)

We do not collect government ID numbers, precise GPS coordinates, or biometric templates.

3. How We Process Conversations with OpenAI

  • Your message is sent — encrypted — to OpenAI, LLC so the AI can craft a reply and create the brief summary.
  • OpenAI keeps the text for abuse-monitoring for up to 30 days (per their policy) and then deletes it.
  • Willow AI stores only the returned summary and metadata, not the full text.

4. How We Use Your Information

  • Deliver and personalize AI interactions, mood insights, and streaks
  • Validate and manage subscriptions through Apple
  • Improve reliability, security, and user experience via analytics and diagnostics
  • Send essential notices (for example, changes to Terms or security alerts)
  • Comply with legal obligations and protect our rights and users

Our legal bases include performance of a contract, legitimate interests, and your consent (for optional items such as HealthKit and analytics).

5. Sharing and Disclosure

We share information only in these situations:

OpenAI, LLC

To generate chat replies and summaries (see Section 3).

Cloud hosting & analytics providers

To operate and monitor the Service, under strict confidentiality.

Apple

To manage in-app purchases and verify your subscription.

Law enforcement or regulators

When required by law or to protect safety.

Business transfers

If Willow AI is involved in a merger or acquisition (you will be notified beforehand).

We do not sell your personal information.

6. HealthKit Data

If you grant permission, Willow AI reads selected HealthKit metrics to show wellness insights.

  • We never write to HealthKit.
  • Health data is encrypted in transit and at rest.
  • Health data is not shared with advertisers or third parties.

7. Data Retention

Conversation summaries & metadata

Kept until you delete your account or after three years of inactivity, whichever comes first.

Full chat text

Deleted within seconds after the AI response is delivered.

Health data caches

Stored for up to 30 days, then refreshed from HealthKit when needed.

Back-ups

Encrypted and rolled off after 30 days.

Deleting your account in Settings → Privacy Controls (or by emailing us) triggers removal of retained data within 30 days.

8. Security

  • TLS encryption for all network traffic
  • AES-256 encryption at rest
  • Role-based access controls and regular security tests

Although no system is perfect, we follow industry-standard practices to safeguard your data.

9. Your Rights and Choices

  • Access, export, or delete data: Settings → Privacy Controls
  • Revoke HealthKit or location permissions: in iOS Settings
  • Opt-out of analytics: Settings → Preferences

Region-specific privacy laws (e.g., GDPR, CCPA) may grant additional rights — email [email protected] to exercise them.

10. International Transfers

We are based in the United States and may store data in the U.S. or other countries with adequate safeguards (such as Standard Contractual Clauses).

11. Changes to This Policy

We may update this Policy from time to time. For material changes, we will provide at least 30 days' notice in-app or via email. Continued use of the Service after the effective date constitutes acceptance of the revised Policy.