Privacy Notice

Last updated: 19 July 2026

This Privacy Notice explains what data Asclepiad holds about you, what we do with it, and what you can ask us to do with it. The controller is Asclepeion Ltd (Company No. 15830285, England and Wales; ICO registration ZB723138).


1. WHAT WE COLLECT

We do NOT collect: your real name, email address, full date of birth, exact age, address, phone number, or biometric identifiers.


2. WHO PROCESSES YOUR DATA

Asclepiad uses the following third-party services. All are contractually bound not to train on your content:

ProviderPurposeLocation
SupabaseAccount and transcript storageUS (UK IDTA + EU SCC)
AnthropicLanguage model — generates AI character repliesUS
ElevenLabsAI voice synthesis; transcription of spoken reflectionsUS
CloudflareEdge processing and audio storageGlobal
PostHogAnonymised product telemetryEU-hosted
SentryCrash reports (PII-scrubbed)US
RevenueCat / Apple / GoogleSubscription billingUS

Everything is encrypted in transit (HTTPS / TLS 1.2+) and at rest (Supabase AES-256 for the database; Cloudflare R2 server-side encryption for audio recordings). Asclepiad does NOT apply end-to-end encryption — the AI characters must be able to read your text to generate their replies.


3. HOW LONG WE KEEP IT

DataRetention
Voice recordings30 days, then deleted automatically
Transcripts and insightsUntil you delete your account
Personalization notesUntil you delete your account
Synicon recipient recordsUntil you archive the recipient + 90 days, then deleted
Subscription stateUntil you delete your account
Coin transaction records (amounts and timestamps)Kept after account deletion in anonymised form — no link to you — for accounting and chargeback obligations
Crash reports90 days
Product telemetry12 months
Consent records (timestamp, version, scope)7 years post-deletion, anonymised

4. WHAT WE DO WITH IT

We use your data to deliver the service to you. We do not sell it. We do not use it for marketing. We do not use it to train AI models. We do not share it with advertisers or data brokers.


5. THE AI CHARACTERS

The voices you hear — Maia, Hortus, and the other Asclepiad characters — are AI. They are generated by language models and voice-synthesis services. They are not human. They are not clinicians. They are companions for reflection — not therapists, not doctors.


6. AUTOMATED DECISIONS

Asclepiad uses one automated process: a classifier that reviews your reflection content for signs of crisis or significant distress. If it detects a high-confidence signal, the app surfaces country-appropriate crisis resources (your Personal Wellbeing Plan) — this only ever adds a safety option; it never withholds, restricts, or changes anything else in the app, and no human reviews the flagged content. A visible support option, including country-appropriate crisis resources, is always available whether or not the classifier ever fires.


7. YOUR RIGHTS

Under UK GDPR you can:

Note: individual session records are kept together as part of your reflection history. Account deletion removes all of it. We do not currently support deleting one session at a time. When you delete your account, all content and metadata are removed; consent records are retained anonymously for seven years for legal compliance (UK Limitation Act 1980), but contain nothing that can identify you.


8. INTERNATIONAL TRANSFERS

Your data may be processed in the United States. We use UK International Data Transfer Agreements (IDTAs) and EU Standard Contractual Clauses (SCCs) for all such transfers.


9. CONTACT

Asclepeion Ltd
Company No. 15830285 (England and Wales)
ICO registration: ZB723138
compliance@asclepeion.org