Privacy Policy

A legal disclaimer

🔒 Privacy at a Glance

• Your conversations are encrypted and stored securely

• We never sell your personal data to third parties

• AI processes your messages to generate responses (see Section 7)

• You can delete your data at any time from your account settings

• GDPR, CCPA/CPRA compliant — exercise your rights anytime

1. Introduction

Welcome to HeartScene ("we," "us," "our," or the "Company"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you access or use our website, mobile application, and related services (collectively, the "Service").

By using HeartScene, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy is compliant with:

• General Data Protection Regulation (GDPR) — European Union

• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) — California, USA

• Other applicable data protection laws

2. Definitions

For the purposes of this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person.

• "Processing" means any operation performed on Personal Data, whether automated or not.

• "Data Subject" means the individual to whom Personal Data relates (you, the user).

• "Service Provider" means any third party that processes data on our behalf.

• "AI Companion" means the artificial intelligence-powered chat entities within HeartScene.

• "Cookies" means small data files stored on your device.

3. Data Controller Information

Data Controller:

MelakuNet Digital Solution

Operated by: Etefworkie Ademe Melaku

Email: privacy@heartscene.app

Website: heartscene.app

As the Data Controller, we determine the purposes and means of processing your Personal Data and are responsible for ensuring compliance with applicable data protection laws.

4. Information We Collect

4.1 Information You Provide Directly

• Account Information: Email address, display name, profile picture (optional)

• Chat Content: Messages you send to AI companions (including interactions with Study Buddy, Dating Trainer, and Meditation Trainer personas), custom companion configurations

• Payment Information: Billing address, payment method details (processed by Stripe/PayPal — we do not store full card numbers)

• Support Communications: Messages sent to customer support

• User Preferences: Theme settings, notification preferences, companion preferences

4.2 Information Collected Automatically

• Device Information: Device type, operating system, browser type, screen resolution

• Usage Data: Pages visited, features used, time spent, click patterns

• Log Data: IP address, access times, referring URLs, error logs

• Location Data: Approximate location based on IP address (country/region level only)

4.3 Information from Third Parties

• OAuth Providers: If you sign in via Google, we receive your email, name, and profile picture

• Payment Processors: Transaction confirmations and payment status from Stripe/PayPal

• Analytics Services: Aggregated usage statistics

5. Legal Basis for Processing (GDPR)

We process your Personal Data under the following legal bases:

PurposeLegal Basis

Providing the ServiceContract Performance (Art. 6(1)(b))

Processing paymentsContract Performance (Art. 6(1)(b))

AI processing of messagesConsent (Art. 6(1)(a))

Analytics and improvementLegitimate Interest (Art. 6(1)(f))

Marketing communicationsConsent (Art. 6(1)(a))

Legal complianceLegal Obligation (Art. 6(1)(c))

Fraud preventionLegitimate Interest (Art. 6(1)(f))

6. How We Use Your Information

We use your Personal Data for the following purposes:

6.1 Service Delivery

• Creating and managing your account

• Providing AI companion chat functionality

• Processing transactions and managing subscriptions

• Syncing data across your devices

6.2 Service Improvement

• Analyzing usage patterns to improve features

• Developing new features based on user feedback

• Training and improving AI response quality (using anonymized data)

• Fixing bugs and technical issues

6.3 Communication

• Sending transactional emails (receipts, account updates)

• Providing customer support

• Sending marketing communications (with consent)

• Notifying you of policy changes

6.4 Safety and Security

• Preventing fraud and abuse

• Enforcing our Terms of Service

• Protecting user safety

• Complying with legal requirements

7. AI Processing Disclosure

⚠️ Important AI Disclosure

HeartScene uses artificial intelligence to generate chat responses. This section explains how your data is processed by AI systems.

7.1 How AI Processing Works

• Your messages are sent to AI language models (currently Claude by Anthropic) to generate responses

• AI companions are not real people — they are software programs

• Responses are generated in real-time based on your input and companion personality

• We may store conversation history to provide context for future conversations

7.2 AI Training Data

• We may use anonymized and aggregated conversation data to improve our AI systems

• Personal identifiers are removed before any data is used for training

• You can opt out of having your data used for training in account settings

7.3 Third-Party AI Providers

We use Anthropic's Claude API to power AI responses. Messages sent to AI companions are transmitted to Anthropic for processing. Please review Anthropic's Privacy Policy for information on their data practices.

7.4 Automated Decision-Making

AI-generated responses constitute automated decision-making. Under GDPR Article 22, you have the right to:

• Request human intervention for significant decisions

• Express your point of view regarding AI outputs

• Contest decisions made solely by automated processing

8. Data Sharing and Third Parties

We do not sell your Personal Data. We may share your information with:

8.1 Service Providers

ProviderPurposeData Shared

Supabase Database & Authentication Account data, conversations

Anthropic (Claude)AI Response Generation Chat messages

Stripe Payment Processing Payment information

PayPal Payment Processing Payment information

Netlify Hosting Access logs, IP addresses

Google OAuthAuthenticationEmail, profile (with consent)

8.2 Legal Disclosures

We may disclose your information if required to:

• Comply with a legal obligation, court order, or government request

• Protect our rights, property, or safety

• Prevent fraud or illegal activity

• Protect the safety of our users or the public

8.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws.

For transfers from the European Economic Area (EEA), UK, or Switzerland, we ensure adequate safeguards through:

• Standard Contractual Clauses (SCCs) approved by the European Commission

• Data processing agreements with our service providers

• Transfers to countries with adequacy decisions

10. Data Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted using TLS 1.3 encryption

• Encryption at Rest: Database encrypted using AES-256

• Access Controls: Role-based access with multi-factor authentication for staff

• Row-Level Security: Database policies ensure users can only access their own data

• Regular Audits: Periodic security assessments and vulnerability testing

• Secure Development: Security reviews in our development process

While we strive to protect your data, no method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately.

11. Data Retention

We retain your Personal Data for the following periods:

Data TypeRetention Period

Account informationUntil account deletion + 30 days

Chat conversationsUntil deleted by user or account deletion

Payment records7 years (legal requirement)

Usage analytics26 months (anonymized)

Support communications3 years

Server logs90 days

After the retention period, data is securely deleted or anonymized. You may request earlier deletion of your data at any time.

12. Your Rights Under GDPR (European Users)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have the following rights:

• Right to Access (Art. 15): Request a copy of your Personal Data

• Right to Rectification (Art. 16): Correct inaccurate or incomplete data

• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")

• Right to Restrict Processing (Art. 18): Limit how we use your data

• Right to Data Portability (Art. 20): Receive your data in a machine-readable format

• Right to Object (Art. 21): Object to processing based on legitimate interests

• Right to Withdraw Consent (Art. 7): Withdraw consent at any time

• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise your rights, contact us at privacy@heartscene.app. We will respond within 30 days.

13. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

13.1 Your Rights

• Right to Know: Request disclosure of Personal Information collected, used, and shared

• Right to Delete: Request deletion of your Personal Information

• Right to Correct: Request correction of inaccurate Personal Information

• Right to Opt-Out: Opt out of the sale or sharing of Personal Information

• Right to Limit Use: Limit use of sensitive Personal Information

• Right to Non-Discrimination: Not be discriminated against for exercising your rights

13.2 Categories of Personal Information

In the past 12 months, we have collected the following categories of Personal Information:

• Identifiers (email address, account name, IP address)

• Commercial information (purchase history, subscription status)

• Internet activity (browsing history, interactions with the Service)

• Inferences (preferences, characteristics derived from usage)

13.3 "Do Not Sell or Share My Personal Information"

We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising. If this changes, we will update this policy and provide an opt-out mechanism.

13.4 How to Submit Requests

To exercise your CCPA/CPRA rights:

• Email: privacy@heartscene.app

• Use account settings to delete your data

We will verify your identity before fulfilling requests. You may designate an authorized agent to submit requests on your behalf.

14. Cookies and Tracking Technologies

14.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies to provide, secure, and improve our Service.

14.2 Types of Cookies We Use

TypePurposeDuration

EssentialAuthentication, security, core functionalitySession

FunctionalRemember preferences, settings1 year

AnalyticsUnderstand usage patterns26 months

14.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality. For more information, visit allaboutcookies.org.

15. Children's Privacy

🔞 Age Restriction

HeartScene is intended for users who are at least 18 years old. We do not knowingly collect Personal Data from anyone under 18.

If we learn that we have collected Personal Data from a child under 18, we will take steps to delete that information as quickly as possible. If you believe a child under 18 has provided us with Personal Data, please contact us at privacy@heartscene.app.

16. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that sends a signal to websites requesting that your browsing behavior not be tracked. Currently, there is no uniform standard for interpreting DNT signals. Our Service does not currently respond to DNT signals, but we provide other privacy controls as described in this policy.

16.5 Specialized AI Companion Disclaimers

HeartScene offers specialized AI companions designed to support various aspects of personal development. It is important to understand the scope and limitations of these AI services:

📚 Study Buddy AI

Study Buddy companions are not certified tutors, teachers, or educational professionals. They are AI-powered tools designed to provide motivation, general learning support, and study organization assistance. They do not replace qualified educators or professional academic tutoring services.

💘 Dating Trainer AI

Dating Trainer companions are designed for social skills practice and confidence building in a safe, judgment-free environment. They are not licensed relationship counselors, therapists, or mental health professionals. Dating Trainers should not be used as a substitute for professional relationship counseling, therapy, or mental health treatment.

🧘 Meditation Trainer AI

Meditation Trainer companions provide general mindfulness guidance, breathing techniques, and stress-reduction practices. They are not licensed therapists, psychiatrists, psychologists, or medical professionals. They should not be used as a substitute for professional mental health treatment, medical care, or crisis intervention services. If you are experiencing a mental health crisis, severe anxiety, depression, or any other serious mental health condition, please consult a qualified healthcare provider immediately or contact emergency services.

⚠️ Important: When to Seek Professional Help

HeartScene AI companions are supplementary tools and do not replace professional services. Please seek qualified professional help if you:

• Are experiencing suicidal thoughts or self-harm urges (Call 988 - Suicide & Crisis Lifeline)

• Have severe depression, anxiety, PTSD, or other mental health conditions

• Need academic tutoring for critical exams or coursework

• Require professional relationship or couples counseling

• Are dealing with trauma, abuse, or addiction

• Have any medical or psychological condition requiring professional treatment

By using HeartScene's specialized AI companions, you acknowledge and agree that they are entertainment and self-improvement tools only, not substitutes for professional services. HeartScene and its operators assume no liability for outcomes resulting from reliance on AI companion advice or guidance.

17. Policy Updates

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy

• Notify you via email or in-app notification (for significant changes)

• Provide a summary of changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.

18. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries

Email: privacy@heartscene.app

Subject Line: "Privacy Request - [Your Request Type]"

General Support

Email: support@heartscene.app

Data Protection Officer

Email: dpo@heartscene.app

We will respond to all legitimate requests within 30 days (or within the timeframe required by applicable law).

This Privacy Policy was drafted in accordance with the requirements of the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other applicable data protection laws. This document should be reviewed by a qualified legal professional before final implementation.