Privacy Policy

This Privacy Policy explains how Caire collects, uses, stores, and discloses personal information when you use our AI mental health services.

This policy should be read together with our Terms of Service.

• Account information (email, authentication identifiers, profile preferences)
• Conversation data (messages and optional voice interactions)
• Usage and diagnostics data (performance, reliability, abuse prevention, and security)
• Legal/compliance records (terms acceptance timestamps, consent records)

• Provide, secure, and maintain the Services
• Detect abuse, fraud, and safety threats
• Comply with legal obligations
• Improve product quality and reliability
• Produce aggregated, anonymised service evaluation reports, including for academic publication or conference presentation

Training policy: By default, conversation content is not used to train foundation AI models. We only use conversation content for training/fine-tuning if you explicitly opt in.

Service evaluation & aggregated reporting: We may publish or present aggregated, fully anonymised summaries of service outcomes (for example, group-level changes in self-reported questionnaire scores such as PHQ-9, GAD-7, PSS, WHO-5, and Mini Z2, engagement patterns, and feature usage) for service evaluation, quality improvement, academic publication, or conference presentation. All such reports are group-level only; no individual user is identifiable, and free-text conversation content is never included in published outputs.

We may use third-party service providers to process data on our behalf for core service delivery, security, authentication, infrastructure, analytics, and support operations.

These providers are contractually required to protect personal data and process it only for permitted purposes.

Customer data is primarily stored in the United Kingdom.

Some service providers may process data in the US, UK, or EU. Where transfers occur across borders, we use contractual and legal safeguards appropriate for those transfers.

• Active account data: retained while your account is active
• Deleted chat sessions: retained up to 30 days before permanent deletion
• Account deletion requests: core account data deleted within 30 days
• Backups and operational logs: removed on a rolling schedule after deletion workflows complete

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data, and rights to object or request portability where applicable.

You can submit privacy requests by emailing [email protected].

If you have questions about this Privacy Policy, contact [email protected].