Privacy Policy
Last updated: March 17, 2026
This Privacy Policy explains how Aku Online Ltd. ("TheraNotes", "we", "us") collects, uses, and shares information when you use the TheraNotes mobile application and related services (the "Service").
Contact
Email: contact@trytheranotes.com
Mail: Aku Online Ltd., 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom
Quick Summary
Who We Are (Controller)
For UK users, Aku Online Ltd. is the "controller" of your personal data under UK data protection laws.
Information We Collect
Information You Provide
- Account information: email address and authentication details via Supabase.
- Session content you create (depending on what you use): audio recordings (from microphone) and uploaded audio files, session titles, tags, and related notes, transcripts, summaries, insights, themes, emotions, wins, reflection prompts, and action items generated from your sessions.
- Chat content: messages you send in the in-app chat and the AI responses you receive.
- Upcoming session planning (if you use scheduling features): session title, date/time, therapist name, location (as entered by you), and optional notes.
Information Collected From Your Device and App Usage
- Device/app data: basic technical information needed to run the app (e.g., app version, OS type/version, timestamps).
- Analytics events: event and screen-view data used to understand app usage and improve the Service. We configure analytics to reduce collection and we sanitize event properties to avoid sending session/chat content.
Local Storage on Your Device
The app stores certain information on your device:
- SecureStore (encrypted by the OS where available): authentication tokens and basic user identity info.
- AsyncStorage (app storage): app data such as cached sessions/metadata, settings, folders, and chat history.
Guest users can clear local data from within the app or by uninstalling the app. For signed-in users, the in-app "Delete All Data" feature deletes both local app data and associated server-side account data; see "Retention" and "Account and deletion requests."
Permissions and Device Access
Depending on the features you use and your device settings, TheraNotes may request permission to access:
- Microphone: to record audio.
- Files/Storage: to let you select and upload an audio file.
- Notifications: if you enable reminders/notifications.
Your operating system may show additional permission prompts. You can change permissions in your device settings.
How We Use Your Information
We use information to:
- Provide the Service (create and manage sessions, show your history, allow playback, etc.).
- Process audio and generate outputs: upload and store audio files, transcribe audio into text, analyze transcripts to generate summaries, insights, themes, emotions, reflection prompts, and action items.
- Provide AI chat (respond to your messages using AI).
- Improve the Service (analytics, debugging, and feature development).
- Communicate with you (support requests, operational messages).
- Security and fraud prevention (protect accounts and the Service).
Before AI-powered processing is used, we show an in-app disclosure and require your agreement before relevant content is sent for transcription, analysis, or AI chat responses.
How We Share Information
We share information with service providers ("processors") who help us run the Service. The categories below reflect the current implementation:
Supabase (Authentication and Database)
We use Supabase for user authentication and to store app data in a database (e.g., sessions, transcripts, summaries, insights, goals/action items, settings).
AWS S3 (Audio File Storage)
When you record or upload audio for processing, the audio is uploaded to and stored in AWS S3. When you view a session, the backend may provide a time-limited link (a presigned URL) to access the audio.
OpenAI (AI Processing)
We use OpenAI to:
- Transcribe audio into text (including, in some cases, speaker diarization)
- Analyze transcripts to generate summaries and insights
- Generate AI chat responses
Important: for AI chat, the backend may provide OpenAI with your chat messages and may also include context from your saved sessions (such as summaries and/or transcripts) to help the AI respond.
Users are shown an in-app disclosure before AI-powered processing is used and must agree before relevant content is sent for processing.
Content sent to OpenAI through our API is not used to train OpenAI models and is not retained or reused after processing.
Chat storage: we store chat history on your device for convenience. The current Service does not aim to store your full chat history in our primary database, but chat content may be processed transiently by our servers and may appear in operational logs in limited circumstances (for example, error logs), then retained for a limited period.
PostHog (Analytics)
We use PostHog to measure usage and improve the app. We configure analytics to reduce automatic capture and we sanitize tracked properties to avoid including sensitive session/chat content. Analytics may still include limited technical and usage data (e.g., app screens visited, feature usage events).
We do not use PostHog session replay in this app.
Legal and Safety Disclosures
We may share information if we believe it is reasonably necessary to:
- Comply with law or lawful requests
- Protect the safety, rights, and property of users, the public, or our Service
- Prevent fraud, abuse, or security issues
International Transfers (UK/Canada/US)
Our service providers may process data outside your country (including in the United States). When UK data protection law applies, we rely on appropriate safeguards for international transfers (such as standard contractual clauses and related addenda where applicable).
Legal Bases (UK)
When UK data protection law applies, we process personal data under these legal bases:
- Contract: to provide the Service you request.
- Legitimate interests: to secure, maintain, and improve the Service (balanced against your rights).
- Consent: where required (e.g., certain permissions, optional features, or AI-powered processing), and you can withdraw consent by changing device/app settings or discontinuing use of those features.
Retention
We retain personal data for as long as needed to provide the Service and for legitimate business purposes (such as security, dispute resolution, and compliance).
- Session deletion: if you delete a session, we delete associated session records from our database and we attempt to delete associated stored audio from S3.
- Delete All Data: for signed-in users, the in-app "Delete All Data" feature deletes both local app data and associated server-side account data. For guest users, it deletes locally stored data on the device.
- Local data: you can also delete local app data using in-app controls or by uninstalling the app.
- Backups/logs: some data may remain for a limited period in backups or logs, then be deleted according to our backup/log retention practices.
Account and Deletion Requests
If you are a signed-in user, the in-app "Delete All Data" feature deletes your account-related data from both the device and our servers, subject to limited backup/log retention described above.
Your Choices and Controls
- Permissions: you can enable/disable permissions (microphone, notifications, etc.) in device settings.
- Analytics: where offered in-app, you can opt out of analytics; otherwise contact us and we will assist where feasible.
- Local deletion: you can clear local app data from Settings.
- Account: you can sign out at any time.
Your Rights (UK, Canada, US)
Rights vary by location and may be subject to exceptions.
United Kingdom
You may have the right to request access to, correction of, deletion of, or portability of your personal data, and to object to or restrict certain processing. You also have the right to complain to the UK Information Commissioner's Office (ICO).
Canada
You may have rights to access and correct your personal information and to challenge our compliance with applicable privacy principles. Contact us to exercise these rights.
United States
Depending on your state, you may have rights to access, delete, or correct certain personal information and to opt out of certain processing. Contact us to submit a request. We may need to verify your identity before fulfilling requests.
Security
We use reasonable administrative, technical, and organizational measures designed to protect information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
Adults Only (18+)
TheraNotes is intended for adults aged 18 and over and is not directed to children.
Important Note About Health/Therapy Content
TheraNotes is a consumer app intended to support reflection and organization. It is not a substitute for professional medical or therapeutic advice, and it is not intended to be a HIPAA-compliant service for use by covered entities.
Changes to This Policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, where appropriate, provide additional notice in the app or on our website.
Contact Us
If you have questions or requests about this Privacy Policy or your privacy, contact:
Aku Online Ltd.
167-169 Great Portland Street, 5th Floor
London, W1W 5PF
United Kingdom