Privacy Policy
Last updated: June 5, 2026
This Privacy Policy explains how Aku Online Ltd. ("TheraNotes", "we", "us") collects, uses, and shares information when you use the TheraNotes mobile application and related services (the "Service").
Contact
Email: contact@trytheranotes.com
Mail: Aku Online Ltd., 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom
Quick Summary
Who We Are (Controller)
For UK users, Aku Online Ltd. is the "controller" of your personal data under UK data protection laws.
Information We Collect
Information You Provide
- Account information: email address and authentication details handled by our authentication provider.
- Session content you create (depending on what you use): audio recordings (from microphone) and uploaded audio files, session titles, tags, and related notes, transcripts, summaries, insights, themes, emotions, wins, reflection prompts, and action items generated from your sessions.
- Chat content: messages you send in the in-app chat and the AI responses you receive.
- Upcoming session planning (if you use scheduling features): session title, date/time, therapist name, location (as entered by you), and optional notes.
Information Collected From Your Device and App Usage
- Device/app data: basic technical information needed to run the app (e.g., app version, OS type/version, timestamps).
- Analytics events: event and screen-view data used to understand app usage and improve the Service. We configure analytics to reduce collection and we sanitize event properties to avoid sending session/chat content.
- Measurement/attribution data: an identifier generated by our measurement provider, your IP address (for approximate location and fraud prevention), and install/event data (such as installs, registrations, and subscription events) used to measure marketing performance. We do not collect the iOS advertising identifier (IDFA) and we do not show the App Tracking Transparency prompt; on iOS, attribution relies on the operating system's privacy-preserving attribution framework (SKAdNetwork).
Local Storage on Your Device
The app stores certain information on your device:
- SecureStore (encrypted by the OS where available): authentication tokens and basic user identity info.
- AsyncStorage (app storage): app data such as cached sessions/metadata, settings, folders, and chat history.
Guest users can clear local data from within the app or by uninstalling the app. For signed-in users, the in-app "Delete All Data" feature deletes both local app data and associated server-side account data; see "Retention" and "Account and deletion requests."
Permissions and Device Access
Depending on the features you use and your device settings, TheraNotes may request permission to access:
- Microphone: to record audio.
- Files/Storage: to let you select and upload an audio file.
- Notifications: if you enable reminders/notifications.
Your operating system may show additional permission prompts. You can change permissions in your device settings.
How We Use Your Information
We use information to:
- Provide the Service (create and manage sessions, show your history, allow playback, etc.).
- Process audio and generate outputs: upload and store audio files, transcribe audio into text, analyze transcripts to generate summaries, insights, themes, emotions, reflection prompts, and action items.
- Provide AI chat (respond to your messages using AI).
- Provide and manage subscriptions (offer "TheraNotes Pro," process purchases, and verify subscription status).
- Improve the Service (analytics, debugging, and feature development).
- Measure marketing performance (understand which campaigns lead to installs and subscriptions, using privacy-preserving measurement).
- Communicate with you (support requests, operational messages).
- Security and fraud prevention (protect accounts and the Service).
Before AI-powered processing is used, we show an in-app disclosure and require your agreement before relevant content is sent for transcription, analysis, or AI chat responses.
How We Share Information
We share information with service providers ("processors") who help us run the Service. We describe them by category below rather than by name; a current list of the specific providers we use is available on request (see "Contact Us").
Authentication and Database Providers
We use providers for user authentication and to store app data in a database (e.g., sessions, transcripts, summaries, insights, goals/action items, settings).
Cloud Storage Providers
When you record or upload audio for processing, the audio is uploaded to and stored with a cloud storage provider. When you view a session, the backend may provide a time-limited link (a presigned URL) to access the audio.
AI Processing Providers
We use AI processing providers to:
- Transcribe audio into text (including, in some cases, speaker diarization)
- Analyze transcripts to generate summaries and insights
- Generate AI chat responses
Important: for AI chat, the backend may provide the AI processing provider with your chat messages and may also include context from your saved sessions (such as summaries and/or transcripts) to help the AI respond.
Users are shown an in-app disclosure before AI-powered processing is used and must agree before relevant content is sent for processing.
Content sent to our AI processing provider through our API is not used to train its models and is not retained or reused after processing.
Chat storage: we store chat history on your device for convenience. The current Service does not aim to store your full chat history in our primary database, but chat content may be processed transiently by our servers and may appear in operational logs in limited circumstances (for example, error logs), then retained for a limited period.
Analytics Providers
We use an analytics provider to measure usage and improve the app. We disable automatic event capture and sanitize tracked properties to avoid including sensitive session/chat content. Analytics may still include limited technical and usage data (e.g., app screens visited, feature usage events) and an analytics identifier. Our analytics data is hosted in the EU region. You can opt out of analytics in the app.
Install and Marketing Measurement Providers
We use a marketing measurement provider to understand how people discover the app and to measure the effectiveness of our marketing, without tracking you across other apps or websites. We do not collect the iOS advertising identifier (IDFA) and we do not show the App Tracking Transparency prompt. On iOS, attribution relies on the operating system's privacy-preserving attribution framework (SKAdNetwork). The provider may process a device identifier it generates, your IP address (for approximate location and fraud prevention), and app/event data (such as installs, registrations, and subscription events). Aggregated or privacy-preserving conversion measurements may be shared with advertising networks to measure campaign performance. We do not share device-level identifiers with these networks for cross-app advertising.
Subscription and Payment Providers
We offer an optional paid subscription ("TheraNotes Pro"). Purchases are processed by the app store platform, and we use a subscription management provider to validate subscription status. These providers process purchase and subscription data and app/device identifiers needed to deliver and verify your subscription. We do not receive your full payment card details.
Legal and Safety Disclosures
We may share information if we believe it is reasonably necessary to:
- Comply with law or lawful requests
- Protect the safety, rights, and property of users, the public, or our Service
- Prevent fraud, abuse, or security issues
International Transfers (UK/Canada/US)
Our service providers may process data outside your country. Our analytics provider processes data in the EU region. Other providers may process data in the United States. When UK data protection law applies, we rely on appropriate safeguards for international transfers (such as standard contractual clauses and related addenda where applicable).
Legal Bases (UK)
When UK data protection law applies, we process personal data under these legal bases:
- Contract: to provide the Service you request (including managing subscriptions).
- Legitimate interests: to secure, maintain, improve, and measure the performance of the Service (balanced against your rights).
- Consent: where required (e.g., certain permissions, optional features, or AI-powered processing), and you can withdraw consent by changing device/app settings or discontinuing use of those features.
Retention
We retain personal data for as long as needed to provide the Service and for legitimate business purposes (such as security, dispute resolution, and compliance).
- Session deletion: if you delete a session, we delete associated session records from our database and we attempt to delete associated stored audio from our cloud storage provider.
- Delete All Data: for signed-in users, the in-app "Delete All Data" feature deletes both local app data and associated server-side account data. For guest users, it deletes locally stored data on the device.
- Local data: you can also delete local app data using in-app controls or by uninstalling the app.
- Backups/logs: some data may remain for a limited period in backups or logs, then be deleted according to our backup/log retention practices.
Account and Deletion Requests
If you are a signed-in user, the in-app "Delete All Data" feature deletes your account-related data from both the device and our servers, subject to limited backup/log retention described above.
Your Choices and Controls
- Permissions: you can enable/disable permissions (microphone, notifications, etc.) in device settings.
- Analytics: where offered in-app, you can opt out of analytics; otherwise contact us and we will assist where feasible.
- Marketing measurement: because we do not use the IDFA or show a tracking prompt, no app-tracking opt-in is requested; iOS measurement uses the operating system's privacy-preserving attribution framework (SKAdNetwork).
- Local deletion: you can clear local app data from Settings.
- Account: you can sign out at any time.
Your Rights (UK, Canada, US)
Rights vary by location and may be subject to exceptions.
United Kingdom
You may have the right to request access to, correction of, deletion of, or portability of your personal data, and to object to or restrict certain processing. You also have the right to complain to the UK Information Commissioner's Office (ICO).
Canada
You may have rights to access and correct your personal information and to challenge our compliance with applicable privacy principles. Contact us to exercise these rights.
United States
Depending on your state, you may have rights to access, delete, or correct certain personal information and to opt out of certain processing. Contact us to submit a request. We may need to verify your identity before fulfilling requests.
Security
We use reasonable administrative, technical, and organizational measures designed to protect information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
Adults Only (18+)
TheraNotes is intended for adults aged 18 and over and is not directed to children.
Important Note About Health/Therapy Content
TheraNotes is a consumer app intended to support reflection and organization. It is not a substitute for professional medical or therapeutic advice, and it is not intended to be a HIPAA-compliant service for use by covered entities.
Changes to This Policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, where appropriate, provide additional notice in the app or on our website.
Contact Us
If you have questions or requests about this Privacy Policy or your privacy, contact:
Aku Online Ltd.
167-169 Great Portland Street, 5th Floor
London, W1W 5PF
United Kingdom