Privacy Policy

Last updated: January 22, 2026

This Privacy Policy explains how Aku Online Ltd. ("TheraNotes", "we", "us") collects, uses, and shares information when you use the TheraNotes mobile application and related services (the "Service").

Contact

Email: contact@trytheranotes.com

Mail: Aku Online Ltd., 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom

Quick Summary

What TheraNotes does:Helps you record or upload audio related to therapy/reflection, generate transcripts/summaries/insights, and optionally chat with an AI companion about your content.
Highly sensitive content:Therapy-related notes, audio, transcripts, summaries, and AI outputs can contain sensitive personal information. Please use the Service accordingly.
Key third parties:Supabase for authentication and database hosting, AWS S3 for storing uploaded audio files, OpenAI for audio transcription, analysis, and AI chat responses, PostHog for analytics (with privacy-focused settings).
No sale of personal data:We do not sell your personal information.
Age:The Service is intended for adults (18+).

Who We Are (Controller)

For UK users, Aku Online Ltd. is the "controller" of your personal data under UK data protection laws.

Information We Collect

Information You Provide

  • Account information: email address and authentication details via Supabase.
  • Session content you create (depending on what you use): audio recordings (from microphone) and uploaded audio files, session titles, tags, and related notes, transcripts, summaries, insights, themes, emotions, wins, reflection prompts, and action items generated from your sessions.
  • Chat content: messages you send in the in-app chat and the AI responses you receive.
  • Upcoming session planning (if you use scheduling features): session title, date/time, therapist name, location (as entered by you), and optional notes.

Information Collected From Your Device and App Usage

  • Device/app data: basic technical information needed to run the app (e.g., app version, OS type/version, timestamps).
  • Analytics events: event and screen-view data used to understand app usage and improve the Service. We configure analytics to reduce collection and we sanitize event properties to avoid sending session/chat content.

Local Storage on Your Device

The app stores certain information on your device:

  • SecureStore (encrypted by the OS where available): authentication tokens and basic user identity info.
  • AsyncStorage (app storage): app data such as cached sessions/metadata, settings, folders, and chat history.

You can clear local data from within the app (e.g., "Delete All Data" in Settings) or by uninstalling the app. Clearing local data does not necessarily delete server-side data (for example, sessions you have saved to your account); see "Retention" and "Account and deletion requests."

Permissions and Device Access

Depending on the features you use and your device settings, TheraNotes may request permission to access:

  • Microphone: to record audio.
  • Files/Storage: to let you select and upload an audio file.
  • Notifications: if you enable reminders/notifications.

Your operating system may show additional permission prompts. You can change permissions in your device settings.

How We Use Your Information

We use information to:

  • Provide the Service (create and manage sessions, show your history, allow playback, etc.).
  • Process audio and generate outputs: upload and store audio files, transcribe audio into text, analyze transcripts to generate summaries, insights, themes, emotions, reflection prompts, and action items.
  • Provide AI chat (respond to your messages using AI).
  • Improve the Service (analytics, debugging, and feature development).
  • Communicate with you (support requests, operational messages).
  • Security and fraud prevention (protect accounts and the Service).

How We Share Information

We share information with service providers ("processors") who help us run the Service. The categories below reflect the current implementation:

Supabase (Authentication and Database)

We use Supabase for user authentication and to store app data in a database (e.g., sessions, transcripts, summaries, insights, goals/action items, settings).

AWS S3 (Audio File Storage)

When you record or upload audio for processing, the audio is uploaded to and stored in AWS S3. When you view a session, the backend may provide a time-limited link (a presigned URL) to access the audio.

OpenAI (AI Processing)

We use OpenAI to:

  • Transcribe audio into text (including, in some cases, speaker diarization)
  • Analyze transcripts to generate summaries and insights
  • Generate AI chat responses

Important: for AI chat, the backend may provide OpenAI with your chat messages and may also include context from your saved sessions (such as summaries and/or transcripts) to help the AI respond.

Chat storage: we store chat history on your device for convenience. The current Service does not aim to store your full chat history in our primary database, but chat content may be processed transiently by our servers and may appear in operational logs in limited circumstances (for example, error logs), then retained for a limited period.

PostHog (Analytics)

We use PostHog to measure usage and improve the app. We configure analytics to reduce automatic capture and we sanitize tracked properties to avoid including sensitive session/chat content. Analytics may still include limited technical and usage data (e.g., app screens visited, feature usage events).

We do not use PostHog session replay in this app.

Legal and Safety Disclosures

We may share information if we believe it is reasonably necessary to:

  • Comply with law or lawful requests
  • Protect the safety, rights, and property of users, the public, or our Service
  • Prevent fraud, abuse, or security issues

International Transfers (UK/Canada/US)

Our service providers may process data outside your country (including in the United States). When UK data protection law applies, we rely on appropriate safeguards for international transfers (such as standard contractual clauses and related addenda where applicable).

Legal Bases (UK)

When UK data protection law applies, we process personal data under these legal bases:

  • Contract: to provide the Service you request.
  • Legitimate interests: to secure, maintain, and improve the Service (balanced against your rights).
  • Consent: where required (e.g., certain permissions or optional features), and you can withdraw consent by changing device/app settings.

Retention

We retain personal data for as long as needed to provide the Service and for legitimate business purposes (such as security, dispute resolution, and compliance).

  • Session deletion: if you delete a session, we delete associated session records from our database and we attempt to delete associated stored audio from S3.
  • Local data: you can delete local app data using in-app controls or by uninstalling the app.
  • Backups/logs: some data may remain for a limited period in backups or logs, then be deleted according to our backup/log retention practices.

Account and Deletion Requests

If you want to request deletion of your account or server-side data that is not available through in-app controls, email us at contact@trytheranotes.com. We may need to verify your identity before completing the request.

Your Choices and Controls

  • Permissions: you can enable/disable permissions (microphone, notifications, etc.) in device settings.
  • Analytics: where offered in-app, you can opt out of analytics; otherwise contact us and we will assist where feasible.
  • Local deletion: you can clear local app data from Settings.
  • Account: you can sign out at any time.

Your Rights (UK, Canada, US)

Rights vary by location and may be subject to exceptions.

United Kingdom

You may have the right to request access to, correction of, deletion of, or portability of your personal data, and to object to or restrict certain processing. You also have the right to complain to the UK Information Commissioner's Office (ICO).

Canada

You may have rights to access and correct your personal information and to challenge our compliance with applicable privacy principles. Contact us to exercise these rights.

United States

Depending on your state, you may have rights to access, delete, or correct certain personal information and to opt out of certain processing. Contact us to submit a request. We may need to verify your identity before fulfilling requests.

Security

We use reasonable administrative, technical, and organizational measures designed to protect information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Adults Only (18+)

TheraNotes is intended for adults aged 18 and over and is not directed to children.

Important Note About Health/Therapy Content

TheraNotes is a consumer app intended to support reflection and organization. It is not a substitute for professional medical or therapeutic advice, and it is not intended to be a HIPAA-compliant service for use by covered entities.

Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, where appropriate, provide additional notice in the app or on our website.

Contact Us

If you have questions or requests about this Privacy Policy or your privacy, contact:

Aku Online Ltd.

167-169 Great Portland Street, 5th Floor

London, W1W 5PF

United Kingdom

contact@trytheranotes.com