Privacy Policy

Last updated: June 5, 2026

This Privacy Policy explains how Aku Online Ltd. ("TheraNotes", "we", "us") collects, uses, and shares information when you use the TheraNotes mobile application and related services (the "Service").

Contact

Email: contact@trytheranotes.com

Mail: Aku Online Ltd., 167-169 Great Portland Street, 5th Floor, London, W1W 5PF, United Kingdom

Quick Summary

What TheraNotes does:Helps you record or upload audio related to therapy/reflection, generate transcripts/summaries/insights, and optionally chat with an AI companion about your content.
Highly sensitive content:Therapy-related notes, audio, transcripts, summaries, and AI outputs can contain sensitive personal information. Please use the Service accordingly.
Key service providers:We rely on trusted service providers for authentication and database hosting, cloud storage of uploaded audio, AI transcription/analysis and chat, analytics (privacy-focused settings, EU data region), privacy-preserving install/marketing measurement, and subscription processing. A current list of named providers is available on request.
AI consent:Before AI-powered processing is used, users are shown an in-app disclosure and must agree before relevant content is sent for processing.
No sale of personal data:We do not sell your personal information.
Age:The Service is intended for adults (18+).

Who We Are (Controller)

For UK users, Aku Online Ltd. is the "controller" of your personal data under UK data protection laws.

Information We Collect

Information You Provide

  • Account information: email address and authentication details handled by our authentication provider.
  • Session content you create (depending on what you use): audio recordings (from microphone) and uploaded audio files, session titles, tags, and related notes, transcripts, summaries, insights, themes, emotions, wins, reflection prompts, and action items generated from your sessions.
  • Chat content: messages you send in the in-app chat and the AI responses you receive.
  • Upcoming session planning (if you use scheduling features): session title, date/time, therapist name, location (as entered by you), and optional notes.

Information Collected From Your Device and App Usage

  • Device/app data: basic technical information needed to run the app (e.g., app version, OS type/version, timestamps).
  • Analytics events: event and screen-view data used to understand app usage and improve the Service. We configure analytics to reduce collection and we sanitize event properties to avoid sending session/chat content.
  • Measurement/attribution data: an identifier generated by our measurement provider, your IP address (for approximate location and fraud prevention), and install/event data (such as installs, registrations, and subscription events) used to measure marketing performance. We do not collect the iOS advertising identifier (IDFA) and we do not show the App Tracking Transparency prompt; on iOS, attribution relies on the operating system's privacy-preserving attribution framework (SKAdNetwork).

Local Storage on Your Device

The app stores certain information on your device:

  • SecureStore (encrypted by the OS where available): authentication tokens and basic user identity info.
  • AsyncStorage (app storage): app data such as cached sessions/metadata, settings, folders, and chat history.

Guest users can clear local data from within the app or by uninstalling the app. For signed-in users, the in-app "Delete All Data" feature deletes both local app data and associated server-side account data; see "Retention" and "Account and deletion requests."

Permissions and Device Access

Depending on the features you use and your device settings, TheraNotes may request permission to access:

  • Microphone: to record audio.
  • Files/Storage: to let you select and upload an audio file.
  • Notifications: if you enable reminders/notifications.

Your operating system may show additional permission prompts. You can change permissions in your device settings.

How We Use Your Information

We use information to:

  • Provide the Service (create and manage sessions, show your history, allow playback, etc.).
  • Process audio and generate outputs: upload and store audio files, transcribe audio into text, analyze transcripts to generate summaries, insights, themes, emotions, reflection prompts, and action items.
  • Provide AI chat (respond to your messages using AI).
  • Provide and manage subscriptions (offer "TheraNotes Pro," process purchases, and verify subscription status).
  • Improve the Service (analytics, debugging, and feature development).
  • Measure marketing performance (understand which campaigns lead to installs and subscriptions, using privacy-preserving measurement).
  • Communicate with you (support requests, operational messages).
  • Security and fraud prevention (protect accounts and the Service).

Before AI-powered processing is used, we show an in-app disclosure and require your agreement before relevant content is sent for transcription, analysis, or AI chat responses.

How We Share Information

We share information with service providers ("processors") who help us run the Service. We describe them by category below rather than by name; a current list of the specific providers we use is available on request (see "Contact Us").

Authentication and Database Providers

We use providers for user authentication and to store app data in a database (e.g., sessions, transcripts, summaries, insights, goals/action items, settings).

Cloud Storage Providers

When you record or upload audio for processing, the audio is uploaded to and stored with a cloud storage provider. When you view a session, the backend may provide a time-limited link (a presigned URL) to access the audio.

AI Processing Providers

We use AI processing providers to:

  • Transcribe audio into text (including, in some cases, speaker diarization)
  • Analyze transcripts to generate summaries and insights
  • Generate AI chat responses

Important: for AI chat, the backend may provide the AI processing provider with your chat messages and may also include context from your saved sessions (such as summaries and/or transcripts) to help the AI respond.

Users are shown an in-app disclosure before AI-powered processing is used and must agree before relevant content is sent for processing.

Content sent to our AI processing provider through our API is not used to train its models and is not retained or reused after processing.

Chat storage: we store chat history on your device for convenience. The current Service does not aim to store your full chat history in our primary database, but chat content may be processed transiently by our servers and may appear in operational logs in limited circumstances (for example, error logs), then retained for a limited period.

Analytics Providers

We use an analytics provider to measure usage and improve the app. We disable automatic event capture and sanitize tracked properties to avoid including sensitive session/chat content. Analytics may still include limited technical and usage data (e.g., app screens visited, feature usage events) and an analytics identifier. Our analytics data is hosted in the EU region. You can opt out of analytics in the app.

Install and Marketing Measurement Providers

We use a marketing measurement provider to understand how people discover the app and to measure the effectiveness of our marketing, without tracking you across other apps or websites. We do not collect the iOS advertising identifier (IDFA) and we do not show the App Tracking Transparency prompt. On iOS, attribution relies on the operating system's privacy-preserving attribution framework (SKAdNetwork). The provider may process a device identifier it generates, your IP address (for approximate location and fraud prevention), and app/event data (such as installs, registrations, and subscription events). Aggregated or privacy-preserving conversion measurements may be shared with advertising networks to measure campaign performance. We do not share device-level identifiers with these networks for cross-app advertising.

Subscription and Payment Providers

We offer an optional paid subscription ("TheraNotes Pro"). Purchases are processed by the app store platform, and we use a subscription management provider to validate subscription status. These providers process purchase and subscription data and app/device identifiers needed to deliver and verify your subscription. We do not receive your full payment card details.

Legal and Safety Disclosures

We may share information if we believe it is reasonably necessary to:

  • Comply with law or lawful requests
  • Protect the safety, rights, and property of users, the public, or our Service
  • Prevent fraud, abuse, or security issues

International Transfers (UK/Canada/US)

Our service providers may process data outside your country. Our analytics provider processes data in the EU region. Other providers may process data in the United States. When UK data protection law applies, we rely on appropriate safeguards for international transfers (such as standard contractual clauses and related addenda where applicable).

Legal Bases (UK)

When UK data protection law applies, we process personal data under these legal bases:

  • Contract: to provide the Service you request (including managing subscriptions).
  • Legitimate interests: to secure, maintain, improve, and measure the performance of the Service (balanced against your rights).
  • Consent: where required (e.g., certain permissions, optional features, or AI-powered processing), and you can withdraw consent by changing device/app settings or discontinuing use of those features.

Retention

We retain personal data for as long as needed to provide the Service and for legitimate business purposes (such as security, dispute resolution, and compliance).

  • Session deletion: if you delete a session, we delete associated session records from our database and we attempt to delete associated stored audio from our cloud storage provider.
  • Delete All Data: for signed-in users, the in-app "Delete All Data" feature deletes both local app data and associated server-side account data. For guest users, it deletes locally stored data on the device.
  • Local data: you can also delete local app data using in-app controls or by uninstalling the app.
  • Backups/logs: some data may remain for a limited period in backups or logs, then be deleted according to our backup/log retention practices.

Account and Deletion Requests

If you are a signed-in user, the in-app "Delete All Data" feature deletes your account-related data from both the device and our servers, subject to limited backup/log retention described above.

Your Choices and Controls

  • Permissions: you can enable/disable permissions (microphone, notifications, etc.) in device settings.
  • Analytics: where offered in-app, you can opt out of analytics; otherwise contact us and we will assist where feasible.
  • Marketing measurement: because we do not use the IDFA or show a tracking prompt, no app-tracking opt-in is requested; iOS measurement uses the operating system's privacy-preserving attribution framework (SKAdNetwork).
  • Local deletion: you can clear local app data from Settings.
  • Account: you can sign out at any time.

Your Rights (UK, Canada, US)

Rights vary by location and may be subject to exceptions.

United Kingdom

You may have the right to request access to, correction of, deletion of, or portability of your personal data, and to object to or restrict certain processing. You also have the right to complain to the UK Information Commissioner's Office (ICO).

Canada

You may have rights to access and correct your personal information and to challenge our compliance with applicable privacy principles. Contact us to exercise these rights.

United States

Depending on your state, you may have rights to access, delete, or correct certain personal information and to opt out of certain processing. Contact us to submit a request. We may need to verify your identity before fulfilling requests.

Security

We use reasonable administrative, technical, and organizational measures designed to protect information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Adults Only (18+)

TheraNotes is intended for adults aged 18 and over and is not directed to children.

Important Note About Health/Therapy Content

TheraNotes is a consumer app intended to support reflection and organization. It is not a substitute for professional medical or therapeutic advice, and it is not intended to be a HIPAA-compliant service for use by covered entities.

Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, where appropriate, provide additional notice in the app or on our website.

Contact Us

If you have questions or requests about this Privacy Policy or your privacy, contact:

Aku Online Ltd.

167-169 Great Portland Street, 5th Floor

London, W1W 5PF

United Kingdom

contact@trytheranotes.com