Ethereya

Privacy Policy

Effective date: 2026-04-13 · Last updated: 2026-04-13

Contents

Who we are
Data we collect
How we use your data
Lawful bases (GDPR)
Who we share data with
How long we keep data
International transfers
Your rights
Security
Children
Changes to this policy
Contact us

1. Who we are

Ethereya is an AI-powered journaling and self-reflection mobile application that combines guided journaling, an AI companion ("E"), and astrological, numerological, and Human Design insights reports. This Privacy Policy explains what personal data Ethereya LLC ("Ethereya", "we", "us", or "our") collects when you use the Ethereya app or the website at ethereya.com, how we use it, who we share it with, and the rights you have over it.

Ethereya is intended exclusively for users aged 18 and older.

2. Data we collect

We collect the following categories of personal data:

Account and profile data

Name: first, middle, and last name as entered during onboarding.
Email address: used for authentication and account recovery.
Password: stored as a secure one-way hash. We never see or store your plaintext password.
Birth data: birth date, birth time (if known), and birth city with approximate latitude/longitude. Used only to generate astrological, numerological, and Human Design content.
Intent and desire selections: free-choice categories captured during onboarding to personalize your experience.
Consent records: we store a record of the consents you grant (age, astrology-as-entertainment, third-party AI processing) along with the timestamp, IP address, and user agent at the moment of consent. These records prove consent was obtained and are required by privacy law.

Content you create

Journal entries: free-text entries, mood tags, emotions, activities, body sensations, and any other content you write in the app.
Chat messages with E: your messages and the AI-generated responses from our AI companion.
Generated reports: astrology, numerology, Human Design, and compatibility insights reports generated from your birth data.
Moderation reports: when you report an AI message, we store the reported message and any reason you provide.

Friend connections

Hashed contact identifiers: if you choose to find friends on Ethereya, we read your device contacts and create SHA-256 hashes of phone numbers and email addresses, using a server-provided salt. Only the hashes are transmitted to our servers. We never receive or store your raw contact list.
Friendships and privacy settings: when you connect with a friend or block a user, we store that relationship.

Subscription and purchase data

Purchase history: subscription state, product identifiers, and entitlement records. Payment and billing information is handled exclusively by Apple — we never see your payment card or Apple ID details.

Technical and diagnostic data

Crash data and diagnostics: automatically collected stack traces, device model, and OS version if the app crashes. This data is configured to exclude personally identifiable information.
User ID: an internal numeric identifier we assign to your account.

What we do not collect

We do not collect: your phone number, precise location, health data (other than anything you voluntarily write in a journal entry), camera or microphone data, photo library access, or advertising identifiers. Ethereya does not engage in cross-app tracking and does not integrate any third-party advertising networks.

3. How we use your data

To provide the core Ethereya experience — journaling, AI chat, reports, friend connections, subscription access.
To personalize your insights — your birth data is used to generate astrological, numerological, and Human Design content.
To keep you safe — we analyze inbound chat messages using a keyword-based safety layer to detect expressions of distress and surface crisis resources when appropriate.
To communicate with you — for account-related notifications, password reset, and service announcements.
To diagnose and fix problems — crash and performance data helps us identify and resolve bugs.
To comply with legal obligations — retaining records required by tax, accounting, and consumer protection law.

4. Lawful bases for processing (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following lawful bases under Article 6 of the General Data Protection Regulation:

Contract performance (Art. 6(1)(b)) — for account creation, authentication, birth-data-driven report generation, and core app functionality.
Explicit consent (Art. 6(1)(a)) — for sharing chat data with Fireworks AI (our third-party AI provider), for importing contacts, and for acknowledging the age and entertainment-use disclaimers.
Legitimate interest (Art. 6(1)(f)) — for crash reporting, fraud prevention, and internal analytics that do not involve profiling or automated decision-making with legal effect.

Special category data (Art. 9): journal entries and AI chat messages may reveal information about your mental health, beliefs, or other sensitive categories. We treat this content as special category data and process it only with your explicit consent, which you grant when you create an account.

We share personal data only with the following categories of recipients, and only to the extent necessary to provide the service:

Service providers (data processors)

Fireworks AI — processes your AI chat messages and report-generation prompts to produce responses. Fireworks AI operates under zero-retention terms: your messages exist only in volatile memory during processing, are not stored on Fireworks servers, and are not used to train any model. SOC 2 Type II audited.
RevenueCat — manages our subscription billing integration with Apple. Receives your user identifier and subscription events.
Sentry — receives crash reports and performance telemetry with personally identifiable information stripped (the sendDefaultPii flag is set to false).
Railway — provides the cloud infrastructure where our backend application and database run.

Each service provider is bound by a data processing agreement and may process personal data only on our instructions.

Legal and safety disclosures

We may disclose personal data if required by law, court order, or lawful government request; to protect our rights, property, or safety, or that of our users or others; or to prevent fraud or illegal activity.

Business transfers

If Ethereya is involved in a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you before your data becomes subject to a different privacy policy.

We do not sell your data

We do not sell personal data to third parties, and we have not done so in the past 12 months. If you are a California resident, you have a right under the California Consumer Privacy Act to opt out of "sales" — there is nothing to opt out of because we do not sell your data.

6. How long we keep data

Account, profile, journal, chat, and report data: retained for as long as your account is active. When you delete your account, your account enters a 30-day soft-delete grace window during which you can restore it. After 30 days, all account data is permanently deleted.
Crash and diagnostic data: retained for up to 90 days in Sentry.
Consent records and moderation reports: retained for as long as your account is active, then deleted with the account.
Legal and tax records: where applicable law requires longer retention (for example, for tax reporting), we retain only the minimum records required.

7. International transfers

Ethereya is based in the United States. Our service providers (Fireworks AI, RevenueCat, Sentry, Railway) are also located in the United States. If you access Ethereya from outside the United States, your personal data will be transferred to the United States for processing.

For users in the European Economic Area, United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the mechanism for lawful cross-border transfer, together with additional technical and organizational safeguards (encryption in transit, access controls, processor agreements).

8. Your rights

Depending on where you live, you may have the following rights:

Right of access — you can request a copy of the personal data we hold about you.
Right to erasure ("right to be forgotten") — you can delete your account from the app at Settings → Delete Account, or from the web at ethereya.com/delete-account. Deletion cascades to all personal data after the 30-day grace window.
Right to rectification — you can update your profile information directly in the app.
Right to data portability — you can request an export of your account data in a machine-readable format.
Right to object / restrict processing — you can revoke consent for AI data processing at any time in Settings. Note that chat features become unavailable without this consent.
Right to withdraw consent — withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.
Right to lodge a complaint — EU users may complain to their local data protection authority.

To exercise any right other than account deletion (which is self-service), contact us at privacy@ethereya.com. We will respond within 30 days.

9. Security

We apply industry-standard technical and organizational measures to protect your data, including: encryption in transit (TLS 1.2 or higher), encryption at rest, salted password hashing, short-lived session tokens, client-side hashing of imported contacts, and access controls limiting who can view production data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Children

Ethereya is not intended for and is not directed at children under 18. During account creation, we ask for your date of birth and block users whose computed age is less than 18. If you believe a child under 18 has created an account, please contact us at privacy@ethereya.com and we will delete the account promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.

12. Contact us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

Email: privacy@ethereya.com
Support: support@ethereya.com
Mailing address: Ethereya LLC · 105 Bannock St, Malad, ID 83252, USA

For data protection inquiries from EU users, you can also contact our Data Protection Officer at privacy@ethereya.com.