Privacy Policy
herapy — Voice & Text Wellness Support
Effective date: June 02, 2025 Last updated: June 02, 2025
1. Who We Are
herapy is developed and operated by ICI Tech Teknoloji A.Ş. ("Company", "we", "us", or "our"), a technology company registered in Turkey.
| Company | ICI Tech Teknoloji A.Ş. |
| Website | https://herapy.app/ |
| app@icitech.com.tr | |
| Data Controller | ICI Tech Teknoloji A.Ş. |
Important Disclaimer: herapy is not a therapy service, clinical diagnosis tool, medical device, or licensed mental health treatment. It is a personal support companion for everyday stress, anxiety, and overwhelm. For clinical-level support, please consult a qualified healthcare professional.
2. Scope
This Privacy Policy applies to:
- The herapy iOS app (Apple App Store)
- The herapy Android app (Google Play)
- The herapy website at https://herapy.app/
- All related support and communication channels
EEA and UK users: Please also read our GDPR Privacy Notice, which applies alongside this Policy.
herapy is free to use. We do not collect payment information.
3. Data We Collect
3.1 Account Information (Optional)
An account is not required to use herapy. You may use the app as a guest without creating an account.
If you choose to create an account:
- Email address
- Password (stored as a one-way hash — we never see your plain-text password)
- Optional: display name, profile photo
3.2 Mood and Emotional Check-in Data
- Daily mood selections and emotional state self-reports
- Check-in history and streaks
- Recurring emotional themes identified from your entries
This data relates to your emotional and mental wellbeing and is treated with heightened care. It is processed only with your explicit consent and is never shared with advertising platforms.
3.3 Voice Session Data
- Session timestamps (start and end times)
- Session duration
Your voice is never sent to our servers. Voice content is processed entirely on your device. We receive only session timing metadata — not audio content, transcripts, or any spoken words. See Section 4 for full details.
3.4 Text Session Data
- Text content you type during text-based coaching sessions
- Session timestamps and duration
3.5 Memory and Personalization Data
- Personal context and preferences you save in the app's memory controls
- This data helps the app support you more consistently across sessions
3.6 Weekly Insights and Analytics Data
- Mood trend summaries
- Session consistency scores
- Progress highlights and weekly reviews
3.7 Device and Technical Data
- Device type and model, OS version, app version
- IP address (truncated where possible), time zone
- App session timestamps, crash logs, error reports
3.8 Push Notification Data
- Device push token (if you grant permission)
- Notification delivery and open events
3.9 Communications Data
- Email address and message content when you contact us for support
3.10 Legal and Compliance Data
- Records required by applicable Turkish law, regulatory correspondence
4. Voice Data — A Special Note
herapy is voice-first by design. Here is exactly how your voice is handled:
| What happens | Details |
|---|---|
| Voice recording | Captured on your device only |
| Processing location | On your device — not our servers |
| Transmission to servers | Never — audio content is not sent anywhere |
| Storage on servers | None — we store only session timestamps and duration |
| Third-party access to audio | None |
| Training AI models | Never — we do not use your voice to train any model |
Microphone permission is required to use voice sessions. You can revoke this permission at any time:
- iOS: Settings → Privacy & Security → Microphone → herapy → Off
- Android: Settings → Apps → herapy → Permissions → Microphone → Deny
Revoking microphone permission disables voice sessions only. All other features remain available.
5. How We Collect Your Data
| Method | Examples |
|---|---|
| Directly from you | Account registration (optional), mood check-ins, text session entries, memory preferences |
| Automatically | Session timestamps, crash reports, device info |
| From your device microphone | Voice audio — processed on-device only, never transmitted |
We do not collect data from third-party data brokers or advertising networks.
6. Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Account creation and management (optional) | Performance of contract |
| Daily mood check-ins and emotional data | Explicit consent (sensitive/health-related data) |
| Voice session timing data | Performance of contract |
| Text session content | Explicit consent (sensitive/health-related data) |
| Memory and personalization data | Performance of contract / Explicit consent |
| Weekly insights and analytics | Performance of contract |
| App quality and crash analysis | Legitimate interest |
| Security monitoring | Legitimate interest |
| Support requests | Performance of contract |
| Legal obligations | Legal obligation |
| Marketing communications | Consent |
7. How We Use Your Data
Core App Functionality
- Providing daily mood check-in and tracking
- Enabling voice sessions (all processing on-device)
- Enabling text-based coaching sessions
- Generating weekly insights and progress summaries
- Personalizing the experience via memory controls
App Quality
- Diagnosing crashes and fixing bugs
- Security monitoring
Communications
- Transactional messages (account-related)
- Check-in reminders and motivational nudges (with your permission)
- Marketing messages (with your explicit consent only)
8. What We Do Not Do
- We do not sell your personal data to any third party.
- We do not transmit your voice recordings to our servers or any third party.
- We do not share mood data, emotional check-in history, or text session content with Meta, TikTok, Google Ads, or any advertising network.
- We do not use your emotional or wellbeing data for ad targeting or behavioural profiling.
- We do not use your voice or text content to train any model or algorithm.
- We do not use advertising identifiers (IDFA on iOS, GAID on Android).
- We do not collect payment information — herapy is free.
- We do not knowingly collect data from children under 18.
9. Third-Party Services
herapy is intentionally minimal in its third-party integrations.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Apple App Store | iOS distribution | https://www.apple.com/legal/privacy/ |
| Google Play | Android distribution | https://policies.google.com/privacy |
We do not integrate payment processors, advertising SDKs, third-party AI services, or behavioural analytics platforms into the herapy app.
10. Data Sharing and Disclosure
| Recipient | Purpose | Legal Basis |
|---|---|---|
| Infrastructure / hosting providers | App operations, security | Contract / Legitimate interest |
| Customer support providers | Handling your requests | Contract |
| Financial and legal advisors | Accounting, auditing, legal | Legal obligation / Legitimate interest |
| Courts, regulators, enforcement agencies | Lawful requests | Legal obligation |
| Potential acquirers (strict confidentiality) | Due diligence | Legitimate interest |
| Marketing partners | With explicit prior consent only | Consent |
We never share mood data, text session content, or voice session data with any of the above recipients beyond what is technically necessary to operate the service.
11. International Data Transfers
ICI Tech Teknoloji A.Ş. is based in Turkey. Some infrastructure providers operate internationally. All international transfers are subject to appropriate safeguards per KVKK Article 9, including standard contractual clauses.
Voice data is never transferred internationally because it never leaves your device.
12. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data (if created) | Duration of account + 3 years after deletion |
| Mood and check-in data | Duration of account / guest session + 1 year after deletion |
| Text session content | Duration of account / guest session + 1 year after deletion |
| Voice session timing metadata | Duration of account / guest session + 1 year |
| Voice audio content | Never stored — on-device processing only |
| Memory and personalization data | Until you clear it in-app or delete account |
| Weekly insight data | Duration of account + 1 year after deletion |
| Support communications | 3 years from last contact |
| Crash and error logs | 12 months (rolling, automatic) |
| Security and access logs | 12 months (rolling, automatic) |
Account deletion: We delete or anonymize your data within 30 days, except where longer retention is required by law.
Guest users: If you use herapy without an account, locally stored data is deleted when you uninstall the app.
13. Security
- TLS 1.2+ encryption for all data in transit
- Encryption at rest for all server-stored data
- Mood and emotional data stored with elevated access controls
- Voice audio is never transmitted — no server-side audio security risk
- Regular security assessments
- Data breach response plan in place; breach notifications per KVKK requirements
14. Push Notifications
| Type | Purpose | Requires Opt-In |
|---|---|---|
| Transactional | Account confirmation, important updates | No |
| Check-in reminders | Daily mood check-in nudge | Yes |
| Motivational | Gentle encouragement, session prompts | Yes |
| Marketing | New features, updates | Yes — separate opt-in |
Manage in Settings → Notifications or your device settings.
15. Children's Privacy
herapy is for users aged 18 and older. We do not knowingly collect data from minors. Contact app@icitech.com.tr if you believe a child has submitted data.
16. Your Privacy Rights
| Right | How |
|---|---|
| Access your data | app@icitech.com.tr — "Data Access Request" |
| Correct inaccurate data | Update in-app or contact us |
| Delete account and data | Settings → Account → Delete Account |
| Delete data (guest) | Uninstall the app |
| Clear memory data | Settings → Memory → Clear All |
| Export your data | Settings → Privacy → Export My Data (where available) |
| Withdraw mood/text consent | Settings → Privacy → Manage Consents |
| Revoke microphone permission | Device Settings → Microphone → herapy |
| Withdraw marketing consent | Settings → Privacy → Marketing Preferences |
We respond to all requests within 30 days, free of charge.
17. Cookies and Tracking
Our website (https://herapy.app/) uses cookies. A consent banner is shown on first visit.
| Type | Purpose | Opt-Out |
|---|---|---|
| Strictly necessary | Core site functionality | Not possible |
| Analytics | Aggregate visitor behaviour | Via cookie banner |
| Marketing | Campaign click-through measurement | Via cookie banner |
We do not use cookies to infer emotional state, mental health status, or session content. The herapy app does not use advertising identifiers.
18. EEA and UK Users
If you are in the EEA or UK, the GDPR applies. Please read our full GDPR Privacy Notice for GDPR article references, Standard Contractual Clauses, EU Representative information, supervisory authority contacts (CNIL, BfDI, AEPD, ICO), data portability rights, and 72-hour breach notification details.
19. Changes to This Policy
For material changes, we notify you at least 14 days in advance. Current version at https://herapy.app/privacy.
20. Contact Us
| app@icitech.com.tr | |
| Website | https://herapy.app/ |
| Subject line | "Privacy Request — herapy" |
We acknowledge enquiries within 5 business days.
21. Governing Law
This Policy is governed by the laws of the Republic of Turkey, including KVKK No. 6698. Disputes are subject to Turkish court jurisdiction.