Privacy Policy

Aletheia Lattice (“Aletheia”, “we”, “us”) operates the emotional journaling platform at aletheialattice.com.

For the purposes of UK and EU data protection law, Aletheia Lattice is the data controller for the personal data described in this policy.

Contact: hello@aletheialattice.com

Account data: Email address, name, country, and language preference. Collected when you register.

Intake responses: Your answers to the emotional questionnaire at the start of each journal. These are used to personalise AI-generated content for you.

Journal entries: The text you write in your daily entries. These are stored securely and processed by AI to improve the relevance of future prompts.

Companion session data: The content of conversations with the AI Companion, stored as session summaries and anonymised insights. Full message transcripts are not retained after session close.

Usage data: Anonymous analytics events (e.g., “journal opened”, “day completed”) keyed to a hashed, non-reversible identifier — not your email address. No browsing history, precise location, or device fingerprinting.

Payment data: Processed entirely by Stripe. We store only the payment confirmation reference. We never see or store your card details.

Technical data: IP address (for security and rate limiting), browser type, and session timestamps.

Consent records: When you give consent (e.g., for the AI Companion), we record the timestamp, consent type, and version.

We collect and process your data for the following purposes and legal bases:

• Providing the service (contractual necessity): Account management, generating personalised journal prompts, processing payments, sending lifecycle emails.
• Improving personalisation (legitimate interest): Using your intake responses and entry history to generate more relevant AI content for you specifically. You can opt out by deleting your data.
• Safety (legitimate interest): Detecting crisis signals in Companion messages to provide appropriate resources.
• Analytics (legitimate interest / consent): Anonymous, aggregated analytics to understand how the platform is used. No PII involved.
• Legal compliance: Retaining records as required by applicable law.

We do not use your data for advertising, data brokering, or selling to third parties.

Aletheia Lattice uses Claude (by Anthropic, Inc.) to generate personalised content. This means:

• Your intake answers and journal entry history are sent to Anthropic's API to generate your daily prompts
• Your Companion messages are sent to Anthropic's API to generate responses
• Anthropic processes this data as a data processor acting under our instructions
• Anthropic's API does not use your data to train AI models (as per their enterprise API terms)

AI-generated content is created algorithmically. No human at Aletheia or Anthropic reads your individual journal entries to generate your prompts.

Full Companion message transcripts are not stored after session close. Only a brief, anonymised summary of the session is retained.

We work with the following third-party service providers:

• Supabase (EU-hosted) — database and authentication. Your data is stored on Supabase servers in the EU.
• Anthropic, Inc. (US) — AI content generation. See Section 6 on international transfers.
• Stripe, Inc. (US) — payment processing. Governed by Stripe's own privacy policy.
• Hostinger — transactional email delivery (SMTP). Only your email address and the email content are passed.

Each provider is bound by data processing agreements. We do not sell data to advertisers, data brokers, or analytics platforms.

Some of our providers are based in the United States (Anthropic, Stripe). Data transferred to them is protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreements (IDTAs) where applicable
• Each provider's adherence to their respective data processing terms

• Account and journal data: Retained until you delete your account
• Analytics events: Aggregated after 12 months; raw events deleted after 24 months
• Email queue records: Deleted after 90 days
• Companion session summaries: Retained for the duration of your account
• Payment records: Retained for 7 years (UK legal requirement)
• Consent records: Retained for the duration of your account plus 3 years

You can delete all data except legally required financial records at any time from Settings → Privacy.

Under UK GDPR and EU GDPR, you have the right to:

• Access: Request a copy of all personal data we hold about you
• Portability: Receive your data in a machine-readable format
• Erasure: Request deletion of your personal data (right to be forgotten)
• Rectification: Correct inaccurate personal data
• Restriction: Request that we restrict processing of your data
• Objection: Object to processing based on legitimate interests
• Withdraw consent: At any time, for any processing based on consent

You can exercise most rights directly from Settings → Privacy. For other requests, email hello@aletheialattice.com with “Data Rights Request” in the subject line. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to complain to your national data protection authority (in the UK: the ICO at ico.org.uk).

We use minimal, essential cookies only. Please see our Cookie Policy for full details.

In summary: we use session cookies for authentication, a language preference cookie, and we do not use any third-party advertising or tracking cookies.

Aletheia Lattice is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will delete it promptly.

We will notify you by email of any material changes to this Privacy Policy at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance.

Data protection questions: hello@aletheialattice.com — subject line: “Data Protection”

We aim to respond to all data protection enquiries within 5 working days.