Privacy Policy
Last updated: [DATE — pending legal review] · Effective: [DATE — pending legal review] · Version: [1.0-DRAFT]
This Privacy Policy ("Policy") explains how Agora Network Technologies Inc. ("Agora," "we," "us," or "our"), operating as Conscious Connections, collects, uses, shares, and protects your personal information when you use our Service.
It also explains your rights over your personal information and how to exercise them. The Service collects and processes highly sensitive personal information — including relationship conflict content, intimacy and sexual-health disclosures, attachment patterns, and mental-health-adjacent reflections. We approach all of this with the most conservative privacy posture we can implement.
We are committed to compliance with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA), the Personal Information Protection Act (BC PIPA), the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA). [Counsel to confirm full applicable law list — see §16.]
This Policy is incorporated into and subject to our Terms of Service. Terms not defined here have the meanings given to them in the Terms of Service.
Who Controls Your Data
The "data controller" (or equivalent term in your jurisdiction — "organization" under PIPEDA/PIPA, "controller" under GDPR) for your personal information is:
Agora Network Technologies Inc.
Operating as: Conscious Connections
[Registered address, City, BC, Canada, Postal Code]
Privacy contact: [privacy@consciousconnections.app]
For users in the European Economic Area (EEA) or the United Kingdom: [DECISION REQUIRED: Do we need to appoint an Article 27 GDPR representative in the EU or UK given we have no establishment there? Counsel to advise. If yes, include representative name and contact here.]
What Data We Collect
The table below describes the categories of personal information we collect, along with their sensitivity level:
| Category | Examples | How collected |
|---|---|---|
Account information | Name, email address or phone number, profile photo (optional), account creation date | Provided by you |
Relationship profile dataSensitive | Responses to onboarding questions including: recurring conflicts, attachment style responses, values and non-negotiables, life goals, relationship structure (monogamous, polyamorous, etc.), relationship history, the "strengths" and "patterns" layers of the profile | Provided by you during onboarding or profile setup |
Session contentHighly Sensitive | Messages and text entered during conflict resolution sessions, solo sessions, and Coach Privately side-channels; brain-dumps; session summaries; AI-generated reflections displayed to you | Generated by you and your partner during sessions |
Intimacy & sexual-health informationHighly Sensitive | Responses to intimacy and sexual compatibility questions; sexual preferences disclosed in compatibility tools; sexual-health conversation content | Provided by you in relevant tool contexts |
Mental-health-adjacent disclosuresHighly Sensitive | Any content that reflects or relates to mental-health history, trauma, emotional patterns, substance use, or psychological state shared in the course of using the Service | Disclosed by you in sessions or profile responses |
Agreement data | Relationship agreements you create and track, including their content, dates, and status | Created by you and your partner |
Usage data | Features used, session frequency, time in app, button interactions, device type and OS, browser type, session start/end timestamps | Collected automatically |
Technical / device data | IP address, approximate location (country/region level, derived from IP), device identifiers | Collected automatically by our servers and infrastructure |
Payment data | Payment card type, last four digits, billing country, transaction history | Processed by Stripe on our behalf; we do not store full card numbers |
Communications with us | Support requests, feedback, emails or messages you send to us | Provided by you |
Data we do not collect
- We do not collect government-issued identification numbers.
- We do not collect full financial account numbers.
- We do not currently collect precise GPS location data — only approximate location derived from IP address for service delivery and legal compliance.
- We do not currently collect biometric data such as facial recognition data or fingerprints. See Section 14 for our commitment around any future biometric features.
How We Use Your Data
The table below describes our uses of your personal information, the legal basis under applicable law, and whether the use involves your sensitive relationship data:
| Purpose | Data used | Legal basis |
|---|---|---|
Provide and operate the Service, including account management, session facilitation, and profile features | Account info, session content, profile data, usage data | Contract performance; legitimate interests |
Generate AI-assisted coaching reflections, summaries, and suggested responses within sessions | Session content, profile data (as memory context for AI) | Contract performance; [explicit consent for special-category data under GDPR — confirm] |
Maintain and update your Relationship Profile over time as new sessions occur | Session content, profile data | Contract performance; your consent (for profile updates that require approval) |
Process subscription payments and manage billing | Payment data (via Stripe), account info | Contract performance |
Send transactional communications (receipts, session invites, security alerts, policy update notices) | Account info, usage data | Contract performance; legitimate interests |
Safety monitoring: detecting content that signals risk of harm and surfacing crisis resources | Session content (analyzed in real time; raw text reviewed by safety classifier) | Legitimate interests; legal obligation [confirm]; vital interests |
Improve and debug the Service (error logs, performance monitoring) | Technical/device data, usage data | Legitimate interests |
Comply with legal obligations (law enforcement requests, court orders) | Any data as required by applicable law | Legal obligation |
Aggregate, anonymized analytics to understand how the product is used and improve it | Anonymized usage data only — not session content or relationship profile data | Legitimate interests |
AI Processing
How AI processing works
When you use AI-assisted features (conflict de-escalation reflections, session summaries, Coach Privately drafts, compatibility assessments, and similar), your session content and relevant portions of your Relationship Profile are transmitted to large language model (LLM) AI providers to generate responses. This processing happens in real time during your session.
Current AI providers include: Anthropic, Inc. (Claude models) and [other providers — confirm and update]. These providers operate as data processors on our behalf and are bound by data processing agreements that restrict their use of your data.
What AI providers can and cannot do with your data
Under our agreements with AI providers:
- Providers may process your content in order to generate the response requested.
- Providers may not use your content to train their general-purpose models without your explicit consent (subject to each provider's API terms, which counsel should review and confirm).
- Providers may not sell your content or use it for their own advertising.
Safety analysis
Our AI systems include a real-time safety classifier that analyzes session content to detect signals of potential harm (such as abuse, coercion, or self-harm risk). This analysis runs on the raw text of your session — not a compressed or summarized version — in parallel with normal session processing. If a risk signal is detected, the system may surface crisis resources. See Section 13 for more detail.
No fully automated decision-making that affects you significantly
The AI systems in the Service generate coaching suggestions, reflections, and summaries. They do not make decisions that have legal or similarly significant effects on you in an automated way. You always have the ability to disregard, edit, or reject any AI-generated content. [Counsel to confirm whether any current or planned features trigger GDPR Article 22 automated decision-making obligations.]
Third-Party Processors
We share your personal information with the following categories of third-party data processors who help us operate the Service. All processors are bound by data processing agreements and are permitted to use your data only as we instruct:
| Processor | Purpose | Data shared | Location |
|---|---|---|---|
Stripe, Inc. | Payment processing and subscription management | Payment information, billing details, transaction data | United States |
Supabase, Inc. | Database storage, authentication, and real-time infrastructure | Account data, session content, relationship profiles, all stored user data | [Confirm Supabase region — likely US; option to select AWS region] |
Anthropic, Inc. | AI language model processing for coaching features | Session content, relevant profile context (as required to generate AI responses) | United States |
[Other AI model providers] | AI language model processing | Session content, relevant profile context | [Confirm] |
[Email/notification service — e.g., Resend, Twilio] | Sending transactional emails and push notifications | Email address, notification content | [Confirm] |
[Error monitoring / analytics — if any] | Service performance and error tracking | Technical and usage data only — no session or profile content | [Confirm] |
We maintain a complete sub-processor list at [URL — e.g., consciousconnections.app/legal/subprocessors], which we update when we add or change processors. [Note for counsel: GDPR Article 28 requires a complete sub-processor list; consider whether to publish it proactively or make available on request.]
Law enforcement and legal disclosures
We may disclose your personal information if required to do so by applicable law, court order, or government authority. Where permitted, we will attempt to notify you before disclosing your information in response to a legal demand. We publish [a transparency report / law enforcement guidelines] at [URL]. [Confirm with counsel whether a transparency report is warranted at launch.]
Business transfers
If Agora is involved in a merger, acquisition, sale of assets, or similar transaction, your personal information may be transferred as part of that transaction. We will notify you before your personal information is transferred to a new data controller and before it becomes subject to a different privacy policy.
Data Retention
We retain personal information only for as long as necessary for the purposes described in this Policy, or as required by applicable law.
| Data type | Retention period |
|---|---|
Account information | Until account deletion + [X days — confirm] grace period |
Session content and relationship profiles (active account) | Duration of active account |
Session content and relationship profiles (after unpairing) | Read-only copies retained for [X months/years — confirm retention policy; consider providing user choice] |
Payment and billing records | As required by tax and accounting law in applicable jurisdictions [typically 7 years in Canada — confirm] |
Technical and usage logs | [X days — confirm; typically 30–90 days] |
Safety-triggered content flags (where retained at all) | [Confirm retention period and legal basis with counsel — this is a legally sensitive area] |
Communications with us (support, legal) | [X years — confirm] |
When you delete your account, we delete or anonymize your personal data as promptly as practicable, subject to: (a) any legal obligation to retain certain data; (b) backup rotation cycles [confirm maximum lag time]; and (c) the provisions for shared content described in Section 12 below.
Your Privacy Rights
Your rights depend on your location. The most important rights across all our markets are described below:
Canadian Privacy Rights
- Access: request a copy of your personal information we hold
- Correction: ask us to correct inaccurate information
- Withdraw consent: withdraw consent for uses you previously agreed to (where consent is the basis)
- Complaint: file a complaint with the Privacy Commissioner of Canada or BC's Office of the Information and Privacy Commissioner
EU Privacy Rights
- Access (Art. 15): obtain a copy of your data and information about how it's used
- Rectification (Art. 16): correct inaccurate data
- Erasure (Art. 17): request deletion ("right to be forgotten")
- Restriction (Art. 18): limit processing in certain circumstances
- Portability (Art. 20): receive your data in a machine-readable format
- Objection (Art. 21): object to processing based on legitimate interests
- Withdraw consent: at any time, where consent is the legal basis
- Lodge a complaint with your local supervisory authority
UK Privacy Rights
- Same rights as under EU GDPR (above)
- Lodge a complaint with the Information Commissioner's Office (ICO)
California Privacy Rights
- Know: request disclosure of what personal information we collect, use, and share
- Delete: request deletion of your personal information (subject to exceptions)
- Correct: request correction of inaccurate information
- Opt-out of sale / sharing: we do not sell your data, but you may opt out of any sharing for cross-context behavioral advertising
- Limit use of sensitive personal information: restrict use of certain sensitive information to necessary purposes
- Non-discrimination: we will not discriminate against you for exercising your rights
How to exercise your rights
You can exercise many of these rights directly in the app:
- Export your data: Account Settings → Privacy & Data → Export My Data (one tap, delivered as a downloadable file)
- Delete your account: Account Settings → Privacy & Data → Delete Account (see Section 12)
- Correct profile information: Directly in your profile and settings
For rights that require manual processing (access requests, complaints, withdrawal of consent for AI processing), contact us at [privacy@consciousconnections.app]with "Privacy Request" in the subject line. We will respond within the timeframes required by applicable law ([30 days under PIPEDA / 1 month under GDPR / 45 days under CCPA — confirm]).
We do not charge for exercising your rights. We may need to verify your identity before processing a request.
International Data Transfers
Agora is based in British Columbia, Canada. Our infrastructure providers (including Supabase and our AI providers) operate primarily in the United States. If you are located in Canada, the EU, UK, or another jurisdiction, your personal information — including your highly sensitive relationship and session data — will be transferred to and processed in the United States and potentially other countries.
These countries may have different privacy laws than your home country. We address this through:
- For EU/EEA and UK users: [DECISION REQUIRED: Specify the transfer mechanism — Standard Contractual Clauses (SCCs) with each US-based processor; UK International Data Transfer Addendum (IDTA) for UK transfers; or another valid mechanism. Counsel must confirm current adequate SCCs are in place with Supabase and each AI provider.]
- For Canadian users: We transfer data outside Canada pursuant to the requirements of PIPEDA, including the use of contractual protections with our processors.
- For all users: We require our processors to maintain security standards comparable to those we apply ourselves.
Children & Age
The Service is intended exclusively for individuals 18 years of age and older. We do not knowingly collect personal information from anyone under 18. We implement an age gate at account creation requiring users to confirm they are 18 or older.
If you believe we have collected personal information from someone under 18, please contact us immediately at [privacy@consciousconnections.app]. We will take steps to delete that information as promptly as possible.
Security
Given the highly sensitive nature of the data we process, we implement security measures appropriate to the risk, including:
- Encryption in transit: All data transmitted between your device and our servers uses TLS encryption.
- Encryption at rest: All stored data, including session content and relationship profiles, is encrypted at rest.
- Access controls: Strict role-based access controls limit which personnel and systems can access user data. We operate on a minimal-access basis.
- Data minimization: We store only the data necessary to operate the Service — raw AI generation chains are not stored; only approved insights and user-provided content are retained.
- Infrastructure: We rely on Supabase's security infrastructure [and other providers — confirm], which includes SOC 2 compliance [confirm current certification status].
- Incident response: We maintain a data breach response plan. In the event of a breach, we will notify affected users and relevant authorities as required by applicable law.
No security system is impenetrable. We cannot guarantee absolute security. If you discover a vulnerability in the Service, please contact us responsibly at [security@consciousconnections.app].
When You Unpair or Delete Your Account
Account deletion
You may delete your account at any time by going to Account Settings → Privacy & Data → Delete Account. When you delete your account:
- Your account information, solo/private sessions, and private profile data are deleted from our live systems as promptly as practicable.
- Deletion from backup systems may take up to [X days — confirm].
- Payment records are retained as required by applicable tax and accounting law [typically 7 years in Canada].
- Shared content (sessions and profile) that you co-created with a current or former partner is handled as described under "Unpairing" below.
Unpairing from a partner
When you unpair from a partner (accessible in Account Settings → End This Connection):
- Each person retains a read-only copy of the shared content they participated in (joint sessions, the shared Relationship Profile). Neither party can edit this content after unpairing.
- Your personal self-knowledge profile travels with you. Insights and self-knowledge you have developed are portable — they remain accessible to you and can inform a future profile.
- Solo and private content remains private to its owner regardless of unpairing status.
- Your former partner does not receive access to any of your private or solo content as a result of unpairing.
- Both parties are notified that the shared connection has ended.
Fresh starts are genuinely fresh
If you later pair with a new partner, that new partnership starts with no inherited shared history. Your new partner will not have access to sessions, profiles, or agreements from any prior partnership. The shared record of a prior relationship is not transferred. (A "seat" on the platform represents access to the Service — it is not a vessel for relationship history.)
Requesting deletion of shared content
[DECISION REQUIRED: If one party requests deletion of the shared record after unpairing and the other wishes to retain it, what is our policy? Options include: (a) each party controls their own read-only copy and can delete their own copy on request; (b) mutual consent required to delete the shared record; (c) either party can unilaterally delete the shared record from the platform (though the other may have exported it). Counsel must advise on this conflict scenario, particularly under GDPR right-to-erasure where both parties have rights to the same record.]
Safety Situations & Limits of Confidentiality
What our AI safety systems do
Our Service includes a real-time safety classifier that analyzes session content for signals of potential harm, including references to intimate partner violence, abuse, coercive control, and self-harm. This analysis runs on the raw text of your session (not a compressed or summarized version).
If signals are detected:
- The Service may pause the coaching interaction.
- Crisis resources (hotlines, DV services, emergency contacts) appropriate to your region may be surfaced privately within your session view.
- A discreet exit option may be offered to quickly leave or disguise the app.
The Service does not automatically contact law enforcement, third-party services, or your partner on your behalf based on session content — except as may be required by applicable law (see below).
Limits of confidentiality
Unlike a licensed therapist or legal professional, Agora does not hold professional privilege over communications made through the Service. As a result:
- We may be required to disclose information in response to a valid court order, subpoena, or other lawful legal process.
- Where required or permitted by applicable law, we may disclose information to prevent serious harm to you or others.
- [DECISION REQUIRED: Confirm mandatory reporting obligations — if any — applicable to a non-licensed AI platform in BC and other target jurisdictions. For example, some jurisdictions impose mandatory reporting of child abuse disclosures regardless of the context in which they are received. Counsel must advise.]
We cannot guarantee confidentiality in safety situations. If you are concerned about the confidentiality of disclosures relating to serious harm, please contact a licensed mental-health professional or legal advisor directly.
Biometric Data (Future Features)
The Service does not currently collect, process, or store biometric data, including facial recognition data, facial geometry, or other biometric identifiers.
If in the future we consider introducing any features involving facial recognition, physical preference analysis based on images, or other biometric data collection, we commit to:
- Conducting a dedicated legal review of applicable biometric privacy laws before any such feature is designed or launched, including without limitation: the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), the Washington My Health My Data Act, GDPR Article 9 (biometric data as special-category data), and any other applicable state, federal, or national biometric law;
- Obtaining explicit, informed, and specific consent from each user before collecting any biometric data;
- Updating this Policy before any such feature goes live.
Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, legal requirements, or the Service. When we make material changes, we will:
- Email you at the address on your account;
- Display a prominent in-app notice; and
- Update the "Last updated" date at the top of this page.
We will provide at least [30 days — confirm] notice before material changes take effect. For changes that involve how we process your sensitive data or that significantly expand the scope of what we collect or share, we may request fresh consent before those changes take effect.
We keep a changelog of prior versions of this Policy available on request.
Contact & Data Requests
For all privacy-related questions, data access requests, deletion requests, and complaints:
Agora Network Technologies Inc. — Privacy Team
[Registered address]
Email: [privacy@consciousconnections.app]
Please include "Privacy Request" in your subject line and describe the nature of your request. We will:
- Acknowledge your request within [5 business days];
- Respond in full within the timeframe required by applicable law — typically 30 days under GDPR, 45 days under CCPA, and within a reasonable timeframe under PIPEDA.
We may need to verify your identity before processing certain requests. We will not charge you for exercising your privacy rights.
Supervisory authorities
If you believe we have not handled your personal information appropriately and you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority:
- Canada: Office of the Privacy Commissioner of Canada (OPC) — priv.gc.ca
- British Columbia: Office of the Information and Privacy Commissioner for BC — oipc.bc.ca
- EU: Your local data protection authority in your EU member state
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- California: California Privacy Protection Agency (CPPA)
Open Questions for Counsel
Every item below is a [PLACEHOLDER] or unresolved legal question in this draft. These must be resolved before this document goes into effect.
Jurisdiction & Applicable Law
- →Confirm complete applicable law list: PIPEDA + BC PIPA (Canada), GDPR (EU), UK GDPR (UK), CCPA/CPRA (California). Does the platform trigger additional US state privacy laws (Colorado, Virginia, Connecticut, etc.)? Any other jurisdictions?
- →Does Agora have sufficient "establishment" in any EU/UK country to trigger local law, or do we rely solely on targeting/offering-to-EU analysis?
- →Article 27 GDPR / UK GDPR: Is a local representative required in the EU or UK? If yes, appoint and add contact details.
- →Confirm Canada–EU adequacy decision is current and applies to transfers of special-category data via our processors.
Special-Category / Sensitive Data
- →CRITICAL: Confirm legal basis for processing special-category data under GDPR Article 9 for each processing purpose (explicit consent? necessary for contract? vital interests?). A single bundled consent may not be sufficient for all purposes.
- →CCPA "sensitive personal information" — confirm whether our data types (sexual orientation/activity data, health-related data, precise geolocation) fall within SPI categories and what opt-out/limitation rights apply.
- →Confirm whether a GDPR Data Protection Impact Assessment (DPIA) is required before launch. Given the special-category data profile, this is very likely required under Article 35.
- →Does British Columbia PIPA impose any specific requirements for consent or handling of sensitive personal information not covered by PIPEDA?
AI Processing — Critical
- →MOST CRITICAL QUESTION: Decide and state explicitly whether session content / relationship profiles are used for AI model training — by Agora or by any AI provider. If yes: (a) explicit opt-in consent is legally required; (b) granular disclosure of what is trained on is required; (c) the consent mechanism must be prominently separate from general T&C acceptance. If no: state it explicitly in the Policy and obtain written confirmation from each AI provider (Anthropic and others).
- →Review Anthropic's current API terms and data processing agreement to confirm their data handling commitments regarding user inputs. Ensure DPA is in place before launch.
- →GDPR Article 22: Confirm whether any AI feature involves "solely automated decision-making with legal or similarly significant effects." If so, additional disclosure and opt-out rights are required.
- →EU AI Act (effective 2025–2026): Assess whether the product falls within any regulated AI system category, particularly for high-risk AI systems in the "social scoring" or health/emotional assessment categories.
International Transfers
- →Confirm valid SCCs (EU Standard Contractual Clauses, 2021 version) are in place with each US-based processor: Stripe, Supabase, Anthropic, and all others.
- →Confirm UK IDTAs (International Data Transfer Addenda) are in place with each US-based processor for UK data.
- →Confirm whether any processor relies on the EU-US Data Privacy Framework (if yes, confirm they are DPF-certified).
- →Confirm Supabase's data hosting region and whether EU/UK data can be hosted exclusively in EU/UK AWS regions if required.
Retention, Deletion & Shared Data Conflict
- →Set specific retention periods for each data category listed in the table (currently all placeholders).
- →Decide the shared-content deletion conflict scenario: if Partner A requests GDPR erasure of a shared record and Partner B wants to keep their read-only copy, what is the policy? Each party's right to erasure may conflict with the other's right to retain. Counsel must advise on a defensible mechanism.
- →Define "anonymization" standard sufficient to remove GDPR obligations — note: pseudonymization alone is not sufficient.
- →Confirm whether safety-flagged content requires any minimum retention period for legal liability or mandatory reporting reasons.
Safety, Reporting & Confidentiality
- →Confirm mandatory reporting obligations (if any) for a non-licensed AI platform in BC, US, UK, EU in the context of: (a) child abuse disclosures; (b) stated intent to harm self; (c) stated intent to harm others; (d) disclosures of ongoing DV.
- →Does the "discreet exit" feature create any product liability or duty-of-care standard we could be held to?
- →Draft a crisis resource reference list by region for inclusion in the product and in this Policy.
- →Can we publish a "transparency report" for law enforcement requests? At what volume does this become meaningful and worthwhile?
Security & Compliance
- →Confirm Supabase's current SOC 2 certification scope and whether it covers all data we store there, including special-category relationship content.
- →GDPR Article 35 DPIA: conduct and document before launch given special-category data profile.
- →PIPEDA breach notification: confirm specific reporting thresholds and timelines (within 72 hours of becoming aware of a breach that poses "real risk of significant harm").
- →BC PIPA: confirm any breach reporting obligations that differ from PIPEDA.
Sub-Processor & Disclosure
- →Finalize complete sub-processor list with: legal name, country, processing purpose, DPA/SCC status.
- →Decide whether to publish the sub-processor list proactively (recommended for GDPR transparency) or make available on request.
- →Confirm notification obligations when sub-processors are added or changed (GDPR requires notice to DPA in some cases; some enterprise contracts require customer notification).
- →Add email/notification service provider (Resend or other) and any error monitoring / analytics tools to the sub-processor table.