Privacy Policy

1. Information We Collect

When you create an account or use QuestionsHeal, we may collect:

• Email address — used for login, account recovery, and essential communications
• Name — used for personalization within the application
• Password — stored only as a salted, one-way hash; we never store or have access to your plaintext password
• Session responses — your answers and reflections during guided sessions (see Section 2)
• Usage data — basic information about how you interact with the service (features used, timestamps)

2. Your Session Data

QuestionsHeal is a deeply personal experience. Your session responses — the answers you give, the reflections you share, the beliefs you explore — are treated with the highest level of confidentiality.

• Session data is encrypted at rest using industry-standard encryption
• Your responses are never shared, sold, or used for advertising
• AI processing of your responses is used solely to generate personalized questions and insights within your active session
• You can delete your session history at any time from within the application

3. AI Processing

QuestionsHeal uses artificial intelligence to generate personalized questions and facilitate your self-discovery process. When your responses are processed by AI:

• Data is sent to third-party AI providers solely for generating your session content
• We use Anthropic (Claude) as our primary AI provider
• AI providers process your data under their own data handling agreements and do not use your data for model training
• We transmit only the minimum data necessary for the current session context

4. Cookies

QuestionsHeal uses a single session cookie to keep you logged in. This cookie is essential for the application to function.

We do not use:

• Tracking cookies
• Analytics cookies
• Third-party advertising cookies
• Any form of cross-site tracking

5. Payment Processing

All payment processing is handled by Stripe. Your card details are entered directly into Stripe's secure payment form. We never see, receive, or store your credit card number, CVV, or full card details.

6. Third-Party Services

QuestionsHeal relies on the following third-party services:

• Google Cloud — hosting and infrastructure
• Stripe — payment processing
• Anthropic (Claude) — AI-powered question generation and session facilitation

Each service operates under its own privacy policy and data handling terms.

7. Data Retention

• Account data (email, name, hashed password) is retained until you delete your account
• Session data is retained until you delete it or delete your account
• Usage logs (anonymized) are retained for 90 days and then automatically purged

8. Your Rights

You have the right to:

• Delete your account — removes all associated data, including session history
• Delete session data — remove individual sessions or all session history
• Export your data — request a copy of your stored data
• Modify your data — update your name, email, or password

To exercise any of these rights, use the in-app settings or contact us at support@questionsheal.com.

9. Children's Privacy

QuestionsHeal is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data at rest and in transit
• Secure password hashing (PBKDF2)
• HTTPS-only connections
• Regular security reviews and audits

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated date. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or your data, contact us at support@questionsheal.com.