Encephalon
Privacy Policy
ENCEPHALON - PRIVACY POLICY
Last Updated: [December 15, 2025]
This Privacy Policy describes how Encephalon ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our mobile application ("App").
We are committed to protecting your privacy and complying with applicable data protection laws, including:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Children's Online Privacy Protection Act (COPPA)
- Other applicable privacy regulations
1. INFORMATION WE COLLECT
1.1 INFORMATION YOU PROVIDE DIRECTLY:
Mood Data:
- Mood scores (1-10 scale)
- Timestamps of mood entries
- Notes and descriptions
- Tags and categories
- Context information
Account Information:
- Age/date of birth (for age verification)
- Email address (optional, for account recovery)
- Display name (optional)
- Preferences and settings
Safety Planning:
- Warning signs you identify
- Coping strategies you choose
- Emergency contacts (names, phone numbers, relationships)
- Safety plan details
Crisis Information:
- Crisis assessments and risk levels
- Support interactions
- Resource usage
1.2 AUTOMATICALLY COLLECTED INFORMATION:
Usage Data:
- App features used
- Session duration and frequency
- Navigation patterns
- Interaction data
Device Information:
- Device type and model
- Operating system version
- Unique device identifiers
- App version
1.3 DATA WE DO NOT COLLECT:
We do NOT collect:
- Precise GPS location
- Audio recordings
- Camera/photo access (unless you explicitly grant)
- Contact lists (except designated emergency contacts)
- Text messages or call logs
- Financial information
- Biometric data (fingerprint/face ID is device-only)
2. HOW WE USE YOUR INFORMATION
2.1 PRIMARY USES:
Mood Tracking & Analysis:
- Display mood history and trends
- Generate insights and patterns
- Create visualizations and reports
- Provide AI-powered predictions
Crisis Detection & Support:
- Analyze patterns for crisis risk
- Trigger support resources when needed
- Notify emergency contacts (with your consent)
- Alert healthcare providers (with your consent)
App Functionality:
- Provide personalized experience
- Remember your preferences
- Sync data across devices (if enabled)
- Backup and restore data
Improvement & Development:
- Improve AI prediction accuracy
- Develop new features
- Fix bugs and errors
- Enhance user experience
Safety & Security:
- Detect and prevent fraud
- Protect against unauthorized access
- Maintain data integrity
- Comply with legal obligations
2.2 AI AND MACHINE LEARNING:
We use AI and machine learning to:
- Predict mood patterns
- Detect potential crisis situations
- Provide personalized insights
- Recommend coping strategies
AI processing occurs:
- Locally on your device (primary method)
- On our servers (only for complex analysis, data encrypted)
AI Limitations:
- Predictions are not always accurate
- Should not replace professional judgment
- May produce false positives or negatives
3. HOW WE SHARE YOUR INFORMATION
3.1 WE DO NOT SELL YOUR DATA
We never sell, rent, or trade your personal information to third parties for marketing purposes.
3.2 WHEN WE MAY SHARE:
Emergency Situations:
- With your designated emergency contacts during detected crises
- With emergency services if you or others are in imminent danger
- With healthcare providers (only with your explicit consent)
Legal Requirements:
- To comply with court orders, subpoenas, or legal processes
- To protect rights, property, or safety
- To prevent fraud or illegal activity
- As required by law
Service Providers:
- Cloud storage providers (data is encrypted)
- Analytics services (anonymized data only)
- Crash reporting services (de-identified data)
4. DATA STORAGE AND SECURITY
4.1 WHERE YOUR DATA IS STORED:
Primary Storage:
- Encrypted locally on your device
- Uses AES-256 encryption (military-grade)
- Secured with device security features
Cloud Backup (Optional):
- Encrypted before upload
- Stored in secure servers
- Subject to cloud provider's security practices
4.2 SECURITY MEASURES:
Encryption:
- Data encrypted at rest (on device)
- Data encrypted in transit (HTTPS/TLS)
- End-to-end encryption for sensitive data
- Secure key management
Access Controls:
- Biometric authentication (if enabled)
- PIN/password protection
- Session timeout
- Account lockout after failed attempts
4.3 DATA RETENTION:
Active Accounts:
- Mood data: Retained for 7 years (configurable in settings)
- Account data: Retained while account is active
- Audit logs: Retained for 3 years (compliance)
Deleted Accounts:
- Data deleted within 30 days of account deletion
- Backups purged within 90 days
- Some data may be retained longer for legal compliance
You can configure retention periods in Settings > Privacy > Data Retention.
5. YOUR PRIVACY RIGHTS
5.1 ACCESS AND CONTROL:
You have the right to:
Access Your Data:
- View all data we have about you
- Export your complete data (JSON/CSV format)
- Download reports and history
Correct Your Data:
- Edit mood entries
- Update account information
- Correct inaccuracies
Delete Your Data:
- Delete individual mood entries
- Delete your entire account
- Request complete data purge
Restrict Processing:
- Disable AI analysis
- Pause crisis monitoring
- Opt out of analytics
Object to Processing:
- Withdraw consent for specific data uses
- Object to automated decision-making
- Opt out of research participation
Data Portability:
- Export in machine-readable format
- Transfer to another service
5.2 HOW TO EXERCISE YOUR RIGHTS:
In-App:
- Settings > Privacy > Data Rights
- Settings > Account > Export Data
- Settings > Account > Delete Account
By Email:
- Contact: [support@encephalonapp.com]
- Include: Your account identifier
- Allow: Up to 30 days for complex requests
6. CHILDREN'S PRIVACY (COPPA COMPLIANCE)
6.1 AGE RESTRICTIONS:
Users Under 13:
- Require verified parental consent
- Enhanced privacy protections
- Limited data collection
- No behavioral advertising
Users 13-17:
- Parental notification encouraged
- Additional privacy safeguards
- Age-appropriate features
6.2 PARENTAL CONSENT PROCESS:
For users under 13:
1. Age verification gate during signup
2. Parental email provided
3. Consent email sent to parent
4. Parent clicks verification link
5. Parent reviews and consents to data practices
6. Account activated upon consent
6.3 PARENTAL RIGHTS:
Parents of users under 13 can:
- Review their child's information
- Request deletion of child's data
- Revoke consent and delete account
- Prevent further collection
- Control data sharing settings
Contact us at: [support@encephalonapp.com]
7. INTERNATIONAL DATA TRANSFERS
Your data may be transferred to and stored in countries outside your country of residence.
We ensure appropriate safeguards:
- Standard Contractual Clauses (EU)
- Adequate data protection frameworks
- Encryption during transfer
- Contractual obligations with processors
8. DATA BREACH NOTIFICATION
In the unlikely event of a data breach:
Immediate Response:
- Investigate and contain the breach
- Assess impact and affected data
- Take corrective measures
Notification Timeline:
- Affected users: Within 72 hours
- Regulatory authorities: As required by law
What We'll Tell You:
- What data was affected
- When the breach occurred
- What we're doing about it
- Steps you should take
9. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically.
We will notify you of material changes via:
- In-app notification
- Email (if provided)
- Prominent notice in the App
- Updated "Last Updated" date
Continued use after changes constitutes acceptance.
10. CONTACT US
For privacy-related questions or concerns:
Email: [support@encephalonapp.com]
Website: [https://www.encephalonapp.com/legal/privacy]
Address: [207 Fen Way, Syosset, NY 11791, USA]
Response time: Within 30 days
EU Data Protection Officer: [support@encephalonapp.com]
For emergencies: Call 911 or 988 immediately.
BY USING ENCEPHALON, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO ITS TERMS.
Last Updated: [December 15, 2025]
Version: 1.0
''';
static const String dataProcessingAgreement = '''
ENCEPHALON - DATA PROCESSING AGREEMENT
Last Updated: [December 15, 2025]
This Data Processing Agreement ("DPA") supplements our Privacy Policy and governs how we process your personal data in compliance with applicable data protection laws.
1. DEFINITIONS
Personal Data: Any information relating to an identified or identifiable person
Processing: Any operation performed on personal data
Data Controller: You are the controller of your personal data
Data Processor: We process data on your instructions
2. LEGAL BASIS FOR PROCESSING
We process your data based on:
- Your consent
- Contract performance
- Legitimate interests
- Legal obligations
- Vital interests (crisis situations)
3. DATA COLLECTION
We collect only necessary data:
- Mood entries and timestamps
- Crisis assessments
- Account information
- Device information
4. YOUR RIGHTS
You have the right to:
- Access your data
- Correct inaccuracies
- Delete your data
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
5. DATA SECURITY
We implement:
- AES-256 encryption
- Secure access controls
- Regular security audits
- Incident response procedures
6. DATA RETENTION
- Mood data: 7 years (configurable)
- Account data: Duration of account
- Deleted accounts: Purged within 90 days
7. INTERNATIONAL TRANSFERS
Data may be transferred internationally with appropriate safeguards:
- Standard Contractual Clauses
- Encryption during transfer
8. BREACH NOTIFICATION
In case of breach:
- Users notified within 72 hours
- Authorities notified as required
- Corrective measures implemented
9. CHILDREN'S DATA (COPPA)
Enhanced protections for users under 13:
- Parental consent required
- Limited data collection
- No behavioral advertising
10. CONTACT
For data protection inquiries:
Email: [support@encephalonapp.com]
EU DPO: [support@encephalonapp.com]
Last Updated: [December 15, 2025]
Version: 1.0