Privacy Policy for Encephalon

A legal disclaimer​

1. Introduction

Welcome to Encephalon. We are committed to protecting your privacy and ensuring you have a positive experience with our mood tracking application.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

Our Privacy-First Commitment: Unlike most apps, Encephalon is designed with privacy as the foundation, not an afterthought. Your mental health data is sensitive, and we treat it that way.

2. Information We Collect

2.1 Information You Provide Directly

Mood Data:

• Mood scores (1-10 scale)

• Notes and journal entries

• Tags and categories

• Photos you choose to attach

• Timestamps of entries

Optional Information:

• Emergency contact information (stored locally only)

• Safety plan details (stored locally only)

• Custom tags and categories

• Notification preferences

Important: All this data is stored locally on your device by default. We do not have access to it.

2.2 Automatically Collected Information

Weather Data:

• Location-based weather information (temperature, humidity, pressure, etc.)

• Weather condition descriptions

• Location data is only used to fetch weather information and is not stored or transmitted to our servers

Usage Analytics (Optional & Anonymous):

• App crashes (if you enable crash reporting)

• Feature usage statistics (anonymous and aggregated only)

• Device type and OS version (for compatibility)

You can disable analytics completely in Settings.

2.3 Information We Do NOT Collect

• ❌ Your name, email, or phone number (unless you provide it for support)

• ❌ Your precise location history

• ❌ Your contacts list

• ❌ Your browsing history

• ❌ Information from other apps

• ❌ Any identifiable health information beyond what you enter

• ❌ Social media profiles or connections

3. How We Use Your Information

3.1 Primary Uses (Local Only)

All mood tracking features operate entirely on your device:

• Display your mood history and trends

• Generate insights and predictions using on-device AI

• Correlate weather patterns with your mood data

• Provide crisis risk assessments

• Send you reminders and notifications (if enabled)

We never see this data. It never leaves your device unless you explicitly choose to back it up.

3.2 Weather Service

To provide weather correlation features:

• We fetch current weather data based on your location

• This is done through a third-party weather API (OpenWeatherMap)

• Location data is used only for the API request and is not stored

• Weather data is stored locally with your mood entries

3.3 Optional Cloud Backup

If you enable cloud backup:

• Your mood data is encrypted before being uploaded

• Stored in your personal Google Drive account

• We cannot access or decrypt your backup

• You control when backups occur

• You can delete backups anytime

3.4 Crash Reporting & Analytics (If Enabled)

If you choose to enable these features:

• Crash reports help us fix bugs

• Analytics help us improve the app

• All data is anonymous and aggregated

• No personal or mood data is included

• You can disable this anytime in Settings

4. How We Store and Protect Your Information

4.1 Local Storage Security

• All data is stored in encrypted format on your device

• Protected by your device's security (passcode, biometrics)

• Additional app-level biometric lock available

• Data remains even if you uninstall (unless you delete it first)

4.2 Encryption

• At rest: AES-256 encryption for local storage

• In transit: TLS/SSL for any network communication (weather API, backups)

• Backups: End-to-end encryption before cloud upload

4.3 No Server Storage

We do not operate servers that store your mood data. Your information is not on our systems, which means:

• ✅ We can't be hacked for your data

• ✅ We can't be compelled to turn over your data

• ✅ We can't accidentally leak your data

• ✅ We can't analyze your data without your consent

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

Never. Ever. Period.

We do not sell, rent, or trade your personal information or mood data to third parties for marketing or any other purposes.

5.2 Third-Party Services We Use

Weather Data:

• Provider: OpenWeatherMap API

• Purpose: Fetch weather conditions for mood correlation

• Data shared: Your approximate location (city-level)

• Privacy policy: https://openweathermap.org/privacy-policy

Cloud Backup (Optional):

• Provider: Google Drive

• Purpose: Store encrypted backups

• Data shared: Encrypted backup files only

• Privacy policy: https://policies.google.com/privacy

Analytics (Optional):

• Provider: Google Analytics for Firebase (if enabled)

• Purpose: Understand app usage patterns

• Data shared: Anonymous usage statistics only

• Privacy policy: https://firebase.google.com/support/privacy

5.3 Legal Requirements

We may disclose information if required by law, such as:

• To comply with a subpoena or court order

• To protect our rights or property

• To prevent fraud or abuse

However: Because we don't have access to your mood data, we cannot disclose what we don't have.

5.4 Emergency Situations

If you use the crisis support features to contact emergency services, relevant information may be shared with those services as necessary to provide help.

6. Your Data Rights

6.1 Access and Control

You have complete control over your data:

• View: Access all your mood data anytime in the app

• Export: Download your complete data in JSON/CSV format

• Delete: Permanently delete any or all entries

• Correct: Edit any mood entry at any time

6.2 GDPR Rights (European Users)

If you're in the EU/EEA, you have additional rights:

• Right to access: Request confirmation of what data we process

• Right to rectification: Correct inaccurate data

• Right to erasure: Delete your data ("right to be forgotten")

• Right to restriction: Limit how we process your data

• Right to data portability: Receive your data in a portable format

• Right to object: Object to certain processing activities

• Right to withdraw consent: Change your mind about data processing

To exercise these rights: Since your data is on your device, you can exercise most rights directly in the app. For questions, contact us at privacy@encephalon.app

6.3 California Privacy Rights (CCPA)

California residents have the right to:

• Know what personal information we collect

• Know whether we sell or share personal information (we don't)

• Opt-out of the sale of personal information (not applicable - we don't sell data)

• Request deletion of personal information

• Non-discrimination for exercising privacy rights

7. Children's Privacy

Encephalon is intended for users aged 13 and older. We do not knowingly collect information from children under 13.

For users aged 13-17:

• Parental consent features are available in the app

• Parents can review and control their child's data usage

• Additional privacy protections are enabled by default

If we become aware that a child under 13 has provided us with personal information, we will delete it immediately.

Parents: If you believe your child under 13 has used our app, please contact us at privacy@encephalon.app

8. International Data Transfers

Encephalon is available globally. Here's what that means for your data:

Primary Storage:

• Your data is stored locally on your device, wherever you are

• No cross-border transfers by default

Cloud Backups:

• If you enable Google Drive backup, data may be stored in Google's data centers

• Data is encrypted before upload

• Google's international data transfer practices apply

Weather API:

• Location data sent to OpenWeatherMap for weather information

• Temporary processing only, not stored

9. Data Retention

Local Data:

• You control how long to keep data

• Default retention: Forever (unless you delete it)

• Configurable in Settings (30 days to 2 years, or forever)

• Automatic deletion based on your retention preference

Backups:

• Retained until you delete them from Google Drive

• Old backups are not automatically deleted

Analytics Data:

• Anonymous analytics: 26 months

• Crash reports: 90 days

10. Cookies and Tracking

We do not use cookies in the Encephalon mobile app.

We do not track you across other apps or websites.

The only "tracking" is:

• Local analytics on your device (if enabled)

• Anonymous, aggregated usage statistics (if enabled)

11. Security Measures

We implement industry-standard security measures:

Technical Measures:

• AES-256 encryption

• Secure local storage

• TLS/SSL for network communications

• Biometric authentication option

• Regular security audits

Organizational Measures:

• Privacy-by-design approach

• Minimal data collection

• No-server architecture

• Regular privacy impact assessments

Your Responsibility:

• Keep your device secure

• Use a strong device passcode

• Enable biometric authentication

• Don't share your device with untrusted persons

12. Changes to This Privacy Policy

We may update this privacy policy from time to time. When we do:

• We'll change the "Last Updated" date at the top

• We'll notify you through the app

• Significant changes will require your consent

• Previous versions available upon request

How to stay informed:

• Check this page periodically

• Enable in-app notifications for policy updates

• Contact us with questions

13. Third-Party Links

Our app may contain links to third-party websites (like crisis hotlines, support resources). We are not responsible for their privacy practices. We encourage you to read their privacy policies.

14. Contact Us

Questions about this privacy policy?

• Email: privacy@encephalon.app

• Support: support@encephalon.app

• Website: https://encephalon.app/privacy

Data Protection Officer: [If you have one, add contact here]

Response time: We aim to respond within 48 hours for privacy inquiries.

15. Your Consent

By using Encephalon, you consent to this privacy policy.

You can withdraw consent anytime by:

• Disabling optional features (analytics, crash reporting)

• Deleting your data

• Uninstalling the app

16. Open Source Transparency

Encephalon is committed to transparency:

• Source code is available for review

• Community audits are welcomed

• Security researchers can report issues

• No hidden data collection

For security disclosures: security@encephalon.app

Summary (Plain Language)

What we believe:

• Your mental health data is deeply personal

• You should control it completely

• Privacy should be the default, not a premium feature

• We make money by providing value, not by selling your data

What this means:

• Your mood data stays on your phone

• We don't see it, we can't access it

• You can export or delete it anytime

• Optional features are clearly marked and can be disabled

• We only collect what's absolutely necessary

• Everything is encrypted

Questions? We're here to help: privacy@encephalon.app