Privacy Policy

Last updated: March 14, 2026

1. Who We Are

HarmonyWithin is an AI-powered mental wellbeing companion operated by NoirProtocols. We are committed to protecting your privacy and ensuring your personal information remains secure. Privacy is not just a feature — it is a core design principle.

2. Our Privacy Principles

  • Local-first: Your data stays on your device by default. We never upload conversations, mood data, or journal entries to our servers.
  • Anonymous by design: No account required, no name, no email needed to use the app.
  • Zero AI data retention: Our OpenAI API integration is configured with zero data retention, meaning your messages are not stored by OpenAI and are not used for AI model training.
  • No tracking cookies: We use privacy-friendly analytics that do not track individual users.
  • No data selling: We never sell, share, or monetize your personal data to third parties.

3. What Data We Collect

3.1 Data Stored on Your Device (Local Storage)

The following data is stored exclusively in your browser's localStorage and never leaves your device:

  • AI Chat Conversations: Your full chat history with the AI companion
  • Mood Tracking Data: Mood entries, ratings, and mood history
  • Journal Entries: Personal journal/reflection entries
  • Daily Ritual Data: Morning and evening ritual completions, streaks
  • Exercise Completions: Records of self-help exercises completed
  • Bookmarks: Saved conversation messages
  • App Preferences: Language, theme, and settings

You can delete all local data at any time from Settings > Delete All Data.

3.2 Data Processed by Our Servers

  • AI Messages: When you send a message, it is transmitted to our Cloudflare Worker which forwards it to the OpenAI API for response generation. Messages are processed in transit but not stored on our servers. OpenAI is configured with zero data retention.
  • Anonymous Device Fingerprint: A hashed, anonymized device identifier is used solely for usage tracking (free message count). This cannot be used to identify you personally.
  • Anonymous Analytics: Cloudflare Web Analytics collects anonymized, aggregated traffic data (page views, country) with no personal identifiers and no tracking cookies.

3.3 Data Collected Only If You Choose

  • Email (Optional): If you join our mailing list, we collect your email to send product updates. This is completely optional and not required to use the app.
  • Payment Information: If you purchase Premium, payment is processed by Stripe. We never see or store your credit card details.

4. AI Data Processing

We take your AI conversation privacy very seriously:

  • OpenAI API Zero Data Retention: We use OpenAI's API with the zero data retention policy enabled. This means your messages are processed to generate responses but are not stored by OpenAI and are not used for model training.
  • No Server-Side Logs: Our Cloudflare Workers process messages in transit only. We do not log or store conversation content on our servers.
  • Encryption in Transit: All communication between your device, our servers, and OpenAI is encrypted using TLS/HTTPS.
  • No Conversation Mining: We do not analyze, mine, or profile your conversations for any purpose including advertising, research, or analytics.

5. Analytics & Tracking

We use Cloudflare Web Analytics for basic traffic insights. This is a privacy-first analytics solution:

  • No tracking cookies are used
  • No personal data is collected
  • No cross-site tracking
  • Data is aggregated and anonymized (total page views, countries, browsers)
  • Fully compliant with GDPR, CCPA, and other privacy regulations

We do not use Google Analytics, Facebook Pixel, or any other advertising-based tracking systems.

6. Third-Party Services

We use the following third-party services, each chosen for their privacy and security standards:

  • Cloudflare: Website hosting, CDN, Workers (serverless compute), and privacy-friendly Web Analytics. Cloudflare does not sell user data.
  • OpenAI: AI language model for the chat companion. Configured with zero data retention — messages are processed but not stored or used for training.
  • Stripe: Secure payment processing for Premium subscriptions. PCI-compliant. We never see or store your card details.
  • Resend: Transactional email delivery (activation codes, receipts). Only used when you make a purchase.
  • MailerLite: Email list management for the mailing list only. Only used if you voluntarily subscribe.

7. Data Storage & Security

  • Local Data: Stored in your browser's localStorage. Encrypted at the browser/OS level. Deleted when you clear browser data or use the "Delete All Data" feature.
  • Server Infrastructure: Hosted on Cloudflare's global edge network with enterprise-grade security, DDoS protection, and SSL/TLS encryption.
  • Secrets Management: API keys and sensitive configuration are stored as encrypted Cloudflare Worker secrets, never in source code.
  • Email Data: Mailing list emails are stored with MailerLite using industry-standard encryption.

8. Cookies

We use no tracking cookies. The only cookies used are essential, first-party cookies required for basic website functionality (e.g., theme preference). We do not use third-party advertising or analytics cookies.

9. Your Rights (GDPR / CCPA)

Regardless of your location, you have the following rights:

  • Access: Request information about what data we hold (for most users, this is nothing beyond an optional email address)
  • Deletion: Delete all local data via Settings > Delete All Data. Request removal of your email from our mailing list at any time.
  • Portability: Your local data is accessible in your browser's developer tools
  • Withdraw Consent: Unsubscribe from emails at any time via the unsubscribe link
  • Opt-Out: You can use HarmonyWithin without providing any personal information

To exercise these rights, contact us at info@harmonywithin.bot.

10. Children's Privacy

HarmonyWithin is not intended for users under 13 years of age. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided personal information, please contact us.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify mailing list subscribers of significant changes via email. The "Last updated" date at the top will always reflect the most recent version.

12. Contact Us

For any privacy-related questions or requests, please contact us at:

Email: info@harmonywithin.bot