Privacy & Security
Your privacy and security are fundamental to Hope. We are committed to protecting your data with industry-leading security measures and transparent privacy practices.
Our Privacy Commitment
At Hope, we believe your mental health data is deeply personal and should be treated with the utmost care. We are committed to:
- •Protecting your data with industry-leading encryption and security measures
- •Never selling your personal information to third parties
- •Giving you complete control over your data with export and deletion options
- •Being transparent about what data we collect and how we use it
- •Complying with GDPR, CCPA, and other privacy regulations worldwide
What Data We Collect
Account Information
Email address, username, and password (hashed and encrypted). We use this to create and secure your account.
Profile & Preferences
Your goals, challenges, communication style preferences, and interests. This helps us personalize your experience with Hope.
Therapy Conversations
Your chat messages with Hope are stored securely and encrypted. We use these to provide context-aware responses and improve the AI experience. You can delete conversations at any time.
Journal Entries
Your private journal entries are stored locally on your device and encrypted when synced to our servers. Only you can access your journal entries.
Mood & Activity Data
Mood tracking data, meditation completion, and wellness metrics. This helps generate personalized insights and weekly reports (Premium).
Community Posts (Optional)
Posts you create in community spaces. You can post anonymously if you prefer. You have full control to edit or delete your posts at any time.
Usage Analytics (Optional)
Anonymized usage statistics to improve the app experience. Personal information is removed before analysis. You can opt-out in Privacy Settings.
How We Protect Your Data
End-to-End Encryption
All data transmitted between your device and our servers is encrypted using TLS 1.3 (HTTPS). We enforce HTTPS-only connections in production.
Secure Token Storage
Authentication tokens are stored using platform-specific secure storage (Android: Encrypted SharedPreferences, iOS: Keychain). Tokens are encrypted and never stored in plain text.
Biometric Authentication
Optional fingerprint or face ID authentication adds an extra layer of security to protect your account. Available on supported devices.
API Security
All API requests require authentication via JWT tokens. Server-side requests use API keys. Optional certificate pinning and HMAC signatures provide additional protection.
CORS Protection
Our backend restricts API access to authorized domains only. Unauthorized origins are blocked to prevent cross-site attacks.
Session Management
Automatic session timeout after 30 minutes of inactivity. Sessions are tracked and refreshed securely to prevent unauthorized access.
Data Encryption at Rest
Sensitive data stored in our database is encrypted. Database connections use secure protocols and credentials are stored securely.
Input Validation & Sanitization
All user inputs are validated and sanitized to prevent XSS attacks, SQL injection, and other security vulnerabilities.
Your Privacy Rights
Under GDPR, CCPA, and other privacy regulations, you have the following rights:
Right to Access
You can export all your personal data at any time through the Privacy Settings. The export includes your journal entries, conversations, mood data, and preferences in JSON format.
Right to Rectification
You can update your profile, preferences, and communication style at any time. Changes are reflected immediately in your personalized AI experience.
Right to Erasure
You can delete your account and all associated data permanently. Deletion is immediate and cannot be undone. You can also delete individual conversations, journal entries, or community posts.
Right to Restrict Processing
You can opt-out of analytics, crash reporting, and data collection through Privacy Settings. We respect your choices and will stop processing your data accordingly.
Right to Data Portability
You can export your data in a machine-readable format (JSON) to transfer it to another service or keep a local copy.
Right to Object
You can object to certain processing activities, including personalized advertising (we don't use your data for ads) or automated decision-making (you can disable AI personalization).
AI & Personalization
Hope uses advanced AI personalization to provide you with consistent, supportive responses that adapt to your communication style and preferences over time.
What We Store for Personalization:
- •Communication style preferences (gentle, direct, supportive) - stored based on your explicit choices and inferred patterns
- •Behavioral patterns (e.g., preferred conversation topics, response length preferences) - inferred from your usage with confidence scores
- •Conversation summaries - compact weekly/monthly summaries instead of full message history to optimize context size
- •Long-term goals and focus areas - from your profile and ongoing conversations
What We Don't Store:
- •Full conversation history after summarization - we convert old conversations into compact summaries
- •Sensitive personal or medical details beyond general themes - we focus on patterns, not specific events
- •Emotional states or one-off events - we store patterns and preferences, not individual emotional moments
Your Control:
- •You can disable personalization entirely in your Privacy Settings
- •You can view what personalization is being applied and why through the Explainability feature
- •You can reset inferred patterns while keeping your explicit preferences
- •You can override any inferred preference with explicit settings
- •Personalization data automatically decays over time if not updated (5% per week default), ensuring outdated preferences fade away
Personalization is designed to be structured, enforceable, explainable, and reversible - not implicit, hidden, or uncontrolled.
Questions About Privacy & Security?
If you have questions about our privacy practices, security measures, or want to exercise your privacy rights, please contact us:
Support Email
support@hopementalhealthsupport.xyzWe typically respond to privacy inquiries within 48 hours.