Mendaria Privacy Policy
Effective date: June 2, 2026
Last updated: June 2, 2026
Mendaria ("Mendaria", "we", "us", "our") provides an AI emotional-wellness
companion application (the "App"). This Privacy Policy explains what information
we collect, how we use it, who we share it with, and the choices you have. The
App is intended only for adults aged 18 and over.
Mendaria is an emotional support and self-care companion. It is **not a medical,
therapy, healthcare, or crisis service**, does not provide medical advice, and
does not diagnose, treat, cure, or prevent any condition. See our Terms of
Service (https://mendaria.com/terms) and the in-app disclaimers.
Scope: this Policy covers the App, our customer support correspondence, and (if
and when launched) the marketing website at mendaria.com. It does not cover
third-party services you reach through links from the App, which have their own
privacy policies.
If you do not agree with this Policy, please do not use the App.
1. Who this Policy applies to
The App is directed exclusively to adults (18+). It is not directed to children,
and we do not knowingly collect personal information from anyone under 18. If we
learn that we have collected information from a person under 18, we will delete
it. See Section 9 (Children).
2. Data Controller
The entity responsible for your personal data is:
- Legal entity: Stellar Byte Technology Corp.
- Jurisdiction of incorporation: the Province of British Columbia, Canada
- Registered address: Stellar Byte Technology Corp., British Columbia, Canada (full mailing address available on request at support@mendaria.com)
- Contact email: support@mendaria.com
For users in the EU/EEA, see Section 12 on whether an EU representative under
GDPR Article 27 has been appointed.
3. Information we collect
We deliberately minimize what we collect. **The App does not require an email
address, phone number, name, or social-login account to use.** When you first
open the App, we create an anonymous account for you (a randomly generated
internal user identifier) so your conversations, memories, and settings persist
across sessions. We do not collect contact details unless you choose to email our
support address.
3.1 Information you provide
| Category | Examples | Sensitivity |
|---|---|---|
| Chat content | The messages you send to your AI companion ("June") and the companion's replies, stored so conversations stay coherent across sessions | Sensitive user content |
| Check-in answers | Onboarding and ongoing check-ins (what brought you to the App, how heavy a moment feels) used to personalize your experience and the companion's responses | Sensitive (health-adjacent) |
| Memory | A small set of summarized facts the companion "remembers" so you do not start over each session; viewable and removable in-app | Sensitive (health-adjacent) |
| Consent records | A record of the consents you give (for example, your consent to third-party AI processing and your 18+ confirmation), including version and timestamp, kept as a compliance audit trail | Standard (compliance) |
| Settings | Basic in-app preferences (for example, a night/quiet display preference) | Standard |
| Support correspondence | The email address and content of any message you send to support | Standard |
We do not ask for, and you should not share, government identification numbers,
financial account numbers, or other highly sensitive identifiers.
3.2 Information collected automatically
| Category | Examples |
|---|---|
| Device / technical information | Device model, OS version, app version, language/locale, and a per-app vendor device identifier (IDFV on iOS) |
| Usage data | Feature usage, session count and duration, in-app events |
| Diagnostics / error data | Crash logs and error reports (which may include your anonymous user identifier and technical error context, but not the content of your chat messages) |
| Purchase data | Subscription status and entitlement (via the App Store / Google Play and our subscription processor; we do not receive your full payment card number) |
We do not use an advertising identifier for cross-app tracking, and we do
not declare "Data Used to Track You" on iOS.
3.3 Information from third parties
Because the App uses an anonymous account, we do not receive an identity,
email, or profile from a social login. From the app stores and our subscription
processor we receive your subscription/entitlement status and store-level
purchase identifiers (not your full payment card number). We do not purchase
personal data from data brokers.
3.4 Special category / sensitive data
Your chat content and emotional inputs may reveal information about your mental
and emotional state. We treat this as sensitive data:
- Under GDPR Article 9, where such data constitutes data concerning health,
we process it only on the basis of your explicit consent (Article 9(2)(a)),
obtained before you begin using the AI companion.
- Under CCPA/CPRA, this is "sensitive personal information"; we use it only to
provide the service you requested and do not use or disclose it for purposes you
have a right to limit.
4. How we use information and lawful basis
For EU/EEA users, each purpose maps to a GDPR Article 6 (and where applicable
Article 9) lawful basis.
| Purpose | What it involves | Lawful basis (GDPR) |
|---|---|---|
| Provide the AI companion | Sending your messages to a third-party AI provider to generate responses (see Section 5) | 6(1)(b) Contract + 9(2)(a) Explicit consent for sensitive content |
| Maintain your account and history | Storing your conversations so you can continue them | 6(1)(b) Contract |
| Personalize the experience | Check-ins, reflections, companion memory | 6(1)(b) Contract |
| Safety and crisis support | Screening messages for self-harm / suicide signals and surfacing crisis resources; logging coarse, content-minimized safety events | 6(1)(f) Legitimate interest (user safety) |
| Manage subscriptions | Verifying entitlement, restoring purchases | 6(1)(b) Contract |
| Improve and debug the App | Crash reporting, aggregate usage analytics | 6(1)(f) Legitimate interest |
| Respond to support requests | Handling your emails | 6(1)(b) / 6(1)(f) |
| Maintain consent and compliance records | Storing your consent choices as an audit trail | 6(1)(c) Legal obligation / 6(1)(f) Legitimate interest |
| Comply with law | Responding to lawful requests | 6(1)(c) Legal obligation |
| Marketing emails (if any) | Product news | 6(1)(a) Consent, opt-in only |
We do not sell your personal information, do not use your chat content to
serve third-party advertising, and do not use your conversation content,
emotional inputs, or any sensitive data to train our own or third parties'
models.
5. Third-party AI processing (core disclosure)
The App is an AI companion. To generate responses, plans, reflections, and
memories, **your messages and check-in answers are transmitted to third-party AI
service providers** that operate the language models powering the App. These
providers currently are OpenAI and Anthropic. This means your chat
content leaves your device and is processed on those providers' systems
(including for safety screening, where OpenAI's content-moderation service is
used to detect crisis signals).
- We obtain your explicit consent before your conversations are first sent to
any third-party AI provider. Consent is requested during onboarding, is not
pre-checked, and is necessary to use the App's core features. You can withdraw
this consent at any time in the App; after withdrawal, the App can no longer
generate AI responses.
- We seek agreements under which providers use your content only to return a
response to us and do not use it to train their general models, subject to
each provider's terms.
Voice features, when enabled (planned for a later version), additionally
transmit reply text to a voice-synthesis provider (ElevenLabs) to produce
spoken replies.
6. How we share information (sub-processors and recipients)
We do not sell your personal information. We share it only with the service
providers (sub-processors) and recipients below, each under contract and only as
needed to run the App:
| Recipient | Role | Purpose | Data shared | Processing location |
|---|---|---|---|---|
| Supabase | Hosting / database / authentication | Store your anonymous account, conversations, memory, consent records | All app data (encrypted in transit and at rest) | United States (East) |
| OpenAI | AI sub-processor | Generate companion responses, embeddings for memory, and safety moderation | Chat content, check-in answers | United States |
| Anthropic | AI sub-processor | Generate companion responses (deeper-context replies) | Chat content, check-in answers | United States |
| RevenueCat | Subscription management | Cross-store entitlement and receipt validation | Purchase identifiers, entitlement status, anonymous user identifier | United States |
| Sentry | Error monitoring | Stability and crash/error diagnostics | Diagnostics, device/technical info, anonymous user identifier and error context (not chat message content) | United States |
| ElevenLabs (when enabled) | Voice synthesis | Spoken replies, when the voice feature is enabled | Reply text | United States |
| Apple App Store / Google Play | App distribution and payment | Distribute the App, process payment and subscriptions | Purchase / entitlement data | Per store |
| Legal / safety recipients | Compliance | Comply with law, enforce the Terms, protect users | As reasonably necessary | As applicable |
We may share aggregated or de-identified information that cannot reasonably be
used to identify you.
7. Data retention and deletion
| Data category | Retention | Deletion |
|---|---|---|
| Account (anonymous identifier) | While your account is active | Deleted on account deletion, subject to legal holds |
| Chat content | While your account is active, or until you delete it | Delete individual conversations in-app; all deleted on data/account deletion |
| Check-in answers / memory | While your account is active | Deleted on data/account deletion; memory removable in-app at any time |
| Consent records | Kept for up to 12 months as a compliance audit trail | Deleted thereafter, subject to legal holds |
| Safety event logs (content-minimized) | Kept for up to 12 months for user-safety and legal purposes | Deleted thereafter, subject to legal holds |
| Diagnostics / crash data | Up to 90 days | Auto-expired |
| Purchase records | As required by tax / accounting law | Per legal retention rules |
You can manage your data from within the App using the "Export my data",
"Delete my data", "Forget everything" (clears the companion's memory), and
"Delete account" controls, or by emailing us. Deleting your data removes your
conversations, memory, and related content; deleting your account additionally
removes your anonymous account record. We action deletion without undue delay and
remove records from routine backups on our standard backup-expiry cycle (up to 90
days), subject to limited legal exceptions.
8. Your rights and choices
8.1 In-app controls (all users)
- Access / export your data ("Export my data");
- Delete specific memories, your data, or your entire account ("Delete my
data" / "Forget everything" / "Delete account");
- Withdraw consent to third-party AI processing in the App at any time;
- manage your subscription through your App Store / Google Play account;
- adjust preferences such as the night/quiet display.
8.2 EU/EEA/UK users (GDPR)
Rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17),
restriction (Art. 18), data portability (Art. 20), objection (Art. 21),
withdrawal of consent at any time (Art. 7(3)), and to lodge a complaint with your
local supervisory authority (Art. 77). We respond within one month (extendable to
three months for complex requests).
8.3 California users (CCPA/CPRA)
Rights to know, access, delete, and correct; data portability; the right to opt
out of "sale"/"sharing" (we do not sell or share personal information as
defined by the CCPA/CPRA); and the right to **limit the use of sensitive personal
information**. We will not discriminate against you for exercising these rights.
8.4 How to exercise
Use the in-app controls where available, or contact us at the address in Section
13. We provide an export of your data in a machine-readable format on request.
Because accounts are anonymous, we may be unable to verify or fulfill a request
that does not come from the device holding your account.
9. Children
The App is for adults aged 18 and over and is not directed to minors. We do not
knowingly collect personal information from anyone under 18 (and do not knowingly
collect from anyone under 13 under COPPA in the US). Under GDPR Article 8 we do
not target the App at minors. The App's age rating on the App Store and Google
Play is set to 18+. If you believe a minor has provided us information, please
contact us so we can delete it.
10. Security
We apply technical and organizational measures appropriate to the sensitivity of
the data, including encryption in transit (TLS) and at rest, row-level access
controls so each account can reach only its own data, restricting sensitive
operations to our secured backend, and vendor due diligence. No method of
transmission or storage is fully secure, and we cannot guarantee absolute
security. Because chat content is sensitive, we encourage you to avoid sharing
information you would not want stored.
11. International transfers
Stellar Byte Technology Corp. is incorporated in Canada, and our AI and
infrastructure providers process data in the United States. For users outside the
United States:
- For EU/EEA/UK users, transfers to non-adequate countries (including the US) rely
on Standard Contractual Clauses (SCC, EU 2021/914) plus supplementary
measures, and/or applicable frameworks (for example, the EU-US Data Privacy
Framework where the recipient is certified).
- Canada benefits from a partial EU adequacy decision for commercial
organizations.
12. Region-specific notes
We monitor our obligations under applicable data-protection laws, including
PIPEDA in Canada (our home jurisdiction), the GDPR for EU/EEA users, and the UK
GDPR for UK users, and will appoint a representative or data protection officer
where required by law. Where an EU or UK representative or a data protection
officer has been appointed, contact details will be provided in Section 13 and in
the App.
13. Contact
- Data controller: Stellar Byte Technology Corp. (Canada)
- Email: support@mendaria.com
- Postal address: Stellar Byte Technology Corp., British Columbia, Canada (full mailing address available on request at support@mendaria.com)
- Complaints (EU/EEA/UK): your local supervisory authority
14. Changes to this Policy
We will post material changes and, where required, seek renewed consent. Minor
changes are reflected by an updated "Effective date" / "Last updated". Your
continued use of the App after an update means you accept the revised Policy.
← Back to Mendaria