Privacy Policy
Last Updated: April 2, 2026
PRIVACY POLICY
Last Updated: April 2, 2026
ColdAI LLC ("Company," "we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Frida mobile application ("App") and related services.
By using the App, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the App.
1. INFORMATION WE COLLECT
1.1 Information You Provide Directly
(a) Account Information: When you register for an account, we collect your name, email address, and password. You may optionally provide your birthday.
(b) Onboarding Data: During the clinical onboarding process, we collect information about your mental health history, current symptoms, medication status, sleep patterns, support system, and other wellness-related data that you voluntarily provide.
(c) Health and Wellness Data: Through your use of the App, we collect data you choose to enter, including but not limited to:
• Mood entries (mood type, intensity, notes, timestamps)
• Sleep logs (hours, quality, bedtime, wake time)
• Symptom tracking (paranoia, anxiety, hallucinations, and other symptoms)
• Medication logs (medication names, dosages, adherence records)
• Journal entries (text content, photos you attach)
• Nutrition logs (meals, calories, notes)
• Weight measurements
• Workout logs (type, duration, intensity)
• Substance use logs (substance type, amount, notes)
• Routine plans and task completion data
• Check-in data (daily mood, overall feeling)
• Psychosis self-assessment responses and scores
(d) Care Team Information: Names, roles, phone numbers, email addresses, websites, physical addresses, and photos of your healthcare providers and contacts that you choose to enter.
(e) Crisis Safety Plan: Warning signs, coping strategies, trusted contacts, professional contacts, and safe environment steps that you enter into your personalized safety plan.
(f) Goals: Personal recovery goals, milestones, descriptions, and progress data.
(g) Appointment Data: Provider names, locations, dates, times, durations, and notes for appointments you track.
(h) AI Chat Conversations: Messages you send to and receive from the Frida AI companion.
1.2 Information Collected Automatically
(a) Device Information: Device type, operating system version, unique device identifiers, and app version.
(b) Usage Data: App interaction data, feature usage patterns, session durations, and navigation paths.
(c) Log Data: Error logs, crash reports, and performance metrics.
(d) Subscription Data: Subscription status, plan type, and transaction identifiers (processed through RevenueCat and the respective App Store).
1.3 Information from Third Parties
(a) App Store Data: Purchase and subscription information from Apple App Store or Google Play Store.
(b) RevenueCat: Subscription management data including entitlement status and billing period information.
2. HOW WE USE YOUR INFORMATION
2.1 Primary Purposes
(a) Service Delivery: To provide, maintain, and improve the App's features and functionality, including mood tracking, health logging, AI companion conversations, and crisis support resources.
(b) Account Management: To create and manage your account, authenticate your identity, and maintain your session.
(c) Data Synchronization: To sync your data across devices and sessions using our secure backend infrastructure.
(d) Personalization: To personalize your experience based on your onboarding selections, usage patterns, and preferences.
(e) AI Companion: To process your messages and generate appropriate supportive responses from the Frida AI companion.
2.2 Secondary Purposes
(a) Service Improvement: To analyze usage patterns in aggregate to improve the App's features, user interface, and overall experience.
(b) Safety and Security: To detect and prevent fraud, abuse, security threats, and technical issues.
(c) Communications: To send you important service-related notices, including security alerts, Terms updates, and account notifications. We will not send marketing communications without your explicit consent.
(d) Research: To conduct anonymized, aggregated research to improve mental health support tools. Individual data is never used in research without explicit consent and appropriate ethical review.
(e) Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
3. DATA STORAGE AND SECURITY
3.1 Storage Infrastructure. Your data is stored on secure PostgreSQL databases hosted on Replit's infrastructure. Data is encrypted in transit using TLS/SSL protocols.
3.2 Password Security. Your password is hashed using the scrypt algorithm before storage. We never store passwords in plaintext. We cannot retrieve your password — only reset it.
3.3 Session Management. Authentication uses secure session tokens stored locally on your device. Tokens are validated against our database on each app launch.
3.4 Local Caching. For offline access and performance, some data is cached locally on your device using AsyncStorage. This cache is supplementary to the server-stored data.
3.5 Security Measures. We implement industry-standard security measures including: (a) encrypted data transmission; (b) secure password hashing; (c) session token authentication; (d) regular security assessments; (e) access controls limiting employee access to user data.
3.6 Security Limitations. While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.
4. DATA SHARING AND DISCLOSURE
4.1 We Do Not Sell Your Data. We do not sell, rent, or trade your personal information to third parties for marketing purposes.
4.2 Service Providers. We may share data with trusted third-party service providers who assist us in operating the App, including:
• OpenAI: For processing AI companion conversations (messages are sent to OpenAI's API for response generation). OpenAI's data usage policies apply to this processing.
• RevenueCat: For subscription and payment management.
• Replit: For hosting and infrastructure services.
4.3 Legal Requirements. We may disclose your information if required to do so by law or if we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent fraud or address security issues; (d) protect the personal safety of users or the public.
4.4 Business Transfers. In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.
4.5 Aggregated Data. We may share anonymized, aggregated data that cannot be used to identify you for research, analytics, or business purposes.
5. YOUR RIGHTS AND CHOICES
5.1 Access and Portability. You have the right to access the personal data we hold about you. You can view your data within the App at any time.
5.2 Correction. You can update your account information (name, email, birthday) through the App's Settings screen.
5.3 Deletion. You can delete your account and associated data through the App's Settings screen. Upon deletion: (a) your account will be permanently deactivated; (b) your personal data will be deleted from our servers within 30 days; (c) backups containing your data will be purged within 90 days; (d) aggregated, anonymized data may be retained.
5.4 Data Minimization. We only collect data that is necessary for the App's functionality. You can choose which features to use and what data to enter.
5.5 Withdrawal of Consent. You may withdraw your consent to data processing at any time by deleting your account. Note that withdrawing consent may impact your ability to use the App.
6. CHILDREN'S PRIVACY
6.1 The App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.
6.2 Users between 13 and 17 may use the App only with parental or guardian consent and supervision.
6.3 If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly.
7. SENSITIVE HEALTH DATA
7.1 Nature of Data. We recognize that much of the data collected through the App constitutes sensitive health information, including mental health status, medication usage, symptom records, and substance use logs.
7.2 Enhanced Protections. Sensitive health data receives enhanced security protections, including: (a) encrypted storage; (b) strict access controls; (c) no sharing with third parties for marketing; (d) no use in advertising profiles.
7.3 Your Control. You maintain full control over your health data. You choose what to log, when to log it, and can delete entries at any time.
7.4 AI Processing. When you interact with the Frida AI companion, your messages (which may contain health information) are processed by OpenAI's API to generate responses. These messages are transmitted securely and are subject to OpenAI's data processing agreements and privacy policies.
8. COOKIES AND TRACKING
8.1 The App does not use traditional web cookies. However, we use local storage mechanisms (AsyncStorage) on your device to maintain your session and cache data for offline access.
8.2 We do not use third-party advertising trackers or analytics SDKs that create advertising profiles.
8.3 Basic usage analytics may be collected to understand feature adoption and improve the App.
9. INTERNATIONAL DATA TRANSFERS
9.1 Your data may be processed and stored in the United States, regardless of your location. By using the App, you consent to the transfer of your data to the United States.
9.2 If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdiction with data protection laws, you acknowledge that the United States may not provide the same level of data protection. We rely on appropriate safeguards for such transfers.
10. DATA RETENTION
10.1 Active Accounts. We retain your data for as long as your account is active and as needed to provide you with the Service.
10.2 Deleted Accounts. Upon account deletion, personal data is deleted within 30 days from primary systems and within 90 days from backup systems.
10.3 Legal Requirements. Some data may be retained longer if required by law, regulation, or legal proceedings.
10.4 Anonymized Data. Anonymized, aggregated data that cannot identify you may be retained indefinitely for research and service improvement.
11. CALIFORNIA RESIDENTS (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
• Right to Know: You can request information about the categories and specific pieces of personal data we have collected.
• Right to Delete: You can request deletion of your personal data, subject to certain exceptions.
• Right to Opt-Out: We do not sell personal data, so the right to opt-out of sale does not apply.
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise these rights, contact us at shayan@coldai.org.
12. EUROPEAN RESIDENTS (GDPR)
If you are located in the EEA or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):
• Legal Basis: We process your data based on: (a) your consent; (b) performance of our contract with you; (c) our legitimate interests; (d) legal obligations.
• Data Protection Officer: For GDPR-related inquiries, contact our Data Protection Officer at shayan@coldai.org.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.
• Additional Rights: Right to restriction of processing, right to data portability, right to object to processing.
13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. We will notify you of material changes through the App or via email. The "Last Updated" date at the top of this Privacy Policy indicates when it was last revised. Your continued use of the App after changes are posted constitutes your acceptance of the updated Privacy Policy.
14. CONTACT US
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
ColdAI LLC
Email: shayan@coldai.org
Support: shayan@coldai.org