Privacy Policy

Last Updated: January 24, 2026 Effective Date: January 24, 2026 Version: 1.0

---

1. Introduction

AES VC ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use the Serenity AI mobile application (the "Service" or "App").

By using Serenity AI, you consent to the data practices described in this Privacy Policy.

This Privacy Policy applies to all users of Serenity AI, regardless of location. It complies with:

• General Data Protection Regulation (GDPR) - European Union
• Lei Geral de Proteção de Dados (LGPD) - Brazil
• California Consumer Privacy Act (CCPA) - California, USA
• Ley Federal de Protección de Datos Personales en Posesión de los Particulares - Mexico

---

2. Information We Collect

2.1 Information You Provide Directly

Account Information:
• Name (from social login or manual entry)
• Email address
• Avatar selection (pre-defined options)
• Age or date of birth (for parental consent verification)
• Authentication data (from Apple Sign-In or Google OAuth)
Conversations and Interactions:
• Chat messages you send to the AI
• Voice conversation transcripts (audio is processed and transcribed, not permanently stored)
• Responses generated by the AI
Wellness Data:
• Daily mood check-ins (mood level, energy level)
• Wellness exercise completion data
• Journaling entries (if feature is used)
• User preferences and settings
User-Uploaded Content:
• Profile photos or images you upload
• Any other content you choose to share through the Service

2.2 Information Collected Automatically

Usage Data:
• App features you use and how you interact with them
• Session duration and frequency
• Timestamps of interactions
• Navigation patterns within the App
Device Information:
• Device type, model, and operating system
• Device identifiers (IDFA, Android ID, or similar)
• App version and build number
• Language and timezone settings
• Mobile carrier information
Technical Data:
• IP address (used to determine approximate location for crisis resources)
• Browser type (if accessing via web)
• Crash logs and error reports
• Performance metrics

2.3 Location Data

Current: We collect IP-based location to provide country-specific crisis resources. Future: We may request permission to access precise location data to:
• Recommend nearby mental health resources
• Provide location-based wellness recommendations
• Improve crisis support features

You can control location permissions through your device settings. Denying location access will not affect core app functionality but may limit certain features.

2.4 Information From Third Parties

Authentication Providers:
• Apple Sign-In: Name, verified email (if provided)
• Google OAuth: Name, email, profile picture (if granted)
Payment Processors:
• Apple App Store or Google Play Store provide subscription status and transaction information (we do not receive your payment card details)

---

3. How We Use Your Information

We use your information for the following purposes:

3.1 Provide and Improve the Service

• Deliver AI-powered conversations: Process your messages to generate personalized responses
• Personalization: Tailor content, exercises, and recommendations based on your preferences and usage patterns
• Track progress: Monitor mood trends, exercise completion, and wellness journey
• Customer support: Respond to your inquiries and resolve technical issues
• Service optimization: Improve AI accuracy, fix bugs, and enhance features

3.2 Safety and Security

• Crisis detection: Analyze conversations for keywords indicating mental health crises
• Abuse prevention: Detect and prevent fraudulent, illegal, or harmful activity
• Account security: Protect against unauthorized access and security threats

3.3 AI Training and Development

• Improve AI models: Use anonymized and aggregated conversation data to enhance AI responses
• Research and development: Develop new features and wellness interventions
Important: When we use your data for AI training:
• We anonymize and aggregate the data so individual users cannot be identified
• We do NOT share your personally identifiable conversations with third parties for commercial purposes
• You may opt out of having your data used for AI training (see Section 8: Your Privacy Rights)

3.4 Communication

• Service updates: Notify you of new features, changes, or important announcements
• Support messages: Respond to your inquiries
• Marketing (with consent): Send promotional content about Serenity AI or related wellness services (you can opt out anytime)

3.5 Legal and Compliance

• Comply with laws: Meet legal obligations, respond to lawful requests from authorities
• Enforce Terms: Enforce our Terms of Service and other policies
• Protect rights: Defend our legal rights and prevent harm

3.6 Analytics and Business Operations

• Usage analytics: Understand how users interact with the App
• Business intelligence: Analyze trends, measure performance, and inform business decisions
• A/B testing: Test new features and improvements

---

4. How We Share Your Information

4.1 Service Providers (Third-Party Vendors)

We share your information with trusted third-party service providers who assist us in operating the Service:

| Provider | Purpose | Data Shared |

|----------|---------|-------------|

| Supabase | Database, authentication, storage | Account info, conversations, wellness data |

| Anthropic (Claude AI) | AI chat responses | Anonymized conversation context |

| ElevenLabs | Voice AI and transcription | Voice audio (temporarily), transcripts |

| LiveKit | Voice infrastructure (WebRTC) | Voice session data (not stored permanently) |

| Analytics providers | App usage analytics | Device info, usage patterns (anonymized) |

These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.

4.2 AES VC Ecosystem Data Sharing

AES VC operates multiple applications under the A100E publisher brand. When you use the same login across AES VC applications, we share the following data between our apps to provide a unified experience:
• Account information (name, email, avatar)
• User preferences and settings
• Subscription status
• Usage analytics (for personalization across apps)
You control this: You can manage app connections and limit data sharing in your account settings. However, limiting sharing may reduce functionality across the AES VC ecosystem.

4.3 Aggregated and Anonymized Data

We may share anonymized, aggregated data that cannot identify you individually with:

• Research partners (e.g., mental health research institutions)
• Commercial partners (for insights into wellness trends)
• Investors and business partners (for business analytics)
We do NOT sell your personally identifiable information. Any data shared is stripped of identifying information.

4.4 Business Transfers

If AES VC is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity. We will notify you of any such change and how it affects your data.

4.5 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders or legal processes
• Government or regulatory requests
• Protection of our rights, property, or safety
• Prevention of fraud, abuse, or illegal activity
• Emergency situations involving imminent harm

4.6 With Your Consent

We may share your information for other purposes with your explicit consent.

---

5. Data Retention

5.1 Active Account

• Conversations, mood check-ins, and wellness data: Retained until you delete them or delete your account
• Account information: Retained while your account is active

5.2 Deleted Data

• User-initiated deletion: When you delete messages, exercises, or other content, they are moved to a 30-day recovery period (similar to a "trash" or "recently deleted" folder)
• After 30 days: Data is permanently and irreversibly deleted from our servers

5.3 Account Deletion

When you delete your account:

• All personal data is permanently deleted within 30 days
• Some data may be retained longer if required by law (e.g., financial transaction records for tax purposes)

5.4 Legal and Security Data

Certain data may be retained longer for legal, security, or fraud prevention purposes:

• Logs of suspicious activity
• Legal hold data (if involved in litigation)
• Financial transaction records (as required by tax law)

---

6. Data Security

6.1 Security Measures

We implement industry-standard security practices to protect your data:

• Encryption in transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
• Encryption at rest: Sensitive data is encrypted in our databases
• Access controls: Limited employee access to personal data on a need-to-know basis
• Regular security audits: Periodic reviews and penetration testing
• Secure infrastructure: Hosted on SOC 2 compliant platforms (Supabase)

6.2 No Absolute Security

However, no system is 100% secure. We cannot guarantee absolute security of your data. You use the Service at your own risk. In the event of a data breach affecting your information, we will notify you as required by applicable law.

6.3 Your Responsibility

You are responsible for:

• Keeping your account credentials secure
• Using strong passwords
• Not sharing your account with others
• Reporting suspicious activity immediately

---

7. Children's Privacy (COPPA Compliance)

7.1 Minimum Age Requirement

Serenity AI is intended for users aged 13 and older.

We do NOT knowingly collect personal information from children under 13. If you are under 13, do not use the Service or provide any personal information.

7.2 Parental Consent for Ages 13-17

Users aged 13-17 must have verifiable parental consent to use Serenity AI.

For parents/guardians:
• You may review, edit, or delete your child's data
• You may request that we stop collecting your child's information
• You may revoke consent and delete the account at any time
• Contact us at info@serenityapp.ai for assistance

7.3 If We Discover Underage Users

If we learn that we have collected information from a child under 13 without proper parental consent, we will:

• Immediately delete the account
• Permanently remove all associated data
• Notify the registered email address (if applicable)

---

8. Your Privacy Rights

Your rights vary depending on your location, but generally include:

8.1 Right to Access

You have the right to request a copy of the personal data we hold about you.

How to exercise: Go to Settings > Privacy > Download My Data, or email info@serenityapp.ai

8.2 Right to Rectification

You have the right to correct inaccurate or incomplete personal data.

How to exercise: Update your information directly in the App settings, or contact info@serenityapp.ai

8.3 Right to Deletion (Right to Be Forgotten)

You have the right to request deletion of your personal data.

How to exercise: Go to Settings > Account > Delete Account, or email info@serenityapp.ai

Note: Some data may be retained as described in Section 5 (Data Retention) for legal or security reasons.

8.4 Right to Data Portability

You have the right to receive your data in a structured, commonly used, machine-readable format.

How to exercise: Request a data export via Settings > Privacy > Download My Data

8.5 Right to Object

You have the right to object to certain data processing activities, including:

• Use of your data for AI training (opt-out available in Settings)
• Marketing communications (unsubscribe link in emails)
• Automated decision-making (not currently used in Serenity AI)

8.6 Right to Restrict Processing

You have the right to request that we limit how we use your data in certain circumstances.

How to exercise: Contact info@serenityapp.ai with your specific request

8.7 Right to Withdraw Consent

Where we rely on your consent to process your data, you may withdraw consent at any time.

How to exercise: Adjust settings in the App or contact info@serenityapp.ai

8.8 Right to Lodge a Complaint

If you believe your privacy rights have been violated, you may lodge a complaint with:

• EU/EEA: Your local Data Protection Authority
• Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
• California: California Attorney General's Office
• Mexico: Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)

8.9 Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: info@serenityapp.ai or info@serenityapp.ai
• In-App: Settings > Privacy & Security

We will respond to your request within 30 days (or as required by applicable law). We may request verification of your identity before processing your request.

---

9. International Data Transfers

9.1 Global Operations

AES VC is based in Mexico, but we use service providers located in various countries, including:

• United States (Supabase, Anthropic, ElevenLabs)
• European Union (LiveKit servers)

Your data may be transferred to, stored, and processed in countries outside your country of residence.

9.2 Safeguards for International Transfers

When we transfer data internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): EU-approved contracts with data processors
• GDPR compliance: Service providers committed to GDPR standards
• Adequate protection mechanisms: As required by LGPD, CCPA, and other privacy laws

9.3 Your Consent

By using Serenity AI, you consent to the transfer of your information to countries outside your residence, including countries that may have different data protection laws.

---

10. Cookies and Tracking Technologies

10.1 What We Use

Serenity AI uses minimal tracking technologies:

• Essential cookies: For authentication and session management (required for the App to function)
• Analytics: To understand app usage patterns (anonymized)
• Crash reporting: To identify and fix bugs

10.2 Third-Party Analytics

We may use third-party analytics services (e.g., Firebase Analytics, Sentry) that use cookies or similar technologies. These services collect anonymized usage data.

10.3 Your Control

• Mobile App: You can reset your advertising identifier or limit ad tracking in your device settings
• Web (if applicable): You can manage cookies through your browser settings

We do NOT use advertising cookies or sell your data to advertisers.

---

11. Do Not Sell My Personal Information (CCPA)

We do NOT sell your personal information as defined by the California Consumer Privacy Act (CCPA).

We may share anonymized, aggregated data that cannot identify you individually, but this does not constitute a "sale" under CCPA.

If our practices change, California residents will have the right to opt out of any sale of personal information.

---

12. Changes to This Privacy Policy

12.1 Right to Modify

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

12.2 Notification of Changes

When we make changes:

• We will update the "Last Updated" date at the top of this document
• For material changes, we will provide at least 30 days' advance notice via:

- Email to your registered address

- In-app notification

- Prominent notice on our website or app

12.3 Your Acceptance

Your continued use of Serenity AI after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

If you do not agree to the updated Privacy Policy, you must stop using the Service and may delete your account.

12.4 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

---

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

General Inquiries:

Email: info@serenityapp.ai

Privacy/Legal Inquiries:

Email: info@serenityapp.ai

Data Protection Officer (if applicable):

Email: dpo@serenityapp.ai

Mailing Address:

AES VC

Published by: A100E

Mexico

Response Time:

We aim to respond to all inquiries within 30 days.

---

14. Additional Regional Information

14.1 For European Union Users (GDPR)

Legal Basis for Processing:

We process your data based on:

• Consent: You consent to our data practices by using the Service
• Contract: Processing is necessary to provide the Service you requested
• Legitimate interests: Improving our Service, fraud prevention, and security
Your EU Rights:

All rights listed in Section 8 apply. You also have the right to lodge a complaint with your local Data Protection Authority.

Data Controller:

AES VC acts as the data controller for your personal data.

14.2 For Brazil Users (LGPD)

Legal Basis for Processing:
• Consent (consentimento)
• Execution of contract (execução de contrato)
• Legitimate interests (legítimo interesse)
Your LGPD Rights:

All rights listed in Section 8 apply. You may also lodge a complaint with ANPD (Autoridade Nacional de Proteção de Dados).

Data Controller:

AES VC is the data controller (controlador de dados).

14.3 For California Users (CCPA/CPRA)

Categories of Personal Information Collected:
• Identifiers (name, email, device ID)
• Commercial information (subscription status)
• Internet or network activity (usage data)
• Geolocation data (IP-based location)
• Inferences (wellness preferences, mood patterns)
Your California Rights:
• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of sale (we do not sell your data)
• Right to non-discrimination for exercising your rights

Authorized Agent:

You may designate an authorized agent to make requests on your behalf. Contact info@serenityapp.ai

14.4 For Mexico Users

Ley Federal de Protección de Datos Personales:

You have the right to Access, Rectification, Cancellation, and Opposition (ARCO rights).

Exercise ARCO Rights:

Contact info@serenityapp.ai or info@serenityapp.ai

---

By using Serenity AI, you acknowledge that you have read, understood, and agree to this Privacy Policy.

---

© 2026 AES VC / A100E. All rights reserved.