Privacy Policy

last updated · May 1, 2026

selfra is an evening journal that listens, remembers, and grows quieter with you. The text you write to it is the most sensitive piece of data we will ever hold. This policy is the whole story — what we collect, why we collect it, who else touches it, how long we keep it, and what you can ask us to do with it.

Effective date: May 1, 2026.

1. Who we are

“selfra” (the “Service”) is operated by the entity behind selfra (the “Controller”, “we”, “us”). For the purposes of the EU General Data Protection Regulation (GDPR), the UK GDPR, and the Turkish Personal Data Protection Law (KVKK), we act as the data controller of personal data processed through the Service.

Contact: hello@selfra.io. Postal address available on written request.

2. Scope

This policy applies to:

The selfra mobile and web applications, including the progressive web app (PWA) at app.selfra.io.
The marketing website at selfra.io.
Any future native application distributed through the Apple App Store or Google Play.

It does not cover third-party services we link to (their own privacy policies apply), nor any standalone partner products.

3. Data we collect

3.1 Account data

Email address — used for sign-in via email/password or OAuth (Google).
Display name — what you choose during onboarding.
Account creation timestamp and last sign-in time.

3.2 Content you write

Messages — every message you send or receive in the chat, with timestamps.
Extracted events — life events the AI extracts from your messages (e.g., “called my mother on Tuesday”), with date, entities, emotional valence, salience.
Mode classifications — short labels the AI assigns to each turn (e.g., heavy, joyful, numb,tired, crisis) used to adjust how it responds.
Threads / open ends — topics you raised that have not yet closed.
Chapters and arcs — narrative summaries the AI proposes from your accumulated events.
Capsules — letters you write to your future self, stored sealed until their reveal date.
Pinned / forgotten flags — your manual marking of messages or entities as kept or forgotten.

3.3 Settings & preferences

Time zone (so the evening ritual fires at the right local hour).
Your chosen evening hour and reminder preferences.
Push notification token (Apple APNs / Google FCM), if enabled.
Reduced-motion and other accessibility flags.

3.4 Technical data

IP address — recorded in server access logs for security and abuse prevention; retained for thirty (30) days.
User agent (browser / OS) — to render the right variant and diagnose compatibility issues.
Crash and performance diagnostics — only when you opt in via your operating system’s diagnostic settings; never contains message content.

3.5 Derived data

Vector embeddings — 1024-dimensional numerical representations of your messages, used for semantic search inside your own memory. The original text cannot be reconstructed from an embedding alone, but it preserves meaning.
Core preamble — a short weekly summary the AI writes about you, used to keep its responses coherent.
Running summaries — compressed versions of long conversations created when message count or token budget exceeds thresholds.

4. Data we explicitly do not collect

Microphone, camera, photos, video, or screen recording.
Precise device location (GPS) or coarse IP-based geolocation.
Contacts, address book, or social graphs.
Biometric data (fingerprint, face ID, voiceprint).
Advertising identifiers (IDFA, GAID) — we do not advertise.
Health or fitness data from Apple Health or Google Fit.
List of other applications installed on your device.
SMS, calendar, or browsing history.

5. How we use your data

We process your data only for the following purposes:

To run the Service — store your messages, retrieve your memory, generate AI replies, deliver evening rituals, render your timeline.
To remember you — extract events, classify modes, maintain narrative continuity across sessions.
To keep you safe — detect crisis-mode language patterns and surface emergency resources where appropriate.
To respect your settings — honor pinned, forgotten, and fragile-zone markings.
Account management — sign-in, password reset, deletion requests, support correspondence.
Security and fraud prevention — log anomalous requests, rate-limit abusive traffic, comply with lawful requests.
Service improvement — debug aggregated, anonymized metrics (e.g., error rates). We never read your messages for analytics.

We do not use your conversations to train AI models, we do not sell or rent your data to third parties, and we do not show you advertising.

6. Legal basis (GDPR / KVKK)

Under Article 6 of the GDPR and Article 5 of the KVKK, we rely on the following lawful bases:

Contractual necessity — to provide the Service you signed up for. Covers account data, content data, derived memory.
Consent — for push notifications and any optional processing. You may withdraw consent at any time.
Legitimate interest — for security logging, abuse prevention, and minimal diagnostics. Balanced against your fundamental rights and freedoms.
Legal obligation — when we must retain data to comply with applicable law (e.g., financial records).

7. Sub-processors and third-party services

We use the following sub-processors. All are bound by data-processing agreements (DPAs) and Standard Contractual Clauses (SCCs) where data is transferred outside the European Economic Area.

Service	Purpose	Data shared	Region
Clerk	Authentication, session management	Email, name, session metadata	United States
OpenAI (ChatGPT API)	AI replies, fact extraction, mode classification	Relevant message text. Per OpenAI API policy, content is not used to train models.	United States
Voyage AI	Semantic embeddings	Message text → 1024-dim numeric vectors	United States
Hetzner Online GmbH	Application servers, database, file storage	All Service data, encrypted at rest and in transit	Germany (EU)
Apple Push Notification service	Delivering notifications to iOS devices	Device token, notification payload	United States
Google Firebase Cloud Messaging	Delivering notifications to Android devices	Device token, notification payload	United States

We do not engage any other sub-processor without updating this list first.

8. International data transfers

Your primary application data is stored in Germany (EU). Some sub-processors above are based in the United States. Transfers to the US rely on the European Commission's Standard Contractual Clauses (SCC) and, where applicable, the EU–US Data Privacy Framework. Under Article 9 of the KVKK, by using the Service you provide explicit consent to such transfers, with awareness that the recipient jurisdiction may have a different protection regime.

9. Data retention

Category	Retention period
Account data	For the lifetime of the account
Messages, events, memory	Until you delete them
Soft-deleted items	30 days, restorable; then permanently deleted
Server access logs	30 days
Diagnostic / crash data	90 days
After full account deletion	30-day quarantine, after which all personal data is permanently removed from production systems and within 90 days from backups
Records required by law	For the period mandated by applicable law

10. Your rights

Subject to GDPR Articles 15–22 and KVKK Article 11, you have the following rights:

Access — request a copy of your personal data.
Rectification — correct inaccurate data.
Erasure — delete your account and all data tied to it; see Delete Account.
Restriction — limit how we process your data.
Portability — receive your data in a structured, machine-readable JSON export.
Objection — object to processing based on legitimate interest.
Automated decision-making — request human review of mode classifications or other automated decisions affecting you.
Withdraw consent — for any processing we do based on consent.
Lodge a complaint — with your local data protection authority. In Türkiye, the KVKK board: kvkk.gov.tr.

Most rights are self-serve from inside the application (Settings → Account / Privacy). Requests we cannot satisfy through the app may be sent to hello@selfra.io; we respond within 30 days.

11. Children's privacy

selfra is not directed at children under sixteen (16). We do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and believe your child has registered for the Service, contact us and we will delete the account. By creating an account you confirm you are at least 16 years old.

12. Security

All traffic to and from the Service is encrypted via TLS 1.2+.
Production databases reside on encrypted disks; backups are encrypted at rest.
Access to production systems is restricted and audit-logged.
We follow the principle of least privilege for both internal staff and third-party services.
We maintain incident-response procedures and will notify affected users and regulators within 72 hours of confirming any breach involving personal data, in line with Article 33 of the GDPR.

What we do not do: selfra is not end-to-end encrypted. The AI must be able to read your messages on our servers in order to reply, extract memory, and run mode classifiers. If end-to-end encryption is a hard requirement for you, selfra is not the right tool.

13. Sensitive content and crisis safety

Conversations with selfra may touch on emotionally intense topics. A mode classifier flags messages that suggest a crisis state and the AI responds with grounding language and helpline links. The Service is not a substitute for professional mental-health care and is not designed to handle medical emergencies. If you are in immediate danger, contact your local emergency services or a crisis hotline.

Helplines:

Türkiye: 182 (acil sağlık) · 112 (acil çağrı) · YEDAM: 444 49 33
EU: 112 (general emergency) · 116 123 (Samaritans)
USA / Canada: 988 Suicide & Crisis Lifeline
UK: 999 · 116 123 (Samaritans)

14. Cookies and similar technologies

We keep cookie usage minimal — see the Cookie Policy. The marketing site sets no analytics cookies. The application sets a session cookie required for authentication and a small number of necessary first-party cookies for accessibility preferences (e.g., reduced motion).

15. App store privacy disclosures

For Apple App Store “App Privacy” labels and Google Play “Data Safety” labels, the data collected and linked to your identity falls into these categories:

Contact info — email address.
User content — your messages, journal entries, mood data, capsules. Stored for the purpose of providing the Service and personalisation.
Identifiers — internal user ID, device push token.
Usage data — product interaction (e.g., which screens you opened, anonymised aggregated counts).
Diagnostics — crash reports and performance metrics, when you opt in via OS settings.

We do not use any of the above for tracking across apps or websites owned by other companies.

16. Changes to this policy

We may update this policy from time to time. Material changes will be announced at least 30 days in advance via email and an in-app notice; cosmetic edits (typos, broken links) may be made silently. The “last updated” date at the top reflects the most recent change. Continued use of the Service after a change constitutes acceptance of the revised policy.

17. Contact

Questions, requests, or complaints about your data:

Email: hello@selfra.io
Privacy / data protection requests: privacy@selfra.io
See also the contact page.