Review the full Privacy Policy below and confirm all dates, contacts, and disclosures before launch.
Effective date: TBD Last updated: TBD
This Privacy Policy explains how Selv-a S.r.l.s. (TBD exact registered name) (“Selv-a”, “we”, “us”) collects, uses, discloses, and protects Personal Data when you access or use our self-awareness and AI-powered wellbeing and self-discovery services (the “Service”).
This Policy applies to processing of Personal Data in connection with:
Personal Data: information relating to an identified or identifiable natural person.
User Content: content you submit to the Service, including prompts, journal entries, answers, mood check-ins, voice inputs, and any files you upload.
Outputs: content returned by the Service, including AI-generated responses, summaries, insights, and suggestions.
Controller: the entity that determines the purposes and means of processing Personal Data.
Processor: a third party that processes Personal Data on behalf of the Controller.
AI Providers: third-party AI model or API providers used to generate Outputs or support safety features (for example OpenAI, Anthropic, Google, DeepSeek).
Selv-a is the Controller for the processing described in this Policy, unless we explicitly state otherwise.
We select Processors and AI Providers, define processing instructions, and implement safeguards proportionate to the risks of the processing.
Certain third parties you interact with directly (for example, when you click a partner offer and leave the app) act as separate controllers for their services under their own privacy policies.
Company legal name: Selv-a S.r.l.s. (TBD exact registered name)
Registered office: TBD
Support email: TBD
Privacy email (rights requests): TBD
DPO: We will appoint and publish a Data Protection Officer contact if required by law or if we choose to do so. If appointed, DPO contact details will appear here.
This summary does not replace the full Policy.
We process your inputs to provide the Service and generate Outputs.
We use vendors for hosting, analytics, security, communications, and AI processing.
We may use certain data to improve the Service (for example QA, debugging, and safety improvements). Where we offer opt-outs for non-essential improvement uses, we will honor them.
Depending on the AI Provider and configuration, data sent to that provider may be used to improve that provider’s models under their terms. We explain this in Chapter 7.
We display ads and partner placements inside Selv-a using first-party signals within the app. We do not share user identifiers with advertisers for cross-site or cross-app tracking.
You can access, export, and delete your data, and control marketing preferences and certain optional processing.
Personal Data may be processed outside the EEA/UK depending on vendor location, with safeguards where required.
IP address, approximate region derived from IP, timestamps, and log files.
mobile advertising ID (IDFA/AAID) where enabled by the operating system and where we use it for measurement, fraud prevention, or frequency capping. We do not share this identifier with advertisers for cross-app or cross-site advertising.
Apple or Google authentication claims (for example stable account identifier and email relay where provided).
subscription status, purchase confirmations, renewal status, refunds, chargeback or fraud flags. We generally do not receive your full payment card number when you pay through Apple or Google.
campaign source information and aggregated measurement data, where used.
If you use Face ID (or a similar device feature), the biometric authentication is performed on your device by the operating system provider. Selv-a does not receive your Face ID biometric template. We receive only an authentication result (for example a success token) through the relevant device authentication flow.
We do not collect wearable heart rate or similar health sensor data at this time.
We do not intentionally use voice recordings to uniquely identify you (biometric identification) unless we explicitly introduce such a feature in the future and request any required consents and provide additional notices.
We use Personal Data for the following purposes:
We do not share raw journal entries or raw User Content with advertisers.
You are responsible for the content you submit and for ensuring it does not violate laws or third-party rights.
Where the GDPR applies, we rely on the following legal bases:
Processing necessary to provide the Service and core functionality, including account management and generating Outputs.
Processing for security, fraud prevention, service analytics, quality assurance, service improvement, and first-party advertising and partner placements within Selv-a, subject to balancing tests and opt-outs where applicable.
Processing where we present you with a consent choice, such as:
Processing necessary to comply with legal obligations (for example accounting, tax, and responding to lawful requests).
Some User Content may include special category data (for example, information that reveals health-related or mental wellbeing information). Where we process special category data:
you may withdraw that consent at any time, which will not affect processing already performed and may limit certain features that require that data.
If you do not want us to process special category data, do not submit it through the Service.
Selv-a includes AI-powered features. We inform users when they are interacting with AI systems and when content is generated by AI, where required or appropriate.
To generate Outputs and operate safety checks, we may send to AI Providers:
Important: User Content may include Personal Data if you enter it. Do not include sensitive information you do not want processed.
Where feasible, we reduce direct identifiers in data sent to AI Providers (for example removing an email address or account ID from payload fields). However:
“de-identified” does not necessarily mean “anonymous” under applicable laws, especially for rich text.
We treat such data as potentially personal and apply safeguards accordingly.
We may use User Content and interaction data to:
Controls: Where implemented, we provide settings to opt out of certain non-essential internal improvement uses. Opt-out does not affect processing necessary to provide core Service features or to maintain safety and security.
Depending on the AI Provider used and the contractual and technical configuration in place at the time, data sent to the provider (inputs and or Outputs) may be used by that provider to improve its models under its own terms.
We do not promise that third parties cannot attempt re-identification unless and until we have strong, specific contractual and technical guarantees supporting that claim.
We may review User Content and Outputs:
Human review is limited to trained personnel and vendors bound by confidentiality, with logged access and least-privilege controls.
Selv-a uses first-party targeting and personalization within the app. We do not share user identifiers with advertisers for cross-site or cross-app tracking.
Advertisers and partners may:
We may measure ad performance using aggregated event reporting, frequency capping, and anti-fraud signals. We avoid sending raw User Content to advertisers.
We may share Personal Data with:
To generate Outputs and perform safety processing as described in Chapter 7.
Apple and Google for authentication.
To confirm subscription status, purchases, and related billing events.
Lawyers, auditors, insurers, and consultants, where necessary.
Where required by law, court order, or where necessary to protect rights, safety, and security.
Potential investors, acquirers, merger partners, and their advisors under confidentiality and with appropriate safeguards.
We may create and license aggregated insights and reports, and may also create and license de-identified datasets or models trained on datasets, for research, product analytics, or advertising measurement purposes, subject to safeguards. We do not sell raw journal entries or raw free-text User Content as-is to advertisers.
If and where the applicable law grants you an opt-out or similar control over such disclosures, we will provide it.
We require vendors to process Personal Data under written agreements and implement appropriate technical and organizational safeguards.
Because we use global vendors and AI Providers, Personal Data may be processed outside the EEA or UK. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) and, where necessary, supplementary measures. Transfer locations may vary depending on the vendor or AI Provider used.
Selv-a is not an emergency service and is not a suicide prevention hotline.
If our safety systems detect content that may indicate risk of self-harm, we may:
We do not guarantee that we will detect any particular risk or that any intervention will occur.
We generally do not contact third-party hotlines or authorities as part of the Service. If we ever implement a feature that contacts third parties in limited scenarios, we will do so only where lawful, proportionate, and operationally reliable, and we will update this Policy before or when that feature is introduced.
We retain Personal Data only as long as necessary for providing the Service, maintaining security, complying with legal obligations, resolving disputes, and enforcing agreements.
Account data: retained until you delete your account, then deleted or anonymized within 30 days, unless retention is required for legal claims, fraud prevention, or compliance.
User Content and stored history: retained until you delete it or delete your account. After account deletion, deleted or anonymized within 30 days, subject to the limitations below.
Backups: may retain data for up to 90 days after deletion due to backup cycles.
Security logs and access logs: retained for 12 months (up to 24 months for high-risk security events).
Crash logs and diagnostics: retained for 6 months.
Support tickets and customer communications: retained for 24 months after closure.
Accounting and tax records (payments, invoices, subscription records): retained for 10 years where required by applicable law.
Marketing suppression lists (unsubscribe records): retained as necessary to honor your opt-out, typically 5 years, unless law requires otherwise.
If data has been incorporated into aggregated analytics, security records, or model evaluation results, complete removal may not be technically feasible.
Where deletion cannot be fully applied, we will apply reasonable measures to remove direct identifiers and restrict further use.
We use technical and organizational measures appropriate to risk, including:
Limitations: Full end-to-end encryption is not compatible with typical AI processing workflows for all features, because content must be processed to generate Outputs.
Depending on your jurisdiction, you may have rights to:
Export: you can export stored data where the feature is available.
Deletion: you can delete your profile and request account deletion.
Marketing preferences: unsubscribe links in newsletters and in-app controls where available.
Advertising preferences: where required, we provide an opt-out of targeted advertising within Selv-a.
Submit requests to: Privacy Email: TBD. We may request additional information to verify your identity and protect your account.
The Service is intended for users 16 years and older. We do not knowingly allow users under 16 to create accounts.
If we decide to allow access for minors aged 14 or 15 in specific regions in the future, we will implement region-specific age gates and parental authorization mechanisms where required by law and update this Policy accordingly.
We may update this Policy from time to time. If changes are material, we will provide notice (for example by email or in-app notice) before they take effect where required.
Support: TBD
Privacy: TBD
If you are in the EEA or UK, you may lodge a complaint with your local data protection authority. In Italy, you may lodge a complaint with the Garante per la protezione dei dati personali.