Privacy Policy
How Onsen collects, uses, and protects your personal data.
Effective: 1 April 2026 | Version: 2.1
We built Onsen to help you take care of your mental health. That means you trust us with some of the most personal things you'll ever write down — your thoughts, your feelings, your reflections on life. We don't take that lightly.
This policy explains exactly what we do with your data, in plain language, with nothing hidden. If something isn't clear, email us at privacy@onsenapp.com and we'll explain it.
Our commitments to you:
- No one at Onsen reads your journal entries or conversations — unless you ask us to for support, or our safety systems flag content that may indicate someone is at risk of harm.
- We do not sell your personal data.
- Your data is not used by our AI providers to train their models. We may use anonymised data to improve our own AI.
- You can delete everything at any time.
At a glance
Here are the answers to the questions most people have.
Is my journal private?
Yes — your journal entries are encrypted and private to you. No one at Onsen reads them unless you ask us to for support, or our safety systems flag a concern. The AI processes your entries to personalise your experience, but that's automated and stays within your account. → Read more
Can anyone at Onsen read what I write?
Not unless you ask us to. Your content is processed by AI, not people. The only exceptions are if you ask us to look at your data for support, or if our safety systems flag something that may indicate risk of harm. → Read more
Is my data used to train AI?
Not by our AI providers. Under their API terms, OpenAI and Google do not use your data to train their models. We may use anonymised, de-identified data to improve Onsen's own AI systems — but nothing identifiable. → Read more
What happens if I delete my account?
Your access is removed immediately. Your login identity is deleted straight away, and all your personal data is erased within 30 days. This is irreversible. → Read more
Does the AI remember what I tell it?
Yes, through your journal entries. Onsen extracts themes, people, and patterns from what you write and uses that to personalise future conversations. This memory is completely private to your account. → Read more
Who do you share my data with?
Only the services we need to run Onsen — cloud hosting, AI providers, analytics, push notifications, and email. We do not sell your personal data. → Read more
Where is my data stored?
Our primary database is in Ireland (AWS eu-west-1). Some services like OpenAI and Amplitude process data in the US, protected by standard transfer agreements. → Read more
Can I get a copy of my data?
Yes. Email privacy@onsenapp.com and we'll provide a copy within 30 days. → Read more
What if I'm under 18?
You need to be at least 18 to use Onsen. We verify this during signup by collecting your date of birth. → Read more
How do I contact you about privacy?
Email privacy@onsenapp.com. We aim to respond within 30 days but usually much sooner. → Read more
What we collect
We collect only what we need to provide the service. Nothing more.
Your account
When you sign up, we collect your first name, last name, email address, and date of birth. Your name is used to personalise greetings and conversations. Your date of birth confirms you're at least 18.
This is the minimum we need to create your account. You can delete it at any time.
Your conversations and journal
When you chat with Onsen or write journal entries, we store that content so the AI can reference it later and give you more relevant, personalised responses over time. This includes chat messages, journal entries, and any content you create during guided experiences.
Your conversations and entries are stored so the AI can remember what matters to you. No one at Onsen reads them unless you ask us to for support, or our safety systems flag a concern.
Voice recordings
If you use voice input, your speech is sent to OpenAI for transcription. The audio is processed in real time and discarded immediately. Neither Onsen nor OpenAI stores the recording — only the transcribed text is kept.
Your voice recordings are never saved — they're converted to text and immediately discarded.
AI-generated content
Onsen creates things from your writing: mood analysis, themes, hashtags, knowledge items (people, places, patterns), summaries, and AI-generated artwork for your journal entries. This derived content is stored alongside your entries and deleted when you delete the entry or your account.
Device and usage information
We collect basic technical information — your device type, operating system, app version, and timestamps of when you use the app. This helps us troubleshoot issues and ensure compatibility.
What we do not collect
- GPS or location data
- Contacts, photos, or files from your device (if you take a selfie for your avatar, the photo is used once to detect your appearance and then immediately deleted)
- Advertising identifiers
- Biometric data (Face ID / Touch ID is processed on your device only, never sent to us)
Special category data
Some information you share with Onsen may relate to your mental health and wellbeing. Under UK GDPR, this is considered "special category data" (data about your health, which has extra legal protection) and requires your explicit consent to process.
We collect this consent when you sign up. You can withdraw it at any time by deleting your account. Because Onsen's core purpose is to support your mental wellbeing through AI-powered conversations and journaling, we cannot provide the service without processing this data.
We ask for your explicit consent to process health-related data during signup. Withdrawing consent means deleting your account, because Onsen can't work without understanding what you share.
The full picture
For complete transparency, here is every type of data we collect, why, the legal basis, and how long we keep it:
| Data | Why | Legal basis | Retention |
|---|---|---|---|
| Name, email | Account and personalisation | Contractual necessity | Until account deletion |
| Birthday | Age verification | Contractual necessity | Until account deletion |
| Journal entries | Your reflections and AI insights | Contractual necessity + explicit consent (health data) | Until you delete entry or account |
| Chat conversations | AI conversations and memory | Contractual necessity + explicit consent (health data) | Until you delete conversation or account |
| Voice recordings | Speech-to-text transcription | Contractual necessity | Not stored — transcribed and discarded |
| AI-generated images | Visual art for journal entries | Contractual necessity | Until you delete entry or account |
| AI-generated insights | Moods, themes, patterns | Contractual necessity | Until you delete entry or account |
| AI prompt history | Service improvement and debugging | Legitimate interest | Until account deletion |
| Device info, timestamps | Troubleshooting and compatibility | Legitimate interest | Until account deletion |
| Push notification token | Delivering push notifications | Consent (device permission) | Until you unsubscribe or delete account |
| Email subscription | Product update emails | Soft opt-in (PECR) | Until you unsubscribe |
| Analytics events | Understanding how people use Onsen | Legitimate interest | Per Amplitude policy (up to 2 years) |
| Attribution data | Understanding how users find Onsen | Legitimate interest | Per Adjust policy |
| Error reports | Identifying and fixing bugs | Legitimate interest | 90 days |
| Avatar photo | Detecting appearance for avatar creation | Contractual necessity | Not stored — processed once and immediately deleted |
| Mood check-in selections | Personalising experience recommendations | Contractual necessity + explicit consent (health data) | Until account deletion |
| Feedback and ratings | Improving the service; with your consent, featuring on our website | Legitimate interest (internal use); consent (public testimonials) | Until account deletion |
Where we rely on legitimate interest as our legal basis, we have conducted a balancing test to ensure our interests do not override your rights and freedoms.
How we use your data
We use your data to run the app, personalise your experience, and improve the service. That's it.
Your conversations, journal entries, and profile power everything Onsen does — AI responses, generated insights, personalised recommendations, and your personal knowledge graph. The more you use Onsen, the more tailored the experience becomes.
An AI journaling app that doesn't remember what you wrote wouldn't be very useful — that's why we process your content.
Onsen also extracts themes, people, moods, and patterns from your journal entries. This is how your AI guide remembers what you talked about last week, follows up on things that matter to you, and suggests experiences that are relevant to what you're going through.
The more you journal, the better Onsen understands your patterns — but this knowledge never leaves your account.
We send occasional product update emails about new features and improvements. You can unsubscribe at any time from Settings or via the link in each email. These are managed through Mailchimp.
For product analytics, we use Amplitude to understand how people use Onsen — which features are popular, where users get stuck, and how the app performs.
Amplitude sees usage patterns (e.g., which features are popular), not the content of your conversations or journal entries.
Feedback and testimonials
When you submit feedback or a review through the app, we use it to improve Onsen. If you give us permission, we may also feature your feedback on our website or marketing materials — with your first name and general location only. You can grant or withdraw this permission at any time. Feedback displayed without your permission is always shown anonymously.
We will never publish your feedback with your name without asking you first.
AI processing
Onsen is powered by AI throughout — when you chat, journal, use guided experiences, or listen to your entries read aloud. Here's exactly how that works and what it means for your data.
What gets sent to AI providers
When you interact with the AI, the following may be included in the request:
- Your current message or journal entry
- Relevant context from your conversation history
- Information extracted from your journal (themes, people, patterns) to personalise the response
- Your profile details (first name, personality preferences)
The AI draws on what you've shared before — your journal themes, the people in your life, your goals — so conversations feel like picking up where you left off, not starting over each time.
Which AI providers we use
We currently use two providers:
- OpenAI — powers most AI conversations, speech-to-text transcription, text-to-speech voices, and image generation
- Google (Gemini) — used for personalised notifications, and for processing and enriching AI responses behind the scenes
We also use AWS Bedrock for search reranking, which helps find the most relevant context from your journal when the AI is composing a response.
OpenAI and Google act as data processors, processing your data on our behalf and under our instructions. Under their API terms, neither uses your data to train their models. They may retain your data for up to 30 days for their own safety and abuse monitoring (during which they act as independent controllers for that limited purpose), after which it is deleted.
Content safety
Onsen runs an automated safety system alongside the AI. When you send a message, it's checked in the background for signs of self-harm, violence, or other serious concerns. This happens in parallel with the normal AI processing, so it doesn't slow anything down.
If the system detects something concerning, the normal AI response is replaced with a supportive safety message tailored to your situation. For self-harm concerns, this includes crisis resources relevant to your location. The safety response is generated by the AI using the context of your conversation, so it feels personal rather than generic.
Flagged content may be reviewed by designated team members to ensure the safety system is working correctly and to protect users who may be at risk. Access to flagged content is limited to as few people as possible and is logged. Flagged content is retained for up to 90 days for safety monitoring purposes, after which it is deleted. All flagged content is also deleted if you delete your account.
The safety system is there to protect you, not to judge you. It runs quietly in the background, and most messages pass through without ever being flagged. If it does activate, it's handled with care.
Voice recordings
When you use voice input, your speech is sent to OpenAI for real-time transcription. The audio recording is discarded immediately after transcription — neither Onsen nor OpenAI stores it. Only the transcribed text is retained as part of your conversation.
Your voice is transcribed and immediately thrown away. We never store audio files.
AI-generated content
From your writing, Onsen creates: mood analysis, themes, hashtags, summaries, knowledge items (people, places, patterns), and artwork. This content is stored alongside your entries and deleted when you delete the entry or your account.
Prompt history
We log the prompts sent to AI providers and the responses received. This helps us debug issues, monitor quality, and improve the experience over time. Prompt history is deleted when you delete your account.
We keep a record of what the AI was asked and what it said back. This helps us make the AI better. It's deleted when you delete your account.
We do not sell your data
We do not sell your personal data. We never have, and we never will. We do not share your data with advertisers or any third party for marketing purposes.
Who we share data with
We share data only with the services we need to run Onsen. We do not share the content of your journal entries or conversations with any third party beyond what's strictly necessary to provide the service.
We have data processing agreements in place with all of these services, through the standard data processing terms included in their terms of use.
We do not sell your personal data. Amplitude, Mailchimp, and OneSignal see usage patterns and contact info — never your journal entries or conversations.
Here's exactly who gets what:
| Service | What they receive | Why | Where processed |
|---|---|---|---|
| AWS | All data (hosting) | Cloud infrastructure, database, storage, authentication | EU (Ireland) |
| OpenAI | Conversations, journal text, voice audio | AI responses, transcription, text-to-speech, images | US |
| Google AI (Gemini) | Conversations, journal text | Personalised notifications, AI response processing | US |
| AWS Bedrock | Journal embeddings | Search reranking for context retrieval | EU (Germany) |
| Amplitude | User ID, app events, device info | Product analytics | US |
| OneSignal | User ID, device token, preferences | Push notifications | US |
| Mailchimp | Email, subscription status | Product update emails | US |
| Adjust | Device info, attribution data | Understanding how users find Onsen | EU / US |
| Sentry | Error reports, device info | Bug tracking and crash reporting | US |
Keeping your data safe
We take the security of your data seriously — especially because of how personal the content can be.
All data is encrypted in transit using HTTPS/TLS and at rest using encrypted databases and encrypted file storage. Your data travels encrypted between your device and our servers, and stays encrypted when it's stored.
Access to production systems is tightly controlled. API keys and secrets are stored in AWS Secrets Manager, not in application code. Our backend runs in isolated network environments with restricted access.
No one on the Onsen team reads your journal entries or conversations — unless you explicitly ask us to for support, or our safety systems flag content that may indicate risk of harm. Outside of those two situations, your content is only ever processed by AI, not people.
If we ever experience a data breach that affects your personal data, we will notify the ICO as required by law and inform you directly if the breach poses a risk to your rights.
Where your data is stored and transferred
Our primary database and file storage are hosted in the EU (Ireland), within the European Economic Area.
Some of the services we use — including OpenAI, Google AI, Amplitude, OneSignal, Mailchimp, and Sentry — process data in the United States. When your data is transferred outside the UK, we rely on the transfer mechanisms built into each service's data processing terms, including the UK International Data Transfer Agreement and Standard Contractual Clauses.
Your data lives in Ireland. When it's sent to the US for AI processing or analytics, it's protected by standard GDPR transfer mechanisms.
How long we keep your data
We keep your data for as long as you use Onsen. When you're done, we remove it.
Your journal entries, conversations, and AI-generated content stay in your account until you delete them individually or delete your account entirely. When you delete your account, your data is erased within 30 days — the full process is described below.
| Data | How long |
|---|---|
| Account and profile | Until you delete your account |
| Journal entries | Until you delete the entry or your account |
| Chat conversations | Until you delete the conversation or your account |
| Voice recordings | Not stored — transcribed and immediately discarded |
| AI-generated images | Until you delete the entry or your account |
| AI prompt history | Until you delete your account |
| Analytics (Amplitude) | Per Amplitude's retention policy (up to 2 years) |
| Push notification data | Until you unsubscribe or delete your account |
| Email subscription | Until you unsubscribe |
| Error reports (Sentry) | 90 days |
What happens when you delete your account
When you delete your account from Settings > Data & Privacy in the app:
- Immediately: Your account is deactivated and your login identity is permanently deleted. You can no longer log in or access any data.
- Within 30 days: All personal data in our database is erased by an automated process — your profile, journal entries, conversations, AI insights, and prompt history.
This process is irreversible. Once your data is erased, it cannot be recovered.
Anonymised, de-identified data that has already been derived from your use of Onsen may be retained after deletion, because it is no longer linked to you and is no longer personal data. Anonymisation means removing your name, email, account ID, and any content that could identify you — the resulting data cannot be traced back to you.
Deleting your account is permanent. Your access and identity are gone immediately, and your data is fully erased within 30 days.
Automated decisions
Under UK GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Onsen uses automated processing throughout the app — the AI generates responses, extracts insights, and personalises your experience without human involvement. These are core to how the service works and are covered by your consent and the contract you enter when using Onsen.
The safety system is the most significant automated decision: if it flags a message, the normal AI response is replaced with a safety message. We do not consider this to produce legal or similarly significant effects — it changes the tone of a single AI response but does not affect your access to the service, your account, or your rights. This is necessary to protect users who may be at risk and is part of how the service operates. If you believe the safety system has flagged your message incorrectly, you can contact us at support@onsenapp.com and we will review it.
Your rights
You're in control of your data. Under UK GDPR, you have specific rights — and we've made most of them easy to exercise directly in the app.
You can delete your account directly from the app (Settings > Data & Privacy). For everything else, email privacy@onsenapp.com and we'll handle it.
| Right | What it means | How to exercise it |
|---|---|---|
| Access | Get a copy of all personal data we hold about you | Email privacy@onsenapp.com |
| Rectification | Correct inaccurate personal data | Update your profile in Settings, or email us |
| Erasure | Delete your personal data | Delete your account in Settings > Data & Privacy, or email us |
| Portability | Receive your data in a portable, machine-readable format | Email privacy@onsenapp.com (we plan to offer in-app data export in a future update) |
| Restriction | Ask us to limit how we process your data | Email privacy@onsenapp.com |
| Objection | Object to processing based on legitimate interest | Email privacy@onsenapp.com |
| Withdraw consent | Withdraw consent for special category data | Delete your account (the service cannot function without this processing) |
We respond to all requests within 30 days. There is no fee. We may ask you to verify your identity before releasing data.
If you're unsure about your rights or how to exercise them, just email privacy@onsenapp.com and we'll walk you through it.
If you're not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection authority.
Cookies and tracking
The Onsen mobile app does not use cookies.
Our website (onsenapp.com) uses Amplitude for analytics, which places cookies on your device to track page views, feature usage, and session data. This helps us understand how visitors use the website and where to improve it.
The app doesn't use cookies. It stores essential data on your device (like your profile) to function, and uses Amplitude's mobile SDK for analytics.
Amplitude does not have access to the content of your journal entries or conversations. It tracks usage patterns only. You can manage or delete cookies through your browser settings. Blocking analytics cookies will not affect your ability to use the website.
Children and age requirements
Onsen is designed for adults. You must be at least 18 years old to create an account. We verify this during signup by collecting your date of birth.
We do not knowingly collect data from anyone under 18. If you believe someone under 18 has created an account, please contact us at privacy@onsenapp.com and we will delete it.
If Onsen is acquired
If Onsen AI Limited is acquired, merged, or sold, your data may be transferred to the new owner as part of that transaction. If this happens, we will notify you via the app and email before your data is transferred. The new owner will be bound by the commitments in this privacy policy. If the new owner wants to use your data differently, they will need to get your consent.
If Onsen ever changes hands, we'll tell you before your data goes anywhere, and the new owner has to honour this policy.
Changes to this policy
We may update this policy from time to time. If we make significant changes, we will notify you by displaying a notice in the Onsen app and sending an email to the address on your account.
We encourage you to review this policy periodically. Your continued use of Onsen after changes are published means you accept the updated policy. If you disagree with a change, you can delete your account at any time.
You can see a full history of changes on our changelog.
You won't miss important changes — we'll notify you in the app and by email.
How to contact us
For any privacy questions, concerns, or requests, we're here to help.
Email: privacy@onsenapp.com
Mail: Onsen AI Limited 71-75 Shelton Street Covent Garden London, WC2H 9JQ United Kingdom
We have not appointed a Data Protection Officer as we are not required to do so under UK GDPR. For all privacy matters, contact us at the email address above.
For the fastest response, email privacy@onsenapp.com. We aim to reply within 30 days but usually much sooner.
Supervisory authority
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Phone: 0303 123 1113
Governing law
This privacy policy is governed by the laws of England and Wales.
About us
Onsen AI Limited is a company registered in England and Wales (company number 15735784). We are registered with the Information Commissioner's Office (ICO registration reference ZB776660). We are the data controller for the personal data described in this policy.