Help Center

Privacy Policy (Archived — v1.0)

This is an archived version of the Onsen privacy policy, effective 28 September 2024. The current version is available at /legal/privacy-policy.

This is an archived version of the Onsen Privacy Policy, effective 28 September 2024. It has been replaced by version 2.0. This page is kept for reference only.

Effective: 28 September 2024 | Version: 1.0

Introduction

At Onsen, we value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect your data when you use our app and services.

Our mission at Onsen is to enhance your mental and emotional wellbeing with AI-powered guidance. To provide you with a highly personalized and meaningful experience, we need to collect and process certain information about you. We take your privacy seriously and strive to handle your data with the utmost care and transparency.

By using Onsen, you agree to the collection and use of your information in accordance with this Privacy Policy. We encourage you to read this policy carefully to understand our practices regarding your personal data and how we treat it.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@onsenapp.com.

What Data We Collect

At Onsen, we collect various types of information to provide and enhance our personalized AI mental wellbeing services. This section explains what data we collect, how we collect it, and why we need it.

Types of Data Collected

Personal Information

We collect personal information that you provide to us during the authentication process. This includes:

  • First name
  • Last name
  • Email address

We need your name and email to create your account and help you sign in.

Chat Data

When you use Onsen to engage in AI chats, we collect the content you provide. This may include:

  • Chat conversations
  • Journal entries
  • Other user content

When you share your thoughts and experiences with Onsen, we save this information to personalize your AI experience.

Voice Recordings

Voice recordings are transcribed using OpenAI's Whisper model. These recordings are not stored after transcription.

If you use voice input, we turn your voice into text and then delete the recording right away.

Metadata

We collect metadata related to your use of Onsen, which includes:

  • Time stamps of your interactions
  • Basic device information (e.g., device type, operating system)

We track when and how you use Onsen to help improve the app and understand how it's being used.

Location Data

Currently, we do not collect precise location data. However, during onboarding, you might share general information about your location.

Right now, we don't track your location, but you might tell us where you live when you set up your account.

Third-Party Services

Our app leverages several advanced third-party tools and services to deliver a seamless and highly personalized journaling experience.

Amazon Web Services (AWS)

We rely on AWS for robust cloud storage and computing solutions, ensuring high availability, scalability, and security. Our infrastructure within AWS includes:

  • Amazon Aurora (PostgreSQL): Our primary relational database for user data, including chat conversations and journal entries.
  • AWS Lambda: Our serverless backend, which processes requests efficiently and scales automatically.
  • AWS CloudFront: Content Delivery Network (CDN) for low-latency content delivery.
  • AWS Cognito: User authentication and authorization via JSON Web Tokens (JWT).
  • Amazon S3: Storage for AI-generated images and other non-relational data.

OpenAI

We integrate with OpenAI's suite of advanced models:

  • GPT-4o and GPT-4o-mini: Personalized and context-aware chat responses.
  • Whisper: Real-time voice-to-text transcription (recordings discarded immediately after).
  • Text-to-Speech (TTS): Natural AI voices for voice conversations.
  • DALL-E 3: AI-generated art that visualizes your thoughts and emotions.

We use OpenAI services to directly enable Onsen's AI capabilities.

Amplitude

For user engagement and analytics, we use Amplitude to track interactions and events, segment users, and analyze engagement data to improve the app.

We use Amplitude to analyze usage of our products and improve them.

Mailchimp

We use Mailchimp to manage and send personalized marketing and transactional emails.

We use Mailchimp to keep you updated about new features and content.

OneSignal

We use OneSignal to send personalized push notifications including updates, reminders, and announcements.

We'll send you personalized push notifications to keep you informed and engaged with Onsen.

Security and Data Transmission

All communications between Onsen and third-party services are encrypted using HTTPS. We employ JSON Web Tokens (JWT) as bearer tokens for secure and authenticated communication.

We partner with industry-leading services like AWS and OpenAI to power Onsen. We take extra steps to ensure your data is always safe and secure.

How We Use Your Data

Personalization

We use data from chat conversations and journal entries to create a highly personalized experience. Our AI remembers what you share and uses it to provide relevant responses and insights.

We remember what you tell us to make your experience more personalized and meaningful.

AI Processing

Our AI, powered by OpenAI models, processes your data to generate contextually relevant responses using techniques like Retrieval-Augmented Generation (RAG).

Our AI uses what you share to give you better advice and support.

Guided Experiences

Onsen offers structured sessions called "Experiences," based on coaching, journaling and mindfulness frameworks, personalized to your situation.

Analytics and Improvements

We use aggregated and anonymized data for product analytics and to understand usage patterns.

Why We Need Your Data

Contractual Necessity

Processing your name and email to authenticate your account and provide access to services.

Legitimate Interest

Using chat and journal data to personalize your experience and improve app functionality.

Explicit permission for specific purposes like marketing communications or voice transcription.

Retaining certain data to comply with legal requirements.

Category of Personal DataPurpose of ProcessingLegal Basis
Name and EmailAccount creation and authenticationContractual necessity
Chat and Journal DataPersonalization and AI-driven insightsLegitimate interest, Consent
Device MetadataAnalytics and app improvementLegitimate interest
Voice RecordingsTranscription and personalizationLegitimate interest, Consent
General Location (optional)Personalization of interactionsLegitimate interest, Consent
Marketing Data (Name, Email)Newsletters and promotional materialsConsent

Sharing Your Data

We share data with: AWS (infrastructure), OpenAI (AI processing), Amplitude (analytics), Mailchimp (email), and OneSignal (push notifications).

All interactions are secured via HTTPS and authenticated using AWS Cognito with JWT bearer tokens.

Data Transfer

Our primary data storage is in AWS eu-west-1 (Ireland). AI processing by OpenAI is in the United States, protected by standard contractual clauses (SCCs).

Keeping Your Data Safe

  • Encryption: All data encrypted at rest and in transit (HTTPS, TLS)
  • Access Controls: Role-based access controls and regular audits
  • Authentication: AWS Cognito with JWT tokens
  • Regular Security Audits: Vulnerability assessments conducted regularly
  • Internal Data Access: Personal data not accessed without explicit user consent

No one on the Onsen team reads your journal entries or conversations — ever — unless you explicitly ask us to for support purposes.

Your Privacy Rights

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Delete your account and all data
  • Right to Restrict Processing: Limit how we process your data
  • Right to Data Portability: Receive data in a portable format
  • Right to Object: Object to processing for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time
  • Right to Lodge a Complaint: Contact the ICO

Cookies and Tracking

The Onsen app does not use cookies. On our website, we use Amplitude for analytics. You can manage cookie preferences through your browser settings.

Children's Privacy

Onsen is designed for users 16 years old and above. We do not knowingly collect data from children under 16.

Updates to Our Policy

We notify users of significant changes via in-app notification and email. Continued use after changes constitutes acceptance.

Contact Us

Email: privacy@onsenapp.com

Mail: Onsen AI Limited 71-75 Shelton Street Covent Garden London, WC2H 9JQ United Kingdom

We respond to all privacy-related inquiries within 30 days.

Supervisory Authority

If not satisfied with our response, contact the Information Commissioner's Office (ICO).

On this page

IntroductionWhat Data We CollectTypes of Data CollectedPersonal InformationChat DataVoice RecordingsMetadataLocation DataThird-Party ServicesAmazon Web Services (AWS)OpenAIAmplitudeMailchimpOneSignalSecurity and Data TransmissionHow We Use Your DataPersonalizationAI ProcessingGuided ExperiencesAnalytics and ImprovementsWhy We Need Your DataContractual NecessityLegitimate InterestConsentCompliance with Legal ObligationsSharing Your DataData TransferKeeping Your Data SafeYour Privacy RightsCookies and TrackingChildren's PrivacyUpdates to Our PolicyContact UsSupervisory Authority