Privacy Policy

1. Scope of This Policy

This policy applies to all users of Saathi, which is a product of Clarinth AI Private Ltd. It covers onboarding, self-reflection assessments, guided CBT/DBT pathways, and text-based interactive chat sessions. Saathi is intended strictly for adults aged 18+.

2. Explicit Consent for Personalization

By using Saathi, you provide explicit consent for the processing of your data for wellness personalization and guided journey adaptation. This includes:

Processing of Demographics: Explicit consent to use age and sex for tailoring your wellness journey.
Cross-Border Transfer: Consent to transfer and process data across India, Singapore, and the USA to leverage our distributed cloud architecture.

Note: We collect static location data only. We do NOT access your real-time GPS coordinates.

3. Data We Collect

3a. Account and Identity

We collect your email address for OTP-based verification. We do not collect your full name or phone number unless voluntarily provided.

3b. Personalization Data

We collect your Name, Age, Sex, Profession, and Location (City, State, Country). This data allows our AI to personalize wellness pathways based on your life stage and environmental context.

3c. Self-Reflection Assessment Data

Saathi utilizes validated screening tools like PHQ-9 and GAD-7 for personal self-reflection. These scores are used solely to personalize your wellness journey and are never shared externally.

⚠️ Assessment responses constitute sensitive personal data. Stored with AES-256 encryption and transmitted via TLS 1.3.

3d. Journey and Module Progress

As you progress through interactive CBT and DBT modules, we store your completion status, exercise responses, reflections, and any self-reported mood or symptom check-ins. This data drives personalized recommendations and allows you to resume your journey across sessions.

3e. Conversation Data

Messages you exchange with Saathi's AI wellness guide are processed in real time to generate responses. Conversations are stored to maintain session continuity and to allow your care path to adapt over time. We do not use conversation content to train underlying AI models without your explicit, separate consent.

3f. Usage and Technical Data

We collect standard technical data such as your IP address, browser type, operating system, session timestamps, and feature interactions. This helps us diagnose issues, monitor service reliability, and improve the platform. This data is not linked to your clinical or conversation records.

3g. Payment Data

Subscription payments are processed locally by Razorpay. We do not store your full card number or CVV on our servers. We receive and retain only a payment token, your subscription tier, and billing history, which are required to manage your account.

4. How We Use Your Data

We use your data only for purposes that are directly connected to delivering and improving Saathi:

To create and manage your account and authenticate your identity.
To assess your personal wellness needs and recommend an appropriate guided journey.
To personalize CBT/DBT module recommendations using your assessment scores and progress.
To power the AI guide conversation with contextual memory of your journey.
To send you transactional emails such as session reminders, OTP codes, and account notifications.
To process subscription payments and manage billing.
To detect, investigate, and prevent fraud, abuse, or safety-critical events.
To maintain, debug, and improve the reliability and safety of the platform.

We do not use your data to serve targeted advertising, build advertising profiles, or share data with marketing partners.

5. Sensitive Wellness Data Protection

Your self-reflection responses, symptom self-reports, mood logs, exercise responses, and conversation content are classified as sensitive personal data. We apply the following strict protections:

Stored with AES-256 encryption at rest.
All data in transit is encrypted using TLS 1.2 or higher (TLS 1.3 where supported).
Accessible only to automated systems with a direct product personalization function.
Not accessible to sales, marketing, or general customer support staff without your explicit consent.
Not used as training data for AI models without a separate, explicit, opt-in consent action.
Not shared with third parties except as described in Section 6.

6. Data Sharing

We do not sell or rent your data. We share your information only with third-party vendors who help us operate Saathi under strict data processing agreements:

OpenAI — Powers the AI guide (Zero Data Retention enabled).
Razorpay — Processes Indian subscription payments via secure tokens.
Google Cloud / Cloud Run — Hosts Saathi's backend API.
Vercel — Hosts the web frontend.
Neo4j Aura — Stores journey graph and progress data.
Upstash Redis — Manages real-time session state.
Legal Requirements: We may disclose your data if required by law, court order, or to prevent immediate harm, fraud, or illegal activity. We will challenge overbroad requests.

7. Data Retention

We retain your account and journey data while your account is active. If you delete your account, we will delete or anonymize your personal and wellness data within 30 days, except where required by law.

8. Security

All data in transit is encrypted using TLS 1.3.
All data at rest is encrypted using AES-256.
Access to production systems requires multi-factor authentication.
Backend APIs are authenticated.
Security patches applied on a regular schedule.

If you discover a security vulnerability, please report it to security@clarinth.ai. We will acknowledge within 72 hours.

9. Your Rights and Choices

Under the Digital Personal Data Protection (DPDP) Act 2023, you have the following rights over your personal data:

Access — Request a summary of your personal data being processed.
Correction & Erasure — Ask us to correct inaccurate data or completely erase your account and associated data.
Withdrawal of Consent — Withdraw your processing consent at any time.

To exercise these rights, contact privacy@clarinth.ai. We will respond within 30 days.

10. Minors

Saathi is not designed for anyone under 18. We do not knowingly collect data from minors. If we become aware that a user is under 18, we will delete their account promptly.

11. International Data Transfers

Saathi utilizes a distributed global infrastructure. Your data will be transferred to and processed in Singapore and the United States. We rely on strict Data Processing Agreements (DPAs) to ensure your data receives protection equivalent to the standards under Indian law:

Supabase: Stores account authentication data in Singapore.
Google Cloud: Hosts the backend API in us-central1 (USA).
Neo4j Aura: Stores your journey graph and progress data securely in the USA.
OpenAI: Processes conversation messages for response generation (with Zero Data Retention enabled).
Razorpay: Processes subscription payments locally in India.

12. Changes to This Policy

We may update this policy as Saathi evolves. When we make material changes, we will notify you by email at least 14 days before the changes take effect. Continued use after the effective date constitutes acceptance.

13. Contact Us & Grievance Redressal

If you have questions about this policy, wish to withdraw your consent, or need to file a data complaint under the DPDP Act 2023, please contact our designated Grievance Officer:

Company: Clarinth AI Private Limited
Support: support@clarinth.ai
Privacy: privacy@clarinth.ai
Grievance Officer: grievance@clarinth.ai
Data Compliance: datacompliance@clarinth.ai