The short version
We collect the minimum data needed to make Woyuduin work. We never sell your data. We never use it for ad targeting. Your journal, urge logs, and AI conversations are encrypted at rest and only ever accessible to you and the partners you explicitly invite.
What we collect
- Account: email, country, timezone, an anonymous handle. Authentication is by one-time magic link — we never see or store your password because there is no password.
- Subscription: payment method (crypto via NOWPayments, M-Pesa via Flutterwave) and billing status. We do not accept or store card numbers. We do not use Stripe.
- Usage: which features you open, how often, anonymized and aggregated. Used to improve the product, not to profile you.
- Recovery data: streak, urge logs, journal entries, mood, habits. Encrypted at rest. You own this. Export or delete on request.
- Phone numbers in emergency contacts: AES-256-GCM encrypted at rest with a per-user key. Decrypted only when sending the SOS text you initiate.
- AI counselor transcripts: stored encrypted, retained 90 days for safety auditing, then deleted.
What we never collect
- Browsing history outside the Woyuduin app (the VPN blocker filters domains, it does not log them).
- Contacts, photos, or device files.
- Background microphone, camera, or location data.
Couples mode
Couples mode shares only what you explicitly enable: streak, urge count, weekly summary. No browsing data, no message content, no exact times. You can revoke access at any time and your partner is notified that access was revoked, but not why.
Therapy sessions
Video and voice sessions run on a HIPAA-compliant platform (Daily.co with BAA). Sessions are not recorded by default. Either party can opt to record; both must consent each time.
Data deletion
Email privacy@woyuduin.com from your account email and we delete everything within 30 days. Backups are purged within 90 days.
Contact
privacy@woyuduin.com — we reply within 5 business days.