🔐 Privacy Policy

We Protect What Matters Most

Your family's privacy is our priority. This policy explains how we collect, use, and safeguard your data.

Effective Date: November 13, 2025
Last Updated: November 13, 2025

1. Who We Are

AusomeFriend is developed and operated by Vibecode / AusomeFriend Project, with backend services hosted securely on Railway and Supabase.

Our goal is to offer AI-assisted autism parenting tools while ensuring the highest privacy standards and compliance with international data protection principles.

2. Data We Collect

We only collect the minimum information necessary to provide our services.

a. Account Information

  • Name, email address, and password (encrypted)
  • Email verification status
  • Optional biometric login (Face ID / Fingerprint)

b. Child Profiles

  • Child's first name or nickname
  • Date of birth or age
  • Optional: gender, notes on preferences, sensitivities
  • All child data stays linked only to your private account

c. Behavior "Moments" Data

  • Events you log manually, by voice, or via video
  • ABC data: Antecedent (before), Behavior (during), Consequence (after)
  • Location (if entered manually — no GPS tracking)
  • Intensity level (1–5 scale) and duration
  • Optional coping supports and triggers
  • No public sharing; all logs stay private to your account

d. Voice & Audio Data

  • Audio recorded when using Push-to-Talk (TTS) or Voice Logging
  • Transcribed text (processed by OpenAI Whisper API)
  • Audio files are temporarily stored for transcription, then deleted
  • Only text transcripts and AI responses are stored in your conversation history

e. Video Analysis Data

  • Short videos (≤ 2 minutes) used for behavioral analysis
  • Uploaded temporarily for AI processing
  • Auto-deleted from servers immediately after analysis completes
  • Only written insights, triggers, and recommendations are stored
  • Original video always remains in your device's Gallery/Photos

f. Assessment Data (ACAS System)

  • Parent responses to developmental questions
  • AI-generated developmental summaries and recommendations
  • Stored securely and associated only with your child's profile

g. AI Memory Data

AI extracts anonymized "memories" from conversations and moments:

  • Preferences (e.g., "likes deep pressure hugs")
  • Effective strategies ("visual timer helps with transitions")
  • Progress milestones ("first successful haircut")

These memories are private to your account, encrypted, and auto-expire after 30–365 days depending on sensitivity.

h. Transactional & Payment Data

  • Credit purchase history (PayMongo)
  • Voucher codes (hashed)
  • Transaction timestamps, payment IDs, and credit usage logs
  • No credit card details are stored by AusomeFriend. Payments are securely processed by PayMongo.

3. How We Use Your Data

We use your information to:

Purpose Description
Personalized AI Support Provide tailored advice and strategies through AusomeFriend based on your child's profile and moments.
Behavior Insights Detect recurring triggers, effective coping supports, and positive patterns.
Video Analysis Generate visual behavior summaries (temporary file processing).
Developmental Assessment Compute developmental age equivalents and generate progress reports.
Progress Milestones Detect and celebrate meaningful improvements automatically.
Account & Payment Management Maintain balances, purchases, and voucher redemptions securely.
System Improvement Anonymized logs for feature improvement and performance analytics.
Legal & Safety Protect user data and comply with legal obligations.

We never sell or share your data for advertising or profiling.

4. Data Retention & Deletion

Data Type Retention Period Notes
Voice audio files Deleted immediately after transcription Text kept for conversation history (30 days)
Videos for analysis Deleted automatically after AI processing Only written insights stored
Conversations Retained for 30 days Auto-deleted after expiry
Moments (behavior logs) User-controlled Delete anytime from Timeline
Assessments Until manually deleted or account closed Stored in Supabase (encrypted)
AI memories Auto-expire after 30–365 days TTL based on sensitivity
Payment & transaction records Minimum 5 years Required for audit and compliance
Account data Until account deletion You can request full deletion anytime

5. Data Sharing and Third Parties

We only share data with trusted service providers necessary for operation:

Service Purpose Data Shared Retention
OpenAI (via API) Transcription, text, and TTS generation Audio/text snippets (ephemeral) Temporary (processing only)
Supabase (PostgreSQL) Encrypted data storage Encrypted user, child, and log data Persistent
Railway (Server Host) Backend API hosting Behavior and conversation requests Temporary in memory
PayMongo Payment processing Payment metadata (amount, userId) As per PayMongo privacy policy
Expo Secure Store On-device encryption of tokens Login/session tokens Persistent locally

We require all partners to meet strict privacy and data security standards.

6. Security Practices

We protect your data through:

  • Encryption (AES-256 at rest, TLS 1.3 in transit)
  • Row-Level Security (RLS) in Supabase (per-user isolation)
  • Atomic credit transactions (prevents double-charging)
  • Webhook signature verification (HMAC-SHA256)
  • Secure deletion for videos and audio
  • Biometric authentication (optional)
  • Regular audits of API keys, storage buckets, and RLS policies
  • Server access logging and intrusion detection

7. Children's Data Protection

AusomeFriend is designed for parents and caregivers, not directly for children.
All child data is entered and controlled by the parent or guardian.
We do not knowingly allow minors to create accounts.

8. Your Rights

You can:

  • Access your data (downloadable summaries coming soon)
  • Edit or delete any child, moment, or conversation data
  • Delete your account and all associated data permanently
  • Control memory retention (auto-expiry already applied)
  • Revoke payment permissions at any time via PayMongo

To request data deletion:
📧 privacy@ausomefriend.app

9. International Data Processing

Data may be processed in the Philippines, Singapore, and the United States (where OpenAI servers are located).

We comply with Philippine Data Privacy Act (DPA 2012), GDPR-equivalent principles, and OpenAI data use policy.

10. AI Transparency and Limitations

  • AI responses are generated using OpenAI GPT models.
  • Conversations are anonymized and not used to train public models.
  • AusomeFriend provides supportive guidance, not clinical or medical advice.
  • Parents remain responsible for professional consultations when needed.

11. Your Responsibilities

  • Use the app for personal, non-commercial family use.
  • Obtain consent if logging information about another child.
  • Avoid uploading videos or audio containing unrelated individuals without permission.
  • Keep your device and account credentials secure.

12. Data Breach Procedure

If a data breach occurs:

  • We will notify affected users within 72 hours.
  • We will identify the scope, cause, and affected data.
  • We will take immediate corrective action.
  • We will coordinate with the National Privacy Commission (Philippines) if required.

13. Contact Us

AusomeFriend Privacy Team

📧 Email: privacy@ausomefriend.app

🌐 Website: https://ausomefriend.app

🏢 Location: Metro Manila, Philippines

14. Policy Updates

We may update this Privacy Policy to reflect changes in features, technology, or legal requirements.

Users will be notified in-app and via email when significant changes occur.

The latest version is always available within the app under Settings → Privacy.

Summary

AusomeFriend protects what matters most — your family's privacy.
We never sell or share your data, always delete temporary media, and keep full control in your hands.