← Back

Privacy Notice

Last updated: May 2026

Who we are

Companion OS is built and operated by InkNCode Solutions
(Y-tunnus 3422993-8), based in Espoo, Finland.
Contact: Liina Suoniemi, [email protected].

What Companion OS is

An educational cognitive support tool that teaches coping skills, grounding techniques, and self-awareness. It is not therapy. It is not a medical device. It does not diagnose, treat, or monitor any condition.

What data we collect

• Account data: your username and password (password is hashed, we cannot read it). At account creation we do not collect your real name, email, phone number, or location.
• Pilot application data (only if you applied): if you applied to the pilot through the application form on our landing page, we collected your name, email address, and a short answer about what brought you to Companion OS. Your email is used to contact you about the pilot, send you updates as Companion OS evolves, and let you know when new versions are ready. You can ask to be removed from this list at any time by emailing [email protected].
• Partnership inquiry data (only if you submitted one): if your organization submitted an inquiry through the partnership form, we collected your organization name, type of organization, country, the contact person's name, role, email, optional phone, optional description of who the organization serves, and what your organization is looking for. This is used only to evaluate the potential partnership and prepare for our conversation. It is never sold or shared with third parties. You can ask to be removed at any time by emailing [email protected].
• Conversations: what you write and what the AI responds. This is stored so you can come back to past conversations. All conversation content is encrypted in the database.
• Safety events: if crisis keywords are detected, we log that a safety event happened, the severity level, and the time. We do NOT store what you said. Only a hashed signal that cannot be read back.
• Usage data (only with your consent): which modes were used, how many tokens were processed, and timestamps. This helps us understand whether the tool is useful. You can opt out.
• Impact survey (only with your consent): if you choose to fill in the optional survey at signup and after 4 weeks, your responses are stored anonymously to measure whether Companion OS makes a difference in daily life.
• Security logs: when you log in or register, we record the attempt time, whether it succeeded, your device and browser type, and the page you were accessing. This is used to detect and block repeated failed login attempts. These logs do not contain your password or any conversation content. They are kept for up to 30 days and then permanently deleted.

What we do not collect for user accounts

• Email addresses. Creating an account requires a username and password only. Emails are collected only if you filled in the pilot application form or the partnership inquiry form.
• Real names. You register with a username of your choice. Real names are collected only through the pilot application form and the partnership inquiry form.
• Phone numbers. Accounts do not require a phone number. The partnership inquiry form has an optional phone field. If you leave it blank, nothing is stored.
• GPS location or physical address. The partnership inquiry form asks for your country, which is used only to understand where potential partner organizations are based. We do not collect coordinates, street addresses, or any other location data.
• Payment information. There is no payment system.
• Data from other apps or services.

Why we collect this data

• Conversations: so the AI can respond to you with context from your previous messages. Without this, every session starts from zero.
• Safety events: so we can verify the safety system is working. No conversation content is stored in safety logs.
• Usage data: to understand how the tool is used and improve it over time. Only collected with your explicit consent.
• Impact survey: to measure whether the tool actually helps. Only collected with your explicit consent. Your scores are never shown back to you or interpreted as health information.

Legal basis for processing

Your conversation data is special category data under GDPR Article 9 (data concerning mental health). We process it based on your explicit consent, which you give when creating your account.

Rate limiting (counting how many conversations you start per day) is necessary for providing the service and does not require separate consent.

Security logs (login attempt records) are processed under legitimate interest (GDPR Article 6(1)(f)) for the purpose of protecting user accounts against brute-force attacks.

How we protect your data

• Conversation content is encrypted in the database. If someone stole the database file, they would see gibberish.
• Passwords are hashed. We cannot read your password.
• Safety events store a hashed signal only. The original text is never saved.
• Access is invite-only. No open registration.
• The app runs on Railway (cloud hosting). Data is transmitted over HTTPS.
• There is a kill switch that can take the entire app offline as a safety measure.

How long we keep your data

• Account and conversations: until you delete your account. When you delete, your account, username, and all conversation content are permanently removed from the database. Not archived. Gone.
• Impact survey responses (if you consented): kept after account deletion with your user link removed. The responses become fully anonymous. There is no way to trace them back to you. This is the only way we can measure whether Companion OS actually helps people over time.
• Usage data (if you consented): kept after account deletion with your user link removed. Mode and token counts become anonymous aggregate data. No conversation content is stored here.
• Safety events: kept indefinitely as an anonymous audit trail. When you delete your account, the safety events remain but your user link is removed. They cannot be traced back to you.
• Pilot application data: kept until you ask to be removed. Email [email protected] and your name, email, and pilot answers are deleted from our records.
• Partnership inquiry data: kept until the partnership conversation is concluded (either declined or active partnership) or you ask to be removed. Email [email protected] and your organization's inquiry is deleted.
• Security logs: kept for up to 30 days, then permanently deleted. When you delete your account, your security logs are deleted immediately regardless of the 30-day period.

Who can access your data

Only the product owner (Liina Suoniemi) through the admin panel. No data is shared with third parties except:

• Anthropic (Claude API): your conversation is sent to the Claude API to generate responses. Their commercial terms of service govern how they handle this data.
• Railway (hosting): the database is hosted on Railway. Their privacy policy applies to infrastructure security.

What Anthropic actually sees, in plain language

Because Anthropic provides the language model that powers Companion, every message you send is read by their model on their server so the AI can respond. You should know exactly what that means.

• What we send to Anthropic: the content of your messages, your conversation history within this app, and the system prompt that shapes how the AI responds.
• What we never send: your username, password, email, account ID, language preference, or any other identifier we hold. Anthropic cannot tell that two conversations come from the same Companion user unless the conversation content itself reveals it.
• Retention: Anthropic keeps operational logs for up to 30 days for safety and abuse review, then deletes them. Source: Anthropic Privacy Policy, verified May 2026.
• Training: Anthropic does not train on commercial API conversations. Your messages do not become part of any future model.
• Transit: data travels over HTTPS. The model reads the message in plaintext on Anthropic's server in order to respond.

What encryption protects against, and what it does not

"Your data is encrypted" is true here, but it does not mean what most users assume. Being honest about the boundary:

• Encryption at rest: our database file is encrypted. If someone stole the database, they would see gibberish. This protects against database theft.
• Encryption in transit: messages travel between you, our server, and Anthropic's server over HTTPS. This protects against someone snooping on the network.
• What encryption does NOT protect against: Anthropic reading the content of your messages while their model generates a response. The model needs the plaintext to respond. The only way around this is running the model on our own servers, which is not yet practical for this kind of product. We document this so you can decide what to share.

Your best protection

The single most useful habit when using any AI app, including this one, is to not paste anything you would not put into a search engine. Personal ID numbers (henkilötunnus, isikukood), home addresses combined with full birthdates, bank account numbers, PINs, passwords, security codes, and photos of identity documents do not belong in any AI conversation. Companion will gently note it if you share something sensitive and offer steps to protect yourself, but the safer habit is upstream: do not paste it in the first place.

Cookies

This site uses essential cookies only: a session cookie and a CSRF security token. These are required for the service to function. No analytics cookies. No tracking. The first time you visit, a banner explains this. You can dismiss it and it will not appear again on that device.

Your rights

Under GDPR you have the right to:

• Access your data: you can see all your conversations in the app.
• Delete your data: you can delete individual conversations or your entire account. Deletion is permanent.
• Withdraw consent: you can stop using the service at any time and delete your account.
• Object or restrict processing: you can ask us to stop using your data in a specific way without deleting your account entirely. Contact [email protected]. We aim to respond within one month. If the request is complex or you submit several at once, it may take up to three months in total.
• Complain: if you believe your data is being handled incorrectly, you can contact the Finnish Data Protection Authority (Tietosuojavaltuutetun toimisto) at tietosuoja.fi.

If the law requires it, or if there is an active legal dispute we need to document, we may keep relevant data longer than the periods described above.

Data export

Data export is not yet available as a self-service feature. If you need a copy of your data, contact us directly.

Changes to this notice

If we change how we handle your data, this page will be updated. The "last updated" date at the top shows when the most recent change was made.