Willow LabsData Safety
Transparent summary of what data we collect, how we use it, and who we share with — aligned with Google Play Data Safety and Apple App Privacy.
What we collect
Account identifiers (email, Apple/Google ID, nickname). Conversation content (text, voice if enabled, PHQ-9/GAD-7 screening results). Structured AI memory (patterns, themes). Technical data: device model, OS version, IP (≤30 days), crash logs without content.
How we use it
To provide the Service (dialogues, memory, screenings). For safety (crisis detection, fraud prevention). For quality improvement with your consent (anonymized metrics). We don't use it for ad targeting — we don't sell data.
Who we share with
Cloud providers (Supabase EU) — under DPA. Language model providers via proxy (no personal identifiers). Apple/Google — for subscription confirmation. We don't share with — ad networks, data brokers. Live therapist sharing in Premium — coming, requires explicit consent and shares only AI summary (not the conversations themselves).
Security
AES-256 at-rest, TLS 1.3 in-transit. Servers in EU. 2FA for the team, least-privilege access. Annual penetration test, bug-bounty.
Your rights
Access, correction, deletion, portability, withdrawal of consent — all available in app settings or via privacy@willowlabs.app. Response within 30 days. Full text in Privacy Policy.