🔥
Cessa
Terms of Service →
Legal

Privacy Policy

Your story stays yours. Here's exactly what we collect, and what we don't.

Last updated: January 2026
💬

Overview

Cessa ("we", "our", "the app") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

🗂️

Data We Collect

Account Data

  • Email address (for authentication)
  • Display name (pseudonym allowed)
  • Language preference
  • Topic preferences (e.g., "Loneliness", "Career")

Usage Data

  • Session history (partner name, duration, timestamp)
  • Mood logs (1–5 scale after each session)
  • Safety ratings (Yes/No after each session)
  • Streak count
Data We Do NOT Collect Real name · Photos or profile pictures · Location data · Voice recordings (calls are real-time only, not stored unless a report is filed) · Contact lists or social media accounts
⚙️

How We Use Your Data

  • Matching Language and topic preferences help us find compatible partners.
  • AI Features Topic preferences are sent to our AI system to generate compatibility insights and personalized questions. No personal data is included.
  • Safety Mood patterns are analyzed to detect potential crises and offer professional help resources.
  • Product Improvement Aggregated, anonymized usage statistics.
🔒

Data Storage & Security

  • All data is stored in Supabase (PostgreSQL) with Row-Level Security
  • Authentication uses industry-standard protocols (OAuth 2.0, JWT)
  • Biometric data (Face ID / Fingerprint) is processed locally on your device and NEVER sent to our servers
  • Journal content and chat messages are encrypted at rest
  • We use HTTPS/TLS for all data transmission
🕐

Data Retention

Active accounts While account is active
Session data 90 days
Mood logs 1 year
Reports 2 years (safety compliance)
Deleted accounts Erased within 30 days
🛡️

Your Rights

  • Access Your data at any time via the Profile screen.
  • Export Your data by contacting support@cessaapp.com.
  • Delete Your account and all associated data.
  • Opt out Of AI features (contact support).
  • Withdraw consent At any time.
🔗

Third-Party Services

Supabase
Database and authentication (EU/US data centers)
Agora.io
Real-time voice communication (data processed in-transit, not stored)
Anthropic Claude API
AI-powered matching insights (no personal data sent, only topic preferences)
RevenueCat
Subscription management
Sentry
Error tracking (no personal data included)
🔞

Children's Privacy

Cessa is not intended for anyone under 18 years of age. We do not knowingly collect data from minors. If we discover that a user is under 18, their account will be terminated immediately.

🇪🇺

GDPR Compliance

For users in the European Economic Area:

  • Legal basis Consent (you agree to this policy on signup).
  • Data Controller Cessa App / Andy Cristofer.
  • Contact privacy@cessaapp.com
  • Complaints You may lodge a complaint with your local supervisory authority.
📢

Changes to This Policy

We will notify you of significant changes via in-app notification. Continued use after changes constitutes acceptance.

✉️

Contact

Privacy concerns privacy@cessaapp.com
General support support@cessaapp.com