Privacy Policy — Ask Safely Assistant
Effective Date: July 18, 2026 · Last Updated: July 18, 2026
Scope
This policy covers the Ask Safely product: the web app at app.asksafely.ai, the iOS app, and the Android app. It applies to all user tiers — Guest, Essential, Expert, and Founding Membership.
For the marketing website at asksafely.ai, see the Marketing Site Privacy Policy.
The Short Version
Ask Safely is built on a simple premise: your conversations with AI are yours.
- Chats auto-delete on a timer you choose. Every conversation is automatically deleted on your auto-delete timer — 8 hours by default, or 7 days or 30 days if you choose a longer window when you set up your account. You can delete any chat instantly at any time. You can also extend an individual chat within your preset’s keep window — up to 14 days on the 8-hour preset, 30 days on the 7-day preset, or 90 days on the 30-day preset. We never keep a chat beyond your preset’s keep window.
- Your messages are encrypted. Messages — yours and the AI’s — uploaded files, voice audio, and your email address are encrypted at rest with AES-256-GCM.
- Your data is never used for AI training. Not by us, not by Anthropic, not by anyone. Our AI runs on Anthropic’s Claude models via AWS Bedrock, which contractually prohibits training on customer data.
- We do not sell your data. Not now, not ever. Our business model is subscriptions, not data extraction.
- No open or click tracking in emails. When we email you, we don’t track whether you opened it or clicked anything.
- We don’t show you ads or build advertising profiles. To measure whether our own advertising works, we use a mobile measurement partner that receives device identifiers and technical information about app installs — see Advertising Attribution below for exactly what it gets.
- Guest mode needs no account. No email, no password, no name. Like any online service, our servers receive standard technical information (such as your IP address and device type) when you connect — see the Guest Mode section for exactly what that covers.
- Uploaded files and voice audio follow the same rules as chats. Documents you upload and voice conversations are encrypted, stored temporarily, and auto-deleted on the same schedule as your text chats.
- We never see your payment details. Subscriptions — including free trials — are processed entirely by Apple, Google, Stripe, and RevenueCat. We receive confirmation of your subscription or trial status — never your card number or billing details.
What We Collect
We’re going to be specific. Here’s every category of data Ask Safely handles, what it’s for, and when it’s deleted.
If You Use Guest Mode (No Account)
Guest mode lets you try Ask Safely without an account. No email. No password. No name.
What we collect in Guest mode:
- Your chat messages — encrypted and stored temporarily so we can generate AI responses. Auto-deleted after 8 hours. You can delete them instantly at any time.
- A session identifier — created when you start a guest session, so we can enforce the daily message limit (10 messages/day) and deliver responses to the right device.
- Standard technical information — when your device connects to our servers, we receive your IP address and browser or device type (the user agent). We use this to operate, debug, and secure the Service. If you later create an account, your guest conversations carry over to it.
What we do not collect in Guest mode: Your name, email, phone number, location, contacts, or photos.
If You Create an Account (Essential)
When you sign up, we collect the minimum information necessary to run your account.
Account information:
- Email address — used for login, password resets, and transactional emails (like OTP verification). Encrypted with AES-256-GCM via AWS KMS before storage.
- Password — for new accounts and existing users who have signed in since March 31, 2026, your password is hashed using industry-standard one-way hashing (bcrypt) via SuperTokens. Hashing is irreversible — we cannot decrypt or recover your password. Existing users who have not yet signed in since the migration will have their password re-secured with one-way hashing on their next login. Until then, those passwords remain encrypted with AES-256-GCM via AWS KMS.
- Authentication tokens — generated at login, valid for 90 days. Used to keep you signed in.
If you sign up with Google or Apple, we receive only the email address and authentication token from those services. We do not receive your Google or Apple password.
Chat messages:
- Every message you send and every AI response is encrypted with AES-256-GCM at rest.
- Your auto-delete timer: When you set up your account, you choose an auto-delete window — 8 hours (the default), 7 days, or 30 days. Every chat is automatically deleted at the end of your window via database-level TTL (time-to-live) indexes. Deletion isn’t a feature you turn on — it’s the default architecture. The timer is your choice.
- Extended chats: If you choose to keep a specific chat (swipe right on mobile, or use the extend button on web), it’s retained — with the same encryption — up to your preset’s keep window: 14 days on the 8-hour preset, 30 days on the 7-day preset, or 90 days on the 30-day preset. Then it’s deleted. We never keep a chat beyond your preset’s keep window.
- Instant delete: You can delete any chat immediately at any time. This removes it from our production database — not soft-deleted, not archived. See “What deleted means” under Data Retention for how backups and logs are handled.
Usage metrics (pseudonymized):
- Session timestamps, message counts, and feature interactions — used to understand product health (e.g., how many people use web search, chat retention rates). These metrics are associated with your user ID internally for product analysis but are never shared externally in a way that identifies you.
If You Start a Free Trial or Subscribe (Expert or Founding Membership)
Expert and Founding Membership subscribers — including users on a free trial of Expert — have access to additional features that involve additional data types. Everything described in the Essential section above still applies.
Payment information:
- Subscriptions and free trials are processed by Apple (App Store), Google (Google Play), Stripe, or RevenueCat depending on how you subscribe. Starting a free trial requires a payment method, which is collected and stored entirely by these processors. Ask Safely never receives, processes, or stores your credit card number, bank account details, or other financial information.
- We receive from these processors: your subscription or trial status (in trial, active, canceled, expired), the plan you’re on, your trial end date, subscription start and renewal dates, and a processor-generated subscriber identifier. This is used solely to grant you the correct tier of access.
- RevenueCat acts as our subscription management layer. It receives your anonymized app user ID and subscription events from Apple, Google, or Stripe. See RevenueCat’s Privacy Policy and Stripe’s Privacy Policy for details on their data practices.
AI experts (Expert and Founding Membership):
- Expert subscribers can use specialized AI experts — currently Researcher, Writer, Troubleshooter, and Lookout. Experts run on the same AI processing and web search pipelines described in this policy, and their conversations follow the same encryption and auto-deletion lifecycle as any other chat. Experts do not collect any additional categories of data and do not access any stored profile or memory about you.
Document uploads (Expert and Founding Membership):
- You may upload documents (.docx, .pdf, .csv, .xlsx) and images (.png, .jpg, .gif) for AI analysis. Uploaded files are encrypted with AES-256-GCM and stored temporarily, following the same auto-delete lifecycle as the chat they belong to — your auto-delete timer by default, up to your preset’s keep window if you extend the chat.
- Uploaded files are decrypted only for the moment they are sent to the AI model for processing, then re-encrypted. They are never retained by Anthropic.
Voice-to-Voice conversations (Expert and Founding Membership):
- Voice-to-Voice uses your device’s microphone (with your explicit permission) to enable spoken conversations with the AI. Audio data is transmitted to AWS for processing via Amazon Nova 2 Sonic.
- Voice audio is encrypted and stored temporarily, following the same auto-delete lifecycle as the chat it belongs to — your auto-delete timer by default, up to your preset’s keep window if you extend the chat.
- We do not use voice data for speaker identification, voiceprint creation, or biometric profiling. Audio is processed solely to generate AI responses and transcripts.
Voice-to-Text / Dictate (Expert and Founding Membership):
- Dictate converts your spoken words into text input for the AI. The same microphone permission and audio handling described above applies. The resulting text is treated identically to any typed message.
Chat sharing links (Expert and Founding Membership):
- You can generate a shareable link to a conversation. Anyone with the link can view the shared chat — no Ask Safely account is required.
- Shared chats follow the same auto-delete lifecycle as the original chat. When the original chat is deleted (by timer or by you), the shared link stops working.
- Shared chats are read-only copies. Recipients cannot modify, extend, or re-share the conversation.
- Be mindful of what you share. Because shared links are accessible to anyone who has them, do not share conversations containing sensitive personal information unless you intend for it to be visible.
Deep Research (Expert and Founding Membership):
- Deep Research performs multi-step web searches on your behalf to answer complex questions. It uses the same Brave Search pipeline described in the Web Search section below. No additional personal data is collected.
Founding Membership — Additional Details
Founding Members receive access to a private collaboration channel hosted on Slack. If you choose to join the Slack channel, Slack will process your data according to Slack’s Privacy Policy. Joining the Slack channel is optional and is not required to use your Founding Membership. We do not share any of your Ask Safely usage data, chat history, or account information with Slack.
Web Search
When Ask Safely determines your question needs current information, it automatically searches the web on your behalf using the Brave Search API. Your query (or a rephrased version of it) is sent to Brave’s servers to retrieve results. Brave does not receive your email, user ID, or any account information — only the search query. See Brave’s Privacy Policy for how they handle search data.
AI Processing
Your messages are processed by Anthropic’s Claude AI models via AWS Bedrock. The specific model used depends on your tier and query complexity: Claude Haiku 4.5 and Sonnet 4.5 for Guest and Essential users, with Claude Opus 4.6 additionally available for Expert and Founding Membership subscribers.
This is important: AWS Bedrock contractually guarantees that your data is not used to train or improve AI models. Your conversations are processed to generate responses and then are not retained by Anthropic. We chose AWS Bedrock specifically for this guarantee.
Your messages are encrypted in our database, decrypted only for the moment they’re sent to the AI model for processing, and the AI’s response is encrypted before storage.
Biometric Authentication (iOS)
If you enable Face ID or Touch ID, your biometric data is handled entirely by Apple’s Secure Enclave on your device. Ask Safely never receives, transmits, or stores biometric data. We only receive a yes/no confirmation from your device that authentication succeeded.
Device Permissions
Ask Safely requests device permissions only when a specific feature needs them, and only with your explicit consent.
- Microphone — required for Voice-to-Voice and Dictate features (Expert and Founding Membership only). Never activated without your permission. Not used for passive listening or background recording.
- File access / Photos — required for document upload and image analysis features (Expert and Founding Membership only). We access only the specific files you select for upload. We do not scan or index your device’s files or photo library.
- Camera — may be used for capturing documents or images for upload (Expert and Founding Membership only). Activated only when you initiate a capture. No background camera access.
You can revoke any permission at any time through your device’s settings. Revoking a permission will disable the feature that requires it but will not affect any other functionality.
Email Communications
We use Resend to send emails. Here’s what that means for you.
Types of email we send:
- Transactional: OTP verification codes, password reset emails, and subscription-related notifications (trial reminders, payment confirmations, renewal reminders, cancellation confirmations). You can’t opt out of these because they’re necessary for account security and billing.
- Onboarding: A short welcome sequence when you first sign up (up to 3 emails). You can unsubscribe from these.
- Re-engagement: Occasional emails if you haven’t used Ask Safely in a while. You can unsubscribe from these.
What Resend receives: Your email address and the email content, so they can deliver the message.
What we’ve disabled:
- Open tracking — OFF. We don’t insert tracking pixels. We don’t know if you opened our emails.
- Click tracking — OFF. We don’t route your link clicks through a redirect server. Links go directly where they say they go.
This is a deliberate choice. A privacy company shouldn’t track your email behavior. Resend retains delivery metadata (delivered, bounced, failed) so we know if emails are reaching inboxes. See Resend’s Privacy Policy for details.
Advertising Attribution
We measure whether our advertising works. We do not use your data for cross-context behavioral advertising, and we never show you ads. Here is exactly what attribution involves.
Mobile App Attribution — Adjust
We use Adjust, a mobile measurement partner (MMP), to understand which ad campaigns lead to app installs.
What Adjust receives from our app:
- Install event — the fact that the app was installed, and the timestamp.
- First chat event — the fact that a first chat occurred (not the content of the chat).
- Device identifiers — a vendor identifier (IDFV on iOS; the equivalent app-scoped identifier on Android) and, where available on your device and platform, the device’s advertising identifier.
- Technical information — IP address, device type, OS version, and app version. Used to match an install to the ad that drove it.
What the data is used for — and not used for:
- Attribution data is used to measure campaign performance — to know that “Campaign X drove 50 installs,” not to identify or profile you.
- Ad networks (such as Google and Reddit) receive aggregate, campaign-level performance data from Adjust, not information intended to identify individual users.
- We do not use attribution data for retargeting, ad personalization, or any purpose other than measuring whether our advertising works.
Adjust’s data is stored on Adjust’s own servers. See Adjust’s Privacy Policy for details on their data practices.
Web App Attribution
If you arrive at the web app from a paid ad, the URL may contain an anonymous click identifier (like a Google Click ID) and campaign parameters. These are stored in your browser’s session storage (which clears when you close the tab) and sent to our backend at signup. This attribution data is:
- Stored in a separate database table from your conversations and profile
- Never used for profiling, retargeting, or any purpose other than measuring ad effectiveness
- Automatically deleted after 90 days
For the full details on how attribution parameters work at the marketing site level, see the Marketing Site Privacy Policy.
Web Analytics — Plausible
We use Plausible, a privacy-focused analytics tool, to measure aggregate usage of the web app — page views, referrers, and similar counts. Plausible does not use cookies and does not build persistent profiles of individual visitors. See Plausible’s Data Policy for details.
Infrastructure and Security
Where Your Data Lives
Ask Safely runs entirely on Amazon Web Services (AWS) infrastructure based in the United States.
| Component | Purpose |
|---|---|
| AWS RDS (PostgreSQL) | Account data, authentication, metrics |
| MongoDB with TTL indexes | Chat messages, uploaded files, and voice audio (auto-deletion enforced at database level) |
| Redis | Temporary streaming cache for real-time AI responses |
| AWS KMS | Encryption key management (FIPS 140-2 Level 2/3 validated HSMs) |
| AWS Lambda | AI response processing |
| AWS Amplify | Web app hosting |
Encryption Details
- Standard: AES-256-GCM envelope encryption via AWS KMS
- How it works: A unique data key is generated from AWS KMS for each message. The message is encrypted with that key. Both the encrypted message and the encrypted data key are stored together. Decryption requires the KMS master key, which never leaves AWS hardware security modules in plaintext.
- What’s encrypted: Email addresses, chat messages (yours and the AI’s), uploaded files, voice audio, OTP codes, and authentication tokens.
- What’s hashed (one-way): Passwords for new accounts and recently active users are hashed using bcrypt via SuperTokens. Hashing is irreversible — we cannot decrypt or recover your password. Passwords for inactive accounts created before March 31, 2026 remain AES-256-GCM encrypted and will be re-secured with one-way hashing upon the user’s next login.
Compliance
- SOC 2 Type II audit in progress via Vanta; the observation period began June 10, 2026
- AWS infrastructure meets SOC, PCI DSS, and HIPAA standards
- FIPS 140-2 Level 2/3 validated hardware security modules for key management
Server and Diagnostic Logs
AWS generates standard infrastructure logs (request timestamps, IP addresses, error codes) for operational purposes. In limited cases, diagnostic and error logs may capture portions of message content while we investigate a failure. All logs are access-controlled, used only for debugging and security monitoring, and purged on a rolling schedule.
Feature Flags
We use LaunchDarkly for feature management (e.g., rolling out new features to a percentage of users). LaunchDarkly receives a context identifier and limited account attributes — your user ID and email address — used solely to determine which features are enabled for your account. See LaunchDarkly’s Privacy Policy for details.
Third-Party Services Summary
Every external service Ask Safely uses is listed here. No exceptions.
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| AWS Bedrock (Anthropic Claude) | AI responses | Chat messages, uploaded files, voice audio (decrypted for processing, not retained for training) | AWS |
| Amazon Nova 2 Sonic | Voice processing | Voice audio (processed for speech-to-text and text-to-speech, not retained) | AWS |
| Brave Search | Web search results | Search queries only | Brave |
| Resend | Email delivery | Email addresses, email content | Resend |
| RevenueCat | Subscription management | Anonymized app user ID, subscription and trial events | RevenueCat |
| Stripe | Payment processing (web) | Payment handled entirely by Stripe; we receive subscription status only | Stripe |
| Apple App Store | Payment processing (iOS) | Payment handled entirely by Apple; we receive subscription status only | Apple |
| Google Play | Payment processing (Android) | Payment handled entirely by Google; we receive subscription status only | |
| Adjust | Mobile app attribution | Install events, device identifiers, IP address, device type, OS version | Adjust |
| Plausible | Web app analytics (aggregate, cookieless) | Page views, referrers, browser and device type | Plausible |
| LaunchDarkly | Feature flags | Context identifier, user ID, email address | LaunchDarkly |
| AWS KMS | Encryption | Encrypted keys (never in plaintext outside HSMs) | AWS |
| Apple / Google | Authentication (social sign-in) | Email address, auth token | Apple / Google |
| SuperTokens | Authentication infrastructure | Processed locally (self-hosted); no user data shared externally | SuperTokens |
| Slack | Founding Member collaboration channel (optional) | Only what you share in the Slack channel; no Ask Safely data is transmitted to Slack | Slack |
Each third-party service listed above is bound by contractual terms that limit how they may use the data they receive from us. Where applicable, we maintain data processing agreements (DPAs) that require our vendors to process your data only for the purposes described in this policy, to implement appropriate security measures, and to delete or return data upon termination of the relationship.
What We Do Not Do
To be explicit:
- We do not sell your data. To anyone. For any reason.
- We do not use your data for AI training. Our contract with AWS Bedrock prohibits it.
- We do not show you ads.
- We do not build advertising profiles about you.
- We do not use your data for cross-context behavioral advertising.
- We do not share chat content with any third party except our AI and infrastructure providers (Anthropic via AWS Bedrock, and AWS services) for the sole purpose of operating the Service.
- We do not collect your location. We don’t request location permissions.
- We do not access your contacts.
- We do not use tracking pixels in our emails.
- We do not create voiceprints or use voice data for biometric identification.
- We do not scan your files. We access only the specific documents and images you choose to upload.
Data Retention
| Data Type | Retention |
|---|---|
| Chat messages (default) | Deleted on your auto-delete timer — 8 hours, 7 days, or 30 days, whichever preset you chose |
| Chat messages (extended) | Deleted at the end of your preset’s keep window — 14, 30, or 90 days |
| Chat messages (instant delete) | Deleted immediately |
| Uploaded files | Same as the chat they belong to |
| Voice audio | Same as the chat it belongs to |
| Shared chat links | Same as the original chat — when the chat is deleted, the link stops working |
| Account information | Retained until you delete your account |
| Subscription status | Retained while your account exists; limited transaction records retained as described below |
| Advertising attribution (web) | 90 days, then deleted |
| Email delivery metadata (via Resend) | Per Resend’s retention policy |
| Adjust attribution data | Per Adjust’s retention policy |
What “deleted” means. When your data is deleted — by timer, by instant delete, or by account deletion — it is removed from our production databases. It is not archived and not soft-deleted, and we cannot restore it for you. Residual copies may persist temporarily in encrypted backups and diagnostic logs, which are access-controlled and purged on a rolling schedule. We are continually working to shorten the time any residual copy can exist.
Your Rights and Controls
Controls Available to Every User
- Delete any chat instantly — swipe left (mobile) or click the delete button (web)
- Delete your entire account — see Account Deletion below
Controls for Registered Users
- Choose your auto-delete timer — 8 hours, 7 days, or 30 days, selected when you set up your account
- Extend or shorten chat retention — keep an individual chat up to your preset’s keep window, or delete it immediately
- Unsubscribe from non-transactional emails — every marketing or re-engagement email includes an unsubscribe link
Controls for Expert and Founding Membership Subscribers
- Manage your subscription or trial — cancel, change plans, or view billing history through your device’s app store (iOS/Android) or through your account settings (web/Stripe)
- Revoke device permissions — disable microphone, camera, or file access at any time through your device settings
- Delete shared links — remove any shared chat link you’ve created
Account Deletion
Deleting your account removes your account information, chat history, uploaded files, and voice audio from our production databases. This action is irreversible.
We retain limited records after account deletion where we are required or permitted to do so — specifically, subscription and payment transaction records needed for financial reporting, tax, fraud prevention, and legal compliance. These records are kept only as long as those obligations require. Residual copies of deleted data in encrypted backups are purged on a rolling schedule, as described under Data Retention.
Data Access and Deletion Rights
Regardless of where you live, you can:
- Request access to the personal data we hold about you
- Request deletion of your account and all associated data
- Request correction of inaccurate personal data
To exercise any of these rights, email us at mike@asksafely.ai. We’ll respond within 30 days.
In practice, our architecture means there’s very little to request: your chats auto-delete, your email is encrypted, and we don’t build profiles. But the rights are yours, and we’ll honor them.
California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides you with specific rights. Here is how our practices map to the required disclosures:
- Categories of personal information collected: Email address (Essential and above), hashed or encrypted password (Essential and above), subscription and trial status (Expert and Founding Membership), usage metrics (pseudonymized), internet and network activity information (IP address, device and browser type, session identifiers), and advertising attribution data.
- Purpose of collection: Providing the Service, account management, subscription management, security and fraud prevention, product improvement (via aggregate metrics), and measuring advertising effectiveness.
- Sale or sharing of personal information: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
- Sensitive personal information: We do not collect sensitive personal information as defined by the CCPA/CPRA (such as Social Security numbers, financial account details, precise geolocation, or biometric data used for identification) for any purpose other than providing the Service. The contents of your conversations are yours; we do not use them to infer characteristics about you.
- Right to opt out of sale/sharing: Because we do not sell or share personal information, there is nothing to opt out of.
- Non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
- Retention: See the Data Retention table above for specific retention periods by data type.
To exercise any California-specific right, email mike@asksafely.ai. We’ll respond within 45 days as required by law.
Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users as required by applicable law. For breaches that pose a risk of harm, we will notify you by email (for registered users) or through in-app notice as quickly as practicable and no later than required by the laws of your jurisdiction.
We maintain security monitoring and incident response procedures designed to detect and respond to potential breaches promptly.
Children’s Privacy
Ask Safely is not intended for use by anyone under 17 years of age. We do not knowingly collect personal information from anyone under 17. If we learn that we’ve collected data from someone under 17, we’ll delete it immediately. If you believe someone under 17 has provided us with personal information, contact us at mike@asksafely.ai.
Future Features
We are developing additional features that will involve new data types. When these features launch, we will update this policy before they become available. Planned features include:
- About you — an opt-in, user-controlled memory that stores facts you’ve chosen to keep across conversations. Nothing is saved without your approval. You will be able to view, edit, and delete any saved fact, and export everything at any time.
- Knowledgebooks — living documents built from your chats, on your terms, with the same view/edit/delete/export controls.
- Expert memory access — the ability for AI experts to draw on your About you memory (with your permission) to give personalized results. The experts available today do not access any memory.
- Memory connector (MCP) — a way to use your Ask Safely memory with other AI platforms. Your data is shared only when you explicitly connect a third-party service.
We will not launch any of these features without updating this policy and notifying you of the changes.
Changes to This Policy
If we update this policy, we’ll change the “Last Updated” date at the top. For material changes — like adding new data collection, new third-party services, or changing how we handle your messages — we’ll notify you via email (for registered users) or in-app notice.
July 18, 2026 update. This version reflects three changes: (1) auto-delete timers are now user-selectable (8 hours, 7 days, or 30 days) with matching keep windows for extended chats; (2) free trials of the Expert tier are available, processed by the same payment providers already described here; and (3) we have made our disclosures about guest sessions, advertising attribution, analytics, feature flags, logs, and deletion mechanics more precise. These changes are effective immediately upon publication.
We built Ask Safely because we believe AI companies should be transparent about what they do with your data. This policy is part of that commitment.
Contact
Questions, concerns, or data requests? Reach us at:
SafeLife Inc.
Minneapolis, MN
SafeLife Inc. is a Delaware C-Corp.