Effective date: 8 April 2026 · Last updated: 8 April 2026
Hi Joanna ("we", "our", or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Hi Joanna mobile application and website located at https://hijoanna.app (collectively, the "Service").
Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
When you create an account, we collect your name and email address. Authentication is handled securely via Google OAuth or email/password sign-in. We do not store your authentication password in plain text.
When you use voice features, your speech is transmitted to AI service providers for speech-to-text transcription and response generation. Voice audio is processed in real time and is not stored on our servers beyond the duration required to complete the task. Transcribed text from your voice sessions is stored as part of your conversation history.
If you connect an email account (Gmail, Outlook, Yahoo, iCloud, or other IMAP/SMTP providers), we access your emails solely to provide AI-powered summaries, daily recaps, and intelligent assistance. Your email credentials are encrypted using AES-256-GCM and stored securely on our servers — they are never transmitted to third parties or stored in plain text.
Email messages processed by the Service are protected by Row-Level Security (RLS) — meaning only you can access your own email data. No other user or unauthorised party can access your emails through our systems. You may revoke email access at any time from the Settings screen within the App.
We do not use your email content to train AI models.
If you connect a calendar account (Google Calendar or device calendar), we access your calendar events solely to help Joanna provide scheduling assistance, reminders, and to add calendar entries on your behalf when you request it. Calendar data is processed in real time and is not permanently stored on our servers beyond what is necessary to fulfil your request.
Your conversations with Joanna are stored to provide continuity across sessions. Conversation history is retained according to your subscription plan:
| Plan | Monthly Price | Retention Period |
|---|---|---|
| Trial | Free | 7 days |
| Basic | $9.99 | 30 days |
| Professional | $29.90 | 90 days |
| Executive | $99.99 | Unlimited |
You may delete your conversation history at any time from the Settings screen.
Joanna learns your preferences (such as dietary preferences, travel preferences, and communication style) from your conversations. These preferences are stored and used to personalise Joanna's responses across sessions. You may view and delete individual preferences from the Settings screen.
Subscription and billing information is handled by RevenueCat and the Apple App Store / Google Play Store. We do not store your payment card details. We receive information about your subscription status, plan type, and usage from RevenueCat.
We collect data about your use of voice minutes, including minutes consumed and remaining balance. This data is used to enforce subscription limits and display your usage statement within the App.
We may collect technical information such as your device type, operating system version, app version, IP address, and crash reports for the purpose of diagnosing technical issues and improving the Service.
We use the information we collect to:
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
When you connect your email account to Hi Joanna, the Service accesses your inbox solely to fulfil tasks you explicitly request — such as summarising emails, flagging important messages, identifying invoices or deadlines, or drafting replies. The following principles govern how we handle email data:
Hi Joanna uses artificial intelligence to generate responses, summaries, and task outputs. AI-generated content may contain errors, inaccuracies, or outdated information. We do not warrant the accuracy, completeness, or reliability of any AI-generated output. You should independently verify any information provided by the Service before relying on it for important decisions. Please refer to our Disclaimer for further detail.
We do not sell your personal data. We share data only with the following third-party service providers, solely to operate the Service:
| Provider | Purpose |
|---|---|
| Google Gemini AI | Speech-to-text, text-to-speech, AI responses, email summarisation |
| Supabase | Email data storage with Row-Level Security |
| Google Calendar API | Calendar access for scheduling features |
| RevenueCat | Subscription management |
| Apple App Store / Google Play | Payment processing |
| Tavily | Web search for agentic tasks |
Each of these providers has its own privacy policy governing their use of data. These parties are contractually obligated to keep your information confidential and use it only for the purposes we specify. AI model providers are bound by data processing agreements that prohibit them from using your data for their own training purposes.
We may also disclose your information in the following limited circumstances:
We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:
However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We retain your personal information for as long as your account is active or as needed to provide the Service. Conversation history is retained according to your subscription plan (see Section 2.5). Email credentials are deleted immediately when you remove an email account. If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (e.g., fraud prevention, dispute resolution).
Voice recordings are deleted immediately after the task is completed. Email content processed by the Service is not retained beyond the session. User preference data (persistent memory) is retained until you delete it within the App or delete your account.
You may request deletion of all your data by contacting us at [email protected].
Depending on your jurisdiction, you may have the following rights regarding your personal information:
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.
The Service is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information without parental consent, please contact us at [email protected] and we will take steps to delete such information.
Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. We ensure that appropriate safeguards are in place for such transfers, including Standard Contractual Clauses for transfers from the European Economic Area.
The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. For significant changes, we will provide additional notice (e.g., an in-app notification or email). Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: