Privacy Policy

Hi Joanna ("we", "our", or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Hi Joanna mobile application and website located at https://hijoanna.app (collectively, the "Service").

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

We collect information in the following ways:

2.1 Information You Provide Directly

• Account information: Name, email address, and password when you create an account.
• Email credentials: When you connect an email account (Gmail, Outlook, Yahoo, iCloud), your credentials are stored securely on your device using the device's secure enclave. We do not transmit or store your email password on our servers.
• Voice data: Audio recordings of your voice commands are processed in real time to fulfil your requests. Voice data is not stored beyond the duration required to complete the task.
• User preferences: Information you share with Joanna (e.g., dietary preferences, travel preferences) to enable personalised assistance. This is stored to provide the persistent memory feature.

2.2 Information Collected Automatically

• Device information: Device type, operating system version, unique device identifiers, and mobile network information.
• Usage data: Features accessed, session duration, crash reports, and performance data to improve the Service.
• Log data: IP address, browser type, pages visited on our website, and referring URLs.

2.3 Information from Third Parties

If you connect a third-party email provider, we access only the email data necessary to fulfil your specific request (e.g., reading a summary of your inbox). We do not access, read, or store email content beyond what is required to complete the requested task.

We use the information we collect to:

• Provide, operate, and maintain the Service;
• Process and complete tasks you request through voice or text commands;
• Personalise your experience and remember your preferences across sessions;
• Send transactional communications (e.g., account confirmations, subscription receipts);
• Respond to your support requests and enquiries;
• Monitor and analyse usage patterns to improve the Service;
• Detect, prevent, and address technical issues, fraud, or abuse;
• Comply with legal obligations.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

When you connect your email account to Hi Joanna, the Service accesses your inbox solely to fulfil tasks you explicitly request — such as summarising emails, flagging important messages, or drafting replies. The following principles govern how we handle email data:

• Email content is processed transiently and is not stored on our servers beyond the immediate task.
• Your email credentials are stored locally on your device using the operating system's secure storage mechanisms (e.g., iOS Keychain).
• We do not use your email content to train AI models.
• You may disconnect your email account at any time from within the app settings.

Hi Joanna uses artificial intelligence to generate responses, summaries, and task outputs. AI-generated content may contain errors, inaccuracies, or outdated information. We do not warrant the accuracy, completeness, or reliability of any AI-generated output. You should independently verify any information provided by the Service before relying on it for important decisions. Please refer to our Disclaimer for further detail.

We may share your information in the following limited circumstances:

• Service providers: Trusted third-party vendors who assist us in operating the Service (e.g., cloud infrastructure, payment processors, analytics). These parties are contractually obligated to keep your information confidential and use it only for the purposes we specify.
• AI model providers: Your voice and text inputs are processed by AI model providers (including large language model APIs) to generate responses. These providers are bound by data processing agreements that prohibit them from using your data for their own training purposes.
• Legal requirements: We may disclose your information if required to do so by law or in response to valid legal process (e.g., a court order or government request).
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
• Protection of rights: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or threats to the safety of any person.

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (e.g., fraud prevention, dispute resolution).

Voice recordings are deleted immediately after the task is completed. Email content processed by the Service is not retained beyond the session. User preference data (persistent memory) is retained until you delete it within the app or delete your account.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to certain legal exceptions.
• Portability: Request a machine-readable copy of your data.
• Objection / Restriction: Object to or request restriction of certain processing activities.
• Withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.

We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (TLS), encryption at rest, access controls, and regular security reviews.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

The Service is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information without parental consent, please contact us at [email protected] and we will take steps to delete such information.

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that are different from the laws of your country. We ensure that appropriate safeguards are in place for such transfers (e.g., Standard Contractual Clauses for transfers from the EEA).

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access through the Service.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the effective date. For significant changes, we will provide additional notice (e.g., an in-app notification or email). Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: