Privacy and Cookie Policy
Last updated · May 20, 2026
This Policy explains how Seraphie LLC ("Revelia", "we", "us", "our") collects, uses, protects and shares your personal data when you use revelia.ai. It also explains our use of cookies.
We respect your privacy. This Policy is short by design. We collect less data than most apps, and we never sell it.
1. Data Controller
Seraphie LLC 30 N Gould St Ste R, Sheridan, WY 82801, USA EIN: 35-2879267 Contact for any privacy question: contact@revelia.ai
For users in the European Union, contact@revelia.ai is the point of contact for data protection matters. If our processing volume triggers the obligation, we will appoint an EU representative under Article 27 GDPR and a Data Protection Officer, and we will publish their details here.
2. Data We Collect
2.1 Identification data
- Email address (if you create an Account)
- Hashed password (we never see your plaintext password)
- Account creation date
- Subscription status (received from Stripe)
2.2 Behavioral data
- Timestamps, message counts, session duration
- IP address, collected during the session for security, deleted within 30 days
- Device and browser type (technical, for compatibility and security)
2.3 Conversation content (sensitive)
- The narratives, messages and topics you share in the Sanctuary
- The Insight generated for you
- A derived "latent profile" that helps the Service tailor responses to you
This conversation content may reveal information about your inner life, your emotions and your wellbeing. We treat it as a special category of data and protect it accordingly (see Section 4).
2.4 Payment data
We do not store full payment card numbers. Stripe processes all payments. We receive only a payment token and your subscription status.
2.5 What we do NOT collect
- Your real name, unless you write it yourself in a Conversation
- Your phone number
- Your precise location
- Advertising or marketing profiles
- Browsing history outside revelia.ai
3. Purposes and Legal Bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide and operate the Service | Performance of the contract |
| Create and manage your Account | Performance of the contract |
| Process payments and subscriptions | Performance of the contract |
| Generate Insight from your conversation content | Explicit consent (see Section 4) |
| Keep the Service secure, prevent fraud and abuse | Legitimate interest |
| Comply with legal and tax obligations | Legal obligation |
| Improve the Service using anonymous aggregate data only | Legitimate interest |
We never use your conversation content to train, fine-tune or evaluate artificial intelligence models. This is a binding commitment, not an option.
4. Sensitive Data: Your Conversation Content
Your conversations may contain information about your psychological wellbeing. Under Article 9 GDPR and equivalent rules, this can be a special category of personal data.
We process this content only to deliver the Service to you, on the basis of your explicit consent, which you give when you start using the Sanctuary. You can withdraw this consent at any time by closing your Account and deleting your data. Withdrawal does not affect processing already carried out.
This content is:
- encrypted in transit and at rest;
- stored on servers located in the European Union;
- never used to train AI models;
- never sold or shared for marketing;
- deletable by you at any time.
5. Subprocessors
We rely on a small set of trusted providers to operate the Service:
| Subprocessor | Role | Location |
|---|---|---|
| Supabase Inc. | Database, authentication, storage | European Union (Germany, Frankfurt region) |
| Anthropic PBC | AI inference (large language model) | United States |
| Voyage AI | Text embeddings used for conversation memory | United States |
| Vercel Inc. | Web hosting and delivery | United States and global edge network |
| Stripe Inc. and regional Stripe entities | Payment processing | United States, European Union and others |
| PostHog | Product analytics, privacy-first configuration | European Union (EU Cloud) |
We will update this list before adding or changing a subprocessor, and we will give 30 days notice of material changes.
6. International Transfers
Your conversation content and your Account data are stored in the European Union.
Some processing requires transfer to providers in the United States (Anthropic for AI inference, Voyage AI for embeddings, Vercel for delivery). For these transfers we rely on the European Commission Standard Contractual Clauses (SCCs), and where applicable on the EU-US Data Privacy Framework.
We have signed a Data Processing Agreement with Anthropic under which Anthropic does not retain or train on your conversation content. It uses your content only to return a response to your request.
7. Retention
| Data | Retention |
|---|---|
| Account data | Until you delete your Account |
| Conversations and Insight | Until you delete them, or delete your Account |
| Payment and invoicing records | 7 years, for tax and legal obligations |
| Session logs (IP, technical data) | 30 days |
| Anonymous aggregate analytics | Indefinitely (no longer identifies you) |
You can delete your Account and all associated data at any time from your Account settings, or by writing to contact@revelia.ai.
8. Your Rights
8.1 If you are in the European Union (GDPR)
You have the right of access, rectification, erasure, restriction, objection, portability, and the right to withdraw consent. You also have the right not to be subject to a decision based solely on automated processing producing legal effects. The Service does not make such decisions about you.
To exercise any right, write to contact@revelia.ai. We respond within 30 days.
You may lodge a complaint with your supervisory authority:
- France: CNIL (cnil.fr)
- Ireland: Data Protection Commission (dataprotection.ie)
- Netherlands: Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl)
8.2 If you are in Singapore (PDPA)
You have the right to access your personal data, to request correction, and to withdraw consent. The supervisory authority is the Personal Data Protection Commission (PDPC). Contact us at contact@revelia.ai.
8.3 If you are in Australia (Privacy Act 1988, Australian Privacy Principles)
You have the right to access and correct your personal information, and to complain about its handling. The supervisory authority is the Office of the Australian Information Commissioner (OAIC). Contact us at contact@revelia.ai.
8.4 Other regions
Wherever you are, you can write to contact@revelia.ai to access, correct or delete your data. We do not sell personal data and we do not share it for cross-context behavioral advertising.
10. Security
We apply industry-standard security measures: encryption in transit (TLS) and at rest, access controls on the principle of least privilege, secure key management, and regular reviews.
In the event of a personal data breach likely to create a risk to you, we will notify the competent authority and affected users within 72 hours, as required by GDPR.
11. Children
The Service is reserved for persons aged 18 and over. We do not knowingly collect data from anyone under 18. If we learn that we hold data of a person under 18, we delete it promptly. If you believe a minor has provided us data, write to contact@revelia.ai.
12. Changes to this Policy
We may update this Policy. We will notify you of material changes by email or by a notice within the Service. The "Last Updated" date at the top reflects the latest revision.
13. Contact
For any privacy question, or to exercise your rights:
Seraphie LLC, Attn: Privacy 30 N Gould St Ste R, Sheridan, WY 82801, USA