Privacy Policy

Privacy is our priority. Rhea AI is an AI mental health companion. We understand that you may share deeply personal information with Rhea, and we take that responsibility seriously. This Privacy Policy explains exactly what data we collect, how we use it, who we share it with, and your rights as a user.

Rhea AI is operated by Natural Inc., a company incorporated in Mumbai, India ("Natural Inc.", "we", "us", or "our"). By using the Rhea AI application or related services (the "Service"), you agree to the terms of this Privacy Policy.

Last Updated: February 21, 2026

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name and email address. This information is used to create and manage your account and to communicate with you about the Service.

1.2 Conversation Data

We collect the text content of your conversations with Rhea. No audio or voice data is stored — only the text transcript. Conversation data is used solely to provide the Rhea AI service to you and, where you have opted in, to improve Rhea's AI model. Conversation content is never shared with any analytics, advertising, or third-party AI provider.

1.3 Device & Technical Information

We automatically collect technical information about the device you use to access the Service, including:

Device model and operating system version
IP address (used to determine approximate region only)
App version
Crash logs and diagnostic data

1.4 Usage Data

We collect information about how you use the Service, including feature interactions, screen views, session length, and in-app navigation events. This data is used in aggregated and anonymised form to improve the Service.

1.5 Advertising Identifiers (IDFA)

We collect your device's Identifier for Advertisers (IDFA) only if you provide explicit consent through Apple's App Tracking Transparency (ATT) framework. If you decline, no advertising identifier is collected. See Section 9 for full details.

2. How We Collect Information

Directly from you: When you register, create a profile, or have conversations with Rhea.
Automatically via SDKs: Through Firebase (Google LLC), Mixpanel, and Meta (Facebook SDK) integrated into the app. See Section 5 for exactly what each SDK receives.
With your explicit consent: Your IDFA is only collected after you consent via Apple's ATT prompt.

3. How We Use Your Information

Account information is used to authenticate you, manage your account, provide customer support, and send you service-related communications.
Conversation data is used exclusively to operate the Rhea AI companion service and, where you have opted in, to improve Rhea's AI model on our own infrastructure. It is never used for advertising and never shared with third parties.
Device & technical information is used for crash reporting, debugging, and ensuring the stability and security of the Service.
Usage data is used to understand how users interact with the Service and to improve product features and experience.
Advertising identifiers (IDFA) are used, with your consent, solely for measuring the effectiveness of our marketing campaigns via the Meta SDK.
All categories may be used to comply with applicable laws, regulations, legal process, or governmental requests.

4. AI Processing & Your Conversation Data

Rhea AI is powered by a proprietary, in-house AI model developed and operated exclusively by Natural Inc. on our own secure infrastructure.

No third-party AI providers receive your conversation data. We do not use OpenAI, Anthropic, Google AI, or any other external AI service to process your conversations.
Your conversation content never leaves our infrastructure for the purpose of AI processing.
Conversation data is never shared with our analytics partners (Mixpanel, Firebase Analytics) or our advertising partner (Meta).
All AI processing occurs under the direct control of Natural Inc., subject to this Privacy Policy.

5. Third-Party Services

We work with the following named third-party service providers. Each provider's data processing is governed by their own privacy policies and applicable data protection agreements.

5.1 Firebase (Google LLC)

Purpose: User authentication, app crash reporting, and basic app analytics.

Data shared: Authentication tokens, device identifiers, crash logs, and anonymised usage events.

Data NOT shared: Conversation content, message text, or any sensitive mental health information.

5.2 Mixpanel

Purpose: Product analytics to understand how users engage with the Service.

Data shared: Anonymised usage events, feature interaction data, and session metadata. Where possible, we send data without personally identifiable information.

Data NOT shared: Conversation content, account credentials, or sensitive mental health information.

5.3 Meta (Facebook SDK)

Purpose: Advertising attribution and marketing campaign measurement.

Data shared: Your IDFA (only if ATT consent is granted), app install events, and campaign attribution data.

Data NOT shared: Conversation content, name, email address, or any sensitive mental health information.

5.4 No Sale of Personal Data

We do not sell your personal data to any third party. We do not sell, rent, trade, or otherwise transfer your personal information to outside parties for their own commercial purposes.

6. Data Security

We implement multiple layers of security to protect your personal information:

Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
Encryption at rest: Conversation data and account information are stored with AES-256 encryption.
Role-based access control: Access to personal data within our organisation is strictly limited on a need-to-know basis. Engineering, product, and customer service teams cannot access your conversation content under normal operational circumstances.
Multi-factor authentication: Required for all employees who access production systems.
Regular security reviews: We conduct periodic reviews of our security practices and infrastructure.

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

Account information: Retained for as long as your account is active, plus 30 days following account deletion to allow for account recovery.
Conversation data: Retained for as long as your account is active. When you delete your account, your conversation data is permanently deleted within 30 days.
Usage and analytics data: Retained in anonymised and aggregated form for up to 24 months.
Crash and diagnostic logs: Retained for up to 90 days.
Advertising attribution data: Retained per Meta's platform defaults, typically up to 180 days.

You may request deletion of your data at any time by contacting us at dev@naturaldevs.com or by deleting your account within the app.

8. International Data Transfers

Natural Inc. is based in Mumbai, India. Our third-party service providers (Firebase/Google LLC, Mixpanel, Meta) are primarily based in the United States. When you use our Service, your data may be transferred to and processed in countries other than your country of residence, including the United States and India.

We ensure such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms under applicable data protection law.

9. Tracking & App Tracking Transparency (ATT)

On iOS devices, Rhea AI uses Apple's App Tracking Transparency (ATT) framework. We will request your permission before collecting your device's IDFA (Identifier for Advertisers).

If you grant consent, we share your IDFA with Meta (Facebook SDK) solely for the purpose of measuring advertising campaign effectiveness. This does not involve sharing your conversation content.
If you decline consent, no IDFA is collected, and no cross-app or cross-site tracking occurs. You can still use all features of Rhea AI.
You can change your ATT preference at any time in iOS Settings > Privacy & Security > Tracking.

10. Your Rights

Depending on your location and applicable law, you may have the following rights with respect to your personal data:

Right of access: Request a copy of the personal information we hold about you.
Right to rectification: Request correction of inaccurate or incomplete personal information.
Right to erasure: Request deletion of your personal information where there is no lawful basis for continued processing.
Right to data portability: Request your personal information in a structured, machine-readable format.
Right to restriction: Request that we restrict processing of your personal information in certain circumstances.
Right to object: Object to processing of your personal information based on legitimate interests.
Right to withdraw consent: Withdraw consent at any time where processing is based on consent, including ATT consent via iOS Settings.
Right to lodge a complaint: Lodge a complaint with your local data protection authority (e.g., the Information Commissioner's Office in the UK, or relevant authority in your country).

To exercise any of these rights, please contact us at dev@naturaldevs.com. We will respond within 30 days.

11. Legal Basis for Processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, we process your personal data on the following legal bases:

Contract performance: To provide you with the Rhea AI Service in accordance with our Terms of Service.
Legitimate interests: To improve and secure the Service, and to conduct product analytics, where these interests are not overridden by your rights.
Legal obligation: To comply with applicable laws and regulations.
Consent: For optional data uses, such as model training opt-in and ATT-based tracking.

12. Children Under 18

Rhea AI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a minor, we will promptly delete that information.

If you believe we have inadvertently collected data from a child under 18, please contact us immediately at dev@naturaldevs.com.

13. Direct Marketing

We may send you marketing communications about Rhea AI where you have opted in or where we have a legitimate interest and applicable law permits. All marketing emails include an unsubscribe link allowing you to opt out at any time. You may also update your marketing preferences by contacting us at dev@naturaldevs.com.

14. Links to Third-Party Sites

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you via an in-app notification or email before the changes take effect. The updated policy will always be available at this page. Continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Natural Inc.
Mumbai, India
dev@naturaldevs.com