Privacy Policy

For i am buddy

Effective Date: February 8, 2026

Last Updated: February 8, 2026

⚠️Important: We Are NOT a HIPAA-Covered Entity

i am is a peer support and educational tool, not a healthcare provider. We are not covered by HIPAA because:

  • We do not provide medical treatment, diagnosis, or therapy
  • We are not healthcare providers, health plans, or healthcare clearinghouses
  • We do not bill insurance or handle protected health information (PHI) for covered entities

However, we treat your data with the same level of security and care as if we were HIPAA-covered, because your privacy matters to us.

Summary (TL;DR)

  • ✅ We collect: Account info + your recovery journey data
  • ✅ We protect it with: Encryption, secure servers, access controls
  • ✅ We use it to: Provide personalized support and improve the app
  • ❌ We DON'T: Sell data, share with advertisers, or use for marketing
  • ✅ Your rights: Access, correct, delete, export your data anytime
  • ✅ Security: Bank-level encryption, enterprise infrastructure
  • ⚠️ We're NOT HIPAA-covered: We're your buddy in peer support, not medical treatment
  • 👤 Age: 18+ only
  • 📞 Questions: privacy@iam-buddy.app

You own your recovery journey. You own your data. We're your buddy along the way.

1. What Data We Collect and Why

Account Information

What we collect:

  • Email address
  • Password (encrypted, we never see it)
  • Name (optional, can be a pseudonym)

Why we collect it:

  • To create and secure your account
  • To send important updates (optional)
  • To help you recover your account if needed

Recovery Journey Data

What we collect:

  • Your responses to the onboarding assessment (struggles, values, intentions)
  • Daily check-in responses (morning intentions, midday reflections, evening gratitude)
  • Module progress (which lessons you've completed)
  • SOS intervention usage (what coping strategies you used and whether they helped)
  • Progress milestones (days of engagement, skills practiced)

2. How We Protect Your Data

Encryption

  • In transit: All data sent between your device and our servers is encrypted using TLS 1.2+ (the same technology banks use)
  • At rest: All data stored in our database is encrypted using AES-256 encryption
  • Passwords: Hashed using bcrypt (industry-standard, one-way encryption)

Access Controls

  • Only you can access your data
  • Our team cannot see your journal entries, reflections, or personal content
  • Multi-factor authentication for our admin systems
  • Regular security audits

3. Your Privacy Rights

Right to Access

You can view all your data at any time in Settings → My Data

Right to Correct

You can update your information in Settings → Profile

Right to Delete (Right to be Forgotten)

You can delete your account and all data in Settings → Delete Account

Process:

  1. Soft delete (30 days): Account deactivated, data preserved
  2. Hard delete (after 30 days): All data permanently deleted
  3. Cannot be undone after hard delete

Right to Export (Data Portability)

You can download all your data in JSON format. Email: privacy@iam-buddy.app

4. Third-Party Services

MongoDB Atlas (Database)

Enterprise-grade encryption, SOC 2 Type II certified

Google OAuth (Optional)

Only if you choose to sign in with Google

We carefully vet all third-party services for security and privacy.

Contact Us

📧 Privacy questions: privacy@iam-buddy.app

📧 Security concerns: security@iam-buddy.app

📧 General support: support@iam-buddy.app

⏱️ Response time: Within 7 business days

This is a summary. For the complete Privacy Policy with all details, legal language, and international compliance information:

Made with Emergent