Welcome to Personhood ("we," "our," or "us"). This Privacy Policy explains how Personhood
Technologies, operating under iRise Business Ventures LLP ("Company"), collects, uses, discloses,
and safeguards your information when you use our mobile application Cady and related services
(collectively, the "Service").
We are building AI people, not just software tools. We are committed to protecting your privacy and
treating your data with the same respect we build into our digital people. This policy details our
compliance with applicable data protection laws, including:
The General Data Protection Regulation (GDPR) for users in the European
Economic Area
The California Consumer Privacy Act (CCPA) as amended by the CPRA for
California residents
The Lei Geral de Proteção de Dados (LGPD) for users in Brazil
Other applicable data protection laws in your jurisdiction
By using our Service, you acknowledge that you have read and understood this Privacy
Policy. If you do not agree with our policies and practices, please do not use our
Service.
2. Information We Collect
2.1 Information You Provide Directly
Account Registration Information: Email address, username, and password (stored
in encrypted form using industry-standard hashing algorithms)
Profile Information: Name, age, gender identity, profile photographs,
biographical information, interests, and personal preferences
User-Generated Content: Messages, conversations, and interactions with AI
characters within the application
Communication Preferences: Your preferred communication style, topics of
interest, and content preferences
Support Communications: Information provided when you contact our customer
support team
Payment Information: When processed through our payment processors (RevenueCat,
Apple App Store, Google Play Store), we do not store complete payment card details on our
servers
2.2 Information Collected Automatically
Device Information: Device type, operating system and version, unique device
identifiers (IDFA/GAID where permitted), device settings, and mobile network information
Usage Data: Features accessed, time spent in application, interaction patterns,
click paths, and session duration
Log Data: Internet Protocol (IP) address, browser type and version, referring
URLs, pages viewed, access timestamps, and diagnostic data
Crash Reports and Diagnostics: Technical information about application errors,
stack traces, and performance metrics
Location Data: General geographic location inferred from IP address (we do not
collect precise GPS location)
2.3 Information from Third Parties
Social Login Providers: If you sign in using Google or Apple, we receive basic
profile information as authorized by you
Analytics Providers: Aggregated usage statistics from our analytics partners
3. How We Use Your Information
We process your personal information for the following purposes:
3.1 Service Provision and Personalization
To create, maintain, and secure your account
To provide and personalize the Service experience
To enable conversations and interactions with AI characters
To remember your preferences and settings across sessions
3.2 Service Improvement and Development
To improve AI response quality, relevance, and safety
To analyze usage patterns and optimize application functionality
To develop new features and services
To conduct research and development for AI advancement
3.3 Communication
To send service-related notifications and updates
To respond to your inquiries and support requests
To send promotional communications (with your consent, where required)
3.4 Safety and Security
To detect, prevent, and address fraud, abuse, and technical issues
To enforce our Terms of Service and Community Guidelines
To protect the rights, property, and safety of our users and the public
3.5 Legal Compliance
To comply with applicable laws, regulations, and legal processes
To respond to lawful requests from public authorities
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area, we process your personal data based on the following legal
grounds:
Performance of Contract (Article 6(1)(b)): Processing necessary to provide the
Service as outlined in our Terms of Service
Consent (Article 6(1)(a)): Where you have explicitly consented to specific
processing activities (e.g., marketing communications, optional analytics)
Legitimate Interests (Article 6(1)(f)): Processing based on our legitimate
business interests, such as fraud prevention, service improvement, and security, provided these
interests do not override your fundamental rights
Legal Obligation (Article 6(1)(c)): Processing required to comply with
applicable laws and regulations
You have the right to withdraw consent at any time for processing activities based on consent.
Withdrawal does not affect the lawfulness of processing prior to withdrawal.
5. Data Sharing & Disclosure
5.1 Third-Party Service Providers
We share information with trusted third-party service providers who assist in operating our Service:
Firebase (Google LLC): Authentication, cloud storage, analytics, and crash
reporting
Google Cloud Platform: Cloud infrastructure and AI services (Gemini)
Cloudinary: Image storage, optimization, and delivery
These providers are contractually obligated to protect your information and may only use it for the
specific purposes we authorize.
5.2 Legal Requirements and Safety
We may disclose your information when required to:
Comply with applicable laws, regulations, or legal processes
Respond to valid law enforcement requests or court orders
Protect the rights, property, or safety of Personhood, our users, or the public
Detect, prevent, or address fraud, security, or technical issues
5.3 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your
information may be transferred as part of that transaction. We will notify you of any such change
and any choices you may have regarding your information.
We do not sell your personal information. We do not share your personal data
with third parties for their direct marketing purposes without your explicit consent.
6. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
6.1 Rights Under GDPR (European Economic Area)
Right of Access (Article 15): Request confirmation of processing and a copy of
your personal data
Right to Rectification (Article 16): Request correction of inaccurate or
incomplete data
Right to Erasure (Article 17): Request deletion of your personal data ("right
to be forgotten")
Right to Restriction (Article 18): Request limitation of processing in certain
circumstances
Right to Data Portability (Article 20): Receive your data in a structured,
machine-readable format
Right to Object (Article 21): Object to processing based on legitimate
interests or for direct marketing
Right to Withdraw Consent: Withdraw consent at any time without affecting
lawfulness of prior processing
Right to Lodge a Complaint: File a complaint with your local supervisory
authority
6.2 Rights Under CCPA/CPRA (California Residents)
Right to Know: Request disclosure of categories and specific pieces of personal
information collected
Right to Delete: Request deletion of personal information, subject to certain
exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: Opt-out of the sale or sharing of personal information (note:
we do not sell personal information)
Right to Non-Discrimination: Exercise your rights without discriminatory
treatment
Right to Limit Use of Sensitive Personal Information: Limit use and disclosure
of sensitive personal information
6.3 Rights Under LGPD (Brazil)
Confirmation of processing and access to data
Correction of incomplete, inaccurate, or outdated data
Anonymization, blocking, or deletion of unnecessary data
Data portability to another service provider
Deletion of data processed with consent
Information about entities with whom data has been shared
Revocation of consent
To exercise your rights: Use the Privacy Settings within the app, or contact us
at privacy@personhood.tech. We will respond within
the timeframes required by applicable law (typically 30 days for GDPR, 45 days for CCPA).
7. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which
it was collected:
Active Account Data: Retained for the lifetime of your active account
Chat Messages and Conversations: Retained for 90 days by default; extended
retention up to 24 months available with your consent for enhanced AI memory features
Account Deletion: Upon deletion request, personal data is permanently deleted
within 30 days, except where retention is required by law
Analytics Data: Aggregated and anonymized after 26 months; anonymized data may
be retained indefinitely
Legal Records: Records required for legal compliance retained for the
applicable statutory period
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
Encryption in Transit: All data transmitted between your device and our servers
is encrypted using TLS 1.3
Encryption at Rest: Sensitive data is encrypted using AES-256 encryption
Password Security: Passwords are hashed using bcrypt with appropriate cost
factors
Access Controls: Role-based access controls and principle of least privilege
Security Monitoring: Continuous monitoring for security threats and anomalies
Regular Assessments: Periodic security audits and vulnerability assessments
Incident Response: Documented incident response procedures and breach
notification protocols
While we implement robust security measures, no method of transmission over the Internet or
electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any
breach affecting your personal data as required by law.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of
residence, including India and the United States, where our servers and service providers are
located.
When we transfer data internationally, we ensure appropriate safeguards are in place:
Standard Contractual Clauses: EU-approved contractual provisions for
international transfers
Adequacy Decisions: Transfers to countries recognized as providing adequate
protection
Supplementary Measures: Additional technical and organizational measures where
required
You may request information about the safeguards we use for international transfers by contacting us.
10. Children's Privacy
Age Restriction: Cady is intended for users aged 18 and older. We do not
knowingly collect, use, or disclose personal information from individuals under 18 years of age.
If we become aware that we have collected personal information from a minor, we will take immediate
steps to delete such information from our records. If you believe we have inadvertently collected
information from a minor, please contact us immediately at privacy@personhood.tech.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices,
technologies, legal requirements, or other factors. We will notify you of any material changes by:
Posting the updated Privacy Policy on this page with a new "Last Updated" date
Sending you an in-app notification or email for significant changes
Requiring your acknowledgment of material changes before continued use
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after
the posting of changes constitutes your acceptance of such changes.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices,
please contact us:
Personhood Technologies
iRise Business Ventures LLP
8, 2-293/82/J/A/101, Journalist Colony, Jubilee Hills
Hyderabad, Telangana 500096, India
GST: 36AAJFI2420B1ZY
For users in the European Economic Area, you have the right to lodge a complaint with your local
supervisory authority if you believe our processing of your personal data violates applicable law.