Privacy Policy
Last updated: July 2026
What Wyser is
Wyser is an emotionally intelligent AI companion that helps you understand your emotional patterns through reflection. Wyser is not a therapist, counsellor, or medical provider. If you are in crisis, please contact a crisis helpline in your area.
What We Collect
Account Information
When you sign up, we collect your email address, your name, and your age at onboarding. If you use Sign-In with Google, we additionally receive your Google name, email, and profile picture from Google. If you set a password, we store only a hashed version using an industry-standard one-way algorithm; we never have access to the plaintext.
Your profile page also lets you optionally fill in a short bio and a location (e.g. "Mumbai, India"). These fields are stored only if you fill them; they are not tracked or required.
Onboarding Responses
During onboarding we present short scenarios and attachment-style and emotional-weather questions. Your answers shape how Wyser personalises its tone for you. Answers are stored in your account and are covered by the same deletion and export rights as the rest of your data.
Conversations
Your conversations with Wyser are stored so that Wyser can remember your patterns and provide continuity across sessions. Conversations are encrypted at rest and are only accessible to you. We do not read, review, or use your conversations for any purpose other than providing the Wyser experience to you.
Personal Context Wyser Remembers
So it can hold continuity the way a thoughtful friend would, Wyser keeps a short, durable record of the concrete people, places, work, and life circumstances you mention — for example a family member's first name, the city you live in, or your line of work — so it does not keep re-asking what you have already shared. This record is built only from what you tell Wyser. It is encrypted at rest and accessible only to you. Like your messages, relevant parts of it may be included as context in the request sent to our AI provider to generate a reply — subject to the AI Processing terms below, and never used to train models. It is covered by the same export and deletion rights as the rest of your data.
Emotional and Pattern Data
Wyser analyses your messages to extract emotional signals (like mood indicators and regulation state) and identify recurring patterns. This data is used solely to personalise your experience: adapting Wyser's tone, tracking your growth, and generating your weekly insights. This data is never shared or used to target you with ads.
Session Quality Data
When you end a session, Wyser may ask how you are feeling. Your response (if you choose to give one) helps us understand whether Wyser is helping. This data is stored with your session and is never shared externally. You can disable this prompt in your profile settings.
Anonymous Usage Analytics
If you opt in, we collect anonymous usage data such as which features you use and how often you visit. This data is aggregated across all users and cannot be traced back to you. Analytics are opt-in only and disabled by default. You can change this at any time in your profile settings.
Reflect Once (trying Wyser without an account)
Reflect Once is a page that lets anyone try Wyser without signing up: you write a few honest lines and receive a single reflection back.
Nothing you write there is stored. Your words are held in memory only long enough to generate that one reflection, and are then discarded. Neither what you wrote nor the reflection is saved, logged with its content, or linked to you or any account — there is no account involved, and the page sets no cookies and does no tracking or fingerprinting.
To produce the reflection, the text you enter is sent to our AI provider for that one request, under the same protections described in AI Processing below (not used to train models; only briefly retained by the provider, if at all, to prevent abuse).
The only thing we keep is an anonymous, aggregate count — for example, how many reflections were generated — so we can gauge interest and manage cost. These counts record events, not people, and contain nothing you wrote. Basic rate limits apply to prevent misuse.
What We Do Not Do
- We do not track your location (no geolocation, no IP-based geo lookups)
- We do not use device or browser fingerprinting
- We do not read your social media activity or connect to your social graph (Sign-In with Google is used only to verify your identity)
- We do not sell your data, and we do not share it with any party except the third-party services described below, each of which receives only what they need to provide their specific function
- We do not use your conversations to train AI models (see the AI Processing section below)
- We do not show ads or use your data for advertising
How We Protect Your Data
- Encryption in transit: all communication uses HTTPS/TLS
- Encryption at rest: sensitive data is encrypted in our database
- Password security: passwords are hashed using an industry-standard one-way algorithm; we never have access to your plaintext password
- Access controls: only you can access your conversations and data
- Brute-force protection: rate limiting and automatic account lockout after repeated failed login attempts
AI Processing
To generate Wyser's responses, your messages are processed by AI language models. We access these models through their business API under terms that give your messages the following protections:
- Not used for training: your messages and Wyser's replies are not used to train or improve the provider's AI models.
- Limited retention: the provider does not retain your messages indefinitely. Anything retained is kept only briefly — no more than 30 days — solely to detect and prevent abuse and misuse of the service, and is then deleted.
- No other use: your messages are used only to generate the reply you see, and for nothing else.
These are the standard API terms that apply to any business building on these providers, and they apply to Wyser. We cannot independently audit a provider's internal systems, so our commitment is this: we send your data only to providers operating under these terms, we configure our requests to reinforce them wherever a setting is available, and we will update this page before we ever change that posture.
Third-Party Services
To operate Wyser, we work with a small number of third-party services. Each receives only the data strictly necessary to perform its function. We do not sell or share your data with any party outside these categories.
- Application hosting and database: the infrastructure that runs Wyser and stores your data securely.
- Transactional email: used to send sign-in links and account notifications. Only your email address is involved.
- AI model processing: used to generate Wyser's responses. Your messages are sent only for this purpose and are not used to train models.
- Social sign-in (Google OAuth): if you choose to sign in with Google, Google confirms your identity and we receive your name, email address, and profile picture. Google is used solely as an authentication mechanism — they are not involved in anything you do inside the app, cannot see your conversations or emotional data, and do not receive any information beyond the login handshake. If you prefer not to use Google, you can sign in with just your email address instead.
- Error monitoring: used to detect and fix bugs. We send only a stable technical identifier alongside error details; no personal content or email is included.
- Newsletter and waitlist: used only if you subscribe to our newsletter or join the waitlist. Not connected to any other data flow in the app.
We review these relationships regularly. If we add a new category of third-party data sharing, we will update this section and notify you through the app.
Your Rights
You have the right to:
- Access: view all data Wyser has about you
- Export: download your data in JSON or Markdown format
- Delete: permanently delete your account and all associated data
- Correct: update your profile information at any time
- Withdraw consent: disable analytics or sign-off prompts in settings
- Delete memories: remove individual memories from your Memory Box
Data Retention
Your data is retained for as long as you have an active account. When you delete your account, all your personal data, including conversations, memories, letters, rituals, and profile information, is permanently deleted. Anonymous aggregate analytics (which cannot be traced to you) may be retained.
Cookies and Local Storage
We do not use third-party tracking cookies or advertising cookies. We do use your browser's local storage for the following, all strictly first-party and used only to make the app work:
- Authentication state: your sign-in token and a cached copy of your user profile, so you stay signed in between visits.
- Consent preference: whether you've opted in to anonymous usage analytics (the authoritative copy also lives on the server).
- Onboarding progress: events from the short onboarding flow, stored locally so the completion UI can pick up where you left off. These are only sent to our servers if you have opted in to analytics.
- Dismissed UI hints: one-off flags so we don't keep showing you the same "Install Wyser" or "Add to Home Screen" suggestion after you've dismissed it.
You can clear any of this at any time from your browser's settings. Clearing local storage will sign you out and reset dismissals, but it will not delete any data stored on our servers. To delete server-side data, use the delete-account flow in your profile.
Changes to This Policy
We may update this privacy policy from time to time. If we make significant changes, we will notify you through the app. Your continued use of Wyser after changes constitutes acceptance of the updated policy.
Contact
If you have questions about this privacy policy or want to exercise your data rights, please contact us at privacy@wyser.me.
