Privacy Policy
This policy explains what personal data we process, why we process it, and your rights.
Last updated: March 17, 2026
1. Data controller
Anima Felix SRL (“Anima Felix”, “we”, “us”) is the controller of personal data processed through the Anima Felix app and website.
Registered office: Bucharest, Ion Mihalache 166, Sector 1, Romania. Trade Register no. J2024027531000, fiscal code 50637957.
Data protection contact: [email protected]
2. Scope
This policy applies to personal data processed when you use the Anima Felix mobile app, website, and related support channels.
3. Personal data we process
- Account and contact data: email, account identifiers, and device identifiers.
- Wellbeing inputs (special category - Art. 9): mental health check-ins, anxiety-related selections, mood tracking, journal-like entries, psychological assessment responses (e.g., GAD-7, PHQ-9, PSS-10), and in-app interactions you choose to provide. This data is processed solely with your explicit consent.
- Voice data: if you use voice onboarding or voice features, audio recordings and transcripts may be processed via our voice service providers (Twilio and ElevenLabs). Recordings are used only to deliver the voice interaction and are not used for identification or biometric profiling.
- Photo data: if you upload a photo during a check-in, images are processed via OpenAI’s Vision API for content interpretation and moderation. Photos that violate content policies are rejected.
- Technical and usage data: device/browser information, app version, IP address, timezone, operating system details, logs, and security events.
- Support data: messages you send to our support/privacy email.
- Consent data: cookie and tracking preferences saved in your browser, and in-app consent records (T&C, privacy policy, and sensitive data consent declarations with timestamps).
- Payment data: subscription status and billing identifiers processed through RevenueCat and Stripe. We do not store credit card numbers directly.
- Account region / country indicator: a region or country indicator stored on your account, used to display a country flag alongside replies you write as a supporter in AFK (see section 14).
4. Why we process data and legal bases (GDPR)
- Provide the service: to operate app features and your account (Art. 6(1)(b), contract).
- Health-related wellbeing data (special category): your explicit consent before providing any anxiety, mental health, or wellbeing-related information in the app (Art. 9(2)(a), explicit consent for special category data). This includes check-ins, assessment responses, mood data, and journal entries. Consent is obtained separately in-app before any sensitive data is processed.
- Voice interactions: your explicit consent when initiating a voice session (Art. 6(1)(a), consent; Art. 9(2)(a) where voice content relates to health).
- Improve reliability and security: prevent abuse, debug issues, content moderation, maintain service integrity (Art. 6(1)(f), legitimate interests).
- Support and service communications: reply to your requests and account-related messages (Art. 6(1)(b) and 6(1)(f)).
- Analytics and marketing on website: measurement and campaign attribution only after consent where required (Art. 6(1)(a), consent).
- Legal obligations: where required by applicable law, including fiscal record-keeping (Art. 6(1)(c)).
5. Sharing and processors
We share personal data with the following service providers (processors) acting on our instructions under Data Processing Agreements:
| Processor | Role | Location |
|---|---|---|
| Hetzner GmbH | Server hosting (database, backend, frontend) | EU (Germany) |
| Google LLC (Firebase) | Authentication and app infrastructure | US (EU-US DPF) |
| OpenAI, Inc. | AI chat, content moderation, photo analysis | US (DPA + SCCs) |
| Cloudflare, Inc. | DNS, DDoS protection, CDN | US (EU-US DPF) |
| Twilio Inc. | Voice call infrastructure | US (EU-US DPF + SCCs) |
| ElevenLabs, Inc. | Voice AI synthesis | US (SCCs) |
| RevenueCat, Inc. | Subscription and payment management | US (SCCs) |
| Stripe Payments Europe Ltd | Payment processing | Ireland / US (EU-US DPF) |
| Expo (650 Industries) | Push notifications | US (SCCs) |
| Google LLC (Analytics) | Website analytics (consent-gated) | US (EU-US DPF) |
| Meta Platforms Ireland Ltd | Website marketing attribution (consent-gated) | Ireland / US (EU-US DPF) |
| TikTok (ByteDance) | Website marketing attribution (consent-gated) | Singapore / US (SCCs) |
We may also disclose data when required by law, court order, or to protect legal rights.
We do not sell your personal data.
6. International transfers
Our primary data storage is on servers located within the European Economic Area (Hetzner, Germany). Where data is transferred to processors outside the EEA (see processor table above), we rely on:
- EU-US Data Privacy Framework (DPF): for US-based processors certified under the DPF adequacy decision (Google, Cloudflare, Stripe, Twilio, Meta).
- Standard Contractual Clauses (SCCs): for processors not covered by an adequacy decision (OpenAI, ElevenLabs, RevenueCat, Expo, TikTok/ByteDance).
7. Data retention
We retain personal data only as long as needed for the purposes described above. Specific retention periods by data category:
| Data category | Retention period |
|---|---|
| Account data | Duration of account + 30 days after deletion request |
| Wellbeing inputs (check-ins, assessments, journal) | Duration of account; deleted within 30 days of account deletion |
| Voice recordings | Duration of the voice session; not retained after delivery |
| Photos uploaded in check-ins | Duration of account; deleted with account data |
| Chat messages and AI interactions | Duration of account; deleted within 30 days of account deletion |
| Support correspondence | Up to 5 years from last interaction |
| AFK Reported-reply evidence (reply text, metadata, report record) | Retained for as long as necessary to investigate safety incidents and to respond to law-enforcement or regulator requests, subject to periodic storage-limitation review under GDPR Article 5(1)(e). Deletion on data-subject request is handled under the exceptions described in section 14 |
| Technical and server logs | 90 days rolling |
| Consent records | 3 years (for compliance demonstration) |
| Financial/billing data | 10 years (Romanian fiscal law) |
| Server backups | 90 days rolling |
When data is no longer required, we delete or anonymize it. Data that must be kept for legal, security, or fraud-prevention obligations is retained for the required period only.
8. Your rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Rectify inaccurate personal data
- Erase personal data
- Restrict processing
- Data portability
- Object to processing based on legitimate interests
- Withdraw consent at any time (without affecting prior lawful processing)
- Lodge a complaint with a supervisory authority
To exercise your rights, email [email protected]. We normally respond within one month, with extension rights allowed by GDPR for complex requests.
Data portability: you may request a copy of your personal data in a structured, commonly used, machine-readable format (JSON or CSV). Contact us at [email protected] and we will provide your data export within one month.
If you believe your data has been handled unlawfully, you may lodge a complaint with your local data protection authority. In Romania, this is the Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP): B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania. Email: [email protected]. Website: www.dataprotection.ro.
9. Security
We use technical and organizational safeguards appropriate to the risk. No method of transmission or storage is completely risk-free, but we continuously work to protect personal data.
10. Automated decision-making
We do not use solely automated decision-making, including profiling, that produces legal or similarly significant effects on you. AI-generated outputs in the app (such as chat responses, exercise recommendations, and assessment interpretations) are informational and supportive in nature and do not constitute medical advice, diagnosis, or legal decisions.
11. Data breach notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (ANSPDCP) within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay, describing the nature of the breach, its likely consequences, and the measures taken or proposed to address it, as required by GDPR Article 34.
12. Children
Anima Felix requires users to be at least 16 years old, or to have reached the age of majority in their jurisdiction. Users under 16 must have consent from a parent or legal guardian. If you believe a child has provided personal data without appropriate consent, contact us and we will investigate and take appropriate action.
13. Cookies and tracking
For website tracking details and your cookie choices, please see our Cookie Policy.
Consent-gated website analytics (Google Analytics 4) include app-engagement events triggered by clicks on our marketing surfaces. These currently include afk_store_click (fired when a visitor clicks an App Store or Google Play link for the AFK app from one of our AFK surfaces) and app_chooser_click (fired when a visitor selects a card in the "Which app fits this moment?" chooser). Both events are only sent after analytics consent is granted and carry non-identifying dimensions such as source surface, chosen store or app, and locale.
14. AFK peer-support app (separate app)
In addition to the main Anima Felix app, we operate a separate mobile app called AFK (Anima Felix Key). AFK is published under its own App Store and Google Play listings but shares the same data controller (Anima Felix SRL) and the same backend infrastructure described above. The sections below describe data handling that is specific to AFK and applies in addition to the general provisions of this policy.
For specific privacy questions about AFK peer-support processing — including requests related to the data described in this section — contact us at [email protected].
- Asymmetric anonymity model: when a user submits a support request through AFK, they appear to other users as fully anonymous. When a user writes a reply as a supporter, the reply is displayed to the asker with only the supporter’s first name and a country flag derived from a region/country indicator associated with the supporter’s account (see section 3). For example, "John 🇷🇴". No other identifying information about the asker or the supporter is shown inside the app. Account identifiers (email, user ID) remain controller-side and are not revealed to other users.
- Request lifecycle and auto-close: each AFK support request automatically closes after 30 minutes or once 10 replies have been received, whichever comes first. After a request is closed, no further replies can be submitted to it. The request text, category, and received replies remain in the asker’s reply history in the app and on our servers (see retention rules in section 7 and data-subject rights, including erasure, in section 8).
- Peer-reply retention: replies written by supporters are stored on our servers and surfaced to the asker in their "Me" inbox. If the asker deletes their account, their requests and received replies are deleted or irreversibly anonymized within the retention window described in section 7. If the supporter deletes their account, the reply text they wrote remains visible to askers who received it as part of that asker’s reply history, but the supporter’s first name, country flag, and account identifier are removed from the reply so the text is no longer attributable to the supporter. Reply content that was specifically marked Reported is handled under the reporting-flow rules below.
- Feedback signals (Appreciated / Not helpful / Reported): askers can mark each reply as Appreciated, Not helpful, or Reported. These signals are stored against the reply and, in the case of Appreciated, trigger a push notification to the supporter and a visible "Appreciated" label on the supporter’s sent history. Feedback signals are used to operate the service (surfacing helpful replies to askers, acknowledging supporters) and to support safety review through the Reported flow described below.
- Reporting flow: when a reply is marked Reported, the reply text, its metadata (category, timestamps, the supporter’s account identifier), and the report itself are preserved for review by our moderation team. Reported content that is found to violate our community standards is removed from user-facing surfaces, but the underlying record (including the original text) is retained as safety evidence so we can respond to law-enforcement and regulator requests and investigate safety incidents on the AFK service. The lawful basis for this retention is Article 6(1)(f) GDPR (legitimate interest in platform safety, balanced against supporter rights); retention is reviewed periodically under GDPR Article 5(1)(e) storage-limitation principles, and an entry for this evidence category is maintained in the retention table in section 7. AFK does not currently offer a block-a-supporter feature; Reported is the single shipped user-side safety control.
- Reply sources and synthetic fallback responses: replies to an AFK support request can come from two sources. Most replies are written by other AFK users (peer replies). In addition, the AFK backend currently includes a fallback response system operated by Anima Felix that may deliver a synthetic reply when peer responses are insufficient or slow to arrive. The fallback is a curated bot-response system: internal bot accounts with curated reply content, operated by us. It is not a large language model and no external LLM processor is involved in producing these fallback replies. In the AFK app today, askers cannot visually distinguish a fallback reply from a peer reply; internally, fallback replies are marked as system-generated in our data model. The lawful basis for delivering fallback replies is Article 6(1)(b) GDPR (performance of the service you signed up for); where the underlying reply content relates to a health-related support request, the associated special-category processing is covered by your Article 9(2)(a) explicit consent to our processing of wellbeing data. We describe this here so that users are not misled about where an AFK reply may come from. If this fallback behavior is changed or removed in the future, we will update this policy accordingly.
- AFK app UI language: the AFK app user interface is currently available in English only. This privacy policy and our AFK website pages are available in English, Romanian, and Ukrainian.
All other provisions of this policy — including the data controller, legal bases (Articles 6 and 9 GDPR), sharing and processors (section 5), international transfers (section 6), retention (section 7), your rights (section 8), security (section 9), breach notification (section 11), and the rules on children (section 12) — apply equally to personal data processed through AFK.
15. Changes to this policy
We may update this policy to reflect product, legal, or operational changes. The latest version is always published on this page with the updated date.
16. Help and support
For help with the Anima Felix or AFK apps — including account, subscription, or general product questions — visit our Support page. For privacy and data-protection requests specifically, continue to use [email protected] as described in section 1.
Privacy request
Contact our privacy team