Privacy Policy

Privacy Policy for Selah AI

Last Updated: December 17, 2025

Effective Date: December 17, 2025

Introduction

Welcome to Selah AI (“we,” “our,” or “us”). We are committed to protecting your privacy and handling your personal information with care and transparency.

This Privacy Policy explains how we collect, use, store, and protect your information when you use the Selah AI mobile application (the “App”).

Important: From the moment you open Selah AI, you are authenticated (initially anonymously, then via Sign In with Apple during onboarding). All conversations, including your test conversation during onboarding, are linked to your authenticated account and stored according to the practices described below.

By using Selah AI, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect
   
   

1.1 Information You Provide

Voice Recordings

When you speak to Selah, your voice recordings are temporarily processed to provide AI-generated responses. Voice recordings are transmitted securely to our backend for speech-to-text processing, AI response generation, and text-to-speech playback. We do NOT permanently store your voice recordings. Audio files are deleted immediately after processing is complete (typically within seconds).

First Name

You provide your first name during account setup. This is used to personalize AI responses and make conversations feel more natural and connected. Your first name is stored in Firebase Firestore associated with your user account.

Conversation Content

We store a limited conversation history (the last 6 messages total: 3 from you, 3 from Selah) to provide contextual and meaningful responses. This includes text transcripts of what you said and Selah’s responses. Conversation data is:

• Stored securely in Firebase Firestore
  
  

• Associated with your user account
  
  

• Automatically deleted after 30 days
  
  

• NOT accessible to developers through Firebase Console (protected by security rules)
  
  

• Only accessible to our secure backend for AI context generation
  
  

1.3 Automatically Collected Information

Authentication Data

We use Firebase Authentication with Sign In with Apple (required during onboarding). When you sign in with Apple:

• Apple provides us with a unique user identifier (not your Apple ID)
  
  

• Your name (if you choose to share it with Apple)
  
  

• An email address (either your real email or Apple’s private relay email if you choose to hide it)
  
  

• We NEVER receive your Apple ID password or any Apple credentials
  
  

This authentication data is:

• Created during the onboarding process
  
  

• Used for account creation, authentication, and secure access to your data
  
  

• Associated with all your conversations and app data
  
  

• Required to use Selah AI (Sign In with Apple is mandatory)
  
  

Usage Data

We collect basic usage metrics such as conversation counts, audio processing duration, and text-to-speech usage to enforce limits, prevent abuse, and maintain service quality.

Device Information

We may collect limited device information (such as iOS version, device model, and app version) for analytics, crash reporting, and performance monitoring.

Notification Data

If you enable notifications during onboarding (optional):

• Daily reminders are scheduled locally on your device at 7:00 PM in your timezone
  
  

• Notifications are generated by your device’s iOS system, not sent from our servers
  
  

• We do NOT send any data to notification servers
  
  

• We do NOT track when you open, dismiss, or interact with notifications
  
  

• Notification content is generic (“Time for peace. Take a moment to talk with Selah.”)
  
  

• You can disable notifications anytime in iOS Settings → Notifications → Selah AI
  
  

Invite and Referral Data

If you send invites through our referral program:

• iOS Privacy Limitation: When you send a text message invite, iOS does NOT provide us with recipient information (this is an iOS privacy protection)
  
  

• What We Track: We track that you sent a message (count: +1) using a unique timestamp-based identifier
  
  

• Example Identifier: “msg-1702750123-4567” (timestamp + random number)
  
  

• What We DON’T Collect: Phone numbers, email addresses, or any contact information
  
  

• Storage: Unique invite identifiers are stored in Firebase Firestore associated with your user ID
  
  

• Purpose: To count how many invites you’ve sent (for earning the 5-invite free week reward)
  
  

• Privacy: We cannot and do not know who you invited - we only know how many messages you sent
  
  

1.4 Information We Do NOT Collect

We explicitly DO NOT collect, access, or store:

Contact Information:

• Phone numbers (except as anonymized invite identifiers, which iOS doesn’t even provide to us)
  
  

• Email addresses (except the one from Sign In with Apple)
  
  

• Physical addresses
  
  

• Names of people in your contacts
  
  

Media and Content:

• Photos, images, or videos
  
  

• Camera access
  
  

• Other files or documents from your device
  
  

Location and Activity:

• Precise location data
  
  

• GPS coordinates
  
  

• Browsing history outside the app
  
  

• Activity in other apps
  
  

• Movement or travel patterns
  
  

Financial Information:

• Credit card numbers
  
  

• Banking information
  
  

• Payment details (handled entirely by Apple)
  
  

Other Personal Data:

• Health or medical data
  
  

• Biometric data (beyond voice for conversation purposes)
  
  

• Calendar events
  
  

• Social media profiles or connections
  
  

• Demographic information (age, gender, race, etc.) beyond what’s needed for age verification
  
  

Tracking and Advertising:

• We do NOT use your data for targeted advertising
  
  

• We do NOT track you across other apps or websites
  
  

• We do NOT sell your data to third parties
  
  

• We do NOT use tracking pixels, cookies, or similar technologies for advertising purposes
  
  

2. How We Use Your Information
   
   

We use your information to:

Provide Core Services:

• Authenticate your account using Sign In with Apple
  
  

• Convert your speech to text (Speech-to-Text via OpenAI Whisper)
  
  

• Generate compassionate, scripture-based AI responses tailored to your needs (via OpenAI GPT-4o-mini)
  
  

• Personalize responses using your first name
  
  

• Convert AI responses to speech (Text-to-Speech via OpenAI TTS)
  
  

• Maintain conversation context (last 6 messages) for more meaningful interactions
  
  

• Send you daily reminder notifications at 7 PM (if you opt-in)
  
  

• Track invite referrals to grant rewards (count only, no contact information)
  
  

Ensure Service Quality:

• Monitor usage to prevent abuse
  
  

• Track basic analytics (conversation counts, onboarding completion, etc.)
  
  

• Monitor system performance and reliability
  
  

• Debug technical issues (without accessing conversation content)
  
  

• Collect user feedback (for 1-3 star ratings only, to improve the product)
  
  

Legal Compliance:

• Comply with applicable laws and regulations
  
  

• Respond to legal requests if required
  
  

• Enforce our Terms of Use
  
  

3. Third-Party Services
   
   

We rely on trusted service providers to operate Selah AI:

OpenAI

Used for speech-to-text, AI response generation, and text-to-speech. Data is processed in accordance with OpenAI’s privacy policy.

Firebase (Google)

Used for authentication, database storage, analytics, and backend infrastructure.

RevenueCat

Used for subscription validation and entitlement management.

Apple

Handles authentication (Sign In with Apple) and all payment processing through the App Store.

4. Data Storage and Security
   
   

Where Your Data is Stored:

• Conversation History: Firebase Firestore (Google Cloud Platform, US region)
  
  

• User Profile (name): Firebase Firestore (Google Cloud Platform, US region)
  
  

• Voice Recordings: Temporarily in memory during processing only, then immediately deleted
  
  

• Invite Data: Firebase Firestore (hashed identifiers only, not raw contact info)
  
  

Developer Access Restrictions:

Developers and support staff CANNOT view your conversations. Specifically:

• Firebase Console access to conversation_context collection is BLOCKED by security rules
  
  

• Firebase Console access to users collection (containing your name) is BLOCKED
  
  

• Conversation content is NEVER logged in backend logs or debugging tools
  
  

• Only our secure backend functions can access conversations (to provide AI context)
  
  

• Backend functions use a service account that cannot be accessed through the Firebase Console
  
  

Who CAN Access Your Data:

• You: Full access to all your own data
  
  

• Backend AI Functions: Access conversation history (last 6 messages) to provide contextual responses
  
  

• Nobody else: Not developers, not support staff, not other users
  
  

Security Measures:

• All data transmission uses HTTPS encryption (TLS 1.3)
  
  

• Firebase Authentication tokens secure all API requests
  
  

• Firestore security rules prevent unauthorized access
  
  

• Conversation content is never logged or exposed in server logs
  
  

• Backend code runs in isolated, secure Cloud Functions environment
  
  

5. Data Retention and Deletion
   
   

Automatic Deletion:

• Conversation History: Automatically and permanently deleted after 30 days (no action needed from you)
  
  

• Voice Recordings: Deleted immediately after each conversation (within seconds)
  
  

• Usage Metrics: Retained for 90 days, then aggregated anonymously
  
  

Manual Deletion:

You can delete your account and all associated data at any time:

• Go to Settings → Support → “Delete My Account”
  
  

• Or email support@selahai.app
  
  

This will permanently delete:

• All your conversations
  
  

• Your name and profile information
  
  

• Your invite/referral data
  
  

• All personal data associated with your account
  
  

Deletion is processed immediately and cannot be undone.

Note: Account deletion does NOT automatically cancel your App Store subscription - you must cancel that separately in App Store Settings.

What Cannot Be Deleted:

• Data already processed by OpenAI during previous conversations (OpenAI auto-deletes after 30 days per their current policy as of December 17 2025)
  
  

• Aggregated/anonymized analytics data that doesn’t identify you personally
  
  

6. Children’s Privacy
   
   

Selah AI is not intended for children under 13. We do not knowingly collect personal information from children under 13.

7. Your Rights
   
   

Depending on your location, you may have rights to access, correct, delete, or receive a copy of your data. To exercise these rights, contact support@selahai.app.

8. Data Sharing
   
   

We do not sell your personal data. We share data only with essential service providers, for legal compliance, or in connection with a business transaction such as a merger or acquisition.

9. International Data Transfers
   
   

Your information may be processed in the United States or other countries where our service providers operate. For EU/EEA users, appropriate safeguards such as standard contractual clauses are used.

10. Legal and Safety Disclaimers
    
    

Selah AI is not a licensed therapist, medical provider, or crisis service. If you are experiencing a mental health emergency, contact 988 or local emergency services.

AI-generated responses may be imperfect and should not be relied upon for medical, legal, professional, or lifestyle advice.

11. Contact Us
    
    

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: support@selahai.app

Privacy Policy: https://sites.google.com/view/selahai/privacy

Terms of Use: https://sites.google.com/view/selahai/terms

Response Time: We aim to respond to all privacy inquiries within 48 hours

12. Changes to This Privacy Policy
    
    

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make changes:

• We will update the “Last Updated” date at the top of this policy
  
  

• Material changes will be communicated through in-app notification or email (if you’ve provided one)
  
  

• Continued use of Selah AI after changes constitutes acceptance of the updated policy
  
  

We encourage you to review this Privacy Policy periodically.

13. State-Specific Privacy Rights
    
    

California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act, you have the right to:

• Know what personal information we collect, use, share, or sell
  
  

• Delete your personal information (with certain exceptions)
  
  

• Opt-out of sale of personal information (Note: We do NOT sell your data)
  
  

• Non-discrimination for exercising your privacy rights
  
  

California Shine the Light Law: We do not share personal information with third parties for their direct marketing purposes.

Nevada Residents

We do not sell your personal information as defined under Nevada law (Chapter 603A).

Virginia, Colorado, Connecticut, Utah Residents

Under your state’s privacy laws, you have rights to:

• Access your personal information
  
  

• Correct inaccuracies in your personal information
  
  

• Delete your personal information
  
  

• Obtain a copy of your personal information
  
  

• Opt-out of certain processing activities
  
  

To exercise these rights, contact support@selahai.app.

14. European Users (GDPR)
    
    

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

Your Rights:

• Right to Access: Request a copy of your personal data
  
  

• Right to Rectification: Correct inaccurate personal data
  
  

• Right to Erasure: Request deletion of your personal data (“right to be forgotten”)
  
  

• Right to Restrict Processing: Limit how we use your data
  
  

• Right to Data Portability: Receive your data in a portable format
  
  

• Right to Object: Object to certain processing activities
  
  

• Right to Withdraw Consent: Withdraw consent at any time
  
  

Legal Basis for Processing:

• Consent: You consent by using the app and accepting this policy
  
  

• Contractual Necessity: Processing is necessary to provide the service you requested
  
  

• Legitimate Interests: To improve our service, prevent abuse, and ensure security
  
  

Data Protection Officer: For GDPR-related inquiries, contact support@selahai.app

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

15. International Data Transfers
    
    

Data Location: Your data is processed and stored primarily in the United States (Google Cloud Platform, US region).

If you are located outside the United States:

• Your information will be transferred to and processed in the United States
  
  

• The United States may have different privacy laws than your home country
  
  

• By using Selah AI, you consent to the transfer of your information to the United States
  
  

Safeguards for International Transfers:

• For EU/EEA users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission
  
  

• For UK users: We comply with UK GDPR requirements
  
  

• All data transfers use encryption and secure protocols
  
  

16. Do Not Track Signals
    
    

Our App does not respond to “Do Not Track” browser signals because:

• Selah AI is a mobile app, not a website
  
  

• We do not track you across third-party websites or apps
  
  

• We do not engage in cross-site tracking or behavioral advertising
  
  

17. Security Incident Response
    
    

In the unlikely event of a data breach that affects your personal information:

• We will notify affected users within 72 hours of discovering the breach
  
  

• Notification will include what data was affected and what steps we’re taking
  
  

• We will notify relevant regulatory authorities as required by law
  
  

• We will take immediate steps to secure our systems and prevent future incidents
  
  

18. Data Retention Summary
    
    

Voice Recordings

Retention Period: Seconds (immediate)

Deletion Method: Auto-deleted after processing

Conversation History

Retention Period: 30 days

Deletion Method: Auto-deleted by scheduled cleanup

User Name

Retention Period: Until account deletion

Deletion Method: Deleted on account deletion request

Authentication Data

Retention Period: Until account deletion

Deletion Method: Deleted on account deletion request

Invite Identifiers

Retention Period: Until account deletion

Deletion Method: Deleted on account deletion request

Usage Metrics

Retention Period: 90 days

Deletion Method: Then aggregated/anonymized

User Feedback (1–3 stars)

Retention Period: 90 days for user ID, feedback text retained longer

Deletion Method: User ID anonymized after 90 days

19. Third-Party Links
    
    

The App may contain links to third-party websites or resources (e.g., crisis resources, legal policies). We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review their privacy policies before providing any information.

20. Updates and Notifications
    
    

We may communicate with you via:

• In-app notifications (for critical service updates)
  
  

• Email (if you provide one to support)
  
  

• Push notifications (if you opt-in)
  
  

We will NOT send:

• Marketing emails
  
  

• Promotional spam
  
  

• Third-party advertisements
  
  

• Excessive or irrelevant notifications
  
  

By using Selah AI, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Version 2.0 - Updated December 17, 2025

© 2025 Selah AI. All rights reserved.