Privacy Policy

Last updated: May 2025

1. Who we are

WISMO (“we”, “us”, “our”) operates the WISMO service available at wismo.app. WISMO is an AI companion designed to help you reflect on your thoughts and better understand yourself.

WISMO is not a mental health service, medical provider, or substitute for professional care. It does not diagnose, prescribe, or provide therapy.

For questions about this policy or your data, contact us at privacy@wismo.app.

2. Data we collect

We collect the following categories of personal data:

Account information

When you register, we collect your email address and display name. If you sign in with Google, we receive your email and name from Google in accordance with their privacy policy. Passwords are stored in hashed form and never readable by us.

Conversation content

The messages you send to WISMO and the responses you receive are stored on our servers. This data is used to provide continuity between sessions and to personalise your experience. Conversation content may relate to your emotional state and personal reflections and is treated as sensitive personal data.

Session and technical data

We use HttpOnly cookies to maintain your session. We may log request timestamps, error codes, and basic usage signals (such as number of messages sent) for operational purposes. We do not collect IP addresses beyond what is technically required for the connection.

Analytics (optional)

With your explicit consent, we may collect anonymised usage data to understand how the service is used and to improve it. This consent is optional and can be withdrawn at any time.

Guest sessions

If you use WISMO without registering, a temporary guest session is created via a session cookie. Guest session data is limited and subject to shorter retention periods. Creating an account is not required to use the basic service.

3. Why we process your data

We process personal data on the following legal bases:

Contract performance

Account data, session data, and conversation history are necessary to provide the WISMO service you have requested.

Consent

Before you access the chat service, we ask for your explicit consent to:

store and process your conversations to personalise support;
remember information between sessions for continuity;
use anonymised data to improve the service (optional).

You can withdraw any consent at any time via Account → Privacy. Withdrawing consent will prevent access to chat until consent is re-granted.

Legitimate interests

We may process minimal technical data to maintain security, detect abuse, and ensure the reliability of the service.

4. AI processing

WISMO uses third-party large language model (LLM) providers to generate responses to your messages. Your conversation content is transmitted to these providers as part of the request. Providers are bound by data processing agreements and are not permitted to use your data to train their models.

WISMO does not make automated decisions about you that produce legal or similarly significant effects. All responses are generated by AI and are not reviewed by a human unless required for safety or legal reasons.

5. Data sharing

We do not sell your personal data. We share data only with:

LLM providers — to generate AI responses, under data processing agreements.
Hosting and infrastructure providers — necessary for operating the service, under data processing agreements.
Google — if you choose to sign in with Google. Governed by Google's own privacy policy.
Legal authorities — if required by applicable law or to protect the safety of users.

6. Data retention

We retain your account data and conversation history for as long as your account is active. If you delete your account or all chat history, the relevant data is permanently deleted within 30 days.

Guest session data is retained for a shorter period tied to session expiry. Anonymised analytics data, where collected, may be retained in aggregate form after individual data is deleted.

7. Your rights

Under applicable data protection law (including GDPR where it applies), you have the right to:

AccessRequest a copy of the personal data we hold about you.

RectificationCorrect inaccurate or incomplete data.

ErasureRequest deletion of your data. You can delete all conversations via Account → Data, or close your account entirely.

PortabilityReceive your data in a structured, machine-readable format.

ObjectionObject to processing based on legitimate interests.

Withdraw consentWithdraw consent for any consent-based processing at any time via Account → Privacy.

Lodge a complaintLodge a complaint with your local data protection authority.

To exercise your rights, contact us at privacy@wismo.app. We will respond within 30 days.

8. Cookies and sessions

We use strictly necessary HttpOnly session cookies to authenticate you and maintain your session. These cookies are not used for advertising and cannot be read by browser scripts.

We do not use third-party tracking cookies or advertising cookies.

9. Age restriction

WISMO is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that a minor has used the service, we will delete the relevant data promptly.

10. Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (TLS), HttpOnly session tokens, and access controls. No system is completely secure; if you discover a security vulnerability, please report it via our Responsible Disclosure Policy.

11. Changes to this policy

We may update this policy from time to time. If we make material changes that affect how we process your data, we will ask for your consent again before you can continue using the chat service. The date at the top of this page reflects the most recent update.

12. Contact

For privacy-related questions or to exercise your rights:

privacy@wismo.app

This policy should be reviewed by a qualified legal professional before launch. Specific company registration details and DPO information to be added.