Privacy Policy

Last updated: April 10, 2026

HeadStrong ("HeadStrong", "we", "us", or "our") builds mental health and wellness tools designed to help people feel better, track their progress, and find support when they need it. We take your privacy seriously — especially given how sensitive mental health data is. This policy explains what we collect, how we use it, and the rights you have over your information.

The short version: We collect only what we need to make the product work. We never sell your data. We do not share your conversations with Liam or Ariel with advertisers, partners, or third parties. You can request deletion of your data at any time.

1. Information We Collect

1.1 Information you provide to us

Account information: email address, display name, and password (hashed). Optionally: age range, gender, timezone.
Wellness data you log: mood check-ins, sleep, stress, exercise, journal entries, and quiz responses.
Conversations with AI companions: messages you send to Liam or Ariel within the app.
Peer support interactions: messages exchanged in anonymous peer chat sessions.
Waitlist & marketing: if you join our waitlist or provide your email for our Mental Health Score quiz, we store that email for the sole purpose of sending you the requested content and occasional product updates.

1.2 Information collected automatically

Device information: device type, operating system version, app version, and language.
Usage data: app features you use, session frequency, and crash logs (for debugging).
Cookies & local storage: on our website we use minimal cookies and browser local storage to remember quiz progress and preferences.

1.3 Information we do NOT collect

We do not collect precise location data.
We do not access your contacts, photos, microphone, or camera without your explicit permission for a specific feature.
We do not purchase data from third-party data brokers.

2. How We Use Your Information

We use the information we collect to:

Provide, personalize, and improve the HeadStrong product and your wellness experience.
Generate your personal wellness insights, scores, and progress tracking.
Power the AI companions (Liam and Ariel) so they can remember context and respond helpfully.
Detect crisis situations and surface safety resources where appropriate.
Send you transactional emails (account verification, password reset, quiz results) and — only with your consent — occasional product updates.
Debug, maintain, and secure the service.
Comply with legal obligations and enforce our Terms of Service.

3. How AI Conversations Are Handled

Conversations you have with Liam and Ariel are processed by large language model providers (including Anthropic) to generate responses. We send only the minimum context needed to produce a useful reply, and we do not allow AI providers to train their models on your conversations. Your conversations are stored in our own secure database and are associated with your account so the AI can remember what you've talked about before — you can delete this history at any time from the app settings.

4. How We Share Information

We do not sell your personal information. We share information only in these limited cases:

Service providers: trusted infrastructure partners who help us run the product (Firebase/Google Cloud for authentication and storage, Anthropic for AI processing, MailerSend for transactional email, Cloudflare for edge security). Each is contractually bound to protect your data and use it only to provide services to us.
Legal compliance: if required by law, valid legal process, or to protect the rights, property, or safety of HeadStrong, our users, or others.
Safety: if our crisis detection systems indicate imminent risk of harm, we may surface emergency resources and, in extreme cases, contact local emergency services as permitted by law.
Business transfers: if HeadStrong is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
With your consent: any other sharing will be disclosed to you and require your explicit opt-in.

5. Data Security

We use HIPAA-informed security practices including encryption in transit (TLS 1.2+) and at rest, access controls, audit logging, and regular security reviews. While no system is 100% secure, we take reasonable technical and organizational measures to protect your information. If we ever become aware of a security incident affecting your data, we will notify you as required by applicable law.

6. Data Retention

We retain your account and wellness data for as long as your account is active. You can delete specific content (journal entries, chat history, check-ins) at any time from within the app. If you delete your account, we delete your personal information within 30 days, except where we are required to retain it to comply with legal obligations, resolve disputes, or enforce our agreements.

7. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

Access: request a copy of the personal information we hold about you.
Correction: ask us to correct inaccurate or incomplete information.
Deletion: request that we delete your personal information.
Portability: receive your data in a portable format.
Objection & restriction: object to or restrict certain processing of your data.
Withdraw consent: withdraw any consent you previously provided.
Complain: file a complaint with your local data protection authority.

To exercise any of these rights, email us at privacy@getheadstrong.xyz. We will respond within 30 days.

California Residents (CCPA / CPRA)

California residents have additional rights including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. As noted above, we do not sell your personal information.

European Residents (GDPR)

Our legal basis for processing your information includes: your consent, the performance of a contract with you, compliance with legal obligations, and our legitimate interests in running and improving the service. You have the right to lodge a complaint with your local supervisory authority.

8. Children's Privacy

HeadStrong is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we may have collected information about a child, please contact us and we will delete it.

9. International Data Transfers

HeadStrong is operated from the United States. If you access the service from outside the US, your information will be transferred to, stored, and processed in the US where our servers and databases are located. By using the service, you consent to this transfer.

10. Third-Party Links and Services

Our website and app may contain links to third-party sites or services (including our social media accounts on Instagram, Facebook, and TikTok). This policy does not apply to those services. We encourage you to review the privacy practices of any third-party site you visit.

11. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email and/or by posting a prominent notice on our website. Your continued use of the service after any changes indicates your acceptance of the updated policy.

12. Contact Us

If you have any questions about this privacy policy or how we handle your data, please reach out:

A note on mental health crises: HeadStrong is a wellness tool, not a medical device or a replacement for professional care. If you are experiencing a mental health emergency, please contact emergency services (911 in the US) or the 988 Suicide & Crisis Lifeline by calling or texting 988.