← Back
Draft — pending legal review. This document describes how Aspen currently handles data and is provided as a starting point. It is not legal advice and should be finalized by an attorney before publication.

Privacy Policy

Last updated: [DATE]

Who we are

Aspen (“Aspen,” “we,” “us”) is a digital companion for emotional support between therapy sessions, operated by [Timothy Moore LLC / Aspen Counseling], [address]. You can reach us at [privacy@aspencounseling.info].

Aspen is not a medical or crisis service

Aspen is not a therapist, does not provide diagnosis or treatment, and is not a crisis service. If you are in crisis, use the “Crisis support” option in the app or call or text 988(Suicide & Crisis Lifeline), text HOME to 741741, or call 911.

Information we collect

  • Account information: your email address and the name or preferred name you provide.
  • Check-in information: the nervous-system state, body sensations, feeling words, and notes you choose to enter.
  • Conversations: the messages you send to Aspen and Aspen's responses, which are saved to your account so you can return to them.
  • Practitioner connection: if you enter a practitioner code, the link between your account and that practitioner.
  • Basic technical data needed to operate and secure the service.

We do not sell your personal information, and we do not use your conversations for advertising.

How we use your information

  • To provide Aspen — generating responses, saving your sessions, and showing your history.
  • To adapt Aspen to you, such as reflecting your check-in and prior sessions.
  • To maintain the security and reliability of the service.

Third-party services and AI processing

To operate, Aspen relies on a small number of service providers who process data on our behalf:

  • Anthropic (Claude AI): the messages you send during a session are sent to Anthropic to generate Aspen's replies. You are asked to consent to this before your first conversation. Anthropic processes this data to return a response per its own terms and privacy commitments.
  • Supabase: stores your account, check-ins, and conversations in a secure database with row-level access controls so that you can see only your own data.
  • Vercel: hosts the application.

[Confirm and link each provider’s data-processing terms with counsel.]

How your data is stored and protected

Your data is stored in a managed database protected by row-level security, so each account can access only its own records. Data is encrypted in transit. [Describe encryption at rest, access controls, and any HIPAA considerations with counsel.]

Data retention

We retain your account and conversation data for as long as your account is active. [Specify retention periods and what happens after account closure with counsel.]

Your choices and rights

  • Access and correct the information in your account.
  • Request deletion of your account and associated data by contacting us.
  • Decline AI processing — though Aspen cannot generate responses without it.

[Add specific rights and request processes required by your jurisdiction, e.g. GDPR/CCPA, with counsel.]

If you connect with a practitioner

If you link your account to a practitioner using their code, [describe exactly what that practitioner can and cannot see, and confirm with counsel]. Practitioners access only the clients linked to them.

Children

Aspen is intended for adults [18+ / confirm age threshold] and is not directed to children. We do not knowingly collect information from children.

Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the date above.

Contact

Questions about this policy or your data? Contact us at [privacy@aspencounseling.info].