For the purposes of the GDPR and UK GDPR (where applicable), PRIME ESSENCE LLC is the Data Controller for personal data processed in connection with the Service.
- We store your conversation history and memory features (such as
session_insights) so the Service can work. - Your content may be processed by carefully selected service providers (payments, infrastructure, and AI processing) in order to deliver the Service.
- We do not sell personal data. We do not use sensitive conversational content to train models unless you explicitly opt in (where available and lawful).
- Sulenai is not an emergency service and is not designed for crisis monitoring. If you are in immediate danger, contact local emergency services.
1. SCOPE
This Privacy Policy applies to the Service, including our website, application interface, and related support communications. It does not apply to third party websites or services you may access through links on the Service.
2. DEFINITIONS
Personal Data means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to you.
Interaction Data means the text you submit to the Service (for example chat messages, dream entries, journals, beliefs), and the text the Service generates back to you.
Sensitive Information may include content revealing or allowing inferences about mental health state, trauma, crisis indicators, sexuality, religious or philosophical beliefs, and other intimate content you choose to share.
Special Category Data (EEA and UK) includes categories protected under GDPR and UK GDPR, such as health data. Depending on context, parts of your Interaction Data may be treated as Special Category Data.
De Identified or Aggregated Data means data processed to remove direct identifiers and reduce re identification risk. No de identification method is perfect in all circumstances.
3. INFORMATION WE COLLECT
3.1 Information you provide
- Account information: email address, authentication data (password is stored in hashed form), account status, language preference, plan and subscription status.
- Profile and settings: onboarding responses, preferences, stated goals, and configuration stored as profile metadata (for example
ai_instructionsand other personalization fields). - Interaction Data: your messages, dream entries, belief notes, journaling content, and other text you submit. This may include sensitive content.
- Memory and summaries: service generated memory such as
session_insights, which is derived from Interaction Data to help continuity and personalization. - Support communications: messages you send to us for support, billing, or privacy requests.
3.2 Information collected automatically
- Device and connection data: IP address, user agent, device and OS information, time zone (where available), and language settings.
- Usage and performance data: feature usage, timestamps, error and crash signals, and service performance metrics.
- Security data: signals used to protect accounts and the Service (for example rate limiting, fraud prevention, abuse detection).
3.3 Payment and billing data
Payments are processed by third party payment processors or, where applicable, app stores. We do not store full payment card data. We may store payment related metadata such as transaction identifiers, subscription status, billing country, and the dates needed for accounting, tax, and customer support.
3.4 Optional local storage and cookies
The Service uses cookies or similar technologies that are strictly necessary to operate core functionality (for example authentication, security, and preference storage). If we introduce optional analytics or advertising cookies in the future, we will request consent where required by law.
4. HOW WE USE INFORMATION
We use information for the following purposes:
- Provide and operate the Service: account creation, authentication, chat, dream journal, memory features, and personalization.
- Safety oriented experience: to present supportive warnings or resources in certain situations. This is not emergency monitoring.
- Customer support: respond to requests, diagnose technical issues, and help with billing or access problems.
- Security: protect the Service, prevent fraud or abuse, and maintain integrity.
- Billing and compliance: manage subscriptions, reconcile payments, and maintain legally required records.
- Service communications: transactional emails (security and billing notices) and optional non essential emails based on settings and applicable law.
- Improve reliability: debugging, performance improvements, quality assurance, and internal testing using data minimization and access controls.
4.1 Legal bases (GDPR and UK GDPR where applicable)
| Purpose | Legal basis |
|---|---|
| Providing the Service, personalization, customer support | Performance of a contract |
| Security, fraud prevention, abuse prevention, service integrity | Legitimate interests |
| Billing records, tax and accounting compliance, legal requests | Legal obligation |
| Non essential emails (for example supportive check ins), if enabled | Consent or legitimate interests (depending on local law and settings) |
| Model improvement and training | Consent where required and where the feature is offered, otherwise we do not use sensitive Interaction Data for training |
4.2 Special Category Data (EEA and UK)
If your Interaction Data is treated as Special Category Data, we process it only as permitted by law. In many cases, the additional condition is your explicit consent, which may be requested through the Service where required. You can choose not to provide sensitive content.
4.3 Email communications (including check-ins)
We may send you:
- Transactional emails: messages necessary to provide the Service (for example account, security, and billing notices).
- Non-essential emails: optional communications such as supportive check-ins or product updates, depending on your settings and applicable law.
You can opt out of non-essential emails using account settings (where available) or unsubscribe links in the messages. Transactional emails may still be sent when necessary to operate the Service.
5. AI PROCESSING, AUTOMATED INFERENCES, AND HUMAN ACCESS
5.1 AI processing
To provide the Service, your Interaction Data is sent to AI processing providers that generate responses. AI outputs can be incorrect, incomplete, or inappropriate. Sulenai is not a medical device and does not provide diagnosis or emergency services.
5.2 Automated inferences and profiling
The Service may generate inferences from Interaction Data (for example personalization signals, topic detection, and safety oriented prompts, including safety-related heuristic signals). These inferences do not produce legal effects or similarly significant effects. Where required by law, you may have the right to object to certain processing and/or request human review. To exercise these rights, contact contact@sulenai.com.
5.3 Limited human access
We limit human access to personal data. Authorized personnel may access data only when necessary to operate, secure, or support the Service, to investigate abuse, or to comply with legal obligations. Access is logged and restricted by role where practical.
5.4 Conversation exports and administrative tooling
The Service may include administrative tools to review conversation history for debugging, security, and quality assurance. Any review is performed on a limited, as needed basis and is not continuous, systematic, or real time monitoring of conversations. We apply strict access controls to these tools.
5.5 Optional writing conversations to disk
In certain environments (for example local development), the Service may be configured to write conversation transcripts to disk for debugging. In production, this is disabled by default and should be enabled only with an explicit configuration setting. If enabled, we recommend using redaction and strong access controls.
6. MODEL TRAINING AND IMPROVEMENT
By default, we do not use Sensitive Information (including dream entries, journal content, trauma related content, or crisis related content) to train or fine tune models. If we offer an opt in setting for training or improvement, we will explain the scope in the Service and you can opt out at any time where available.
We may use De Identified or Aggregated Data to improve reliability and security, subject to applicable law and safeguards.
7. DISCLOSURE OF INFORMATION
We may disclose information in the following cases:
- Service providers: vendors that help us operate the Service (payments, hosting, databases, email delivery, customer support tooling, security services, and AI processing), subject to contractual confidentiality and security obligations.
- Legal and safety: where required by law, legal process, or to protect rights, safety, and integrity of the Service.
- Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets.
- With your direction: where you instruct us to share data, for example for support troubleshooting.
7.1 Subprocessors (current categories and key examples)
Subprocessors may change over time. We maintain contracts to restrict use of personal data to providing services to us.
| Provider or category | Purpose | Data categories | Typical location |
|---|---|---|---|
| Payment processor (for example Stripe) | Payments, subscriptions, invoices, fraud prevention | Billing identifiers, subscription status, transaction metadata | United States and other regions depending on provider configuration |
| Hosting and database platform (for example Railway and underlying cloud infrastructure) | Hosting the Service and storing application data | Account data, Interaction Data, service logs | United States or other regions depending on hosting configuration |
| AI processing provider (for example OpenAI API) | Generate responses and run AI features | Interaction Data and related context needed for the response | United States and other regions depending on provider and configuration |
| Email delivery providers | Transactional emails and optional messages (if enabled) | Email address, message metadata, delivery status | United States and other regions depending on provider |
| Security and abuse prevention services | Protect accounts and prevent misuse | IP address, device data, event logs | United States and other regions depending on provider |
8. INTERNATIONAL DATA TRANSFERS
PRIME ESSENCE LLC is a United States company. If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other countries where our providers operate.
Where GDPR or UK GDPR applies, we use lawful transfer mechanisms such as the European Commission Standard Contractual Clauses and the UK International Data Transfer Addendum, and we implement supplementary measures as appropriate.
9. DATA RETENTION
We retain personal data only as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law. Retention can vary by category and purpose.
- Account data: retained while your account is active.
- Interaction Data and memory: retained while your account is active, unless you delete content or request deletion (where available and lawful).
- Security logs: retained as reasonably necessary for security, abuse prevention, and investigation.
- Billing records: retained as required for accounting and tax compliance.
- Deleted accounts: if you delete your account, we delete your account data and Interaction Data, or irreversibly de-identify it, within a reasonable period (typically within 30 days), unless retention is required by law (for example billing records) or for security and abuse prevention.
Backups may persist for a limited period after deletion as part of routine backup cycles. Backups are protected with access controls and are used only for disaster recovery and security.
10. YOUR PRIVACY RIGHTS
Depending on your location, you may have rights to access, correct, delete, or port your data, and to object to or restrict certain processing.
10.1 EEA, UK, and similar jurisdictions
- Access: request a copy of your personal data.
- Rectification: correct inaccurate or incomplete data.
- Deletion: request deletion of personal data, subject to legal exceptions.
- Restriction and objection: restrict or object to certain processing in some cases.
- Portability: receive certain data in a machine readable format where applicable.
- Withdraw consent: where processing is based on consent, you can withdraw consent at any time.
- Complaint: lodge a complaint with your local data protection authority.
10.2 California notice (CCPA and CPRA)
We do not sell personal information as defined by the CCPA. We do not share personal information for cross context behavioral advertising as defined by the CPRA, unless explicitly stated and enabled by you.
Categories of personal information we may collect (depending on your use of the Service):
- Identifiers: email address, IP address, account identifiers.
- Internet or network activity: usage logs, interaction logs, session timing, device and browser signals.
- Customer records: subscription status, transaction identifiers, billing metadata.
- Sensitive personal information: content you provide that may reveal mental health-related information (for example dreams, journals, crisis indicators), and derived memory such as
session_insights.
We use these categories for the business and commercial purposes described above (providing the Service, security, billing, communications, and improvement).
California residents may have rights to know, access, correct, delete, and limit use of sensitive personal information, subject to statutory exceptions. You also have the right to not be discriminated against for exercising privacy rights.
10.3 How to exercise rights
To exercise rights, contact contact@sulenai.com from the email address associated with your account. We may need to verify your identity to protect your data. We will respond within the time required by applicable law.
10.4 Verification and authorized agents
To protect your privacy, we may need to verify your identity before fulfilling certain requests. Where applicable (including for California residents), you may designate an authorized agent to submit requests on your behalf, subject to verification and proof of authorization.
10.5 Data export requests (portability)
If you request a copy of your data, we will respond within the timeframes required by applicable law. For security, we may deliver exports only to the email address associated with your account, or use other reasonable verification and delivery steps.
11. SECURITY
We implement reasonable administrative, technical, and organizational measures designed to protect personal data. This includes access controls, secure authentication practices, and encryption in transit (HTTPS and TLS). No method of transmission or storage is 100 percent secure, and we cannot guarantee absolute security.
12. CHILDREN
The Service is intended for adults and is not for users under 18. We do not knowingly collect personal data from children. If we learn that we have collected such information, we will delete it.
13. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last Updated" date. If changes are material, we may provide additional notice through the Service or by email.
14. CONTACT
For privacy related inquiries or to exercise your rights, contact:
PRIME ESSENCE LLC
Attn: Privacy Officer
927 Main St #300
Evanston, WY 82930
United States
Tax ID (EIN): 98-1904990
Email: contact@sulenai.com