This is a working draft, written in plain language and reviewed for DPDP, HIPAA, and FTC alignment. It is not final legal text until our counsel signs off. Where a detail depends on our registered entity or a chosen vendor, we say so.
Your inner life is yours. This policy explains, simply, what we collect, why, how long we keep it, and the control you have. If anything here is unclear, write to us and we will explain it properly.
The short version
- We collect only what we need to give you a useful, personal experience.
- We never sell your data. We never share health or well-being data with advertising networks without your clear opt-in.
- Your journals, check-ins, and Wize conversations are private to you. If your employer offers InnerWise, they only ever see aggregated, non-identifying insights.
- You can see, correct, export, or delete your data at any time.
1. Who we are
InnerWise is the data fiduciary (controller) for the information you share with us. Our registered entity and the contact details for our Grievance Officer / Data Protection Officer are listed on the Grievance & Data Protection Contact page. [COLLECT: registered legal entity + officer details]
2. What we collect
- Account information you give us, such as your name, email, and sign-in details.
- Well-being inputs, such as mood check-ins, assessment answers, journal entries, and your conversations with Wize.
- Usage information, such as which features you use and general device and app details, so the service works reliably.
- Optional health information you choose to add. You are never required to share it.
3. Why we collect it
We use your information to set up your account, personalize your daily plan, keep the service secure, and improve it over time. Our lawful basis is your consent and the delivery of the service you asked for. You can withdraw consent at any time, and we will stop the related processing.
4. Wize and AI data
Your conversations with Wize are treated as private. They are anonymized or not stored beyond what is needed to give you a helpful reply, and they are not used to train AI models. Wize is a companion, not a clinician. How our AI is used, and its limits, are set out in the AI Disclosure.
5. How long we keep it
We keep your information only as long as your account is active or as long as we need it to provide the service and meet legal duties. When you delete your account, we delete or anonymize your personal data on a defined schedule. [COLLECT: retention schedule per data type]
6. How we share it
We share data with a small number of trusted service providers who help us run InnerWise, such as hosting and email delivery. They act on our instructions and are bound to protect your data. We do not sell your data, and we do not share health or well-being data with advertising networks without your opt-in. [COLLECT: sub-processor list]
7. Your rights
Under the DPDP Act and similar laws, you can:
- Access the personal data we hold about you.
- Correct anything that is wrong or out of date.
- Delete your data and close your account.
- Withdraw consent at any time.
- Nominate someone to act for you, as allowed under Indian law.
- Raise a grievance with our officer and, if needed, escalate to the Data Protection Board of India.
To use any of these, contact us through the Grievance page or delete your account from Settings or the Account & Data Deletion page.
8. If your organization offers InnerWise
Employers and partners receive aggregated, non-identifying insights only. They never see your journals, assessments, individual check-ins, or Wize conversations.
9. Security
We protect your data with encryption in transit and at rest, access controls, and regular reviews. No system is perfectly secure, so if a breach ever affects your data, we will notify you and the relevant authority as the law requires.
10. Where your data is stored
We store and process data in locations chosen for security and reliability. Where data moves across borders, we apply safeguards required by law. [COLLECT: storage jurisdictions]
11. Children
InnerWise is for adults (18 and over). We do not knowingly collect data from children. See Children’s Privacy.
12. Changes and contact
If we make a meaningful change to this policy, we will tell you in the app or by email before it takes effect. For any privacy question, reach our Grievance Officer / DPO through the Grievance & Data Protection Contact page.