Your Privacy Matters to Us
Anshuk is a relationship coaching app. We handle deeply personal information and take that responsibility seriously. This policy explains exactly what we collect, why, and your rights over it.
US only. Anshuk is currently available exclusively to users in the United States. This policy reflects US federal law (HIPAA) plus applicable state laws for California, Washington, and New York.
Anshuk ("we", "us", "our") is operated by The Little Loom. Your use of the Anshuk app is governed by this Privacy Policy and our Terms of Service. By creating an account, you agree to the practices described here.
Because Anshuk provides AI-assisted mental health coaching, your data is subject to HIPAA (Health Insurance Portability and Accountability Act) and, where applicable, state health privacy laws. We treat all session content as Protected Health Information (PHI).
Section 1
What We Collect
| Category | What it includes | Why we collect it |
|---|---|---|
| Account data | Email, hashed password, first name, date of birth, US state | Identity verification, age gate (18+), jurisdiction determination |
| Session content | Messages you send and receive during coaching sessions | Providing AI-assisted coaching responses; safety monitoring |
| Daily Pulse data | Mood check-ins, stress ratings, brief notes | Trend tracking, personalised coaching context |
| Our Story content | Memories, photos, timeline entries you add | Relationship history for coaching context |
| Device data | Device identifier (iOS: identifierForVendor, Android: ANDROID_ID), OS version |
One-device-per-partner enforcement; security |
| Usage data | Session frequency, feature interactions (no message content) | Product improvement; safety baseline |
| Consent records | Timestamps of consent given for each form, device ID, IP at time of consent | Legal compliance; audit trail |
We do not collect social media profiles, contacts, location data, or device microphone/camera beyond explicit user uploads. We do not sell your data to any third party, ever.
Section 2
How We Use Your Information
Delivering coaching responses
Your session messages are passed to our AI pipeline to generate coaching responses. Content is processed under strict minimum-necessary principles — only what the current session requires.
Safety monitoring
Every message is scanned for crisis signals (suicidal ideation, self-harm, domestic violence, psychotic symptoms). If detected, our crisis protocol activates immediately and you are provided with emergency resources.
Legal compliance and audit logging
We maintain an append-only audit log of every session event. Log entries record event categories and actions — never the text content of your messages. This is required for HIPAA compliance.
Personalising your experience
Your Daily Pulse history, session progress, and stated preferences are used to tailor coaching content to where you are in your relationship journey.
Service operations
Account management, technical support, sending safety-critical notifications (no message content previewed in push notifications), and fraud/abuse prevention.
We do not use your session content to train AI models without your separate, explicit, informed consent. Coaching responses are generated in-context — your data is not pooled for model improvement by default.
Section 3
AI Processing Disclosure
Required disclosure: Anshuk is powered by artificial intelligence. Your coach is not a human. It is not a licensed therapist, counselor, psychiatrist, or medical professional.
Every session involves your messages being processed by a multi-agent AI pipeline. This pipeline:
Scans every message for PHI and safety signals
Personal identifiers and crisis signals are detected before and after generating a response. This happens synchronously on every message.
Generates AI coaching responses
Responses are produced by a large language model instructed on evidence-based frameworks (CBT, EFT, Gottman Method). Responses are reviewed by a harm-classification layer before delivery.
Cannot diagnose, prescribe, or replace professional care
The AI is prohibited from making diagnoses, recommending medication, providing prognoses, or acting as a substitute for licensed mental health treatment. If you are in crisis, please contact emergency services or a crisis line immediately.
Automated decisions that affect you
Safety assessment and crisis protocol activation are automated. If you believe a decision was made in error, contact us at support@anshuk.app to request human review.
Section 4
Third-Party Processors
We share data with a limited number of trusted processors who help us operate Anshuk. All processors handling health-related data have signed a Business Associate Agreement (BAA) as required by HIPAA.
| Processor | Purpose | Data shared | BAA |
|---|---|---|---|
| AI Model Provider | Generating coaching responses | Session messages (no name/contact data) | ✓ Required |
| Cloud Infrastructure | Hosting, storage, database | All data (encrypted at rest) | ✓ Required |
| Object Storage (photos) | Our Story photo hosting | User-uploaded photos (AES-256-GCM encrypted) | ✓ Required |
| Push Notification Service | Sending app notifications | Device token only — no message content | N/A |
We do not share your data with advertisers, data brokers, employers, insurance companies, or any entity not listed above. We will never sell your data.
Section 5
Couple & Dyadic Session Data
Anshuk supports individual sessions and dyadic (couples) sessions. The data ownership model differs between them.
Individual sessions
Fully private to you. Your partner cannot see, access, or request content from your individual sessions — ever. This isolation is enforced at the data layer.
Dyadic (couples) sessions — joint ownership
Content created together in a couples session is jointly owned by both partners. Neither partner can unilaterally delete shared session data. Both partners must complete independent consent before a dyadic session can begin.
Domestic violence safety protocol
If our safety system detects domestic violence signals, the couple's shared data access is immediately siloed, dyadic sessions are blocked, and a litigation hold is placed. This is automated and cannot be reversed by either partner — only by a clinical supervisor following documented assessment. The affected partner receives crisis resources; the other receives a neutral session end with no information about the protocol activation.
Litigation hold notice
Couples therapy records may be subpoenaed in family court proceedings. If a litigation hold is active on your account, data deletion requests will be denied until the hold is lifted. We will inform you if a hold exists and direct you to consult your attorney.
Section 6
Sensitive Data Categories
Mental health data (HIPAA Protected Health Information)
All session content is treated as PHI. The fact that you use Anshuk is itself PHI. This data is encrypted in transit (TLS 1.2+) and at rest (AES-256), with access controls limiting who can view it internally.
Substance use data (42 CFR Part 2)
If substance use is mentioned during a session, those records are protected under 42 CFR Part 2 — a federal regulation stricter than HIPAA. We will pause the session and present a separate, specific SUD consent form. Without that consent, substance use content is redacted from the AI pipeline context and stored in a segregated, separately access-controlled log. General HIPAA consent does not cover SUD data.
Crisis-related data
Messages that trigger crisis protocol are flagged for human clinical review. This is a safety obligation. Confidentiality applies except where disclosure is required by law (duty to warn, mandatory reporting of imminent harm).
Section 7
Data Retention
Active account — data is live
All your data is accessible while your account is active and in good standing.
Account deletion requested — 30-day grace period
Your account is locked. You can cancel the deletion request at any time within 30 days to fully restore your account.
Day 30 — immediate data deletion begins
Profile, messages, memories, and photos are permanently deleted. Audit logs are stripped of personal identifiers and moved to encrypted cold storage.
Year 1–6 — de-identified audit logs in cold storage
HIPAA requires we retain de-identified audit records for 6 years from creation (or last effective date). These records contain no PHI — only category codes, action codes, and timestamps. Access is restricted to compliance personnel.
Year 6 — automatic purge + destruction certificate
All retained audit records are securely destroyed and a destruction certificate is issued per HIPAA requirements. Nothing is kept beyond 6 years.
If a litigation hold is active on your account, deletion requests will be suspended for the duration of the hold, regardless of the grace period. This is a legal obligation.
Section 8
Your Privacy Rights
Right to access
You can request a copy of all personal data we hold about you. Requests are processed by our compliance team — never auto-generated. Allow up to 30 days.
Right to correction
If any personal data we hold is inaccurate, you can request correction via Settings or by emailing us.
Right to deletion
You can delete your account via the app (Settings → Account → Delete Account) or by emailing us. See our Delete Account page for full instructions.
Right to withdraw consent
You can withdraw your general consent at any time. This will end your ability to use Anshuk and trigger account deletion. Withdrawal does not affect the lawfulness of processing before withdrawal.
How to exercise your rights
Email support@anshuk.app from the address registered to your account. We will verify your identity before processing any request. All requests are handled by a human, not automated.
Section 9
State-Specific Rights
In addition to federal HIPAA rights, residents of certain states have additional protections under state law.
California
CCPA / CPRA + CMIA
- Right to know what data is collected and sold (we don't sell)
- Right to opt out of sale or sharing
- Right to correct inaccurate personal information
- Right to limit use of sensitive personal data
- Mental health data requires written authorisation (CMIA)
- Private right of action for CMIA violations
Washington State
My Health My Data Act
- Separate, per-category consent required (not blanket)
- Applies to all health data, not just HIPAA-covered entities
- Right to access and delete consumer health data
- No geofencing around mental health facilities
- Private right of action under WA Consumer Protection Act
New York
SHIELD Act
- Reasonable administrative, technical, and physical security required
- Breach notification to you and the NY AG
- Broader "private information" definition covers health data
- Biometric data receives heightened protection
To exercise any state-specific right, email support@anshuk.app and specify your state. We will respond within 30 days (or sooner as required by your state's law).
Section 10
Security
Encryption everywhere
All data in transit is encrypted using TLS 1.2+. Data at rest uses AES-256 encryption. Photos in Our Story are individually encrypted with AES-256-GCM before upload.
App-level protections
Face ID / Touch ID support, auto-lock after 10 minutes of inactivity, app-switcher blur to hide content when backgrounded, and push notifications that show no message content preview.
Breach notification
If a data breach occurs that affects your PHI, we will notify you within 72 hours of discovery, as required by HIPAA and applicable state laws. We will never "fix quietly" — every breach assessment is documented.
Section 11
Contact & Requests
Privacy requests & questions
Email support@anshuk.app from your registered address. Include your full name and the nature of your request. We respond within 30 days.
The Little Loom
Registered in India. For legal correspondence: support@anshuk.app