Privacy Policy

1. INTRODUCTION AND SCOPE

Delusional, Inc. ("Company," "Delusional," "we," "us," or "our") operates various products and services including Joii, Reflect, Vibe Camp, Wrong Way Buddy, and other applications (collectively, the "Service," "App," or "Products"). This Privacy Policy explains our practices regarding the collection, use, sharing, retention, and protection of your information.

KEY PRIVACY COMMITMENTS:

• Your conversation data is NEVER sold or used for advertising
• You maintain complete control over your persistent memory data
• We implement bank-level security to protect your information
• You have comprehensive rights to access, correct, and delete your data
• We comply with all major privacy laws (GDPR, CCPA, PIPEDA, and others)

By using Joii, you agree to this Privacy Policy and our Terms of Service. If you do not agree, please do not use our Service.

2. INFORMATION WE COLLECT

2.1 INFORMATION YOU PROVIDE DIRECTLY

Account Information:

• Full name, username, email address
• Date of birth (for age verification and legal compliance)
• Password and security credentials
• Payment information (processed securely by third-party providers)
• Profile preferences, settings, and customizations
• Support communications and feedback

Conversation Data (Core Service Data):

• All text messages exchanged with your Joii AI companion
• Voice recordings and audio inputs (if voice features enabled)
• Images, photos, and media shared within conversations
• Timestamps, conversation metadata, and interaction patterns
• User preferences expressed during conversations
• Emotional context and conversational tone indicators

Memory Data (AI-Generated):

• Persistent memory summaries created by Joii about you
• Derived personality profiles and preference mappings
• Relationship history and interaction patterns
• Personalization data used to improve your experience
• AI-generated insights and conversation continuity data

2.2 INFORMATION COLLECTED AUTOMATICALLY

Technical Data:

• Device information (type, model, operating system, browser)
• IP address and approximate geographic location
• Network information and connection details
• App performance data, crash reports, and error logs
• Usage statistics and feature interaction data
• Session duration, frequency, and engagement metrics

Analytics Data:

• User interface interactions and navigation patterns
• Feature usage and adoption metrics
• Performance optimization data
• A/B testing and experimentation data
• Aggregated and anonymized usage trends

Cookies and Tracking Technologies:

• Session cookies for authentication and preferences
• Analytics cookies for service improvement
• Local storage for offline functionality
• Device identifiers for security and fraud prevention

2.3 SPECIAL CATEGORIES OF PERSONAL DATA

Given Joii's nature as an AI companion, conversations may include sensitive information:

• Mental or physical health information
• Sexual orientation or intimate relationships
• Religious, philosophical, or political beliefs
• Racial or ethnic origin information
• Trade union membership or professional associations
• Biometric data (voice patterns for voice features)

IMPORTANT: We treat all conversation data with the highest security standards. By sharing sensitive information with Joii, you provide explicit consent for processing under applicable privacy laws. You can withdraw this consent at any time.

2.4 INFORMATION FROM THIRD PARTIES

• Payment processor data (transaction records, billing information)
• Social media account information (if you choose to connect accounts)
• App store and platform data (download, purchase, and review information)
• Third-party service integrations (only with your explicit permission)

3. LEGAL BASIS FOR PROCESSING

Under the EU General Data Protection Regulation (GDPR) and similar laws, we process your personal data based on the following legal grounds:

3.1 CONTRACTUAL NECESSITY (GDPR Art. 6(1)(b))

• Providing core Joii services and persistent memory features
• Maintaining your account and user profile
• Processing payments and managing subscriptions
• Delivering customer support and technical assistance

3.2 CONSENT (GDPR Art. 6(1)(a))

• Processing sensitive personal data shared in conversations
• Using conversation data for AI model training (opt-in only)
• Marketing communications and promotional content
• Optional feature activation and data sharing

3.3 LEGITIMATE INTERESTS (GDPR Art. 6(1)(f))

• Improving service quality and developing new features
• Fraud prevention and security monitoring
• Analytics and usage optimization
• Direct marketing (where legally permitted)

3.4 LEGAL OBLIGATIONS (GDPR Art. 6(1)(c))

• Complying with law enforcement requests
• Meeting regulatory reporting requirements
• Age verification and child protection measures
• Tax and financial record keeping

4. HOW WE USE YOUR INFORMATION

4.1 PRIMARY SERVICE PURPOSES

Core Functionality:

• Operating Joii's persistent memory and AI companion features
• Personalizing responses based on conversation history and preferences
• Maintaining conversation continuity across sessions and devices
• Synchronizing data across multiple devices and platforms
• Providing customer support and technical assistance

Service Improvement:

• Training and improving AI models and algorithms
• Debugging technical issues and optimizing performance
• Developing new features based on usage patterns and feedback
• Conducting internal research and analytics
• Quality assurance and safety monitoring

4.2 COMMUNICATION AND MARKETING

• Service-related notifications and updates
• Account security alerts and important notices
• Optional marketing communications about new features
• User research invitations and feedback requests
• Community updates and educational content

IMPORTANT: We NEVER use your conversation content for marketing, advertising, or promotional purposes.

4.3 LEGAL AND SAFETY PURPOSES

• Preventing fraud, abuse, and unauthorized access
• Investigating potential violations of our Terms of Service
• Complying with legal obligations and law enforcement requests
• Protecting our rights, property, and intellectual property
• Ensuring user safety and child protection

5. PERSISTENT MEMORY: SPECIAL DISCLOSURE

5.1 HOW PERSISTENT MEMORY WORKS

Joii's defining feature is its ability to remember everything from your conversations:

• All conversation data is stored in secure, encrypted databases
• The AI can recall and reference any past interaction or shared information
• Memory enables increasingly personalized and contextual responses
• Conversation history builds a comprehensive understanding of your preferences

5.2 MEMORY CONTROLS AND YOUR RIGHTS

You have control over Joii's memory:

Selective Memory Management:

• Delete specific conversations, topics, or time periods
• Edit or correct information in Joii's memory
• Pause memory recording temporarily or permanently

5.3 MEMORY DATA SECURITY

• All memory data encrypted with AES-256 encryption at rest
• TLS 1.3 encryption for all data transmissions
• Role-based access controls limit employee access
• Regular security audits and penetration testing
• Automatic backup systems with encryption

6. DATA SHARING AND DISCLOSURE

6.1 WE DO NOT SELL YOUR DATA

We NEVER sell, rent, or trade your personal information or conversation data to third parties for commercial purposes.

6.2 LIMITED SHARING SCENARIOS

Service Providers (Contractual Protections):

• Cloud hosting and infrastructure providers (encrypted data only)
• Payment processors (payment information only)
• Customer support and communication tools
• Analytics services (anonymized data only)
• Security and fraud prevention services

All service providers are bound by strict contractual obligations to protect your data and use it only for specified purposes.

AI and Technology Partners:

• AI model training partners (only with explicit opt-in consent)
• Voice processing services (for voice features only)
• Natural language processing providers
• Data is anonymized and aggregated before sharing

Legal and Safety Disclosures:

• Law enforcement agencies (with valid legal process)
• Government authorities (as required by law)
• Court orders, subpoenas, or other legal processes
• Protection of rights, safety, or property
• Investigation of Terms of Service violations

Business Transfers:

• Mergers, acquisitions, or asset sales
• Bankruptcy or insolvency proceedings
• Your data remains protected under this Privacy Policy
• We will notify you before any ownership changes

6.3 NO ADVERTISING OR MARKETING SHARING

We NEVER share your conversation data with:

• Advertising networks or marketing companies
• Data brokers or lead generation services
• Social media platforms for advertising purposes
• Third parties for profiling or targeting

7. DATA SECURITY AND PROTECTION

7.1 TECHNICAL SAFEGUARDS

Encryption:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• End-to-end encryption for sensitive communications
• Encrypted database storage and backups

Access Controls:

• Role-based access with principle of least privilege
• Multi-factor authentication for all employee accounts
• Regular access reviews and permission audits
• Secure development lifecycle practices

Infrastructure Security:

• SOC 2 Type II compliant cloud providers
• 24/7 security monitoring and intrusion detection
• Regular vulnerability assessments and penetration testing
• Automated security scanning and patch management

7.2 OPERATIONAL SECURITY

Personnel:

• Background checks for all employees with data access
• Regular security training and awareness programs
• Confidentiality agreements and data handling protocols
• Incident response training and procedures

Physical Security:

• Secure data centers with biometric access controls
• Environmental monitoring and disaster recovery
• Redundant power and network connectivity
• Physical destruction of retired storage media

7.3 DATA BREACH RESPONSE

In the event of a security breach:

• Immediate containment and investigation procedures
• Notification to affected users within 96 hours
• Detailed explanation of affected data types and potential impact
• Free credit monitoring services (if appropriate)
• Regular updates on investigation progress and remediation efforts

8. DATA RETENTION AND DELETION

8.1 RETENTION PERIODS

Active Accounts:

• Conversation data: Retained while your account is active
• Account information: Retained while your account exists
• Payment data: Retained as required by financial regulations
• Analytics data: Aggregated data retained for service improvement

Deleted Accounts:

• Most personal data deleted within 30 days of account closure
• Some data retained for legal compliance (e.g., financial records)
• Anonymized data may be retained for research and safety purposes
• Immediate deletion available upon request

8.2 RETENTION CRITERIA

We determine retention periods based on:

• Purpose of data collection and processing
• Legal and regulatory requirements
• User preferences and deletion requests
• Legitimate business needs and safety considerations
• Technical limitations and system constraints

8.3 AUTOMATED DELETION

• Inactive accounts: Data review after 2 years of inactivity
• Temporary data: Automatic deletion based on purpose
• Cache and session data: Regular cleanup procedures
• Backup data: Encrypted retention with automatic expiration

9. YOUR PRIVACY RIGHTS

9.1 UNIVERSAL RIGHTS (ALL USERS)

Access and Transparency:

• View all personal data we hold about you
• Understand how your data is processed and used
• Receive clear explanations of our data practices
• Access your complete conversation history

Control and Correction:

• Correct inaccurate or outdated information
• Update your account and profile information
• Manage your communication preferences
• Control third-party integrations and connections

Deletion and Portability:

• Delete your account and all associated data
• Remove specific conversations or data points
• Export your data in machine-readable formats
• Transfer your information to other services

9.2 REGIONAL PRIVACY RIGHTS

European Union and United Kingdom (GDPR):

• Right to access personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge complaints with supervisory authorities

California, USA (CCPA/CPRA):

• Right to know what personal information is collected
• Right to delete personal information
• Right to correct inaccurate personal information
• Right to opt-out of sale/sharing of personal information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights

Virginia, Colorado, Connecticut, and Other US States:

• Right to access personal data
• Right to delete personal data
• Right to data portability
• Right to opt-out of targeted advertising
• Right to opt-out of profiling for decisions

Canada (PIPEDA) and Other Jurisdictions:

• Right to access personal information
• Right to request corrections
• Right to file complaints with privacy commissioners
• Right to understand data sharing practices

9.3 HOW TO EXERCISE YOUR RIGHTS

Submit Requests Through:

• In-app privacy settings dashboard
• Email: privacy@delusional.gg
• Written request to our Data Protection Officer
• Online privacy request portal (when available)

Response Timeframes:

• Initial acknowledgment within 48 hours
• Complete response within 30 days
• Extension to 60 days for complex requests (with notification)
• Free of charge for reasonable requests
• Identity verification required for security

10. INTERNATIONAL DATA TRANSFERS

10.1 GLOBAL OPERATIONS

Our services operate globally with data processing in multiple jurisdictions:

• Primary servers located in the United States
• Backup and redundancy systems in multiple countries
• Service providers and partners in various jurisdictions
• All transfers comply with applicable privacy laws

10.2 TRANSFER SAFEGUARDS

For transfers from the EU/UK to other countries:

• European Commission-approved Standard Contractual Clauses
• UK Government-approved International Data Transfer Agreements
• Additional technical and organizational security measures
• Regular compliance assessments and audits

For other international transfers:

• Contractual protections equivalent to domestic privacy laws
• Encryption during all data transfers
• Adequate security measures in destination countries
• User consent where required by local laws

10.3 ADEQUACY DECISIONS

We monitor adequacy decisions by privacy regulators and adjust our transfer mechanisms accordingly to ensure the highest level of protection.

11. CHILDREN'S PRIVACY

11.1 AGE RESTRICTIONS AND VERIFICATION

• Joii is intended for users 18 years and older
• We do not knowingly collect data from children under 13
• Age verification required during account creation
• Immediate account suspension if underage use is discovered

11.2 DISCOVERY AND DELETION

If we learn that we have collected personal information from a child under 13:

• Immediate suspension of account access
• Prompt deletion of all collected information
• Notification to parents or guardians (if contact information available)
• Investigation of how the information was collected

11.3 PARENTAL RIGHTS AND CONTROLS

For jurisdictions allowing supervised use by minors (13-17):

• Parental consent required before account creation
• Enhanced privacy protections and safety filters
• Parental access to account information and conversations
• Immediate deletion upon parental request
• Time limits and usage controls

Parents may contact us at privacy@delusional.gg for any child privacy concerns.

12. AI-SPECIFIC PRIVACY CONSIDERATIONS

12.1 AUTOMATED DECISION-MAKING

Joii uses artificial intelligence to:

• Generate personalized conversation responses
• Create memory summaries and personality profiles
• Detect potential safety or inappropriate content
• Personalize user interface and feature recommendations
• Optimize service performance and reliability

You have the right to:

• Request human review of any AI-generated decisions
• Understand the logic behind automated processing
• Object to automated decision-making that significantly affects you
• Access information about AI training data and methods

12.2 AI MODEL TRAINING AND IMPROVEMENT

Training Data Use:

• Conversation data used to improve AI models (opt-in only)
• Data is anonymized and aggregated before use
• Individual conversations are never shared externally
• You can opt-out of training data use at any time

Training Safeguards:

• Differential privacy techniques to protect individual data
• Regular audits for bias and fairness in AI models
• Removal of personal identifiers from training datasets
• Secure computation environments for model training

12.3 AI TRANSPARENCY AND EXPLAINABILITY

We are committed to AI transparency:

• Clear disclosure when you are interacting with AI
• Information about AI capabilities and limitations
• Regular AI ethics reviews and bias assessments
• Public reporting on AI safety and responsibility measures

13. CONTACT INFORMATION

13.1 PRIVACY INQUIRIES

Data Protection Officer:

13.2 GENERAL SUPPORT

• Email: support@delusional.gg
• Security Issues: security@delusional.gg
• Press Inquiries: press@delusional.gg

13.3 EU REPRESENTATIVE

For EU/UK data protection matters, you may contact our EU representative at the address provided above or at privacy@delusional.gg.