Privacy Policy

Last Updated: February 18, 2026

High Performance Ventures LLC ("Company," "we," "us," or "our") operates the EmpatheticOther platform, accessible at empatheticother.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are deeply committed to protecting your privacy, particularly given the sensitive and personal nature of the conversations you entrust to our platform.

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your name, email address, and a hashed version of your password. We never store your password in plain text.
  • Profile Information: You may voluntarily provide information about your loss experience, including the type of loss, your loved one's name, circumstances, communication preferences, and spiritual framework. This information is used solely to personalize your experience.
  • Conversation Data: The messages you exchange with our AI companion are stored to maintain conversation history and continuity. All conversation data is encrypted at rest using AES-256-GCM encryption.
  • Payment Information: When you subscribe to a paid plan or purchase a usage top-up, payment processing is handled entirely by Stripe, Inc. We do not store your credit card number, CVV, or full payment details on our servers. We retain only a Stripe customer identifier and subscription identifiers necessary to manage your billing relationship.

1.2 Information Collected Automatically

  • Usage Data: We collect information about how you interact with the Service, including the number of messages sent, AI model usage, estimated computational costs per conversation, and session timestamps. This data is used for billing, service operation, and to ensure fair resource allocation.
  • Device and Browser Information: We may collect standard technical information such as your browser type, operating system, device type, and IP address through standard server logs. This information is used solely for security monitoring, fraud prevention, and service reliability.
  • Cookies: We use essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics cookies that follow you across the web.

1.3 Information We Do Not Collect

  • We do not collect or store biometric data.
  • We do not purchase data about you from third-party data brokers.
  • We do not use your conversation data to train, fine-tune, or improve AI models.
  • We do not build advertising profiles based on your conversations or grief experiences.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To provide, maintain, and personalize the AI grief companion experience, including tailoring responses based on your profile preferences.
  • Conversation Continuity: To maintain your conversation history so that your AI companion can reference prior context and provide a coherent, ongoing relationship.
  • Account Management: To create and manage your account, authenticate your identity, and process subscription and billing transactions.
  • Safety and Crisis Response: To detect crisis language indicating potential self-harm and provide appropriate crisis resources (such as the 988 Suicide & Crisis Lifeline). Crisis detection operates in real time to protect your safety. Crisis events are logged to ensure appropriate resource delivery; these logs are reviewed only for safety auditing purposes.
  • Service Operations: To monitor system performance, prevent abuse, enforce usage limits, and maintain the security and integrity of our infrastructure.
  • Communications: To send essential service communications, including account verification, billing receipts, subscription changes, and critical security notices. We will not send marketing emails without your explicit consent.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. Encryption and Data Security

We implement robust security measures designed to protect the confidentiality of your data:

  • Encryption at Rest: All conversation messages and your loved one's name are encrypted at rest using AES-256-GCM, an industry-standard encryption algorithm. This means that even in the unlikely event of a database breach, your conversation content would not be readable without the encryption key.
  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS).
  • Password Security: Your password is cryptographically hashed using a secure one-way hashing algorithm before storage. We cannot retrieve your original password.
  • Access Controls: Access to production databases and encryption keys is strictly limited to essential personnel on a need-to-know basis.
  • Infrastructure Security: Our Service is hosted on Vercel (application layer) and Neon (database layer), both of which maintain SOC 2 compliance and implement enterprise-grade security controls.

While we implement these safeguards, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we are committed to industry best practices and continuous improvement of our security posture.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

  • AI Processing (Anthropic): Your conversation messages are transmitted to Anthropic, PBC for AI processing. Anthropic processes this data solely to generate responses and does not use your conversations to train its models. Anthropic's data handling is governed by its own privacy policy and applicable data processing terms.
  • Payment Processing (Stripe): Billing and payment data is processed by Stripe, Inc. in accordance with Stripe's privacy policy and PCI DSS compliance standards. We share only the minimum information necessary to process transactions (your email and a user identifier).
  • Vector Search (Pinecone): Anonymized query embeddings (mathematical representations of text, not the text itself) may be transmitted to Pinecone for knowledge retrieval. These embeddings cannot be reverse-engineered to reconstruct your original messages.
  • Infrastructure Providers: Our hosting providers (Vercel, Neon) process data in accordance with their respective privacy policies and data processing agreements. They act as data processors on our behalf and are contractually prohibited from using your data for their own purposes.
  • Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect the rights, property, or safety of our users, ourselves, or others. We will endeavor to notify you of such disclosures to the extent permitted by law.
  • Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or uses of your personal information.

5. Data Retention

  • Account Data: We retain your account information for as long as your account is active or as needed to provide you with our Service.
  • Conversation Data: Your encrypted conversations are retained for as long as your account is active, unless you choose to delete them earlier.
  • Billing Records: We retain billing and transaction records for the period required by applicable tax, accounting, and financial regulations (typically 7 years).
  • Crisis Event Logs: Records of crisis events (which contain the triggering phrase and resources shown) are retained for safety auditing purposes for a period of 3 years.
  • AI Usage Logs: Aggregated usage data (token counts and cost estimates, not message content) is retained for the current billing period and up to 12 months thereafter for billing dispute resolution.
  • Account Deletion: When you delete your account through the Settings page, we permanently delete your profile, conversations, messages, and associated data. Certain billing records may be retained as required by law. Deletion is irreversible.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: You can access your profile information and conversation history at any time through the Service.
  • Correction: You can update your profile information and preferences at any time through the Settings page.
  • Deletion: You can delete all your data permanently through the "Delete All My Data" option in Settings. This action is immediate and irreversible.
  • Data Portability: You may request a copy of your personal data in a structured, commonly used format by contacting us at the email address below.
  • Opt-Out of Communications: You may opt out of non-essential communications at any time. Essential service communications (security alerts, billing notices) cannot be opted out of while you maintain an active account.
  • Withdrawal of Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • The right to know what personal information we collect, use, disclose, and sell.
  • The right to delete personal information we have collected from you.
  • The right to opt out of the sale or sharing of personal information. We do not sell or share your personal information for cross-context behavioral advertising.
  • The right to non-discrimination for exercising your privacy rights.
  • The right to correct inaccurate personal information.
  • The right to limit the use and disclosure of sensitive personal information. Your grief-related conversations constitute sensitive personal information, and we use this information solely to provide the Service.

To exercise these rights, contact us at Results@HighPerformanceVentures.com. We will verify your identity before fulfilling any request and respond within 45 days.

6.2 European Economic Area Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Our legal bases for processing include: performance of our contract with you (providing the Service), your consent (where applicable), and our legitimate interests (security, fraud prevention, service improvement).
  • You have the right to lodge a complaint with your local supervisory authority.
  • You have the right to request restriction of processing of your personal data.
  • You have the right to object to processing based on legitimate interests.
  • Data may be transferred to the United States, where our infrastructure is located. Such transfers are made pursuant to appropriate safeguards including standard contractual clauses.

7. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe that a child under 18 has provided us with personal information, please contact us at Results@HighPerformanceVentures.com.

8. Third-Party Links and Services

Our Service may contain links to third-party websites, resources, or services (such as crisis hotlines and mental health resources). We are not responsible for the privacy practices or content of these third-party services. We encourage you to review the privacy policies of any third-party services you access. The inclusion of a link does not imply endorsement by the Company.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the new Privacy Policy on this page with an updated "Last Updated" date and, for material changes, by sending you an email notification. Your continued use of the Service after any modification to this Privacy Policy constitutes your acceptance of the revised policy. We encourage you to review this Privacy Policy periodically.

10. Governing Law

This Privacy Policy and any disputes arising out of or relating to it shall be governed by and construed in accordance with the laws of the Commonwealth of Puerto Rico, United States, without regard to its conflict of law provisions. Any legal action or proceeding relating to this Privacy Policy shall be brought exclusively in the courts of the Commonwealth of Puerto Rico or the United States District Court for the District of Puerto Rico.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

High Performance Ventures LLC

Email: Results@HighPerformanceVentures.com

We will make every effort to respond to your inquiry within 30 days. For data rights requests under CCPA/CPRA, we will respond within 45 days as required by law.