Privacy Policy
Last updated: May 2026.
1. Who we are and how to contact us
Hierocles is operated as a sole-trader business registered in England and Wales. Company registration and ICO data controller registration are in progress. We are the data controller for the personal data described in this policy.
- Privacy and data requests: privacy@hierocles.app
- Safeguarding concerns: safeguarding@hierocles.app
- General enquiries: hello@hierocles.app
2. What data we collect
We collect the minimum data required to operate your private coaching system. Every field has a specific purpose and lawful basis under UK GDPR.
Account data
- Email address — authentication and essential communications. Lawful basis: contract performance.
- Date of birth — age verification at signup (18+ only), compliance with Online Safety Act 2023 and Children’s Code. Lawful basis: contract performance (we cannot provide the service to minors).
- Country of residence — crisis resource localisation, time zone defaulting, legal jurisdiction determination. Lawful basis: contract performance.
- Sub-country location (optional) — regional crisis resource routing (e.g. local NHS trust lines). Lawful basis: legitimate interest with the option to decline. If declined, we fall back to national resources.
Content you create
- Journal entries, fragments, and captures — your private journal content, processed by AI to generate reflections. Lawful basis: contract performance.
- Daily pulse signals — numeric ratings and selections you provide (mood, energy, sleep, etc.). Lawful basis: contract performance.
- Advisor conversations — questions you ask and responses generated. Lawful basis: contract performance.
- Financial data (bank transactions, categories) — processed solely for financial insights. Never shared with third parties. Lawful basis: contract performance.
- Weekly and monthly reviews — AI-compiled summaries of your data. Lawful basis: contract performance.
Operational data
- Usage metrics — token counts, request counts, and rate-limiting data needed for billing and abuse prevention. Lawful basis: legitimate interest.
- Safeguarding flags — records of detected crisis signals. Lawful basis: legitimate interest (safety of the user).
What we do not collect: gender, sexuality, religion, ethnicity, marital status, income, or any health data beyond the three optional disclosures described below. These may appear in your journal entries naturally; they are not structured profile fields.
3. Special category data
UK GDPR Article 9 defines special categories of personal data that require additional protection. Hierocles processes the following special category data:
- Three optional health disclosures collected at signup with granular, individual consent: whether you are currently under the care of a mental health professional; whether you have ever been treated for an eating disorder; and an optional free-text field for anything you want the system to handle carefully.
- Health-related content in journal entries — your writing may contain information about your physical or mental health. This is processed by AI to generate reflections and is scanned for safeguarding signals.
Lawful basis:explicit consent under UK GDPR Article 9(2)(a). This consent is obtained through granular checkboxes during signup — one checkbox per disclosure, not a single blanket consent.
Withdrawing consent: you may withdraw your health disclosure consent at any time from your Settings page. When you withdraw, the disclosed data is deleted and any associated monitoring state (such as ED-monitored) is lifted. Withdrawal does not affect the lawfulness of processing carried out before you withdrew. You can continue to use Hierocles without these disclosures.
4. Children
Hierocles is an adults-only service. No accounts are available for users under 18. You must provide your date of birth during signup; if it indicates you are under 18, your account cannot be created. If we become aware that a user under 18 has created an account using a false date of birth, it will be terminated immediately and all data permanently deleted.
This is a hard requirement under the UK Children’s Code (Age Appropriate Design Code), the Online Safety Act 2023, and US COPPA.
5. How long we keep data
| Data type | Retention period |
|---|---|
| Account data | While account is active, plus 30 days after deletion request (grace period) |
| Journal entries, fragments, pulses | While account is active. Deleted on account deletion. |
| Flagged entries | 90 days, then permanently deleted regardless of account status |
| Audit logs | 12 months |
| Safeguarding event logs | 24 months |
| Backups | Rolling 30 days |
6. Who sees your data
Your data is processed by the following services, each for a specific purpose:
- Firebase (Google Cloud) — authentication and database storage. Your data is stored in Firestore, encrypted at rest and in transit.
- Anthropic — your journal content, questions, and pulse data are sent to Anthropic’s Claude API to generate AI coaching responses. Anthropic is a US company. Anthropic does not train its models on data sent via the API. Under Anthropic’s API data policy, content is retained for up to 30 days for abuse monitoring, then deleted. Your identity is not sent to Anthropic — content is transmitted without your name or email.
- Google Cloud (Gemini API) — used for text embeddings that power the memory and similarity features. The same data-handling principles apply.
- Stripe — payment processing only. Stripe handles your payment details directly; we do not store card numbers.
- Resend — transactional emails (welcome emails, password resets). Only your email address is shared.
- Upstash Redis — rate limiting and cost control. Stores anonymised counters, not content.
- Vercel — hosting and serverless function execution. Request data passes through Vercel’s infrastructure.
We do not sell your data. We do not share your data with advertisers. We do not provide your data to data brokers or any third party not listed above.
7. International transfers
Hierocles is a UK-based service, but your data is processed by providers in the United States (Anthropic, Vercel, Stripe) and may be stored in the US or EU (Firebase/Google Cloud).
For transfers of personal data outside the UK, we rely on the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses (SCCs), as appropriate for each provider. Anthropic, Google, Stripe, and Vercel each publish the necessary data protection agreements for this purpose.
8. Your rights
Under UK GDPR, you have the following rights over your personal data:
- Right of access — you can request a copy of all data we hold about you. Use the data export feature in Settings, or email privacy@hierocles.app.
- Right to rectification — you can correct inaccurate data via your Settings page or by contacting us.
- Right to erasure — you can delete your account from Settings. After the 30-day grace period, all data is permanently removed.
- Right to restrict processing — you can request we limit how we use your data while a dispute is resolved.
- Right to data portability — you can export all your data in Markdown format from the Settings page.
- Right to object — you can object to processing based on legitimate interest. Contact us and we will assess whether our interest overrides yours.
- Rights related to automated decision-making — Hierocles uses AI to generate reflections and flag crisis content. You can request human review of any automated decision that significantly affects you.
- Right to withdraw consent — where we process data based on consent (health disclosures, optional location), you can withdraw at any time via Settings.
To exercise any of these rights, email privacy@hierocles.app. We will respond within one month, extendable by two months for complex requests as permitted under UK GDPR.
Right to complain: if you are not satisfied with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk/concerns.
9. Safeguarding-specific data handling
When a crisis signal is detected in your writing, the flagged content is handled with additional protections:
- Flagged content is stored separately from your regular journal data, with additional encryption.
- Access to flagged content is restricted to the designated safeguarding reviewer at Hierocles.
- Every access to flagged content is logged with the reviewer’s identity, timestamp, and reason.
- Flagged content is reviewed only under defined trigger conditions — not routinely.
- Flagged content is automatically deleted after the retention period (90 days).
Full details of our safeguarding approach are in our Safeguarding Policy.
10. Security
- Encryption at rest: all data stored in Firestore is encrypted at rest using Google Cloud’s default encryption.
- Encryption in transit: all data transmitted between your browser, our servers, and third-party services uses TLS.
- Authentication: Firebase Authentication handles account security. We recommend using a strong, unique password.
- Input validation: all user input is validated and sanitised before processing.
- Rate limiting: requests are rate-limited to prevent abuse.
- Breach notification: in the event of a personal data breach, we will notify the ICO within 72 hours of becoming aware of the breach, as required by UK GDPR. If the breach is likely to result in a high risk to your rights, we will also notify you directly.
11. Cookies and tracking
Hierocles uses only essential cookies required for the service to function:
- Authentication cookies — maintained by Firebase to keep you signed in.
- Session cookies — essential for the application to function.
We do not use analytics cookies, advertising cookies, tracking pixels, or any form of cross-site tracking. We do not use Google Analytics or any equivalent service.
12. AI processing
This section exists because you deserve clarity on how AI handles your writing.
- What is sent to Anthropic: journal content, fragment text, pulse data, questions to advisors, and contextual data needed for AI responses (such as recent pulse signals and weekly review data).
- What is not sent: your name, email address, or account identifiers. Content is transmitted pseudonymised.
- Anthropic’s retention: under Anthropic’s API data policy, content sent via the API is retained for up to 30 days for abuse monitoring, then permanently deleted.
- Training: Anthropic does not train its models on data sent via the API. Your journal entries are not used to train AI.
- UK GDPR compliance: the transfer of data to Anthropic (a US company) is covered by the UK International Data Transfer Agreement. Anthropic acts as a data processor under a data processing agreement.
13. Changes to this policy
We may update this privacy policy from time to time. When we do, we will update the “last updated” date at the top of this page and notify you by email at least 14 days before the changes take effect. Previous versions of this policy will be retained for compliance audit purposes.
14. Contact and complaints
For privacy-related questions or to exercise your data rights: privacy@hierocles.app.
For safeguarding concerns: safeguarding@hierocles.app.
To complain to the UK data protection authority: Information Commissioner’s Office (ICO), ico.org.uk/concerns, telephone 0303 123 1113.