Официальная (юридически значимая) версия документа — на английском языке.

Beliora Privacy Policy

Effective date: June 10, 2026

This is the privacy policy for the Beliora iOS app and the beliora.app website (“Beliora”, “we”, “us”). Beliora is operated by Synth Layer LLC, a Wyoming (United States) limited liability company, which is the data controller for the processing described here. This policy is written to be read, not skimmed past — Beliora handles some of the most personal data there is, and you deserve to know exactly what happens to it.

The short version: we collect what we need to run your therapy sessions and nothing more. We don’t sell your data, we don’t use it for advertising, and we don’t track you across other apps or websites. Your health data is used only to make your sessions better. You can export everything and delete everything, from inside the app.

If anything here is unclear, write to us: support@beliora.app.

1. What we collect

Account data

Email address and name — to create and secure your account and to contact you about your account when necessary.
Password — stored only as a salted hash; we never see or store it in plain text.
A user identifier — an internal ID that ties your data to your account.

Therapy and journal content

Therapy session content — the messages you exchange with the AI therapist (text and transcribed voice), session summaries, and the internal therapy plan generated from your sessions.
Diary entries and their AI emotion analysis.
Mood check-ins (mood ratings and optional notes).
AI memory — facts Beliora remembers between sessions. You can view, edit, disable or delete each memory, or erase all of them, in Settings.

This content is sensitive by nature. We treat all of it as confidential and use it for one purpose: providing your therapy experience.

Apple Health data (HealthKit)

If — and only if — you grant permission, Beliora reads the following from Apple Health: sleep (duration and phases), heart rate, resting heart rate, heart rate variability (HRV), steps, active energy, exercise minutes, mindful minutes, respiratory rate, workouts, and time in daylight. Access is read-only; we never write to Apple Health. Snapshots sync to our server no more than once per hour, and each data category has its own toggle in the app’s settings.

Apple Health data is used to compute your sleep, stress, activity and recovery scores, to surface correlations between your body and your mood, and to give the AI therapist context for your sessions — for example, that you barely slept before today’s conversation.

Our HealthKit commitments (these are binding):

Health data is never used for advertising, marketing, or any similar purpose.
Health data is never sold and never used for data mining unrelated to the app’s health purpose.
Health data is not shared with third parties, with one narrow exception: relevant health context (e.g., “slept 5 hours, elevated stress”) is included in requests to OpenAI, our AI processor, solely to generate your session responses and analyses. OpenAI acts as a data processor under contract, does not use this data to train its models, and retains API data only briefly for abuse monitoring before deletion.
You can revoke Health access at any time in iOS Settings → Privacy & Security → Health, or per-category inside Beliora. The app keeps working without it.

Voice recordings

In voice messages and live voice sessions, your audio is streamed to our server and to our speech processors to be transcribed and answered in real time. Audio is processed for transcription and response generation and is not retained beyond that processing — what remains in your session history is the text transcript, which you control like any other session content.

Analytics and device data

We use Amplitude to understand how the app is used (e.g., “a session was started”, “onboarding was completed”). Analytics events are pseudonymous — keyed to an internal user ID, never to your name or email — and never include the content of your sessions, diary, or health measurements. We also receive basic device data (device model, OS and app version, language) with these events to keep the app working well across devices; crash reports reach us only through Apple’s own opt-in developer sharing.

Analytics events include your self-reported mood rating and an anonymous crisis-flow indicator (a flag that the safety flow was shown). They never include the content of your messages, diary entries, or voice recordings.

We do not use analytics for advertising and we do not track you across other companies’ apps or websites. Beliora contains no advertising SDKs.

Subscription data

Purchases run through Apple. We receive your subscription status (plan, period, validity) to unlock features. We never see your payment card details.

2. How we use your data

To provide therapy sessions, voice conversations, diary analysis, check-ins, insights and the unified therapy plan — the product itself.
To personalize the AI therapist (your chosen tone, style and approach) and keep continuity between sessions.
For safety: messages are screened for signs of crisis so the app can immediately offer emergency resources.
To operate, debug and improve the app (pseudonymous analytics, crash data).
To answer you when you contact support.
To meet legal obligations.

We do not use your data for advertising. We do not sell it. We do not train our own or anyone else’s foundation models on your content.

3. Who processes your data

We share data only with processors needed to run the service, each bound by a data processing agreement:

Processor	Purpose	What they receive
OpenAI	Generating AI responses, voice transcription and speech, emotion analysis	Session messages, voice audio (transient), diary text for analysis, relevant health context
Amplitude	Product analytics	Pseudonymous usage events (no content, no health values)
Apple	Subscriptions, push notifications	Purchase receipts, push tokens
Our hosting provider	Running our servers and database	Encrypted traffic to/from our infrastructure

We never share your data with advertisers or data brokers. We disclose data to authorities only when legally compelled, and we will challenge over-broad requests.

4. Where your data lives and how it’s protected

Your data is stored on our servers located in the European Union and/or the United States. All traffic between the app and our servers is encrypted in transit (HTTPS/TLS). Access to production systems is restricted to the minimum necessary, and we keep short-lived rotating backups so your data isn’t lost to a hardware failure.

Where data is transferred between jurisdictions (e.g., EU to US), we rely on recognized safeguards such as the EU Standard Contractual Clauses.

No system is perfectly secure, and we won’t pretend otherwise. If a breach ever affects your data, we will notify you and the relevant authorities as the law requires — promptly and plainly.

5. How long we keep data

Account, therapy, diary, check-in and health data — for as long as your account is active, so your therapy history and plan stay continuous.
Voice audio — not retained beyond processing (only the transcript remains, as session content).
Analytics events — up to 24 months, then deleted or aggregated.
Backups — rotate out automatically on a short schedule.
After account deletion — see Section 6.

6. Deleting your data

You don’t have to ask us — deletion is built into the app:

Delete individual items: diary entries, AI memories (one by one or all at once) — Settings → AI Memory / Diary.
Export everything first if you want a copy: Settings → Export My Data produces a complete archive (ZIP or PDF).
Delete your account: Settings → Data & Account → Delete Account. Your account is deactivated immediately: it is unlinked from your email, your subscriptions are closed on our side, and your content is removed from active use and is no longer accessible to anyone, including you.
Full erasure: to have the underlying records permanently erased from our systems and backups, email support@beliora.app from your account email — we complete erasure requests within 30 days.

Canceling your subscription is separate and is done through your Apple ID settings (deleting the app or the account does not by itself cancel an Apple subscription).

7. Your rights

Wherever you live, we extend GDPR-style rights to you:

Access — get a copy of your data (the in-app export gives you this instantly).
Rectification — correct inaccurate data (most of it you can edit directly in the app).
Erasure — delete your data (Section 6).
Restriction and objection — limit or object to specific processing.
Portability — receive your data in a machine-readable format (the export ZIP contains JSON).
Withdraw consent — at any time, e.g., switch off Health categories or revoke HealthKit access; this doesn’t affect the lawfulness of processing before withdrawal.
Complain — to your local data protection authority, if you believe we’ve handled your data unlawfully. We’d appreciate the chance to fix it first, but you’re not required to give us one.

To exercise any of these, use the in-app controls or email support@beliora.app. We respond within 30 days.

Our legal bases under the GDPR: performance of a contract (running the service you signed up for), your explicit consent for health data and other special-category data (Art. 9(2)(a)), legitimate interests for security and minimal analytics, and legal obligations where applicable.

8. Age

Beliora is for people aged 16 and older. We do not knowingly collect data from anyone younger. If you believe a child under 16 has created an account, contact us and we will delete it.

9. What Beliora is not

Beliora is an AI-assisted self-help tool. It is not medical care, not licensed psychotherapy, and not a diagnostic device, and the data practices described here exist to support self-help, not clinical treatment. If you are in crisis, contact your local emergency number immediately.

10. Changes to this policy

If we change this policy in any meaningful way, we’ll tell you in the app before the change takes effect — not bury it. The current version always lives at beliora.app/privacy, with its effective date at the top.

11. Contact

Synth Layer LLC — Beliora Data Protection 30 N Gould St, Ste N, Sheridan, WY 82801, United States Email: support@beliora.app Website: https://beliora.app

We answer privacy questions from a real inbox, usually within a few days.