How we collect, process, and protect your data. GDPR-compliant, AES-256 encryption, store: false for AI.
Psynex is a platform for self-exploration and relationship understanding. We are not a medical product, we do not diagnose, and we do not provide therapy. During open public testing, 14 study topics are available, all free for one account. Domain: psynex.app.
During registration and onboarding we collect: display name, gender (for AI response personalization), age, interface language, and optionally location. While using the platform, you generate behavioral data through the Explorer module (scenario responses, Deep mode dialogues). This data forms your MindID — a dynamic model of your behavioral patterns.
Your data is used exclusively for platform operation: building and updating your MindID, generating micro-insights after each study, comparing MindIDs in the Match module (at your request), and product analytics (aggregated metrics without personal data). We never use your data for advertising, selling to third parties, or optimizing you for external KPIs.
Psynex uses Anthropic (Claude) models for dialogue processing and interpretation generation. Key parameter: store: false — your data is NOT stored on Anthropic servers. Data exists temporarily in RAM during processing and is deleted after the request completes. The AI provider has no access to your MindID, history, or profile. You give explicit consent to AI processing during onboarding (step 6). During MVP2, data is stored in a database with AES-256 encryption at rest. In Phase 3, we plan to transition to client-side encryption (key = user's Psynex Wallet) and blockchain as part of the encryption system: only hashes will be stored on-chain, never raw data.
All your data is stored in a Supabase (PostgreSQL) database with AES-256 encryption at rest. Connections are protected by HTTPS (TLS). Your data exists in only two places: (1) our database, which we control, (2) temporarily in RAM during AI processing. We do not use Google Analytics, Meta SDK, or any third-party SDKs that extract personal data. For product analytics, we use PostHog (event and behavior analytics, EU hosting) and Vercel Analytics. All analytics data is aggregated, without personal identification.
Row Level Security (RLS) is enabled on every database table: you can only see your own data. Even if the API is compromised, cross-user access is impossible. Critical operations (writing study results, MindID fields, ATOMs) are performed only by the server via service role — the client never writes directly. Match reports are accessible only through a special RPC function with access level control.
When you do a Match with another person, your partner never sees your MindID directly. The Match report describes the space BETWEEN you using relational language (not "you are X, they are Y"). By default, the report shows only a summary. Detailed information is revealed only with explicit consent from both parties (Layered Reveal).
Chat messages (Deep and Insight modes) are ephemeral. After a session ends, the transcript is archived and messages are deleted from the database. Archived transcripts are automatically purged after 90 days. Message limits: maximum 5,000 characters per message, 100 messages per session.
You have full control over your data. Account deletion: cascade delete of ALL 13 database tables. After deletion, zero recoverable data remains at the application layer. Note: Supabase automatic backups (Point-in-Time Recovery) may retain data for up to 30 days after deletion at the infrastructure level. You can request account deletion via /settings/delete.
Access to Psynex is blocked for the following territories: Russia, Belarus, Iran, North Korea. Blocking is enforced at the infrastructure level (Vercel Edge). Russian language is not supported — this is a core company policy.
Authentication: Supabase Auth (bcrypt, JWT, magic link). Transport: HTTPS everywhere, HSTS. Injection protection: Zod validation of all server-side inputs. Rate limiting: API request throttling. CSP: strict content security policy. Classifier security: every user text input is checked for unsafe content. Planned (Phase 3): client-side encryption with key in Psynex Wallet, blockchain as part of the encryption system (on-chain hashes only, never raw data), local encrypted MindID backup on device.
Psynex is not intended for persons under 16 years of age. We do not knowingly collect data from children. If you believe a minor has registered on the platform, contact us for account deletion.
We may update this privacy policy. We will notify you of significant changes through the platform. By continuing to use Psynex after changes, you accept the updated policy.
For all inquiries: hello@psynex.app