Our Commitment to Your Privacy
We remember your story because that's how we help you grow. Not to sell it. Not to share it. To be there for you in a way no one else can.
We're not like social media or search engines that monetize your data. Our business model is simple—you pay for our service (or use our free tier), and we use your information only to provide and improve that service. We never sell your personal information. Ever.
This Privacy Policy explains how Ferni AI, Inc. ("Ferni," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our AI coaching services, including our website (ferni.ai), mobile applications, phone services, and any related services (collectively, the "Services").
Effective Date: December 31, 2025
Last Updated: December 31, 2025
Information We Collect
We collect information in several ways to provide you with personalized coaching:
Information You Provide Directly
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Email address, phone number, name, profile photo (optional) | Account creation, authentication, communication |
| Conversation Content | Text messages, voice transcripts, goals, reflections, personal stories | Personalized coaching, memory continuity |
| Payment Information | Billing address, payment method details (processed by Stripe) | Subscription processing |
| Communication Preferences | SMS opt-in status, notification settings, language preferences | Delivering communications per your preferences |
| Feedback & Support | Survey responses, support tickets, feature requests | Improving our Services |
Information Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Device Information | Device type, operating system, browser type, unique device identifiers | Service optimization, security |
| Usage Data | Features used, session duration, interaction patterns, team member preferences | Service improvement, personalization |
| Log Data | IP address, access times, pages viewed, referring URLs | Security, debugging, analytics |
| Location Data | General location (city/region level) derived from IP address | Timezone detection, localization |
| Voice Data | Audio recordings (phone calls), voice characteristics for speaker identification | Service delivery, voice recognition |
Information from Third Parties
- Authentication providers: If you sign in via Google or Apple, we receive your name and email
- Payment processors: Transaction confirmation from Stripe (we never see your full card number)
- Analytics services: Aggregated usage patterns (not linked to your conversations)
Sensitive Information
During coaching conversations, you may share sensitive information including health concerns, financial situations, relationship details, or emotional states. We treat all conversation content with the highest level of protection and never use it for purposes other than providing your coaching service.
How We Use Your Information
Your information serves one purpose: helping you grow. Here's specifically how:
Providing Our Services
- Delivering personalized AI coaching through our team of specialists
- Maintaining conversation continuity and memory across sessions
- Processing voice calls and text interactions
- Sending coaching reminders, check-ins, and follow-ups (with your consent)
- Managing your account and subscription
Improving Our Services
- Analyzing usage patterns to enhance features (aggregated, not individual)
- Training and improving our AI models (see AI & Machine Learning section)
- Debugging technical issues
- Conducting research to better understand coaching effectiveness
Communications
- Sending service-related announcements and updates
- Responding to your inquiries and support requests
- Delivering SMS messages (only with your explicit consent)
- Marketing communications (only with your opt-in consent)
Safety & Security
- Detecting and preventing fraud, abuse, and security incidents
- Enforcing our Terms of Service
- Complying with legal obligations
- Protecting the rights and safety of our users and third parties
Sell your data. Show you ads based on your conversations. Share your story with anyone who doesn't need it to help us serve you. Use your conversations to train AI models without your explicit consent.
Legal Bases for Processing (GDPR)
For users in the European Economic Area, United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:
| Legal Basis | Processing Activities |
|---|---|
| Contract Performance | Providing our coaching Services, managing your account, processing payments, delivering conversation continuity |
| Consent | SMS communications, marketing emails, AI model training using your data, cookies and tracking |
| Legitimate Interests | Service improvement, security and fraud prevention, analytics (where not overridden by your rights) |
| Legal Obligation | Tax compliance, responding to lawful government requests, maintaining required records |
Where we rely on consent, you may withdraw it at any time by contacting us at privacy@ferni.ai or adjusting your settings in the app.
Data Sharing & Disclosure
We do not sell your personal information. We share your data only in limited circumstances:
Service Providers
We work with trusted partners bound by strict data protection agreements:
| Provider Type | Purpose | Data Shared |
|---|---|---|
| Cloud Infrastructure (Google Cloud Platform) |
Hosting and data storage | All service data (encrypted) |
| AI Model Providers (Google, OpenAI, Anthropic) |
Powering AI conversations | Conversation content (processed, not stored by providers) |
| Voice Services (LiveKit, Cartesia) |
Real-time voice communication | Voice data during calls |
| SMS Provider (Twilio) |
Text message delivery | Phone number, message content |
| Payment Processor (Stripe) |
Subscription billing | Payment and billing information |
| Analytics (Google Analytics, PostHog) |
Service improvement | Anonymized usage data (not conversations) |
| Email Services (SendGrid) |
Transactional emails | Email address, name |
Legal Requirements
We may disclose your information when required by law, including:
- Valid legal process (subpoenas, court orders, government requests)
- To protect the safety of any person
- To investigate potential violations of our Terms
- To protect our legal rights
We will notify you of legal requests unless prohibited by law or court order, and we will challenge requests we believe are overly broad or inappropriate.
Business Transfers
If Ferni is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our website of any change in ownership and your choices regarding your information.
With Your Consent
We may share information for other purposes with your explicit consent.
Data Retention
We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 30 days | Service provision, account recovery |
| Conversation History | Duration of account | Continuous coaching memory |
| Voice Recordings | 90 days (transcripts retained longer) | Quality assurance, dispute resolution |
| Payment Records | 7 years after transaction | Legal and tax compliance |
| Usage Analytics | 26 months (aggregated indefinitely) | Service improvement |
| Support Tickets | 3 years after resolution | Quality assurance, legal compliance |
| Server Logs | 90 days | Security, debugging |
When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required for legal compliance or legitimate business purposes (such as fraud prevention).
Data Security
We implement comprehensive security measures to protect your information:
Technical Safeguards
- Encryption in Transit: All data transmitted to and from our Services uses TLS 1.3 encryption
- Encryption at Rest: All stored data is encrypted using AES-256 encryption
- Access Controls: Role-based access with multi-factor authentication for all team members
- Infrastructure Security: Hosted on SOC 2 Type II certified cloud infrastructure (Google Cloud)
- Network Security: Firewalls, intrusion detection, and DDoS protection
- Vulnerability Management: Regular security assessments and penetration testing
Organizational Safeguards
- Minimal Access: Team members access personal data only when necessary for their role
- Security Training: All employees complete security awareness training
- Vendor Assessment: Third-party vendors undergo security review before engagement
- Incident Response: Documented procedures for detecting, responding to, and reporting breaches
- Audit Logging: All access to sensitive data is logged and monitored
Breach Notification
In the event of a data breach affecting your personal information, we will notify you within 72 hours (as required by GDPR) via email and/or in-app notification. We will also notify relevant regulatory authorities as required by law.
International Data Transfers
Ferni is based in the United States, and your information is processed and stored primarily in the United States. If you're located outside the U.S., your information will be transferred to and processed in the U.S.
Transfer Mechanisms
For transfers from the European Economic Area, United Kingdom, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs): EU-approved contractual terms with our service providers
- Data Processing Agreements: Binding contracts ensuring equivalent protection
- Adequacy Decisions: Where applicable, transfers to countries with adequate data protection
Our cloud infrastructure providers maintain certifications including SOC 2, ISO 27001, and comply with the EU-U.S. Data Privacy Framework.
Your Privacy Rights
Depending on your location, you have various rights regarding your personal information:
Rights for All Users
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Export: Download your conversation history and account data
- Opt-Out: Unsubscribe from marketing communications at any time
- SMS Opt-Out: Text STOP to cancel SMS messages
Additional Rights (EEA, UK, Switzerland)
- Restrict Processing: Request limitation of how we use your data
- Data Portability: Receive your data in a structured, machine-readable format
- Object to Processing: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent where processing is based on consent
- Lodge a Complaint: File a complaint with your local data protection authority
Exercising Your Rights
To exercise any of these rights:
- Email: privacy@ferni.ai
- In-App: Settings → Privacy → Manage My Data
- Mail: Ferni AI, Inc., Attn: Privacy, [Address]
We will respond within 30 days (or 45 days for complex requests, with notice). We may need to verify your identity before processing requests.
U.S. State Privacy Rights
California (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
- Right to Know: Categories and specific pieces of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Correct: Request correction of inaccurate information
- Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising
- Right to Limit Use of Sensitive Information: We only use sensitive information for service delivery
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, contact us at privacy@ferni.ai or call 1 (888) 598-3952.
Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA)
Residents of these states have similar rights to access, correct, delete, and obtain a copy of personal data, as well as opt out of targeted advertising (which we do not conduct) and profiling. Appeals may be submitted to privacy@ferni.ai.
Do Not Track
Our Services do not currently respond to "Do Not Track" browser signals, as there is no industry standard for this. However, you can manage cookies and tracking through your browser settings.
Children's Privacy
Ferni is designed for adults and is not intended for users under the age of 16 (or the applicable age of digital consent in your jurisdiction).
- We do not knowingly collect personal information from children under 16
- We do not knowingly allow children to register for or use our Services
- We do not knowingly market to children
If you believe a child under 16 has provided us with personal information, please contact us immediately at privacy@ferni.ai. We will promptly delete such information.
For users between 16-18, we recommend parental involvement in their use of our Services.
AI & Machine Learning
Ferni is an AI-powered service. Here's how we use AI and handle your data in that context:
How AI Powers Your Coaching
- Our AI specialists (Ferni, Maya, Peter, Alex, Jordan, Nayan) use large language models to understand and respond to you
- Your conversation history enables personalized, continuous coaching
- AI analyzes patterns in your conversations to provide relevant insights
- Voice recognition identifies you for seamless phone interactions
AI Model Training
We do not use your conversation content to train or improve third-party AI models (Google, OpenAI, Anthropic) without your explicit, informed consent.
If you choose to opt in (available in settings), anonymized and aggregated conversation patterns may be used to improve Ferni's coaching capabilities. You can withdraw this consent at any time.
Automated Decision-Making
Ferni does not make legally or similarly significant decisions about you through purely automated means. Our AI provides coaching suggestions and insights, but you always maintain full control over your decisions and actions.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do:
- We'll update the "Last Updated" date at the top
- For material changes, we'll provide prominent notice (email, in-app notification, or banner) at least 30 days before they take effect
- We'll maintain an archive of previous versions upon request
- Continuing to use our Services after changes take effect means you accept the updated policy
If you disagree with any changes, you may delete your account before the new policy takes effect.
Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy Questions: privacy@ferni.ai
- Data Protection Officer: dpo@ferni.ai
- General Support: hello@ferni.ai
- Phone: 1 (888) 598-3952
- Mail: Ferni AI, Inc., Attn: Privacy Team, [Address]
EU/UK Representative
For users in the European Economic Area or United Kingdom, our representative can be contacted at eu-representative@ferni.ai.
Supervisory Authority
If you're in the EEA/UK and believe we've violated your data protection rights, you have the right to lodge a complaint with your local supervisory authority.
Last thought: We built Ferni because we believe everyone deserves someone who truly listens and remembers. That trust is the foundation of everything we do. Thank you for letting us be part of your story.