Privacy Policy

Last updated: March 2026

1. Introduction

Empath ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform and services. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Empath is the data controller for the personal data processed through this platform. For any data protection queries, contact us at help@empathapp.co.uk.

3. Data We Collect

We collect the following types of data:

  • Email address — provided when you join the waitlist or create an account
  • Experience data — information you share about your situation for the purpose of AI matching (e.g. what you're going through, how you're feeling)
  • Conversation data — messages exchanged during peer conversations, stored in encrypted form
  • Usage data — anonymous analytics such as page views, session duration, and feature usage
  • Device data — browser type, operating system, and IP address (anonymised)

4. How We Use Your Data

We use your data for the following purposes:

  • To provide and operate the Empath platform
  • To match you with appropriate peers using our AI matching system
  • To send you waitlist updates and service communications
  • To ensure user safety through automated content monitoring
  • To improve our matching algorithms and platform experience
  • To comply with legal obligations

5. Legal Basis for Processing

We process your personal data on the following legal bases under UK GDPR:

  • Consent — for joining the waitlist and receiving communications
  • Contract — for providing the Service as described in our Terms
  • Legitimate interest — for improving the platform, ensuring safety, and preventing misuse
  • Legal obligation — where we are required to process data by law

6. Data Sharing

We do not sell your personal data. We may share data with the following categories of third parties, only as necessary to operate the Service:

  • Infrastructure providers — hosting and database services (e.g. Vercel, Supabase)
  • Email services — for transactional emails (e.g. Resend)
  • Analytics providers — anonymised usage data only
  • Law enforcement — only where required by law or to prevent imminent harm

7. Data Retention

We retain your data only for as long as necessary to fulfil the purposes outlined in this policy. Waitlist email addresses are retained until you unsubscribe or request deletion. Conversation data is retained for a maximum of 90 days after the conversation ends, after which it is permanently deleted. Account data is retained until you delete your account.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption at rest and in transit, access controls, and regular security reviews. All conversations are encrypted and stored securely. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Your Rights

Under UK GDPR, you have the following rights:

  • Right of access — request a copy of your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your personal data
  • Right to restrict processing — request limitation of how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at help@empathapp.co.uk. We will respond within 30 days.

10. Cookies

We use essential cookies required for the Service to function. We do not use advertising or tracking cookies. Analytics cookies, if used, collect only anonymised data. You can control cookies through your browser settings.

11. International Transfers

Your data may be processed in countries outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data in accordance with UK GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

14. Contact

For any questions about this Privacy Policy or your personal data, contact us at help@empathapp.co.uk.