How your data is held.

Last updated: April 3, 2026 · Effective immediately upon account creation

The short version

Your conversations with Thera are processed by AI on our servers. They are not end-to-end encrypted. We don't sell your data, we don't manually read your sessions, and you control everything you share with your partner.

Who we are

Thera is an emotional wellness application developed and operated by Sharp Ventures LLC, a limited liability company registered in the State of Florida, United States.

Our service is accessible at thera.bond and through our web application.

For questions about this policy, contact us at hello@thera.bond.

Information we collect

We collect only what we need to provide the service:

Account information: Your first name and your partner's first name (no last names required), email address, and authentication credentials.
Payment information: Processed entirely by Stripe. We never see or store your full card number.
Session content: The messages you send to Thera during chat sessions.
Mood data: The mood selections you make within the app.
Shared summaries: Content you explicitly choose to share with your partner.
Usage data: Session counts, feature usage, and app performance data.
Device and browser data: Browser type, operating system, and general device category for performance optimization. We do not use tracking cookies or third-party analytics tools for advertising.

How we use your information

To provide and improve the Thera service
To generate AI responses during your sessions
To maintain session memory and emotional pattern recognition across your conversations
To deliver shared content between partners on the Couple Plan
To process subscription payments via Stripe
To send transactional emails (receipts, subscription notices)
To detect and prevent fraud or abuse

We do not use your information for advertising, behavioral profiling, or sale to third parties. Not under any circumstances.

Your conversations are private

Your raw session conversations are never visible to your partner, to other users, or to our team unless required by law.

Sessions marked as Private Mode are never offered for sharing.

All session data is processed by Anthropic's Claude API under their data processing terms. Anthropic does not retain your conversation data and does not use API inputs or outputs to train models. For details, see Anthropic's usage policy.

Partner sharing

On the Couple Plan, you may choose to share AI-generated summaries of your sessions with your partner. This is always opt-in and per-session. You control every share.

Your partner cannot see your raw conversation. Only the summary you approved. You may revoke a share by contacting support within 24 hours.

Data storage and security

Your data is stored on encrypted servers in the United States via Supabase (hosted on AWS infrastructure).

In transit: All data is encrypted using TLS (Transport Layer Security) between your device and our servers.
At rest: All database records are encrypted at rest using AES-256 encryption via Supabase's infrastructure.
Authentication: User accounts are managed through Supabase Auth with secure token-based sessions.

We do not claim to provide end-to-end encryption. Your session data is accessible to our server infrastructure in order to generate AI responses and maintain memory features. However, we do not manually review, read, or access your session content unless required by law.

Third-party services

We use the following third-party services to operate Thera:

Supabase: database, authentication, and backend infrastructure (supabase.com/privacy)
Stripe: payment processing (stripe.com/privacy)
Anthropic: AI language model processing (anthropic.com/policies)
Netlify: web hosting and serverless functions. Netlify logs the IP address of every request to our chat function for rate-limit and abuse prevention. (netlify.com/privacy)
Google Fonts: typography. Loading our fonts exposes your IP address to Google. (policies.google.com/privacy)

We do not sell, rent, or trade your personal information to any third party for marketing purposes. None of the services listed above receive your data for their own commercial use.

Your rights

All users have the right to:

Access all data we hold about you
Request deletion of your account and all associated data
Export your session history
Opt out of non-essential communications
Withdraw consent for data processing at any time (which will terminate your account)

To exercise any of these rights, email hello@thera.bond and we will respond within 30 days.

For users in the European Economic Area (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation, including:

The right to data portability (receiving your data in a structured, machine-readable format)
The right to restrict processing of your data
The right to object to processing based on legitimate interests
The right to lodge a complaint with your local data protection authority

Our legal basis for processing your data is contractual necessity (to provide the service you signed up for) and legitimate interest (to improve and secure the service).

For California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act provides you with additional rights, including:

The right to know what personal information we collect and how it is used
The right to request deletion of your personal information
The right to opt out of the sale of your personal information. We do not sell personal information under any circumstances.
The right to non-discrimination for exercising your privacy rights

Cookies and tracking

Thera uses only essential cookies required for authentication and session management. We do not use advertising cookies, third-party tracking pixels, or analytics tools that share data with advertisers.

Children's privacy

Thera is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us immediately at hello@thera.bond.

Data retention and deletion

Active subscribers: Data is retained for the duration of your subscription.
Cancelled subscriptions: Session data is retained for 90 days after cancellation, then permanently deleted.
Account deletion requests: All data is permanently deleted within 30 days of your request.
Payment records: Billing history is retained by Stripe in accordance with their data retention policies and applicable tax/legal requirements.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify active subscribers via email at least 14 days before material changes take effect. Your continued use of the service after that date constitutes acceptance of the updated policy.

Governing law

This Privacy Policy is governed by and construed in accordance with the laws of the State of Florida, United States, without regard to its conflict of law provisions.

Contact

For any questions about this Privacy Policy or your data:

Sharp Ventures LLC
Email: hello@thera.bond