← Back to Pomi

Privacy Policy

Effective Date: March 13, 2026 · Last Updated: July 6, 2026

Our Commitment: Your conversations with Pomi are sacred. We will never sell your data, never use it for advertising, and never share it without your explicit consent. Your privacy is not a feature — it is our foundation.

1. Who We Are

Pomi is operated by MyPomi Inc., a Delaware C-Corporation ("we," "us," "our"). Our mission is to provide a safe, private digital sanctuary for emotional well-being.

2. AI Disclosure

Pomi is an artificial intelligence (AI) companion. Pomi is not a human, not a licensed therapist, and not a medical professional. Pomi is designed to provide emotional support and companionship, but is not a substitute for professional mental health care, therapy, or crisis intervention.

In accordance with California SB 243 and New York General Business Law Article 47 (AI Companion Models), we clearly disclose that all interactions with Pomi are with an AI system. Pomi is clearly identified as an AI companion throughout the app, including a persistent notice in the chat interface.

3. Information We Collect

3.1 Information You Provide

Data TypeDetailsPurpose
Account Profile Name, email address, profile picture (via Google or Sign in with Apple; with Apple, your email may be a private relay address) Account identification, personalization
Conversations Messages you exchange with Pomi Providing the service, conversation continuity
Payment Data Processed by the Apple App Store and Google Play; we never receive or store card numbers Subscription management

3.2 Information Collected Automatically

Data TypeDetailsPurpose
Usage Data Session frequency, feature usage, timestamps Service improvement
Device Information Browser type, operating system Technical compatibility
Cookies Session authentication cookies only Keeping you signed in

3.3 Sensitive Information

Your conversations with Pomi may contain sensitive emotional and mental health information. We treat all conversation data as sensitive personal information and apply the highest level of protection to it.

4. How We Use Your Information

We use your information solely for the following purposes:

We do NOT:

5. Third-Party Service Providers

We share limited data with trusted service providers who help us operate Pomi:

ProviderPurposeData Shared
Anthropic AI conversation processing (generates Pomi's responses) Conversation content
Cloudflare App & website hosting, database (D1), caching (KV), email routing, security & CDN Application data at rest, including account, conversation, and usage data (encrypted); access logs
Google OAuth authentication; push notification delivery (Firebase Cloud Messaging) Authentication tokens; device push tokens (for delivering notifications you enable)
Apple Sign in with Apple (iOS app); push notification delivery (APNs) Authentication tokens; device push tokens (for delivering notifications you enable)
Apple App Store & Google Play In-app purchase / payment processing Payment information (handled directly by the app stores; we never receive card numbers)
Telegram Operational alerts to our team: crisis-safety alerts (so we can review and respond), support-report notifications, and daily aggregate service-cost reports Crisis alerts: pseudonymous identifiers only — your user ID, conversation ID, and the time of the signal; no conversation content. Support reports: if you choose to submit a support report in the app, the report text and your contact email are relayed to our support team with your consent at submission. Service-cost reports: aggregate usage totals and per-account usage figures shown only as truncated pseudonymous IDs; no conversation content or contact details.

Each provider is contractually bound to use your data only for the purposes of providing their service to us and to maintain appropriate security measures. Our AI provider, Anthropic, is contractually prohibited from using your conversations to train its models. Content processed by Anthropic is retained only transiently on its systems and is automatically deleted, typically within 30 days, except where longer retention is required to enforce its usage policies or by law.

6. Data Retention

Upon account deletion, your personal data and conversation history will be permanently deleted within 30 days, except where retention is required by law.

7. Your Rights

You have the following rights regarding your personal information:

To exercise any of these rights, contact us at contact@mypomi.ai. We will respond within 45 days.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not sell or share your personal information as defined under these laws. You have the right to request disclosure of the categories and specific pieces of personal information we have collected.

Canadian Residents (PIPEDA)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and challenge the handling of your personal information. Your data may be processed in the United States.

8. Crisis Safety Protocol

If you are in immediate danger or experiencing a mental health crisis, please contact emergency services or one of these resources:

Pomi includes safety monitoring to detect signals of self-harm or suicidal ideation. When such signals are detected, Pomi will gently guide you toward professional crisis resources. Pomi is not a substitute for emergency services or professional mental health care. Crisis detection is automated and cannot guarantee that every signal will be detected; Pomi is not a continuously human-monitored service and is not an emergency service.

For your safety, when a crisis signal is detected, our team may also receive a secure alert containing only pseudonymous identifiers (a user ID, conversation ID, and timestamp) — never the content of your conversation — so that a person can review and, where appropriate, follow up. See our third-party providers table above for details.

A summary of our crisis detection and response protocol is described in this section. The complete protocol is available upon request at contact@mypomi.ai.

9. Data Security

We implement industry-standard security measures to protect your data, including:

10. Children's Privacy

Pomi is designed for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly. If you believe a minor has used Pomi, please contact us at contact@mypomi.ai.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using Pomi, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.

12. "Do Not Sell or Share My Personal Information"

We do not sell or share your personal information. This has been our policy since day one and will remain so. If this ever changes (it won't), we will update this policy and obtain your explicit consent before any such change takes effect.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Pomi app or via email before the changes take effect. Your continued use of Pomi after a change constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights: