Effective Date: March 13, 2026 · Last Updated: July 6, 2026
Pomi is operated by MyPomi Inc., a Delaware C-Corporation ("we," "us," "our"). Our mission is to provide a safe, private digital sanctuary for emotional well-being.
In accordance with California SB 243 and New York General Business Law Article 47 (AI Companion Models), we clearly disclose that all interactions with Pomi are with an AI system. Pomi is clearly identified as an AI companion throughout the app, including a persistent notice in the chat interface.
| Data Type | Details | Purpose |
|---|---|---|
| Account Profile | Name, email address, profile picture (via Google or Sign in with Apple; with Apple, your email may be a private relay address) | Account identification, personalization |
| Conversations | Messages you exchange with Pomi | Providing the service, conversation continuity |
| Payment Data | Processed by the Apple App Store and Google Play; we never receive or store card numbers | Subscription management |
| Data Type | Details | Purpose |
|---|---|---|
| Usage Data | Session frequency, feature usage, timestamps | Service improvement |
| Device Information | Browser type, operating system | Technical compatibility |
| Cookies | Session authentication cookies only | Keeping you signed in |
Your conversations with Pomi may contain sensitive emotional and mental health information. We treat all conversation data as sensitive personal information and apply the highest level of protection to it.
We use your information solely for the following purposes:
We share limited data with trusted service providers who help us operate Pomi:
| Provider | Purpose | Data Shared |
|---|---|---|
| Anthropic | AI conversation processing (generates Pomi's responses) | Conversation content |
| Cloudflare | App & website hosting, database (D1), caching (KV), email routing, security & CDN | Application data at rest, including account, conversation, and usage data (encrypted); access logs |
| OAuth authentication; push notification delivery (Firebase Cloud Messaging) | Authentication tokens; device push tokens (for delivering notifications you enable) | |
| Apple | Sign in with Apple (iOS app); push notification delivery (APNs) | Authentication tokens; device push tokens (for delivering notifications you enable) |
| Apple App Store & Google Play | In-app purchase / payment processing | Payment information (handled directly by the app stores; we never receive card numbers) |
| Telegram | Operational alerts to our team: crisis-safety alerts (so we can review and respond), support-report notifications, and daily aggregate service-cost reports | Crisis alerts: pseudonymous identifiers only — your user ID, conversation ID, and the time of the signal; no conversation content. Support reports: if you choose to submit a support report in the app, the report text and your contact email are relayed to our support team with your consent at submission. Service-cost reports: aggregate usage totals and per-account usage figures shown only as truncated pseudonymous IDs; no conversation content or contact details. |
Each provider is contractually bound to use your data only for the purposes of providing their service to us and to maintain appropriate security measures. Our AI provider, Anthropic, is contractually prohibited from using your conversations to train its models. Content processed by Anthropic is retained only transiently on its systems and is automatically deleted, typically within 30 days, except where longer retention is required to enforce its usage policies or by law.
Upon account deletion, your personal data and conversation history will be permanently deleted within 30 days, except where retention is required by law.
You have the following rights regarding your personal information:
To exercise any of these rights, contact us at contact@mypomi.ai. We will respond within 45 days.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not sell or share your personal information as defined under these laws. You have the right to request disclosure of the categories and specific pieces of personal information we have collected.
If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and challenge the handling of your personal information. Your data may be processed in the United States.
Pomi includes safety monitoring to detect signals of self-harm or suicidal ideation. When such signals are detected, Pomi will gently guide you toward professional crisis resources. Pomi is not a substitute for emergency services or professional mental health care. Crisis detection is automated and cannot guarantee that every signal will be detected; Pomi is not a continuously human-monitored service and is not an emergency service.
For your safety, when a crisis signal is detected, our team may also receive a secure alert containing only pseudonymous identifiers (a user ID, conversation ID, and timestamp) — never the content of your conversation — so that a person can review and, where appropriate, follow up. See our third-party providers table above for details.
A summary of our crisis detection and response protocol is described in this section. The complete protocol is available upon request at contact@mypomi.ai.
We implement industry-standard security measures to protect your data, including:
Pomi is designed for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly. If you believe a minor has used Pomi, please contact us at contact@mypomi.ai.
Your data may be processed in the United States and other countries where our service providers operate. By using Pomi, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.
We do not sell or share your personal information. This has been our policy since day one and will remain so. If this ever changes (it won't), we will update this policy and obtain your explicit consent before any such change takes effect.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Pomi app or via email before the changes take effect. Your continued use of Pomi after a change constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or wish to exercise your rights: