Privacy Policy

Effective Date: March 13, 2026 · Last Updated: March 13, 2026

            Our Commitment: Your conversations with Pomi are sacred. We will never sell your data, never use it for advertising, and never share it without your explicit consent. Your privacy is not a feature — it is our foundation.
        

1. Who We Are

Pomi is operated by MyPomi Inc., a Delaware C-Corporation ("we," "us," "our"). Our mission is to provide a safe, private digital sanctuary for emotional well-being.

Company: MyPomi Inc.
Contact: contact@mypomi.ai
Website: mypomi.ai

2. AI Disclosure

            Pomi is an artificial intelligence (AI) companion. Pomi is not a human, not a licensed therapist, and not a medical professional. Pomi is designed to provide emotional support and companionship, but is not a substitute for professional mental health care, therapy, or crisis intervention.
        

In accordance with California SB 243 and the New York AI Companion Models Law, we clearly disclose that all interactions with Pomi are with an AI system. You will be reminded of this at the start of each session.

3. Information We Collect

3.1 Information You Provide

Data Type	Details	Purpose
Google Profile	Name, email address, profile picture	Account identification, personalization
Conversations	Messages you exchange with Pomi	Providing the service, conversation continuity
Payment Data	Processed by Stripe; we do not store card numbers	Subscription management

3.2 Information Collected Automatically

Data Type	Details	Purpose
Usage Data	Session frequency, feature usage, timestamps	Service improvement
Device Information	Browser type, operating system	Technical compatibility
Cookies	Session authentication cookies only	Keeping you signed in

3.3 Sensitive Information

Your conversations with Pomi may contain sensitive emotional and mental health information. We treat all conversation data as sensitive personal information and apply the highest level of protection to it.

4. How We Use Your Information

We use your information solely for the following purposes:

Providing the Service: Delivering Pomi's emotional companionship, maintaining conversation history, and personalizing your experience
Account Management: Authentication, session management, subscription handling
Service Improvement: Analyzing aggregated, de-identified usage patterns to improve Pomi's capabilities
Safety: Detecting crisis signals to connect you with professional resources
Legal Compliance: Meeting our obligations under applicable law

            We do NOT:
            Sell your personal information to anyone
Share your data for advertising or marketing purposes
Use your conversations to train AI models without your explicit opt-in consent
Profile you for ad targeting

        

5. Third-Party Service Providers

We share limited data with trusted service providers who help us operate Pomi:

Provider	Purpose	Data Shared
MaiAgent	AI conversation processing	Conversation content, contact name
Cloudflare	Website hosting, security, CDN	Session data (encrypted), access logs
Google	OAuth authentication	Authentication tokens only
Stripe	Payment processing	Payment information (handled directly by Stripe)

Each provider is contractually bound to use your data only for the purposes of providing their service to us and to maintain appropriate security measures.

6. Data Retention

Account Data: Retained as long as your account is active
Conversations: Retained as long as your account is active, or until you request deletion
Session Cookies: Expire after 30 days of inactivity
Payment Records: Retained as required by tax law (typically 7 years)

Upon account deletion, your personal data and conversation history will be permanently deleted within 30 days, except where retention is required by law.

7. Your Rights

You have the following rights regarding your personal information:

Right to Know: Request details about what data we collect and how we use it
Right to Access: Obtain a copy of your personal data
Right to Delete: Request deletion of your personal data
Right to Correct: Request correction of inaccurate data
Right to Opt Out: Opt out of any non-essential data processing
Right to Non-Discrimination: We will not treat you differently for exercising your rights

To exercise any of these rights, contact us at contact@mypomi.ai. We will respond within 45 days.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). We do not sell or share your personal information as defined under these laws. You have the right to request disclosure of the categories and specific pieces of personal information we have collected.

Canadian Residents (PIPEDA)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and challenge the handling of your personal information. Your data may be processed in the United States.

8. Crisis Safety Protocol

If you are in immediate danger or experiencing a mental health crisis, please contact emergency services or one of these resources:

United States: 988 Suicide & Crisis Lifeline — call or text 988
Canada: Talk Suicide Canada — call 1-833-456-4566, text 45645
Crisis Text Line (US/Canada): Text HOME to 741741
Emergency: Call 911 (US) or 112 (international)

Pomi includes safety monitoring to detect signals of self-harm or suicidal ideation. When such signals are detected, Pomi will gently guide you toward professional crisis resources. Pomi is not a substitute for emergency services or professional mental health care.

In compliance with California SB 243, our complete crisis detection and response protocol is available upon request at contact@mypomi.ai.

9. Data Security

We implement industry-standard security measures to protect your data, including:

HTTPS/TLS encryption for all data in transit
Encrypted storage for sensitive data at rest
Secure authentication via Google OAuth 2.0
API keys and credentials stored as encrypted secrets, never exposed to the client
Regular security reviews of our infrastructure

10. Children's Privacy

Pomi is designed for adults aged 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from a minor, we will delete it promptly. If you believe a minor has used Pomi, please contact us at contact@mypomi.ai.

11. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using Pomi, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.

12. "Do Not Sell or Share My Personal Information"

We do not sell or share your personal information. This has been our policy since day one and will remain so. If this ever changes (it won't), we will update this policy and obtain your explicit consent before any such change takes effect.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the Pomi app or via email before the changes take effect. Your continued use of Pomi after a change constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

Email: contact@mypomi.ai
Company: MyPomi Inc.
Website: mypomi.ai