Metasapien Privacy Policy
Effective Date: 18 May 2025
Metasapien (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and retain your personal information when you interact with our products and services, including Wiinta, Noetic, and Sankara.
This policy applies globally, with additional protections for users in the European Economic Area (EEA), the United Kingdom (UK), Switzerland (CH), and South Africa (ZA). Where required, we explain region-specific rights and obligations.
1. What We Collect
We collect the following categories of personal information:
• Account Information: If you sign up or create a profile, we may collect your name, email, location, and preferences.
• Voice and Interaction Data: When you speak to Wiinta or engage with our services, we collect audio input, transcriptions, emotional cues, and device metadata.
• Diagnostic Data: For features like mental health tracking or assessments, we may collect self-reported emotional states, responses to prompts, or physiological signals (e.g. tone of voice).
• Device and Usage Data: This includes your device type, IP address, location (approximate), language, and how you interact with the service.
• Payment and Transaction Data: If you purchase premium services, we process billing info through third-party providers.
• Feedback and Communication: If you contact us, participate in studies, or provide input, we store those communications.
• Third-Party Data: If you engage with Metasapien through partners or platforms (e.g. Hume), we may receive information subject to their policies.
2. How We Use Your Information
We use personal information for the following purposes:
• To provide, maintain, and improve our services.
• To personalise user experiences and emotional responses (e.g. through Wiinta).
• To enable Safe Space sessions, therapeutic modes, and diagnostics in Noetic and Sankara.
• To ensure user safety and prevent misuse of AI interactions.
• To conduct internal research, model training, and system improvements.
• To communicate updates, insights, and service notices.
• To comply with legal obligations and defend our rights.
We do not use personal data for automated profiling that produces legal or similarly significant effects without your explicit consent.
3. Legal Grounds for Processing (Region-Specific)
We process your information under the following legal bases, depending on where you live:
• Consent: When you give us clear permission, e.g., for emotional support features.
• Contractual Necessity: When needed to provide a service you requested.
• Legal Obligation: When required under local laws, e.g. for regulatory compliance.
• Legitimate Interests: For research, product improvement, or fraud prevention – balanced against your rights.
• Vital Interests: In rare cases, for crisis escalation or emergency mental health intervention (with appropriate safeguards).
4. Sharing and Disclosure
We may share your data in the following circumstances:
• With third-party processors (e.g. hosting providers, AI model partners) who help us operate the services.
• With health professionals or crisis services, if you’ve explicitly enabled such connections or in cases of emergency.
• With legal authorities, if required by law or to prevent harm.
• With affiliates or successors, in the context of restructuring or acquisition.
• With research partners, in anonymised or aggregated form only.
We never sell your personal data. We do not share identifiable mental health data without explicit consent.
5. Cross-Border Transfers
We operate globally. Your data may be processed in countries outside your own, including the United States, South Africa, and the European Union. When data leaves your jurisdiction:
• We rely on adequacy decisions (e.g., for Switzerland or the UK),
• Standard Contractual Clauses (SCCs) where required,
• And other legal safeguards to ensure protection.
For South African users, we adhere to the Protection of Personal Information Act (POPIA). For EEA/UK/CH users, we comply with the General Data Protection Regulation (GDPR), UK GDPR, and Swiss FADP.
6. Retention
We retain your information only as long as necessary to:
• Provide the service you requested.
• Comply with legal and operational obligations.
• Support research and development (in de-identified or aggregated formats).
Voice interactions and emotional data may be retained for a maximum of 12 months unless you request earlier deletion. De-identified training data may be retained indefinitely.
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
• Access: Request a copy of the data we hold.
• Correction: Fix inaccurate or incomplete data.
• Deletion: Request erasure of your data (subject to legal limitations).
• Objection: Object to processing based on our legitimate interests.
• Restriction: Ask us to pause processing under certain conditions.
• Portability: Request data in a usable format for another service.
• Withdrawal of Consent: Revoke any consents at any time.
• Complaint: File a complaint with a supervisory authority.
To exercise your rights, email us at: privacy@metasapien.io
For South Africa: You may contact the Information Regulator.
For EEA/UK/CH: You may contact your local Data Protection Authority.
8. Children
Our services are not intended for individuals under 16 years old (or under 18 in South Africa). We do not knowingly collect personal data from minors without guardian consent.
If we become aware of any such data, we will delete it promptly.
9. Security
We use technical and organisational measures to protect your data, including:
• End-to-end encryption of voice and text transmissions.
• Role-based access control internally.
• Regular audits and penetration testing.
• Data minimisation by default.
However, no system is perfectly secure. Use our services responsibly and avoid disclosing sensitive information unless necessary.
10. Updates to This Policy
We may update this policy as our services evolve. We will notify you of material changes through email or in-app alerts.
You are responsible for reviewing changes periodically. Continued use of our services means you accept the updated policy.
11. Contact Us
For any privacy questions, data access requests, or concerns, contact:
Metasapien (Pty) Ltd
Email: privacy@metasapien.io
Last Updated: 18 May 2025