bipolar.ai

Privacy

Architecture, not promises.

You’re about to tell a system about your money, your meds, and your worst weeks. “We take privacy seriously” is not enough. This page shows you exactly what we have, what we don’t, and why the architecture makes betrayal structurally difficult — not just policy-prohibited.

What we have

What we know about you

Everything, enumerated. Nothing hidden in the footnotes.

Data When we have it Where it lives Who can see it How to delete it
Your email address Only if you gave it — waitlist or signature builder. Never required to use the product. Our database, hashed before storage in the product (waitlist is plaintext for delivery purposes) You and us. Never sold, never shared. Email us from the same address — deleted within 24 hours. One-tap delete in the product at launch.
A random token (your “account”) Generated when you first open the product — you hold it, we store a record Your device (local storage) + our database You, by presenting the token. We cannot link a token to a person without you. Delete account in Settings — one tap, immediate.
Data you put in Bills, deadlines, mood check-ins, meds — only what you explicitly add Our database, associated to your token (not your email or name) You. Optionally, a trusted person you explicitly invite with scoped access. Export everything in Settings, then delete everything. Both are one tap at launch.
Your relapse signature If you build it at bipolar.ai/signature/ Our database, keyed to an anonymous token You. Optionally imported into your account. Not linked to you unless you save with email. Email us to delete.
Passive signals (sleep, spending patterns) Pro and Pro+ only, after you connect a source Our database, associated to your token You. The Watch feature — processing runs server-side but data is yours and deletable. Disconnect the source in Settings. Full delete via account deletion.

What we don’t have

What we deliberately chose not to collect

  • Your name. Never asked for. Not stored anywhere in our system.
  • Your phone number. SMS is opt-in for Pro+ Watch alerts. Not required for anything else.
  • Your location. Not collected, not inferred, not stored.
  • Identity verification. No government ID, no photo, no biometrics — ever.
  • Ad trackers. No Facebook Pixel, no Google Analytics, no third-party tracking scripts on any bipolar.ai page.
  • Analytics cookies. None. Not even “privacy-preserving” analytics. We don’t know how many people visit this page.
  • Third-party data brokers. We have never sent data to a broker. We never will.
  • “Anonymized” data partnerships. No. Your data is not an asset we monetize. You pay for the product; that is the entire business model.
  • Health records or diagnosis confirmation. We don’t know your diagnosis, your prescriber, or your treatment history unless you tell us. Nothing is required.

Why a breach can’t prove it’s you

Your identity is a token you hold.

Your bipolar.ai account is not an account in the traditional sense. It is a random 128-bit token generated on your device. We store a record of that token; you hold the token itself. There is no name, no email, and no identity document attached to it in our system.

If our database were breached, an attacker would see tokens and associated data. They could not prove which token belongs to which person without the person presenting their token — which they control. A subpoena for “data about this person” yields nothing, because we have no way to look up a person by identity.

If you gave us an email (waitlist), that is stored separately and is not linked to your product token. The two records are not joined in our schema.

This is the architecture. The privacy protection is structural, not contractual. We chose to build it this way because we are users of this product and we wanted to be protected too.

Export & delete

Your data leaves with you. One tap.

Both features are commitments we’re making now, before the product ships. The mechanism is named.

EXPORT

Export everything in one file. Settings → Export my data → JSON download. Every check-in, every item you entered, your relapse signature, your episode history. Human-readable format. No account deletion required first.

DELETE

Delete everything, immediately. Settings → Delete my account → confirm. All data associated with your token is purged from our database. Not archived, not “deactivated.” Gone. Takes effect within seconds.

CANCEL

Cancel your subscription without retention theater. Two taps, no “are you sure” dark patterns, no “what if we gave you a discount.” You cancel, you stop being charged, your data stays until you delete it or it does.

The legal version

Privacy policy (short form): bipolar.ai collects an email address only if you voluntarily provide one for the waitlist or to save your relapse signature. We collect no other personal information. We do not sell, share, or transfer your data to third parties for commercial purposes. You may request deletion of your email address at any time by contacting us. The full product operates on anonymous tokens and contains no personally identifiable information by design. This policy applies to bipolar.ai and all pages served from this domain.