Privacy & Terms
Privacy Policy Terms of Service

Do Note

Recent Changes

Definitions

Who are we?

What is Wysa App?

Who can use the service?

What personal data do we process and how do we use it?

Non-Personal data collected when using Wysa well-being coach or Wysa therapist service.

Do we use passive sensing or location data?

How do we share your data with third parties?

How do we handle your App password?

What data do we process after taking your Consent?

How do we handle user incidents and requests?

How do we handle data provided during promotions and surveys?

How do we handle your payment data when you subscribe to our services?

What do we process when you follow us on Instagram?

What do we process when you use the android speech-to-text feature?

Additional information when you use the audio-video coach or therapist service.

How do we handle your data when used for research purposes?

What data do we process as part of Gift Card purchase?

Additional information when you apply for employment or internship opportunities at Wysa.

Your use of third party weblinks

What additional processing is performed?

How do we secure your data?

How long do we retain your data including personal data?

What are your data protection rights?

Do California residents have specific privacy rights?

What are the controls for Do-Not-Track features?

Can children under 13 use Wysa App?

How to contact for additional questions, comments or concerns?

Can Non-English speaking users use the Wysa App?

What are some Best Practices to follow to keep your devices secure?

Changes to this Privacy Policy

Severability and Exclusion

Changes Log

Wysa Privacy Policy

Touchkin eServices Private Limited (“Touchkin”, “Wysa”, “We”, “Us”, or “Our”) operates the website (www.wysa.io) and the Wysa mobile, web-based and online applications (“Wysa App” or “App/s” or “Mobile Software/s”). The AI Coach services, digital premium services, well-being coach and therapist services and web-based services provided are collectively referred to as the "service(s)".

This page informs you of our policies regarding the collection, use, and disclosure of personal information when you use our service. We use your data to provide and improve the service. We will not use or share your data with anyone except as described in this Privacy Policy. We align our data protection practices to the key principles prescribed by GDPR.

By using our Apps and services, you agree to the collection and use of information in accordance with this privacy policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Service.

Updates

We may amend this privacy notice from time to time to keep it up to date. We will notify you via in-app notifications and on our website when we make any changes to the Privacy Policy. Please regularly check these pages for the latest version of this notice.

Initial Effective Date: June 30, 2017 (GMT)
Latest Revised Date: November 10, 2021 (GMT)
Version: 4.0.0


Content

Do Note


Recent Changes


Definitions


Who are we?


What is Wysa App?


Who can use the service?


What personal data do we process and how do we use it?


Non-Personal data collected when using Wysa well-being coach or Wysa therapist service.


Do we use passive sensing or location data?


How do we share your data with third parties


How do we handle your App password?


What data do we process after taking your Consent?


How do we handle user incidents and requests?


How do we handle data provided during promotions and surveys?


How do we handle your payment data when you subscribe to our services?


What do we process when you follow us on Instagram?


What do we process when you use the android speech-to-text feature?


Additional information when you use the audio-video coach or therapist service.


How do we handle your data when used for research purposes?


What data do we process as part of Gift Card purchase?


Additional information when you apply for employment or internship opportunities at Wysa.


Your use of third party weblinks


What additional processing is performed?


How do we secure your data?


How long do we retain your data including personal data?


What are Your data protection rights?


Do California residents have specific privacy rights?


What are the controls for Do-Not-Track features?


Can Children under 13 use Wysa App?


Who can You contact for additional questions, comments or concerns?


Can Non-English speaking users use the Wysa App?


What are some Best Practices to follow to keep Your devices secure?


Changes to this Privacy Policy


Severability and Exclusion


Changes Log


Do Note :

  1. If in a crisis or emergency, please call the relevant emergency number in your country.
  2. The App is not to be used by children under 13 years.
  3. If you are between 13 and 18 years, read the Privacy Policy and Terms of Service with your parents or legal guardian and ask them to provide their consent to use the app at [email protected].
  4. Limit sharing your personal identifiers when using the App. We do not require them for our services.
  5. Your interaction with the AI Coach is with an Artificial Intelligence system and not a human. Hence, AI Coach is restricted in the means of response.
  6. The Wysa well-being coach service is a text-based or audio-video based (not available in all regions) messaging service. It will apply motivational interviewing and life coaching to help you work towards your well-being goals. The service will focus on building wellness and emotional resilience. The underlying principle of the well-being coach service is that you have the knowledge and capacity to make desired changes in your life. The well-being coach will support you in finding your own way and to help you tap your own strengths and abilities. This will help you identify and use resources around you to fill any gaps.
  7. The Wysa therapist service is a text-based or audio-video based (not available in all regions) messaging service. It will use person-centered supportive listening, motivational interviewing and CBT principles so that you can take control of your emotional well-being. It will use evidence-based techniques to provide empathetic and non-judgmental support. The Wysa therapist will listen to your worries, promote positivity and support you in your lifestyle changes. This will help you manage your situation better and build emotional resilience.
  8. Audio-Video based sessions with Wysa well-being coach or Wysa therapist are available only in select geographies and Apps. It may not be available in your region if not mentioned within the app. Please check with your coach or therapist regarding availability in your region or write to us at [email protected] or [email protected]. You may be asked to set up an account with a 3rd party audio-video application to use the service.
  9. Wysa well-being coach or Wysa therapist services do not replace face-to-face psychotherapy. It is meant to empower and support you and not to treat any illness or a health condition.
  10. The coach or therapist assigned to work with you will be online and remote. They may not be located in your country or state of residence.
  11. The intended use is for providing evidence-based tools and techniques to manage emotions and encourage mental well-being in a self-help context.
  12. The App is not intended for medical purposes. It does not provide a diagnosis, prognosis, treatment or cure of a condition or disease.
  13. The App will not offer medical or clinical advice and only suggest that you seek medical help.
  14. Your data is stored in databases maintained by us or third parties located within the United States. Where, privacy rules may differ and may be less stringent than those in your country.
  15. The App and its services are primarily in the English language. Some of the AI Coach modules and tools are enabled for Spanish language users and are available only in certain geographies.

Changes in v4.0.0 | November 10, 2021


Additions
  • Complete revamp to improve the readability of the Privacy Policy.
  • Include information about the Audio-Video Service provided by Coach or Therapist.
  • Introduction of AI Coach modules and tools for Spanish language users.
  • Included our other applications including Ascension Wysa app in scope of this policy. This Privacy Policy replaces the existing Ascension Wysa's privacy policy.

You can read the full list of changes in the Changes Log


Definitions

Anonymization is the process of removing personal identifiers from data sets so that the person can no longer be identified.

Cookie is a small amount of data stored on your device (computer or mobile device).

Data or Information under this Privacy Policy means both personal and non-personal data or information.

Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

Data Protection Laws here means in accordance with the Indian Information Technology Act and Reasonable security practices and procedures and sensitive personal data or data rules, including but not limited to requirements of EU GDPR, the UK GDPR and applicable Legal and Statutory requirements.

Data Subject (or User/You) means any living individual who is using our service and is the subject of Personal Data

Encryption is the process of transforming data into unreadable text so that it is only legible to those possessing an encryption key.

Personal data or Personal Information means data about a living person who can be identified from the data and/or other information either in our possession or likely to come into our possession.

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific user without the use of additional information.

Non-Personal data or Non-Personal Information means any data that does not reveal user specific identity.

Sub-Processor/s is a data processor who is sub-contracted some of the personal data processing.


Who are we?

Touchkin is a private limited company having its registered office in India, USA and UK. We are registered as a data controller with the UK ICO. Our data protection registration number is ZA845530.


What is Wysa App?

With the Wysa App you can chat through a conversational interface and get access to tools and techniques. You can also subscribe to a highly trained and qualified mental well-being professional. The App is available in both iOS and Android app stores, including a web-based application. Your interaction with the AI Coach is with an artificial intelligence system and not a human. The intended use is for providing evidence-based tools and techniques to manage emotions and encourage mental well-being as an early intervention tool in a self-help context. You make the choice of using the AI Coach, based on your own estimate of need, and agree that this is only suitable for basic self-help. This is not intended to be a replacement for face-to-face psychotherapy or to provide a diagnosis, treatment or cure for a disease or condition. The AI Coach cannot and will not offer advice on issues it does not recognize. Using the App, you can track and manage your mood, and learn context-sensitive evidence-based techniques that can help you feel better. The App and service is not intended for use in crisis or emergencies or severe mental health conditions. The App and service cannot and will not offer medical or clinical advice. It can only suggest that the user seek medical help.

If you have any of these conditions, please check with your doctor before use.

  • sleep apnea,
  • Restless Leg Syndrome (RLS),
  • seizures,
  • delusions,
  • bad dreams,
  • sleep walking,
  • lots of day-time sleepiness,
  • faintness or tremors,
  • severe mental or physical health,
  • frequent changes in sleep schedules.


Who can Use the Service?

You may use the App and services if you are 18 or more.

If between 13 and 18 years, please read and agree to this Privacy Policy and the Terms of Service along with your parent or legal guardian before use. Kindly inform your parent or legal guardian to provide their parental consent by writing to us at [email protected] or [email protected].

This App and services are not meant for those less than 13 years of age.

Institution Users

Your organisation, school, university, hospital, or others (“Institution”) may provide Wysa App for your use (“Institution User”). Your Institution may also replace certain Wysa services and integrate their own services within the Wysa App (“Institution Version''). Your Institution may also request Wysa well-being coach or Wysa therapist services outside the Wysa App. This may include but not limited to well-being webinars or group therapy sessions. In such an event, your Institution terms and their privacy policy shall also apply to your use of Wysa App and services. In the event of any conflict with such additional terms and privacy policy, Wysa’s agreement shall apply. Wysa App may carry links to external websites or services managed by third parties. Your Institution and Touchkin may have no control over such external resources. Please refer to the terms and privacy policy provided by the third party sites before use. Please read the instructions from your Institution before using the institution version of the Wysa App.

Your institution may specify a different age for your use of the App and Services.


What personal data do we process and how do we use it?

We only collect information that is provided by the user and required for the purpose of providing our services. The table lists the personal data processing we perform.

Personal Data Source Purpose Lawful Basis
Android or Apple identifier (app-device identifier) provided by the user To create a random user identifier. To provide App and services. To migrate your data to a new device. To process subscription requests. To process your data rights. To perform our contract with you (our contract is your agreement to Terms of Service and this Privacy Policy) In our legitimate interest
Random user identifier created by Wysa To provide App and services. To provide additional security. In our legitimate interest
Access or referral code provided by the user To provide customized App and services for referred and Institution users. To aggregate data at institution or cohort level for analytics purposes. To perform our contract with you and with your Institution
Device data (Operating system, OS version, device make and model) provided by the user To detect and prevent fraudulent use of or abuse of the service. To resolve issues. To improve App experience and use. In our legitimate interest
Conversation data (free-text messages, text button events, App screen events, tool events) provided by the user. Events created during use of App To detect context and ensure continuity in conversation. To provide the right tool and content. To conduct coach or therapist sessions. To improve the app performance and quality. To obscure the event data. To share de-identified event data with 3rd party providers for analytics purposes. To perform our contract with you and in our legitimate interest.
Conversation data (Spanish language free-text, text button events, app screen events, tool events) provided by the user. Events created during use of App To use 3rd party translation APIs to chat with Spanish language AI Coach modules and tools. To ensure continuity in conversation. To provide the right tool and content. To improve the AI Coach performance and quality. To obscure the event data. To share de-identified event data with 3rd party providers for analytics purposes. To perform our contract with you and in our legitimate interest.
Inadvertent submitted personal identifiers (names, location, contacts, email identifiers or medical terms) provided by the user To take reasonable steps to detect and de-identify personal data. In our legitimate interest (to ensure special category identifiable data is not created)
Communication Information (name, email Identifier, email messages, subscription receipts, feedback messages) provided by the user To respond to your inquiries, requests and feedback. To troubleshoot your issues. To provide and improve customer support services. To perform our contract with you and in our legitimate interest.
Wellness information (such as feelings, sentiment, mood, major life events, well-being assessments, coping ability, energy levels, objections) provided by the user To provide validated tools and techniques. To perform research and analytics. To improve the safety of our algorithms. To improve product and service quality. To provide aggregated and de-identified analytics reporting. To perform our contract with you or with your institution and in our legitimate interest (Validated assessments are a proven way to track progress of your well-being. You have the option to not respond to these assessments)
Safety Plan Information (life anchors, safe places, support networks, warning signs, calming activities) provided by the user To ensure availability of safety resources in time of need. To perform our contract with you and in our legitimate interest
Other personal information (age-range, gender) provided by the user To provide age appropriate content, tools and techniques. To provide gender appropriate content in Spanish To perform our contract with you.
Audio-video data (full name, video profile and background, consent, emergency contact information, audio-video messages) provided by the user To conduct audio-video sessions. To provide Wysa well-being coach or therapist service. To reach out to emergency contact for your safety. To perform our contract with you and your consent (Audio-video sessions are not recorded and stored)


Non-Personal data collected when using Wysa well-being coach or Wysa therapist service.

When you schedule a session with your Wysa well-being coach or therapist, we collect your date and time preferences to confirm your booking. Your device time zone is collected to calculate your local date and time and schedule a session. It also allows us to send appropriate session reminders. Sometimes, Wysa App may get your local time wrong which could affect the session scheduling. Always verify your local time in the scheduling screen before booking a session. If you notice an error in your local time displayed, go to the AI Coach messaging interface and type #time to change your time. If You face any challenge changing Your local time or booking a session, kindly write to us at the contact provided here.

After you book a session, you have the option to save the booking in your device calendar. This is for your added convenience.

We may ask for your anonymous feedback after the session ends. This is for improving our App and service quality, safety and performance.

Only minimal messages provided to your coach or therapist get used for analysis and audit purposes. Your messages are de-identified before use. This is for improving our well-being coach or therapist service quality.

The Institution Version of the App may carry a link to the institution EAP or health provider instead of or in addition to the Wysa well-being coach or therapist. The EAP provider’s terms and privacy policy will apply to use such services.


Do we use passive sensing or location data?

The App does not process any data from your mobile device sensors, including accelerometer, ambient light readings, screen on/off readings and call logs. The App does not process your geolocation at a level that makes your data identifiable. The App may infer your country or state based on your time zone to provide you appropriate resources, such as scheduled reminders.


How do we share your data with third parties?

To provide you with our services, we use third party service providers to help store and process your data. We assess the service provider’s security and privacy practices. We strictly require that they comply with confidentiality and non-disclosure obligations and applicable laws and r egulations including relevant Data Protection Laws. We also require that they access your data only to the extent necessary to perform tasks on our behalf. We use the following third party service providers.

Cloud Service Providers

To provide the service in a reliable and responsible manner, we collect, transfer and store your data in secure servers provided by our cloud service providers. You can find more on their security practices here, here and here. We maintain a Data Processing Agreement (DPA) and Business Associate Agreement (BAA) with our cloud service providers.

Other Service Providers

We use third party service providers to provide our services. List of our service providers include:

Service Providers Processing performed
Firebase, Google Analytics, Kubit.AI To analyze App engagement data. No personal data gets shared. All event data is made cryptic so that no medical or psychological profile gets created at the hands of the provider. No direct advertising or direct marketing is performed. However, to measure the effectiveness of our social media or other marketing campaigns, we may use these tools to help us make improvements to our service. The third party tool APIs may automatically collect some non-personal events. Google Analytics automatically collected events can be found here. The use of Google Analytics is governed by Google Data Policy and Data Safeguards. Firebase automatically collected events can be found here. The use of Firebase is governed by Firebase Terms of Service, Use Policy and Crashlytics Terms of Service. We use Kubit AI to analyze cryptic event data sent to Firebase. Kubit does not store your data but only anonymized and aggregated results of the analysis. The use of Kubit AI is governed by Kubit Terms of Service and privacy policy.
Strikingly Our website is hosted on Strikingly. Strikingly uses your visit data to perform analytics. The use of Strikingly is governed by Strikingly’s Terms of Service, Privacy and Cookie Policy and GDPR Compliance Statement.
Branch.io We use Branch.io to provide deeplink service for our Institution users that helps provide direct access to the App and services and is governed by branch.io’s Terms of Service, Privacy Policy and Security & GDPR Compliance. We have a signed Data Processing Agreement (DPA) with Branch.io.
Mailgun We use Mailgun to send confirmation messages to new users who subscribe to our services based on our promotions on facebook, google, instagram or the App. We may request your personal name and institutional email ID and transmit this to Mailgun for the sole purpose of sending you the customized link to access the App basis agreement with your Institution. Your name and email ID will not be stored in our servers and will not be used for any other purposes. The services provided by Mailgun are based on their Terms of Service, Privacy Policy and Security & GDPR Compliance. We have a signed Data Processing Agreement (DPA) including Standard Contractual Clauses with Mailgun.
Zoom We use Zoom healthcare to provide audio-video sessions by our coach or therapist both within and outside the App. Zoom may collect additional personal information from you to provide their services. Please read their Terms of Service and Privacy Policy. You can read about Zoom security compliance here including HIPAA Security, Compliance certifications. We have signed a DPA and Business Associate Agreement (BAA) with Zoom.
Google Workspace We use our Google Workspace account to store Information received from our clients and end-users. We have a signed DPA and BAA with Google Workspace.
3rd party Taggers and Translators We may use third party providers to tag, translate and test content in English and other languages. Minimal de-identified conversation data may be used for these purposes. This helps us improve the AI Coach algorithm performance.
3rd party background verification consultants We may use consultants to perform background checks for shortlisted candidates. They may also assist us in reference checks and academic verifications as part of our hiring process.
3rd party payment gateway providers We use payment providers such as Stripe, PayPal, Razorpay and those provided by app stores to process payment when you purchase from us.
DeepL We use the DeepL translation API when you use our Spanish language AI Coach modules and tools. No data is stored within DeepL servers. All data is deleted immediately after the translation has been completed. The connection to DeepL servers is always encrypted. Your data is not used for any purposes other than for translation, nor can they be accessed by third parties. Use of DeepL is based on their Terms of Service. DeepL adheres to EU GDPR requirements. Read their Privacy Policy to understand how they handle your data. Read here about the data security provided. We have a signed DPA with DeepL.
Twilio We use Twilio in our app to programmatically make calls to emergency contacts shared by you for your safety during use of the Well-being coach or therapist services. This is done using their web service APIs. Here, you can read more on their privacy, terms of service and security. We have a DPA and BAA with Twilio.

Disclosure to Institutions

You may need an access code or link provided by your Institution to use the Institution version of the App. Your Institution may also get access to aggregated data for their analytic and research purposes based on the consent given by you to your Institution. We may collect your country, division and in some cases your city information to provide aggregated analytics. We do not share your messages with the Institution. Any inadvertent identifiers get removed prior to the aggregated analysis.

If the App is integrated with your Institution system, your Institution may additionally share your assessment scores with us and likewise, we may share aggregated user data with them. Such assessment scores may be processed by us for providing services to your Institution. Your assessment responses will never be processed for diagnostic purposes or for giving clinical advice.

Disclosure to other third parties

We may be required to share your personal data in good faith with third parties to meet applicable law enforcement or regulatory requirements. We will always weigh your rights and freedom before we process any such requests. These third party processing includes:

  • For uses and disclosures required by law;
  • For disclosures for judicial and administrative proceedings;
  • For disclosures for law enforcement purposes;
  • For uses and disclosures for public health reporting purposes;
  • For uses and disclosures to prevent serious threat to health or safety;

Touchkin will never share your conversation data without your explicit consent.

In the future, if we are involved in any merger, acquisition, sale of assets, business reorganization, bankruptcy, we may sell, transfer or otherwise share some or all of our assets which may include your data. However, in such an event of sale or transfer, we shall reasonably ensure that your data with us is stored and used by the transferee in a manner that is consistent with this Privacy Policy. Any such third party to whom we transfer shall have the right to continue to use the data that you provide us immediately prior to such transfer or sale. On completion of the sale or transfer, the Privacy Policy of the third party shall apply with respect to your data. To stay updated about such business transactions, please read this Privacy Policy from time to time.


How do we handle your App password?

For your privacy and security, you are advised to set your own App PIN to protect unauthorized access of your conversation messages. Your mobile device screen password is your PIN. To extend your device password, use the "Set Lock " feature under the App settings. You can also remove your PIN using the "Remove Lock” option under settings. The PIN that you use is personal to you, and you are responsible for maintaining the confidentiality and security of your PIN. Please keep your PIN safe and do not share it with anyone. The PIN you set remains in your device and is not collected, transferred and stored in our servers.


What data do we process after taking your Consent?

We take your consent to perform the following processing.

Data Purpose Lawful Basis
Website Cookies or web beacon Data (browser type, browser language, operating System, language settings, web page views and the link clicks) To understand website visits and engagement analytics. To share de-identified event data with 3rd party providers for analytics purposes. Your consent to our Cookie Policy (We do not sell your provided data to any third party)
Website Contact Form (Name, Email ID, inadvertent identifiers in messages) To respond and provide support for your inquiries. Your consent during form submission
App usage data To process and share de-identified data with your institution or research partner. Your consent during onboarding (Agreements are signed with the researcher or Institution)
In-app push notifications To notify you for reminders you have set. To remind you about upcoming sessions and events. To provide service related information and discounts. Opt-in and Opt-out in App settings or mobile device settings.
Session conversations with coach/therapist To collect minimal de-identified data for research purposes. Consent taken by coach or therapist from you.
AI Coach activity and well-being assessment data To share the data with your Wysa well-being coach or therapist for your safety and support. Authorize / unauthorize in app settings
Conversations with the AI Coach To share your AI Coach conversations with your Wysa well-being coach or therapist. Your consent given within the AI Coach (opt-in and opt-out by typing #sharechat)
Recruitment data (name, contact, address, email id, resume, references, credentials, transcripts, government provided identification, compensation information, race or ethnic origin, opinions and beliefs, physical or mental health or condition, sexual orientation, memberships, social media handles) To evaluate your application. To make job offers. To enter into an employment agreement. To perform background checks. To perform reference checks. To convey application status. To consider you for other opportunities. To improve our hiring process. Your consent. In our legitimate interest (to comply with laws, to protect your rights)
Promotion event data (email ID) To process the survey. To send programme related information. To enrol and onboard you to the programme. To correspond on programme matters. Your consent given within the AI Coach and forms.


How do we handle user incidents and requests?

There may be occasions where you wish to contact us to seek support or inquire about our services. If you contact us directly over email, we will collect minimal personal information to service your request. Your communication data is securely stored in our Google Workspace account with access to only authorized users. We have signed agreements with Google Workspace. We will only use your data to investigate the issue or request asked. Your email will be retained within our system for a maximum of 10 years since last correspondence. We will not spam you or contact you for any direct marketing. We will not share or sell your personal data with any third party.

Your issues or complaints or requests about the App and services are taken very seriously. You will need to send an email request from your Google or Apple email ID to [email protected] or [email protected]. We will respond to your complaints within 3 business days. Some of your complaints may take longer to resolve. We will continuously provide you with an update until your complaints are satisfactorily resolved.


How do we handle data provided during promotions and surveys?

We do not promote third party offers as a part of the App experience. Your survey submission will never be linked to your Wysa App account. Your survey submission will reside in our secure Google Workspace account. Google Workspace provided security can be read here. The Google Workspace account is protected by two step verification. You can opt out at any time from the programme by sending us an email request from your Google or Apple email ID to [email protected]. We will respond to your request within 3 business days. Your submissions will never be shared with a third party.


How do we handle your payment data when you subscribe to our services?

[The Institution Version of the App may carry a link to the institution EAP or health provider instead of or in addition to the Wysa coach or therapist. The EAP provider’s terms and privacy policy will apply to use such services.]

We do not collect, retain and store your personal and card information. Your card processing is handled by third-party payment agencies. We do not collect any personal data from the play stores post-purchase or from any of our third party payment gateway providers. Please read their terms and privacy policy before making a payment. The payment confirmation and subscription details are received and processed by us. This is to support you for your subscription based requests.


What do we process when you follow us on Instagram?

You have the option to follow us on Instagram using your Instagram account from the Wysa App settings. You can set up an Instagram account, if you do not own one and follow us at @wysa_buddy. We do not associate your instagram account with your Wysa App account.


What do we process when you use the android speech-to-text feature?

During use of our voice AI Coach, you may get an opportunity to talk with the AI Coach apart from typing. For android phone users, you will need to give permission to activate your device microphone to speak to the AI Coach. On microphone activation, the Google Android provided Speech Software Development Kit (SDK)/API within your device gets initiated. The Android SDK/API converts your speech to text and displays the text in your chat. The converted text data is securely transferred to our servers. We do not access nor collect nor store your voice data on our servers. No Personal data gets asked during use of this service. Please do not share your personal or sensitive information at any time during use of this service. The microphone is deactivated when you stop speaking and will not be always listening. The lawful basis for processing of your transcribed text is governed by this agreement. The processing of your voice for the purpose of converting to text is performed by Android SDK/API which is governed by Google’s Terms and Condition and Privacy Policy. Google may collect some identifiers and Information from you to provide their service. You can read Google’s Privacy Policy here. We do not access, receive or collect any identifiers and information that is collected by Google. Please speak close to the device microphone for improved translation. If you accidentally submitted any personal information, please write to us for any rectification at the contact provided here.

The same Android SDK/API plays back the AI Coach response to you. Please ensure your mobile device volume is kept in optimal listening mode. Please note that you may experience some performance issues if you have low internet speeds.


Additional information when you use the audio-video coach or therapist service.

You will need to give permission to activate your device's microphone and camera. We have enabled Zoom’s healthcare product for this service. To enable video call connection, we only send anonymized identifiers to Zoom. Your call is never recorded and maintained at our or at Zoom’s end. End-to-End encryption is enabled along with other privacy and security controls. This ensures that your conversation remains secure and private. We may collect anonymous feedback from you at the end of the call. This will help us improve the quality and performance of our service.

We will be unable to provide access to playbacks or call transcripts as calls are not recorded. Your assigned Wysa well-being coach or therapist will explain the benefits and risks of using the service. Please ensure your device volume is kept in optimal listening mode. Please note that you may experience some performance issues if you have low internet speeds. Please read the Wysa Well-being Coach and Wysa Therapist Service section in our Terms of Service to understand the terms for use.


How do we handle your data when used for research purposes?

We use minimal and only the required data for research purposes including aggregated data for any publications. This data is completely anonymized using one-way hash functions prior to use. This helps us to improve our product and services and contribute to user-centered mental wellbeing best practices globally.

We never use your longitudinal conversation messages for research purposes and analysis. If at all, only limited messages get selected from specific AI Coach endpoints and used.

You can always write to us at [email protected] or [email protected] to restrict processing and opt-out of your data for research purposes.


What data do we process as part of Gift Card purchase?

When you purchase a “Gift Card” you will need to create an account with the payment gateway. Payment Processing and verification is based on payment gateway’s Terms of Service and Privacy policy. The security practices followed by the payment gateway are outlined here and here. On successful payment, we will issue the Gift codes on the payment completion screen. You can then send the codes to the recipients to avail Gift Card services as per Wysa Terms of Service. Your payment card details will not be collected or stored at our end. Only the payment confirmation, such as order identifier and receipts get collected from the Payment Gateway provider and processed by us. Processing of this data is in our legitimate Interest to support you for any payment related requests, issues or clarifications. If You have any questions regarding your Gift Card, please write to us at [email protected] or [email protected]


Additional information when you apply for employment or internship opportunities at Wysa.

We do not sell your Information to unauthorized third parties. Your data is stored in databases maintained by us or third parties located within India or globally. Where, privacy rules may differ and may be less stringent than those in your country. If you are successful in your application, we retain the information as part of your employee records. If you do not want us to retain your information or want us to update it, please contact us at [email protected]. Please note, that we may retain some information if required by law or as necessary to protect ourselves from legal claims.

Please read here on your Privacy rights.



What additional processing is performed?

We do not combine and process your personal data with any other third party available data. Your data, messages or usage is not used for direct marketing nor is it sold to advertisers. We will always take your consent before using your name for social proof purposes.

We will update this Privacy Policy and inform you if we perform any additional processing.


How do we secure your data?

The security of your data is important to us. We have implemented adequate safeguards to protect your data. Some of the steps undertaken include:

Privacy by Design and Default

  1. There is no user registration required. We don’t need it hence don’t ask for it.
  2. Only a nickname is sufficient to help us personalize our conversation with you.
  3. No human has access to or gets to monitor or respond during your chat with the AI Coach.
  4. Solely automated processing is never performed. We will always check with you first.
  5. The AI Coach will always check if it has understood you incorrectly before progressing.
  6. We use algorithms that hash any inadvertent personal identifiers entering our systems.
  7. You can opt-out at any time using the “reset my data” feature available in the App settings.

Security by Design

  1. We use TLS and SSL encryption during transfer and AES-256 protocol at rest.
  2. Random identifiers are used for all data transactions between AI Coach and our servers.
  3. Our systems are secured with role based access, strong passwords and two-step verification.
  4. We enable endpoint security in all staff systems.
  5. We review and maintain data processing agreements with our service providers.
  6. We have a strict hiring and background verification process in place.
  7. Regular awareness and training is provided to our staff.
  8. Annual compliance audits towards ISO 27001: 2013 (ISMS) and ISO 27701: 2019 (PIMS).
  9. We perform regular penetration tests of our Apps and Infrastructure.
  10. We conduct regular checks to ensure compliance to our policies.

No method of electronic transmission or method of data storage is perfect or impenetrable. While we try our best to implement controls to protect your personal data, we cannot guarantee its absolute security. To ensure your data is secure, we require your cooperation as well. Please do not copy and share your conversations with unknown people.


How long do we retain your data including personal data?

Any identifiers shared in your conversation get hashed within 24 hours within our system.

We may retain your data even after your subscription ends if it is reasonably necessary. This could be in the following situations:

  • to comply with applicable applicable legal and statutory requirements;
  • At the request of a returning subscriber;
  • to respond to your requests
  • To fulfil processing that is in our legitimate interest.

Where not specified we retain your data for a maximum of 10 years since the end of subscription and as per our information retention policies.

You can also, at any point of time, clear all your transactional data by using the “reset my data” feature available in the App settings. Refer here in our policy for more details.


What are your data protection rights?

You have certain rights under the Data Protection Laws in relation to your Personal data. To exercise any of your rights, you will need to send an email request to the contact information provided here. Please note that we may need to verify you before responding to any requests. After verifying you and examining your request, we will respond to you on the action taken within one calendar month from verification. We may at times be unable to address your request, if we are unable to correctly identify you.

Your individual rights requests may be limited, where:

  • denial of access is required or authorized by law;
  • grant of access would have a negative impact on other's privacy;
  • required to protect our rights and properties;
  • the request is unjustified or excessive.

Right of access

You have access to view your latest conversations or view your older conversation messages within the Journey tab of the App. You have access to your text-based messages with a Wysa well-being coach or therapist in the Coach or Therapist tab of the App. If you exercise your right to be forgotten and reset your data, you will lose the right to access your data as it will be permanently deleted.

You have the right to obtain your personal data that you provided as per our Agreement or where you consented to give us. After verifying, we will provide access to your personal data in a machine-readable format. We may at times be unable to address your request, if we are unable to correctly identify you.

Right to rectification

If your personal data is inaccurate or incomplete, you can write to us to correct or complete it. If we share your personal data with third parties, we will inform them about the correction where possible.

Right to restrict processing

You can write to us to restrict processing of your personal data, where you contest the accuracy of the data or object to our processing it. If we share your personal data with third parties, we will inform them about the restrictions where possible.

Right to object

You may write to us and object to the processing of your personal data where we apply our legitimate interest. We may stop unless we can demonstrate compelling legitimate grounds for the processing.

Right to data portability

If you are a paid subscriber of our services, you can place a request to transfer your data from your older device to your replaced mobile device. If you are not a paid subscriber, we will need to accurately verify you, before we can process your request. We may at times be unable to address your request, if we are unable to correctly identify you.

Right to Erasure

When you use the service, you have the option to reset your data by using the “Reset my data” feature in the App settings. Reset my data deletes all your submitted data including your identifiers, past conversations, reminders, assessment responses and enabled settings. Post reset, you will not be able to recover your past data and you will be considered as a new user of the App. Hence, this feature is to be used at your discretion. If you are a paid subscriber, your transactional data and messages will be deleted on reset. However your active subscription, purchased through third parties like google play, iTunes, etc., will continue to exist post reset of data.

You can also write to us to delete or remove your personal data, such as when you withdraw your consent.

Right in relation to automated decision-making and profiling

You have the right to be free from decisions based solely on automated processing of your personal data, including profiling, which may have a significant effect on your rights and freedom, unless such profiling is necessary for entering into, or the performance of our Agreement or with your explicit consent.

Right to withdraw Consent

To the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to withdraw your consent.

Right to Breach notification

In the event of a breach of your personal data, we will notify you within 72 hours or as required by Data Protection Laws.

Right to address Concerns and Complaints

If you have any concerns or grievances about this Privacy Policy you will need to send an email request from your Google or Apple email ID to [email protected] or [email protected] with Attn. to our Data Protection Compliance Officer. We will respond to you within 48 hours and help resolve your concerns or complaints.

If you are not satisfied with our resolution, you have the right to complain to a Data Protection supervisory authority in your country or state of residence. We will fully cooperate with the supervisory authority. Contact details for Data Protection Authorities in the EU are available here.


Do California residents have specific privacy rights?

There are certain disclosures required by the California Consumer Privacy Act (or “CCPA”).

California residents can request a list of third parties with whom we share personal data for direct marketing purposes. Please note that Wysa does not share or sell your personal data with third parties as a matter of policy. Subject to certain exceptions, you can write to us to know about the personal information you shared. You can request to delete your personal information, to opt out of any “sales”, and to not be discriminated against.

We will respond to your request within 45 calendar days of verification. We may at times be unable to address your request, if we are unable to correctly identify you. We may be unable to address your request due to any of the limitations and exceptions provided within CCPA.


What are the controls for Do-Not-Track features?

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not respond to DNT signals transmitted by web browsers.


Can children under 13 use Wysa App?

The App is intended for a general audience and is not directed to or intended to be used by children under the age of thirteen years.

There is a special necessity to protect children's privacy on the App. We do not knowingly collect any personal data from children.

Write to us if you think we have collected any personal data of your child. We will respond to you within one calendar month from verification. We may at times be unable to address your request, if we are unable to correctly identify the user. We will deactivate the child’s account, if we find we have been collecting personal data from your child. Upon identification we will take reasonable measures to promptly delete such personal data from our records.

We encourage parents and legal guardians to monitor their children’s Internet usage. To help enforce our Privacy Policy by instructing their children to not provide any personal data without their permission. Do not share your credit/debit card or other payment instrument with your child to make any in-app purchase.


How to contact for additional questions, comments or concerns?

For any product, services, subscription, technical or payment-related issues, please contact us from your Google or Apple email ID to [email protected] or [email protected] with your questions.

Our mail address for all communication is: Touchkin eServices Private Limited 1st Floor, Manjusha, No 532 16th Cross, 2nd Main Road, 2nd Stage Indiranagar, Bengaluru, 560038 Karnataka, India


Can Non-English speaking users use the Wysa App?

The App has been built and is currently provided only for English language users. Some of the AI Coach modules and tools within the App are provided for Spanish language users.

To ensure wider reach, Touchkin will, in the near future, launch the App in other international languages. We will keep you updated on this development.


What are some Best Practices to follow to keep your devices secure?

You are also responsible for helping to protect the security of your personal data. You are responsible for maintaining the security of any personal computing device on which you utilize the Services.

The US Federal Trade Commission (FTC) publishes information for users on how to secure your personal data and devices. These can be found at the following public links.

How To Protect Your Privacy on Apps | FTC Consumer Information

Online Security | FTC Consumer Information

FTC - How to Keep Your Personal Information Secure

Touchkin strongly believes in security and safety of data in your mobile device. As a responsible Service provider, we therefore like to share important device based security data for your attention. These have been sourced from US FTC best practices and guidelines. Always refer back to the US FTC links provided above for more details and future security updates.

  • Always lock your mobile screen by setting a password. Use strong passwords and keep passwords private. Never leave your device unattended.
  • Always extend your mobile screen password to set an App PIN to keep your conversations with the App private.
  • Always keep your mobile operating system up-to-date.
  • Enable remote access of your devices to enable you to locate and control your devices remotely in the event your device gets stolen.
  • Install anti-virus software to protect against virus attacks and infections
  • Avoid phishing emails. Do not open files, click on links or download programs from an unknown source.
  • Be wise about using Wi-Fi. Before you send personal and sensitive data over your laptop or mobile device on a public wireless network in a coffee shop, library, airport, hotel, or other public place, see if your data will be protected.


Changes to this Privacy Policy

We may modify our Privacy Policy from time to time for various reasons including to improve our privacy practices, to ensure our users right to be Informed, to reflect changes to our service, and to comply with relevant laws. If and when this policy is changed, We will post the new notice on our Website and the App and notify you through an in-app notification or as otherwise required by relevant law. It is your responsibility to check our Website and our App periodically for updates or changes to the policy. We encourage you to review changes carefully. If the changes to the Privacy Policy include changes to the collection, storing or processing your personal information in a way that infringe into your privacy, we will notify you clearly about the same where required by the applicable laws and regulations. If you agree to the changes, then please continue to use our service. If you, however, do not agree to any of the changes and you no longer wish to use our service, you may choose to unsubscribe or uninstall our App. Continuing to use our App and services after a notice of change has been communicated to you or published constitutes your acceptance of changes and consent to the modified Privacy Policy.


Severability and Exclusion

We have taken every effort to ensure that this Privacy Policy adheres with the applicable Data Protection Laws. The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of this Privacy Policy. This Privacy Policy does not apply to any data other than the data collected by Touchkin while providing the services.


Changes Log

v4.0.0 | November 10, 2021

Additions
  • Complete revamp to improve the readability of the Privacy Policy.
  • Include information about the Audio-Video Service provided by Coach or Therapist.
  • Introduction of AI Coach modules and tools for Spanish language users.
  • Included our other applications including Ascension Wysa app in scope of this policy. This Privacy Policy replaces the existing Ascension Wysa's privacy policy.

v3.3.1 | July 16, 2021

Removed
  • Review and remove Suicide helpline link from Important Notice.

v3.3.0 | July 01, 2021

Additions
  • Included our other applications including Sleep by Wysa App in scope of this policy. This Privacy Policy replaces the existing Sleep by Wysa's privacy policy. Updated Important notice for key information about Sleep by Wysa.
  • Add information on transfer of Your Data to regions other than Your resident country/state in the Important Notice section.
  • Added section on data processed from candidates applying to Wysa's open job positions.
  • Added processing of candidates information for current and future employment opportunities as our legitimate interest
  • Added processing of information when using Wysa's video-based service with the Well-being Coach or Therapist
  • Added FTC security and privacy guidance in What are some best practices to follow to keep your device secure?
  • Explicitly added Right to withdraw Consent
  • Provided details to our UK ICO registration
Updates
  • Mention about ISO 27001 (ISMS) and ISO 27701 (PIMS) certifications and adhering to GDPR 7 Principles
  • Minor updates in "What does this Privacy policy apply to?"
  • Renamed GSuite to Google Workspace
  • Mention of Wysa Well-being Coach or Wysa Therapist Services provided outside of the Wysa App for Institutional Users
  • Energy questionnaire included in "How do we handle your responses to screening assessments?"
  • More clarity about your data transmitted and stored
  • Payment gateway related updates in how do we handle your payment data?
  • Updated “Can children under 13 Use Wysa App?” with note of advice to parents and legal guardian.
Removed
  • FB analytics has been discontinued. Added use of 3rd party analytics provided by Kubit AI whose details have been provided in “How do We use any Third Party Analytics tools and softwares?”

v3.2.0 | Apr 16, 2021

Updates
  • Additional clarity on handling data where Wysa App is integrated with Your Institution system
  • Additional clarity on use of minimal and anonymous conversation messages for improving performance of Bot algorithms
  • Additional information around security controls and alignment to ISO 27001: 2013 and ISO 27701: 2019 global standards
  • Additional clarity on anonymized and minimal data shared with third parties
Removed
  • Video Call- based experimental Coach/therapist Service has been currently discontinued. Section “What do we process when You use the Video Call Service?” removed

v3.1.0 | Feb 10, 2021

Updates
  • Additional clarity on the retention of data;
  • Additional data processed from Institution users in section “What additional data do We collect from Institution Users?”

v3.0.0 | Feb 03, 2021


Overall
  • An overall review and necessary updates were made to align Privacy Policy to ISO/IEC 27001:2013 (Information Security Management System) and ISO/IEC 27701:2019 (Privacy Information Management System);
Additions
  • Included “For purposes of servicing You towards Wysa’s Gift Card program” as a Legitimate Interest basis;
  • Three new subsections added at the end of “What Data do We collect and how do We Use it?”

    1. What do we process when You use the Video Call Service? (experimental service for android users only)
    2. How do We handle Your data when used for Research purposes?
    3. What data do we process as part of Gift Card purchase?
Updates
  • Included details on use of branch.io and mailgun third party analytics software services;
  • UK GDPR mentioned as another regulation requirement for this Privacy Policy;
  • Additional items included in “Definition” Section;
  • Additional clarity on need for parental consent for those between 13 and 18 years in “Who can use the Service” Section;
  • Updated link to Wysa Cookie Policy in “Do we use Cookies?” Section;
  • Additional clarity on the retention of data
  • Additional clarity on “Do California residents have specific privacy rights?”
  • Additional clarity on “What are the controls for Do-Not-Track features?”
  • Additional clarity on changes to privacy policy
Removed
  • Section “Governing Law and Dispute Resolution” to align with EU GDPR laws