ALTERD Privacy Policy

Last Updated: March 7, 2025

1. Introduction

ALTERD LLC ("ALTERD," "we," "us," or "our") operates the ALTERD mobile application and related services (the "Services"). We respect the privacy of our users and recognize the extremely sensitive nature of information related to mental health, personal reflections, consciousness exploration, and substance use experiences. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our Services.

Data Controller: ALTERD LLC serves as the data controller for personal information collected through our Services. We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

Sensitive Data Notice: Given the nature of our Services, we may process highly sensitive personal information including mental health data, substance use experiences, and other intimate personal reflections. We implement enhanced security measures and provide additional protections for such sensitive data.

2. Legal Basis for Processing (GDPR)

If you are located in the European Union or European Economic Area, we process your personal data based on the following legal grounds:

• Consent: For processing sensitive data like mental health information and substance use experiences (Article 9(2)(a) GDPR)
• Contract Performance: To provide our Services and fulfill our obligations under our Terms of Service (Article 6(1)(b) GDPR)
• Legitimate Interests: For service improvement, fraud prevention, and business operations, where our interests don't override your rights (Article 6(1)(f) GDPR)
• Legal Compliance: To comply with legal obligations, such as data retention requirements (Article 6(1)(c) GDPR)
• Vital Interests: In emergency situations where processing is necessary to protect life (Article 6(1)(d) GDPR)

3. Information We Collect

We collect various types of information to provide and improve the Services, personalize user experiences, maintain security, and comply with legal requirements. We follow data minimization principles, collecting only data necessary for the specified purposes. The information we collect falls into the following categories:

3.1 Information You Provide Directly

• Account Registration: When you create an ALTERD account, we may collect your name, email address, username, password (hashed), and age range (to ensure you are 18 or older).
• Profile Information: You may optionally provide additional information such as preferences (e.g., interests or focus areas), and profile photo.
• User-Generated Content: We collect content you create or share within the Services, such as posts, journal entries, community forum messages, images, comments, or other materials. This may include highly sensitive information such as mental health reflections, substance use experiences, consciousness exploration reports, emotional states, and other intimate personal data.
• Payment Information: If you subscribe to premium features or otherwise make purchases through ALTERD, you may need to provide payment details (e.g., credit card info). We use third-party payment processors in compliance with industry security standards.

3.2 Information We Collect Automatically

• Usage Data: We collect information about how you interact with the Services, including features used, pages visited, and timestamps.
• Device Information: We may collect information about your device, including IP address, operating system, mobile network information, unique device identifiers, and browser type.
• Cookies and Tracking Technologies: We use cookies and similar technologies to remember your preferences, understand how you use the Services, and customize your experience. For more details, please see Section 15.

3.3 Information from Third Parties

• Linked Accounts: If you link a third-party account (such as Apple or Google) to your ALTERD account, we may receive information such as your username, email, or profile picture from these services, subject to their privacy settings.
• Service Providers: We may receive analytics data from partners or service providers (e.g., app analytics platforms) to help us understand usage and improve the Services.

3.4 Sensitive Personal Data

Special Categories of Data: Due to the nature of our Services, we may process special categories of personal data under GDPR Article 9, including:

• Mental Health Data: Information about your emotional state, psychological well-being, meditation practices, and mindfulness experiences
• Substance Use Information: Reports or discussions about legal substance use, harm reduction practices, and consciousness exploration
• Biometric Data: If you use device sensors or wearables integrated with our app, we may collect heart rate, sleep patterns, or other biometric information
• Location Data: Precise or approximate location information if you enable location services for features like finding local resources or communities

Enhanced Protections: We process sensitive data only with your explicit consent and implement additional security measures including encryption, access controls, and regular security audits.

4. How We Use Your Information

We use the information collected for the following purposes:

Providing and Maintaining the Services

• To create and manage user accounts, including authentication and security.
• To enable features like AI-driven insights, journaling, and community forums.

Personalization and AI Insights

• To deliver personalized recommendations, content, or prompts based on your preferences and usage patterns.
• To use aggregated or anonymized data to develop and refine AI models that support our creative and reflective tools. Where feasible, we de-identify or minimize personal data when training these models.

Internal Product Development

Internal Access Disclosure: ALTERD staff may occasionally review individual, private journal entries for product development and app improvement. Such access is strictly confidential, used only internally, never shared externally, and conducted under privacy controls.

Internal Product Insights: To improve the Services, ALTERD staff may review de-identified or private journal entries exclusively for app functionality and user experience enhancements. All internal access is conducted under strict confidentiality agreements. Your entries are never shared externally or used in academic research unless you opt in.

Improving the Services

• To analyze usage trends and performance metrics, diagnose technical issues, and refine user experiences.
• To develop new features and enhance existing offerings.

Communications

• To send updates about new features, enhancements, or changes to our Services or this Policy.
• To respond to user inquiries, provide technical support, or notify users of important security or account-related information.
• Subject to your marketing preferences, to send newsletters, promotional offers, or other communications that may interest you.

Safety and Compliance

• To enforce our Terms of Service, safeguard our community, and protect against unauthorized use or misuse of ALTERD.
• To comply with legal obligations, resolve disputes, or address law enforcement requests where required by law.

5. Sharing Your Information

We are committed to maintaining your trust and do not sell or rent your personal data for monetary gain. We may share your information in the following contexts:

Insight Sharing / Data Products

ALTERD may share or license aggregate, de-identified insights—for example, trends, dashboards, or research data—with trusted partners or customers. These insights never include personal identifiers or raw journal entries, and are licensed solely in accordance with relevant data protection standards.

Commercial Licensing of De-Identified Data

In addition to aggregated insights, ALTERD may license, sublicense, or sell de-identified datasets to commercial entities, including wellness companies, technology providers, AI developers, and other organizations, for lawful research, analytics, and product development. These datasets never include personal identifiers and are processed to meet recognized de-identification standards.

Distinction Between Research and Commercial Use

• Academic/IRB Research: Datasets intended for academic or IRB-approved research and public scientific publication include only entries from users who have opted in through the Research Consent process.
• Commercial Data Products: De-identified entries from all users may be included in commercial Data Products, internal analytics, and AI/ML model training, unless a user deletes their account or restricts such use through privacy settings.

Definition of De-Identified Data

"De-identified" means data that has been processed to remove direct identifiers (such as name, email, IP address, and precise location) and modified, generalized, or aggregated to a level that prevents re-identification when combined with other reasonably available information. ALTERD follows recognized de-identification standards, such as HIPAA Safe Harbor and GDPR anonymization guidelines, and may engage third-party auditors to verify compliance.

Service Providers

We engage trusted third parties (e.g., payment processors, hosting providers, analytics services) to perform essential functions on our behalf. These providers only receive the information necessary to fulfill their services and must adhere to strict confidentiality obligations.

Community Visibility

Content you share in community forums or other publicly accessible areas of the Services may be visible to other users or, in some cases, the general public. Please use caution when sharing personal or sensitive information in these spaces.

Legal Requirements and Protection

We may disclose information if required by law, court order, or government request. We may also share data when necessary to investigate or take action regarding potential illegal activities, suspected fraud, threats to personal safety, violations of our Terms, or as evidence in litigation.

Business Transfers

If we undergo a merger, acquisition, dissolution, restructuring, or similar transaction, user information may be transferred as part of the business asset. We will notify you of any such changes and your rights via email or by posting a prominent notice within the Services.

Consent

We may share your information with third parties if you explicitly grant permission or request such sharing (e.g., linking your ALTERD data to another app).

6. Data Security

We take the security of your data seriously and implement comprehensive administrative, technical, and physical safeguards to protect against unauthorized access, misuse, loss, or alteration of your personal information. Our security measures include:

• Encryption: All sensitive data is encrypted in transit (TLS 1.3) and at rest using industry-standard AES-256 encryption
• Access Controls: Role-based access controls and multi-factor authentication for all staff accessing user data
• Data Segregation: Sensitive personal data is stored separately from less sensitive information
• Regular Security Audits: Third-party security assessments and penetration testing conducted annually
• Incident Response: Comprehensive incident response plan with immediate breach notification procedures
• Employee Training: Regular privacy and security training for all employees handling personal data
• Data Minimization: We collect and retain only the minimum data necessary for our Services

Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

• Notify affected users within 72 hours of discovering the breach
• Report to relevant data protection authorities as required by law
• Provide clear information about what data was involved and steps being taken
• Offer appropriate support and remediation measures

While we implement industry-leading security measures, no system is 100% secure. If you suspect any unauthorized access to or misuse of your account, please contact us immediately at hello@alterd.me.

7. Your Rights and Choices

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

GDPR Rights (EU/EEA Users)

• Access: Request a copy of personal data we hold about you
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your personal information ("right to be forgotten")
• Restriction: Limit how we process your personal data
• Data Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Consent Withdrawal: Withdraw consent for sensitive data processing at any time
• Automated Decision-Making: Object to automated decision-making, including AI profiling

California Privacy Rights (CCPA/CPRA)

California residents have additional rights:

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Equal service and pricing regardless of privacy choices
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information to necessary purposes

General Rights

• Opt-Out of Marketing: Unsubscribe from promotional communications while still receiving service-related messages
• Cookie Preferences: Manage cookie settings through your browser or our preference center
• Account Deletion: Delete your account and associated data through app settings

Opt-Outs and Data Use Preferences

Research Participation (In-App Control)

You may choose to participate in ALTERD-supported academic or IRB-approved research projects by enabling the Research Participation setting in the app. This setting allows ALTERD to include your de-identified entries in formal research datasets with results intended for scientific publication. You can change this setting at any time in Settings ▸ Privacy.

Other Data Uses (Email Request)

ALTERD also uses de-identified entries to operate and improve the Services, train AI models, and create aggregated insights or commercial data products, as described in this Privacy Policy. If you would like to request that your future entries be excluded from these uses, please email hello@alterd.me with the subject line "Data Use Request" from the email address associated with your account. Upon verifying your identity, we will apply your request to future processing.

Please note:

• This process does not remove data already included in past anonymized exports or published studies.
• Opting out of commercial data uses will not affect your access to core app functionality.

Exercising Your Rights

To exercise these rights, contact us at hello@alterd.me or through the in-app privacy settings. We will:

• Respond within 30 days (or 45 days for complex requests)
• Verify your identity before processing requests
• Provide clear information about any limitations or exceptions
• Not discriminate against you for exercising your rights

8. Data Retention

We retain personal information for as long as it is needed to provide the Services, comply with legal obligations, resolve disputes, or enforce our agreements. We follow data minimization principles and retain data only for specified purposes.

Retention Periods

• Account Data: Retained while your account is active and for up to 7 years after closure for legal compliance
• Journal Entries: Retained until you delete them or close your account
• Community Content: Retained until you delete it, with backups purged within 90 days
• Analytics Data: Aggregated and anonymized data may be retained indefinitely for service improvement
• Financial Records: Retained for 7 years as required by law
• Support Communications: Retained for 3 years for quality assurance

Deletion Process

Account Closure: When you delete your account, we will:

• Immediately disable your account and stop collecting new data
• Delete or anonymize your personal information within 30 days
• Retain certain data only as required for legal compliance or legitimate business interests
• Provide confirmation of deletion upon request

Community Content: Content you have posted in public areas may remain accessible if other users have stored, copied, or otherwise preserved it, even after your account is deleted. We cannot control how others use publicly shared content.

9. International Data Transfers

ALTERD LLC is headquartered in Delaware, United States, and your personal data may be processed and stored on servers located in the United States or other countries, which may have data protection laws different from those in your jurisdiction.

Transfer Safeguards

When transferring personal data internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs): EU-approved contracts ensuring adequate protection
• Adequacy Decisions: Transfers only to countries with adequate data protection laws
• Binding Corporate Rules: Internal policies ensuring consistent data protection standards
• Certification Schemes: Compliance with recognized privacy certification programs

Cross-Border Data Flow

Your data may be accessed by our service providers and team members in various countries for:

• Technical support and maintenance
• Customer service operations
• Security monitoring and incident response
• Legal compliance in relevant jurisdictions

We ensure all international data transfers comply with applicable data protection laws and maintain the same level of protection required in your home jurisdiction.

10. Children's Privacy

ALTERD is intended only for individuals aged 18 and older. We do not knowingly collect or solicit personal information from anyone under 18. If we learn that a user under 18 has registered or provided us with personal information, we will take steps to remove such data promptly. If you believe a minor has shared personal information with us, please contact us immediately.

11. Community Features and Data Sharing

Our community features allow users to share experiences, reflections, or other content about altered states of consciousness. Please note:

• Visibility: Content shared in public forums, group discussions, or community feeds may be visible to other users and, in some cases, to the general public.
• Moderation: We monitor community content for compliance with our Terms of Service and to protect users from harmful or inappropriate materials. However, we cannot guarantee that content shared by users will remain private, even if posted in a "members-only" setting.
• User Control: You have the option to delete or edit the content you've posted, but copies of your content or references to it may still exist if other users have downloaded, stored, or shared it outside the Services.

12. External Links and Third Parties

The Services may contain links to third-party websites, services, or plug-ins that we do not control. This Policy does not apply to the privacy practices of these external parties. We encourage you to review the privacy policies of any third-party services you visit or use.

13. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, applicable laws, or the Services themselves. When we post changes, we will revise the "Last Updated" date at the top of this page. In the event of material changes, we may provide additional notice (e.g., via email or an in-app notification). Your continued use of the Services following any update signifies your acceptance of the revised Policy.

14. AI and Automated Decision-Making

Our Services use artificial intelligence and machine learning technologies to provide personalized insights, content recommendations, and automated features.

AI Processing

• Content Analysis: AI analyzes your journal entries to provide insights and summaries
• Personalization: Machine learning algorithms customize your experience based on usage patterns
• Content Moderation: Automated systems help detect and prevent harmful content
• Risk Assessment: AI may flag content suggesting crisis situations for human review

Your Rights Regarding AI

• Request information about AI decision-making that affects you
• Object to automated processing in certain circumstances
• Request human review of automated decisions
• Opt out of AI-powered features where technically feasible

15. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance your experience and analyze usage patterns.

Types of Cookies

• Essential Cookies: Required for basic functionality and security
• Performance Cookies: Help us understand how you use our Services
• Functional Cookies: Remember your preferences and settings
• Targeting Cookies: Used for personalized content and advertising (with consent)

Managing Cookies

You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may limit functionality.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you can reach us at:

Email: hello@alterd.me
Data Protection Officer: Available upon request for EU/EEA inquiries
Mailing Address: Available upon request for formal notices

Regulatory Contacts

If you are located in a jurisdiction that grants specific rights regarding personal data handling, you may also have the right to contact your local data protection authority:

• EU/EEA: Your local Data Protection Authority
• California: California Attorney General's Office
• Other jurisdictions: Relevant privacy regulatory body

Thank you for trusting ALTERD with your personal information. We appreciate your cooperation in keeping our community a safe, respectful, and enriching space for exploring altered states of consciousness in a responsible manner.