Privacy Policy — Naya
Effective Date: March 2026 · Last Updated: March 2026
This Privacy Policy explains how Naya ("the App"), created by Chrysalis Leadership Studio, collects, uses, stores, and protects your personal information.
1. What We Collect
Account Information
Your name, email address, and account credentials (encrypted).
Coaching Profile
Your preferred name, threshold stage, transition contexts, and wellbeing level. Stored on your user account — only you can read or update this information.
Conversation Data
Conversations are ephemeral by default. Your coaching conversations with Naya exist in your device's memory only during the session. When you leave or close the session, unsaved conversations are permanently gone. If you choose to save a conversation, it is stored as a journal entry in the App's database with creator-only access — meaning only you can view, edit, or delete it.
Usage Data
Session timestamps and basic app interaction data.
2. How We Use Your Data
Providing coaching conversations: Your coaching profile (name, threshold stage, transition contexts) and previous session themes are sent to the AI at the start of each conversation so Naya can provide personalized coaching.
Generating session summaries: After each conversation, a summary is generated. This summary exists in memory unless you save it.
Quality assurance: On occasion, the developer (Aaron Dewald, Chrysalis Leadership Studio) may review saved conversation data to assess and improve Naya's coaching quality. Individual conversations are never shared publicly or with third parties for this purpose.
We do NOT use your data to:
- Train AI models
- Sell to third parties
- Target advertising
- Share with employers, organizations, or any external party without your explicit consent
3. How Conversations Are Processed
When you have a conversation with Naya:
- Your message is sent to the AI processing service (Claude by Anthropic) along with your coaching profile and recent conversation history from the current session.
- The AI generates a response based on your input and the coaching methodology embedded in Naya's system.
- The conversation exists in your device's memory only. It is not written to any database unless you explicitly choose to save it.
- Anthropic (Claude API) does not retain or store your conversation data and does not use it for model training, per their API terms.
Data Processing Chain
| Service | Role | Data Access |
|---|---|---|
| Base44 | App hosting & database | Stores saved journal entries and user profiles only. SOC 2 Type II, ISO 27001 certified. |
| Anthropic (Claude API) | AI processing | Processes messages in real time. Does NOT retain data or use it for training. |
| Chrysalis Leadership Studio | Developer | Database access for quality assurance. Does not share individual data externally. |
4. Where Your Data Is Stored
Saved data is stored on Base44's servers in the United States. The infrastructure is SOC 2 Type II certified, ISO 27001 certified, encrypted at rest and in transit, with Row-Level Security enforced so users can only access their own records.
5. Data Retention
Unsaved conversations are not retained. They exist in memory only and are gone when the session ends. Saved journal entries are retained as long as your account is active or until you delete them. Account and profile data are retained as long as your account exists. Upon deletion request, your data will be permanently removed within 30 days, except where retention is required by law.
6. Data Security
All saved data is encrypted at rest and in transit. Authentication is required for all access. Row-Level Security ensures users can only access their own data. The hosting platform maintains SOC 2 Type II and ISO 27001 certifications. Database access is limited to the developer and Base44 infrastructure systems.
No system is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security.
7. Third-Party Services
Base44 (hosting & database): base44.com/privacy-policy
Anthropic (AI processing): anthropic.com/privacy
We do not share your data with any other third parties, except as required by law.
8. Your Rights
You have the right to: access a copy of your personal data; request correction of inaccurate data; request permanent deletion of your account and all saved data; withdraw from using Naya at any time; and request your data in a portable format where feasible.
For EU/EEA residents (GDPR): You have additional rights including restriction of processing, objection to processing, and the right to lodge a complaint with a supervisory authority. Legal basis for processing: your consent and our legitimate interest in providing the service.
Contact: aaron@chrysalisleaders.com — we respond within 30 days.
9. Children's Privacy
Naya is not intended for anyone under 18. We do not knowingly collect data from minors.
10. AI-Specific Considerations
Your messages are sent to an external AI service (Anthropic) for real-time processing; Anthropic does not retain this data. No human reads your messages during a conversation — the exchange is entirely between you and the AI. Session summaries are AI-generated and may not perfectly capture your experience. The developer may periodically review saved data for quality assurance, not in real time, solely for improvement. AI systems can produce inaccurate, biased, or inappropriate responses — use your own judgment.
11. Changes to This Policy
We may update this policy to reflect changes in practices or legal requirements. Significant changes will be communicated within the App or via email. Continued use constitutes acceptance.
12. Contact
Chrysalis Leadership Studio
Email: aaron@chrysalisleaders.com
Web: chrysalisleaders.com
Subject line for data requests: "Naya — Data Request"