Last updated: 15 May 2026

Privacy Policy

Assay is a private companion you can talk to about anything — including the parts of your life you don't share with anyone else. This policy explains how we handle your personal data, and what we will and won't do with it.

1. Who we are

The data controller responsible for your personal data is the operator of Assay. You can contact us at [email protected].

2. What data we collect and why

We collect and process the following categories of data:

Purposes: We use your data to provide the Assay service (chat, memory, continuity), to manage your account and subscription, and to improve the product within the scope described here. We do not use your data for advertising or sell it to third parties.

3. Lawful basis

We process your personal data primarily on the basis of contract: the processing is necessary to perform our agreement with you (to provide the Assay service, memory, and billing). Where we rely on another lawful basis (e.g. legitimate interest for security or product improvement), we ensure it is documented and balanced with your rights.

4. Who we share data with

We use the following processors, who process data on our instructions:

We do not sell your data or share it with third parties for their marketing. We do not use your conversations or memories for advertising.

5. Retention

We keep your data for as long as your account is active. When you delete your account (via Settings → Account → Delete account), we delete your profile, conversations, messages, memories, notification data, and all related data. Deletion is performed immediately and is completed no later than 30 days from your request. After that, we do not retain your personal data for the purposes of the service. We may retain limited data where required by law (e.g. accounting) for the period mandated by applicable rules.

6. Your rights

Under the GDPR (and similar laws), you have the right to:

We respond to all requests within one month (GDPR Art. 12(3)). If you are in the EU/EEA and believe we have not complied with data protection law, you have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Integritetsskyddsmyndigheten (IMY) (imy.se).

7. Cookies

We use session cookies (and similar technologies) that are strictly necessary for authentication and the operation of the service. We do not use cookies for advertising or third-party tracking. If we introduce non-essential cookies (e.g. analytics) in the future, we will describe them here and, where required by law, obtain your consent.

8. AI and memories

Assay is an AI-driven service. The "memories" we store are inferred from your conversations — they are structured facts (e.g. preferences, goals, events), not verbatim transcripts. We use them only to give you a better experience (continuity and personalisation across sessions). We do not use the system to make automated decisions that have legal or similarly significant effects on you (e.g. credit, legal advice). The system is not always accurate; you can correct or delete any memory at any time.

We do not train AI models on your data. Your conversations and memories are not used to train any AI model — ours or any third party's. Our AI subprocessors (Anthropic and OpenAI) operate under API terms that exclude using customer content for training.

Safety detection. Before generating a reply, we run an automated check for indications of acute crisis (e.g. self-harm). If the check triggers, we may interrupt the normal reply and surface emergency and professional resources, and we log that the trigger occurred for safety auditing. We do not use crisis-flagged content for any other purpose, and it is never used for training.

9. Voice mode

Voice mode lets you talk to Assay out loud instead of typing. When you use it, your spoken words travel through a speech-to-text provider (Deepgram) so they can be converted into text, and the assistant's reply text is sent to a text-to-speech provider (OpenAI) so it can be played back to you as audio.

Both providers are configured to operate in no-retention mode: they do not store your audio after the request completes. We also never store your raw audio. Only the resulting text transcript is saved, and it is treated identically to a typed message — same memory extraction, same incognito controls if you have incognito turned on, same delete behaviour. If you delete your account, voice transcripts are removed alongside everything else.

You can leave voice mode at any time by tapping the close button; your conversation is preserved as text. Voice mode is rate-limited per account (a per-window cap on mic-open minutes) to protect against runaway costs from a misbehaving client.

10. No ads, no selling data

We do not use your personal data, conversations, or memories for advertising. We do not sell or share your data with third parties for their marketing purposes. Our revenue comes from your subscription (Assay Core and Max plans).

11. Changes and contact

We may update this Privacy Policy from time to time. We will post the updated version on this page and, for material changes, we will notify you (e.g. by email or a notice in the app). The "Last updated" date at the top indicates when the policy was last revised.

For any privacy-related request or question, contact us at [email protected].

← Back to Assay