Privacy Policy for Shy Guru Adviser: Secure Mental Health Support
Effective Date: April 6, 2025
At Shy-Guru.com (“we”, “our”, or “us”), we understand that sharing your thoughts can feel vulnerable, especially when seeking mental health support. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services, including Shy Guru Adviser. We’re committed to safeguarding your privacy with the utmost care, ensuring you feel safe and supported on your journey.
Why This Matters to You
As a platform dedicated to emotional wellbeing, we know how important it is for you to trust that your personal information is secure. Whether you’re sharing your feelings with Shy Guru Adviser or simply browsing our site, we prioritize your privacy at every step. Take a moment to explore how we protect your data, and feel free to reach out if you have any questions.
1. Information We Collect
- Account Information: When you register an account, we collect your email address and password to create a secure profile for you.
- Chat Data: When you use Shy Guru Adviser, we store your messages and AI responses to personalize your experience and enable session memory, ensuring continuity in your journey.
- Payment Information: All payments are processed securely via Stripe. We do not store your full credit card information but may retain basic transaction metadata, such as your Stripe customer ID, to manage subscriptions.
- Usage Data: We collect anonymized information about how users interact with the website, such as page visits and feature usage, to improve our services. This may include tools like Google Analytics, but no personally identifiable data is collected.
2. How We Use Your Data
- To provide and maintain the Shy Guru Adviser service, ensuring you have a seamless and supportive experience.
- To personalize your experience by enabling chat history, so Shy Guru Adviser can remember your journey and offer meaningful reflections.
- To manage subscriptions, credits, and payments, making sure you can access the support you need.
- To improve and troubleshoot the platform, helping us better serve you and others.
- To send transactional or important service-related messages, such as account updates or subscription reminders.
3. Data Storage and Retention
Your chat messages and profile data are stored securely on our servers using AES-256-CBC encryption with user-specific keys. Each user receives a unique encryption key (stored in wp_usermeta as shy_guru_encryption_seed), combined with your user ID, to protect your data in our custom tables (wp_shy_guru_chat and wp_shy_guru_profile). This encryption is handled server-side with PHP’s openssl_encrypt/decrypt and client-side with CryptoJS for real-time chat.
We retain your data for as long as your account remains active or as needed for operational purposes. Chat data is retained for 12 months after account deactivation unless you request deletion earlier. You can request deletion of your data at any time by contacting us.
4. Data Sharing
We do not sell or rent your data. Your information is only shared with trusted partners under strict conditions:
- Service Providers: We share data with Stripe for payment processing and OpenAI for generating chat responses. Messages sent to OpenAI are processed to create responses but are not stored by them, and we ensure strict privacy measures are in place.
- Legal Authorities: We may share data if required by law or to protect our rights, users, or the public, but only to the extent necessary.
5. International Data Transfers
If you’re located outside the United States, your data may be transferred to and processed in the United States, where our servers and service providers (e.g., OpenAI) are located. We ensure these transfers comply with applicable laws, such as GDPR, using standard contractual clauses and other safeguards to protect your information.
6. Cookies
We use essential and analytics cookies to enhance your browsing experience and understand how our site is used. You can manage your cookie preferences through your browser settings at any time. Learn more in our Cookie Policy.
7. Data Security
We take your data security seriously. In addition to AES-256-CBC encryption, we implement industry-standard measures like secure server protocols (HTTPS), regular security audits, and access controls to protect your personal information. However, no method of transmission over the internet is 100% secure, and while we strive to protect your data, we cannot guarantee absolute security.
8. Children’s Privacy
Our service is not intended for individuals under 13 years of age, in compliance with the Children’s Online Privacy Protection Act (COPPA). In certain regions, such as those under GDPR, users under 16 may require parental consent to use our services. We do not knowingly collect personal information from children, and if we learn such data has been collected, we will delete it promptly.
9. Your Rights
We respect your control over your personal information. Depending on your location, you have the following rights under laws like GDPR and CCPA:
- Access or update your information to ensure it’s accurate.
- Request deletion of your data at any time.
- Request a copy of your data (data portability).
- Object to or withdraw consent for data processing, which may disable your account if processing is necessary for service delivery.
- Lodge a complaint with a data protection authority if you believe your rights have been violated.
To exercise these rights, please contact us at [email protected]. We’ll respond within 30 days, as required by law.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we’ll update the “Effective Date” at the top of this page. If the changes are significant, we’ll notify you via email or a notice on our website. Your continued use of our services after the updated policy takes effect implies acceptance of the changes.
11. Contact Us
If you have questions about this Privacy Policy or how we handle your personal data, we’re here to help. Please contact us at: [email protected].