Oen · Privacy Policy · Last updated: 2026-06-03

Oen — Privacy Policy

Oen is published by Estalio Consulting Inc.("we", "us"). Oen is a contemplative-practice companion app: you write, the app responds, and over many sessions a quiet practice is built up.

Sessions in Oen are intimate by design. This policy is unusually explicit about what we do and don’t do with that content, because we think you deserve to know. If anything is unclear, email privacy [at] estalio.com.

What we collect

From you, directly:

• Your email address, when you sign in.
• The content of your sessions— the things you write to the app, and the app’s responses. We store these so you can read them later.
• Journey progress— which guided arcs you’ve started, which days you’ve completed.
• Payment metadata, if you subscribe or unlock a journey. We use Stripe; we never see your card number.
• Push notification preferences, if you enable daily nudges (opt-in only): your Expo push token, your preferred local hour, and your device timezone.

Automatically, in small amounts:

• A session cookie / secure-storage token so you stay signed in.
• Standard server logs (IP address, request path, timestamp, error codes), retained for 14 days, used for debugging and abuse prevention.

We do not run analytics, tracking pixels, advertising SDKs, or session replay tools in Oen.

What we don’t collect

• No location data.
• No contacts, photos, or device identifiers beyond what authentication and push delivery require.
• No advertising identifiers.
• No third-party tracking.
• No microphone or camera access.

How session content is processed

This is the part that matters most, so we’ll be precise.

When you write to Oen, your message is sent to Anthropic’s Claude API on a per-session basis. Anthropic returns the contemplative response, which we stream back to your device and save to your account.

Anthropic’s commitment to us (under their commercial API terms): they do not train their models on this content, they do not share it with other customers, and they retain it for a short operational window before deletion. See anthropic.com/legal for their full terms.

We do not use your session content to train, fine-tune, or evaluate any AI model. We do not read your sessions unless you explicitly ask us to (e.g. for support); we have not built any internal tooling that surfaces user content to us in aggregate.

Crisis handling

Oen is not a therapist, doctor, or crisis service. The app contains a deterministic safety filter that detects language suggesting acute distress and, when triggered, presents non-character crisis resources (including local helpline links via the Find A Helpline directory) instead of routing the message to the contemplative voice. If you or someone you know is in crisis, please reach out to a local emergency or mental-health service.

Who else sees your data

A small set of vendors processes data on our behalf:

• Supabase — stores your account, sessions, journey progress, and notification preferences.
• Anthropic — processes session messages to generate the contemplative response. Commercial API terms; no training on your content.
• Stripe — handles payment processing.
• Expo (Application Services) — delivers push notifications via the Apple Push Notification Service and Firebase Cloud Messaging if you opt in.
• Cloud hosting provider— runs the Oen API. Currently Render or a comparable provider; we’ll keep this list current as infrastructure changes.

How long we keep it

• Active accounts: as long as you use the service.
• Sessions: as long as your account exists; you may delete individual sessions in-app.
• Cancelled subscriptions: 30 days, then deleted unless you ask us to keep it.
• Account deletion on request: completed within 30 days, except records we’re legally required to keep (e.g. payment receipts for tax purposes).
• Server logs: 14 days, then rotated.

Your rights

You can:

• Access the data we hold about you.
• Export your session content.
• Delete individual sessions in-app, or your entire account by email.
• Opt out of push notifications at any time from Settings.
• Cancel your subscription at any time from the Stripe Customer Portal.

Email privacy [at] estalio.comfor anything that isn’t available in-app.

If you’re in the EU/UK, GDPR gives you additional rights. If you’re in California, CCPA gives you additional rights. Same address handles all of these.

Children

Oen is not directed at, and we do not knowingly collect data from, anyone under 18. Some content in Oen explores difficult subjects (grief, fear, loss); we don’t think it’s appropriate for minors.

Changes

If we change this policy in a way that materially affects your data, we’ll notify you by email and update the "Last updated" date above.

Contact

Estalio Consulting Inc., Ontario, Canada
privacy [at] estalio.com