Privacy Policy

Effective June 1, 2026

Draft — pending legal review. This document is not yet a binding legal agreement.

Your sessions are some of the most private things you have. This page explains, in plain English, what Sesh collects, who processes it, how it's protected, and the control you have over it. The short version: your content is yours, it's encrypted, and we never sell it or share it for advertising.

What we collect

  • Account info — your name and email, provided when you sign in with Google
  • Session recordings — the audio you upload from your therapy or coaching sessions
  • Transcripts and summaries — the text and AI-generated summary derived from your recordings
  • Basic usage analytics — how you use the app (pages, actions, errors) so we can keep it working

We do not collect more than we need to run the service, and we never put your session content into a URL, search param, or anything shareable by accident.

How we use it

We use your data for one thing: to provide Sesh. That means storing your recordings, transcribing and summarizing them, powering your between-session chat, sending you essential emails, and keeping the app reliable. We do not sell your data, and we do not share it for advertising. Your session content is never used to train AI models.

Who processes your data

To run Sesh, we rely on a small set of trusted service providers (“sub-processors”). Each one handles a specific job and only receives the data needed to do it:

  • Supabase Encrypted storage and database, hosted on AWS — where your recordings, transcripts, and account live
  • Deepgram Transcribes your session audio into text
  • Anthropic (Claude) Generates your session summary and powers the between-session chat
  • Resend Sends transactional email (sign-in, account, and service notices)
  • Vercel Hosts and serves the Sesh application
  • Stripe Will process payments when paid billing launches (not active yet)

Your data is processed by these providers solely to deliver the service. It is never sold or shared for advertising.

How we protect it

Your data is encrypted in transit and at rest. We use row-level security at the database, which means each account can only ever access its own recordings, transcripts, and summaries — not anyone else's, and not ours to browse casually. Audio links are signed and short-lived.

Your control

You're in charge of your data. At any time you can:

  • Delete any individual recording, transcript, or summary
  • Delete your entire account and everything in it
  • Email us at hello@getsesh.ai with any data request

Deletion is permanent. Once you delete content or your account, it's gone and can't be recovered.

Recording consent

Recording a session is your responsibility. Consent laws vary by state — some require one party's consent, others require everyone's. Before each upload, Sesh asks you to confirm your therapist or coach knows you're recording. Please make sure you have the right to record before you do.

Not medical, not therapy

Sesh is a note-taking and reflection tool — not therapy, not medical advice, and not a crisis service. It doesn't diagnose or treat. Sesh is not a HIPAA-covered entity and does not sign Business Associate Agreements (BAAs). In a crisis, contact your provider or call or text 988.

Children

Sesh is for adults. You must be 18 or older to use it, and we don't knowingly collect data from anyone under 18.

Changes to this policy

If we make a material change to how we handle your data, we'll give you reasonable notice by email or in the app before it takes effect.

Contact

Questions about your privacy or your data? Email hello@getsesh.ai. You can also review our Terms of Service.