Harmony AI

Privacy Policy

Last updated: April 3, 2026

Contents

  1. Introduction
  2. Data Controller
  3. Personal Data We Collect
  4. Legal Basis for Processing
  5. How We Use Your Data
  6. AI and Automated Processing
  7. Data Sharing and Third Parties
  8. International Data Transfers
  9. Data Security
  10. Data Retention
  11. Your Privacy Rights
  12. Cookies
  13. Age Requirement
  14. Changes to This Policy
  15. Contact Us

1. Introduction

ADHD Harmony B.V. ("ADHD Harmony," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Harmony AI, accessible at app.adhdharmony.com and related services (collectively, the"Service").

This Privacy Policy applies to all users of our Service, including those in the European Union/European Economic Area (EU/EEA), United Kingdom, and worldwide. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller Information

For the purposes of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws, the data controller responsible for your personal data is:

ADHD Harmony B.V.

KvK Number: 99768070

Email: info@adhdharmony.com

Website: adhdharmony.com

Registration: Chamber of Commerce (KvK), Netherlands

For any privacy-related inquiries, data access requests, or complaints, please contact us at info@adhdharmony.com.

3. Personal Data We Collect

We collect personal data that you provide directly, data generated through your use of our Service, and data from third-party integrations you authorize.

3.1 Data You Provide Directly

CategoryData TypesPurpose
Account InformationEmail address, password (encrypted/hashed)Account creation and authentication
Profile InformationName, date of birth, location, pronouns, occupation, industry, work style, goals, challenges, communication preferencesPersonalization of AI coaching experience
Chat ConversationsMessages exchanged with AI agents (Sage, Coach, Guide)Providing AI coaching and support
Daily Check-insMood, energy, focus, happiness, calmness, motivation scores (1-10); activities completed; personal reflectionsWellness tracking and pattern identification
Worksheet ResponsesAnswers to guided exercises and self-assessmentsPersonal development support
Knowledge Base ContentDocuments (PDFs), notes, and files you upload to your personal libraryPersonal knowledge management and AI context

3.2 Data from Third-Party Integrations

If you choose to connect your Google account, we access and store the following data with your explicit consent:

  • Google Tasks: Your task lists and individual tasks (read and write access to display and manage within the app)
  • Google Calendar: Calendar events to help you manage your schedule (read access and ability to create events)

Important: We only access the specific Google services you authorize. We do not access your Gmail, Google Drive (except documents you explicitly upload), contacts, or other Google services. You can revoke Google access at any time through your account settings or at Google Account Permissions.

3.3 Automatically Collected Data

When you use our Service, we automatically collect:

  • Technical Data: IP address, browser type and version, device type, operating system, time zone, and language preferences
  • Usage Data: Pages visited, features used, click patterns, session duration, and interaction data
  • Location Data: Approximate location derived from IP address (city/country level only)

3.4 Sensitive Personal Data (GDPR Article 9)

Our Service is designed for individuals with ADHD. By creating an account and using our wellness features, you share health-related data that qualifies as "special category data" under GDPR Article 9. This includes:

  • ADHD-related information: Your experiences, challenges, coping strategies, and goals shared in your profile and conversations
  • Daily check-in scores: Mood, energy, focus, happiness, calmness, and motivation ratings
  • Personal reflections: Notes about your mental and emotional state
  • AI-derived insights: Patterns and trends identified by our AI from your wellness data

We process this data based on your explicit consent, which you provide during account registration. This consent is required to use the Service, as processing health-related data is integral to providing the personalized AI coaching that is the core purpose of ADHD Harmony.

This data is processed with the highest care and security, and solely to provide you with personalized coaching and wellness support. You may withdraw your consent at any time by deleting your account, which will result in the deletion of all your personal data within 30 days.

Under the GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:

Legal BasisProcessing Activities
Contract Performance
(Art. 6(1)(b) GDPR)
  • Creating and managing your account
  • Providing AI coaching and chat functionality
  • Processing check-ins and worksheets
  • Managing your knowledge base
  • Syncing Google Tasks and Calendar (when connected)
Explicit Consent
(Art. 6(1)(a) & Art. 9(2)(a) GDPR)
  • Processing health-related and wellness data (consent provided at account registration)
  • Connecting third-party accounts (Google)
  • Marketing communications (if applicable)
Legitimate Interests
(Art. 6(1)(f) GDPR)
  • Improving and optimizing our Service
  • Ensuring security and preventing fraud
  • Analyzing usage patterns (anonymized)
  • Providing customer support
Legal Obligation
(Art. 6(1)(c) GDPR)
  • Complying with applicable laws and regulations
  • Responding to lawful requests from authorities
  • Tax and accounting record retention

You may withdraw your consent at any time for processing activities based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.

5. How We Use Your Data

We use your personal data for the following purposes:

5.1 Service Delivery

  • Provide, maintain, and operate the Harmony AI platform
  • Personalize your AI coaching experience using your profile and conversation history
  • Generate insights and patterns from your check-ins and worksheets
  • Enable AI agents to reference your knowledge base for context
  • Display and manage your Google Tasks and Calendar events
  • Provide body doubling features with voice/video capabilities

5.2 Communication

  • Send essential service notifications and updates
  • Respond to your support requests and inquiries
  • Send marketing communications (only with your explicit consent)

5.3 Improvement and Analytics

  • Analyze usage patterns to improve features and user experience
  • Identify and fix technical issues
  • Develop new features based on aggregate usage insights

5.4 Security and Legal

  • Protect against unauthorized access and fraud
  • Enforce our Terms of Service
  • Comply with legal obligations

Important: We do NOT sell your personal data to third parties.

6. AI and Automated Processing

Harmony AI uses artificial intelligence to provide personalized coaching and support. This section explains how AI processes your data.

6.1 How AI Is Used

We use AI technology (specifically Anthropic's Claude and OpenAI) to:

  • Analyze your messages and provide contextual, helpful responses
  • Reference your knowledge base documents to give informed answers
  • Generate insights based on your check-ins and worksheets
  • Personalize coaching based on your profile information
  • Create conversation titles and summaries
  • Transcribe voice recordings to text (using OpenAI Whisper)

6.2 No Training on Your Data

Your data is NOT used to train AI models.

We use AI APIs (Anthropic Claude and OpenAI) solely to process your requests and generate responses. Your personal data, conversations, and documents are not used by us or our AI providers to train, improve, or develop AI models. This is enforced through our API agreements with these providers.

6.3 Human Oversight

While AI processes your requests, all coaching frameworks, system prompts, and safety guidelines are designed and maintained by humans. The AI operates within defined boundaries and includes safety protocols for crisis situations.

6.4 No Automated Legal Decisions

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects concerning you. The AI provides coaching and suggestions only. All decisions remain yours.

6.5 Your Rights Regarding AI Processing

Under GDPR Article 22, you have the right to:

  • Request information about the logic involved in AI processing
  • Request human review of AI-generated insights
  • Object to certain forms of automated processing

7. Data Sharing and Third Parties

We share your personal data only as necessary to provide our Service and as described below. We never sell your data.

7.1 Service Providers

We work with trusted third-party service providers who process data on our behalf:

ProviderPurposeData SharedLocation
SupabaseDatabase and authenticationAll account and application dataEU (AWS Frankfurt)
Anthropic (Claude)Primary AI processingMessages, profile context, knowledge base contentUSA (with DPA)
OpenAISecondary AI processingMessages for specific features (titles, artifacts)USA (with DPA)
VercelHosting and analyticsTechnical/usage data, file storageGlobal (Edge network)
LiveKitVoice/video for body doublingReal-time audio/video streams (not stored)USA
GoogleTasks and Calendar integrationOAuth tokens (encrypted)Global
ResendTransactional email deliveryEmail addresses, email contentUSA (DPF certified)
Kit (ConvertKit)Waitlist managementEmail addressesUSA (DPF certified)
Cal.comBooking and schedulingAttendee name, email, event dataGlobal

All service providers are bound by data processing agreements (DPAs) and are required to process data only as instructed and implement appropriate security measures.

7.2 Legal Requirements

We may disclose your data if required by law or when we believe:

  • It's necessary to comply with a legal obligation
  • It's necessary to protect our rights, property, or safety
  • It's necessary to investigate potential violations of our Terms

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

7.4 Aggregated Data

We may share aggregated, anonymized data that cannot identify you for research or statistical purposes.

7.5 Conversion Measurement

Our marketing landing page at adhdharmony.com/the-catalyst uses Meta Pixel to measure the effectiveness of our advertising campaigns. When you visit this landing page, Meta may collect:

  • Page view data
  • Browser and device information
  • IP address

If you book a call through this page, we share hashed (pseudonymized) versions of your email address and first name with Meta for conversion measurement purposes.

Important: Meta Pixel is only used on our marketing landing page. It is not present in the ADHD Harmony application at app.adhdharmony.com and does not track your use of our Service.

You can opt out of Meta's advertising by adjusting your ad preferences at facebook.com/adpreferences or by using browser privacy tools that block tracking scripts.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework (DPF): Several of our US-based service providers are certified under the EU-US Data Privacy Framework, recognized by the European Commission as providing an adequate level of data protection (Adequacy Decision of July 10, 2023)
  • Standard Contractual Clauses (SCCs): We use EU-approved SCCs with our service providers as supplementary safeguards
  • Data Processing Agreements: All providers have binding DPAs with GDPR-compliant terms
  • Supplementary Measures: Including encryption in transit and at rest

For transfers to the US, our AI providers (Anthropic, OpenAI) have committed to not using your data for training and to deleting processed data within their retention windows.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest
  • Password Security: Passwords are hashed using industry-standard algorithms (bcrypt)
  • Access Controls: Strict access controls and authentication for all systems
  • Secure Infrastructure: We use enterprise-grade cloud providers with SOC 2 certification
  • Regular Updates: Systems are regularly updated and patched
  • Monitoring: Continuous security monitoring and logging

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any breach as required by law.

10. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Data TypeRetention Period
Account and profile dataAs long as your account is active
Chat conversationsAs long as your account is active (you can delete individual chats)
Check-ins and worksheetsAs long as your account is active
Knowledge base contentUntil you delete it or close your account
Google integration tokensUntil you disconnect the integration
Usage analytics26 months (anonymized after 14 months)

Account Deletion: When you delete your account, we will delete your personal data within 30 days, except where we are legally required to retain it (e.g., for tax or legal compliance purposes).

11. Your Privacy Rights

Under the GDPR and other applicable laws, you have comprehensive rights regarding your personal data:

11.1 Rights for All Users

RightDescription
AccessRequest a copy of your personal data we hold
RectificationCorrect inaccurate or incomplete data
Erasure ("Right to be Forgotten")Request deletion of your personal data
Data PortabilityReceive your data in a structured, machine-readable format
Restriction of ProcessingLimit how we use your data in certain circumstances
Object to ProcessingObject to processing based on legitimate interests
Withdraw ConsentWithdraw consent for processing based on consent

11.2 How to Exercise Your Rights

You can exercise your rights by:

  • In-App: Use account settings to update profile, delete chats, disconnect integrations, or delete your account
  • Email: Contact us at info@adhdharmony.com

We will respond to your request within 30 days (extendable by 60 days for complex requests). We may ask you to verify your identity before processing your request.

11.3 Right to Lodge a Complaint

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with a supervisory authority:

Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

Website: autoriteitpersoonsgegevens.nl

Phone: +31 (0)88 - 180 5250

12. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

In summary, we use:

  • Essential Cookies: Required for authentication and core functionality (cannot be disabled)
  • Analytics Cookies: Help us understand how you use our Service (Vercel Analytics)

We do not use advertising or tracking cookies within our application at app.adhdharmony.com. Our marketing landing page uses Meta Pixel for conversion measurement (see Section 7.5). For full details, please see our Cookie Policy.

13. Age Requirement

Our Service is intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you are a parent or guardian and become aware that your child has provided us with personal data, please contact us immediately at info@adhdharmony.com. We will take steps to delete such information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification of Changes: For significant changes, we will:

  • Post a prominent notice on our website
  • Send you an email notification (if you have an account)
  • Request your consent if required for new processing activities

We encourage you to review this Privacy Policy periodically. The"Last updated" date at the top indicates when the policy was last revised.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ADHD Harmony B.V.

KvK Number: 99768070

Privacy Inquiries: info@adhdharmony.com

General Contact: info@adhdharmony.com

Website: adhdharmony.com

We have conducted a Data Protection Impact Assessment (DPIA) for our processing of health-related data through AI systems, as required by GDPR Article 35. This assessment is available to the Dutch Data Protection Authority upon request.

By using Harmony AI, you acknowledge that you have read and understood this Privacy Policy.