Privacy promise
Your story, your control.
Pregnancy is intimate. So we wrote this in plain English. Here's exactly what we do, what we don't, and how to wipe everything in one tap.
The seven promises
Encrypted at rest + in transit
AES-256 on disk, TLS 1.3 in flight. Even our engineers can't read your chat history without a multi-step audit trail.
Stored in EU or US — your pick
Pick at signup. We use Supabase (Frankfurt or N.Virginia) — never China, never anywhere with weak data laws.
Never used to train AI models
Your messages don't make it into anyone's training data. We hold a contract with OpenAI, Anthropic, and Moonshot that explicitly excludes us.
No ads, no third-party trackers in chat
The marketing site has analytics (PostHog, Plausible). The app itself is ad-free, tracker-free.
Delete everything in one tap
Settings → Delete account. Wipes chats, journals, voice clips, photos, embeddings — irreversibly within 24 hours.
Export anytime
Settings → Export → JSON or PDF. Take your full history with you, no questions, no waiting list.
HIPAA-aligned (we're not a covered entity yet — we follow the standard)
Denny is not a medical provider, so HIPAA legally doesn't apply — but we follow its standard for storage, access logs, and breach notification. If we partner with an OB practice in v2, we'll be covered too.
The data flow — what happens when you ask Denny something
- 1
You ask
Message arrives at our edge in Frankfurt or N. Virginia, encrypted end-to-end.
- 2
We classify
Local intent router decides: knowledge / emotional / safety / urgent — without seeing your name.
- 3
We retrieve
Our knowledge base (52 trusted sources, embedded) is searched. Nothing about you is sent yet.
- 4
We respond
Anonymized prompt → LLM. Reply comes back. Your name + week + memory are stitched in *only on your device*.
- 5
We forget what we don't need
Raw photos auto-purge after 14 days. Voice clips auto-purge after 7 days. Chat history is yours forever — unless you delete it.
Sub-processors (the companies we trust with your data)
| Company | Why |
|---|---|
| Supabase | DB + auth + storage |
| Vercel | Web hosting + CDN |
| Stripe | Payments only |
| OpenAI | AI inference (anonymized prompts) |
| Anthropic (Claude) | AI inference (sensitive responses) |
| Moonshot Kimi | AI inference (knowledge queries) |
| Resend | Transactional email |
| PostHog | Marketing analytics (no chat data) |
GDPR rights · CCPA rights · everywhere else
Access
See everything we have on you. Settings → Export.
Erasure
Delete it all. Settings → Delete account.
Portability
JSON / PDF export, anytime.
Rectification
Edit your name, week, due date — any field.
Object / restrict
Pause memory anytime in Settings → Memory.
Complaint
EU: your local DPA. US: California AG. Anywhere: hello@hellodenny.com first.
A note from Mikhail
My wife was the first user. So this isn't a corporate policy I copy-pasted. I built Denny to handle data the way I'd want hers handled — minimal, encrypted, and fully under your control. If anything here ever feels off, write me directly: hello@hellodenny.com.
Operated by
Novablaze Technologies LLC
Delaware, USA · 2026