Privacy Policy
Note: this document is a good-faith template and should be reviewed by a qualified lawyer before commercial use — especially regarding health data.
At Her-OS, your privacy is at the heart of the product. This policy explains what data we process, why, and the rights you have. Her-OS is a service operated by FLEECE AI (see the legal notice).
Data controller
The data controller is FLEECE AI, a French SASU registered with the Clermont-Ferrand Trade and Companies Register under SIREN 932 329 188, with its registered office at 10 rue Pierre Poisson, 63400 Chamalières, France. For any question about your data: contact@fleeceai.agency.
Data we process
Depending on how you use Her-OS, we may process:
| Category | Examples | Why |
|---|---|---|
| Account | email address, login identifier | create and secure your account |
| Profile | first name, color analysis, wardrobe | personalize recommendations |
| Health data (sensitive) | cycle dates, symptoms, menopause status, intimate-health conversations | offer tailored tracking and content |
| Productivity | tasks, mental load, career preps | run the matching spaces |
| Conversations | messages exchanged with the AI companions | generate responses |
| Voice & images | audio (text-to-speech), color-analysis selfie | voice features and color analysis |
| Subscription | payment customer identifier | manage your subscription |
| Usage | page views, aggregated usage events | improve the service |
Health data falls under special categories (GDPR Art. 9): we process it only on the basis of your explicit consent, which you can withdraw at any time.
Legal bases
- Performance of a contract: providing the service you request (account, spaces, AI).
- Consent: health data and any marketing communications.
- Legitimate interest: security, fraud prevention, aggregated analytics.
- Legal obligation: accounting and tax requirements.
Processors and hosting
We rely on carefully selected, contractually bound providers:
| Provider | Role | Location |
|---|---|---|
| Neon | database | European Union |
| Vercel | hosting & analytics | global / United States |
| OpenAI | AI generation, vision, text-to-speech | United States |
| Stripe | payments & subscriptions | United States / global |
| Resend | transactional email | United States |
| Google sign-in (optional) | United States |
Transfers outside the EU are governed by Standard Contractual Clauses (SCCs). The color-analysis selfie and voice audio are processed to produce the result and are not retained for other purposes.
Cookies
We use strictly useful cookies: language preference (her_lang), guest session and companion choice, and a session cookie once you are signed in. Our analytics (Vercel Analytics) is privacy-friendly and sets no advertising cookie.
Retention
Your data is kept while your account is active. You can erase everything at any time from the "Me" space ("Erase my data"). Some data may be retained for the period required by law (billing).
Your rights
Under the GDPR, you have the rights of access, rectification, erasure, portability, restriction and objection, as well as the right to withdraw your consent at any time. Write to us at contact@fleeceai.agency. You may also lodge a complaint with the French supervisory authority, the CNIL (cnil.fr), or your local authority.
Security
Data is encrypted in transit (HTTPS) and access is restricted. No system is infallible, but we implement reasonable technical and organizational measures.
Minors
Her-OS is not intended for people under 15. We do not knowingly collect their data.
Health: information, not diagnosis
Her-OS health content is educational and does not replace professional medical advice. See also our terms of use.
Changes
We may update this policy; the date at the top indicates the latest revision. For any question: contact@fleeceai.agency.