Privacy Policy

Effective Date: July 22, 2025
Last Updated: December 2025

1. Introduction

Welcome to MyBestFriend.ai (“we,” “us,” or “our”). We provide AI-enabled support designed to help individuals navigate emotional distress, access resources, and feel less alone. This Privacy Policy explains how information is collected, used, retained, minimized, and shared.

MyBestFriend.ai is not a medical provider and is not a HIPAA-covered entity. However, the platform is designed using HIPAA-aligned privacy, security, and data-minimization principles to support responsible use in sensitive environments, including partnerships with healthcare, housing, and public-sector organizations.

2. Information We Collect

• Conversation Data (Limited Retention):
  • Text-based interactions between users and the AI
  • Context necessary to provide support and ensure safety
  • Trigger phrases related to distress or crisis detection
• Derived & De-Identified Signals (Primary Long-Term Asset):
  • Session-level indicators such as distress intensity, risk level, and help-seeking intent
  • General categories of need (e.g., housing, food, mental health, utilities)
  • Referral signals, engagement patterns, and system friction indicators
  • Aggregated trends across time, locations, or populations
• Technical & Usage Metadata:
  • Interaction timestamps and non-identifying session metadata
  • Basic technical information necessary for system operation and security
• Location Information (Optional):
  • Used only when enabled to provide relevant local resources

3. How We Use Information

• Generate AI responses and provide emotional support
• Identify safety risks and deliver crisis resources when needed
• Improve system reliability, responsiveness, and accessibility
• Evaluate system effectiveness and service gaps
• Create aggregated, de-identified insights for research, planning, and system improvement

4. AI Processing & Third-Party Services

User input is processed using internal systems and carefully selected third-party AI services. Third-party providers process information transiently and are not permitted to retain, reuse, or independently train on user data.

All processing follows data-minimization and access-control principles aligned with the HIPAA Security Rule.

5. Data Retention & Minimization

MyBestFriend.ai intentionally limits the retention of raw conversational text.

• Raw conversation text is retained only for a defined, limited period to support safety review, quality assurance, and system integrity.
• After this period, raw text is automatically deleted or irreversibly cleared.
• Derived, de-identified signals and aggregated metrics may be retained long-term.

De-identified data is not considered Protected Health Information (PHI).

6. Data Ownership & Use Rights

MyBestFriend.ai owns and controls the derived, de-identified data generated by platform usage. This data may be used to produce reports, analytics, and insights that inform service delivery, funding decisions, policy development, and system improvement.

7. Personally Identifiable Information & PHI

• Users are not required to provide names, diagnoses, medical record numbers, or government identifiers.
• Users are encouraged not to share identifying or clinical details.
• Any incidental identifying information is minimized and not used for profiling or advertising.
• Identifiable data is never sold.

8. Crisis Detection & Safety Escalation

If messages indicate potential self-harm or imminent danger, the system may initiate safety protocols, including:

• Providing crisis resources such as the 988 Suicide & Crisis Lifeline
• Alerting authorized internal staff or designated partner organizations

These actions are taken solely to protect safety and are limited to what is reasonably necessary.

9. Disclosure for Imminent Risk

In rare circumstances involving imminent risk, limited information may be shared with emergency services. When feasible, users are informed that escalation is occurring and why.

10. De-Identified & Aggregated Data Sharing

Aggregated, anonymized insights may be shared with:

• Public health agencies
• Housing authorities and social service providers
• Researchers and academic institutions
• Nonprofit funders and policy stakeholders

Shared data cannot reasonably be used to identify individual users.

11. Security Safeguards

We employ administrative, technical, and organizational safeguards aligned with HIPAA Security Rule principles, including encryption, access controls, audit logging, and monitoring.

12. Your Choices

• Request deletion of available data
• Disable optional features such as location-based suggestions
• Choose whether to engage with suggested resources

Contact us at: eno@mybestfriend.systems

13. HIPAA Disclaimer

MyBestFriend.ai does not provide medical care and does not replace licensed healthcare professionals. Unless operating under a signed Business Associate Agreement (BAA), MyBestFriend.ai is not a HIPAA-covered entity or business associate.

© 2025 MyBestFriend.ai

← Back to Home