Effective Date: April 20, 2026 · Last Updated: April 20, 2026
Noema Cognition ("Noema," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have over it. By using Noema, you agree to the practices described here.
If you have questions about this policy, email us at privacy@noema-cognition.com or use the contact form.
When you create an account, we collect your email address. Noema uses passwordless authentication — we issue session tokens tied to your email. We optionally collect your name if you provide it during signup.
The text you write in Noema's journal is stored securely in our database. This is the core content of the service — we cannot provide reflections or pattern analysis without it.
If you use voice-to-text input, your audio is transmitted to OpenAI's Whisper API for transcription. Audio is never stored. Only the resulting text transcript is retained — treated identically to typed journal entries. Voice data is not used to train any model.
One-tap mood selections (e.g., "reflective," "anxious," "calm") are stored alongside your entries. This data is used to surface mood patterns and insights over time.
Noema generates and stores AI reflections, identified patterns, therapeutic modality matches, weekly syntheses, and follow-up prompts based on your entries. This data belongs to you.
We run self-hosted analytics that track page views, session identifiers, feature usage events (e.g., prompt interactions, insight views), and CTA clicks. There are no third-party tracking scripts. No advertising pixels. No data sold to ad networks. Analytics data is used solely to understand how the product is working and improve it.
Payments are processed by Stripe. Noema never sees or stores your credit card number, billing address, or full payment details. Stripe provides us with a customer ID and subscription status only. See Stripe's Privacy Policy for how they handle payment data.
We use session cookies for authentication (your session token) and localStorage for UI state (onboarding completion, progressive disclosure flags, revealed feature state). We do not use advertising cookies or cross-site tracking cookies.
| Data Type | What It Is | Stored? |
|---|---|---|
| Email address | Passwordless auth identifier | Yes |
| Name | Optional display name | Yes (if provided) |
| Journal entries | User-written text content | Yes |
| Voice audio | Transcription input | No — transcript only |
| Mood check-ins | One-tap mood selections | Yes |
| AI-generated content | Reflections, patterns, syntheses | Yes |
| Usage analytics | Page views, feature events | Yes (self-hosted) |
| Payment data | Credit card, billing address | No — Stripe only |
| Session cookies | Authentication tokens | Yes (browser) |
| localStorage | UI state flags | Yes (browser) |
| Data | How It's Used |
|---|---|
| Email address | Account access, authentication, optional reminders (if enabled), service communications |
| Journal entries | AI reflection generation, pattern analysis, weekly synthesis, prompt selection |
| Mood check-ins | Mood trend insights, pattern correlation, Insights dashboard |
| AI-generated content | Displayed in the journal app, exportable for clinical use |
| Usage analytics | Product improvement, understanding feature adoption, debugging |
| Payment data (via Stripe) | Subscription management, billing |
Journal entries are sent to OpenAI's API (GPT models) to generate reflections, pattern analyses, and weekly syntheses. Voice input is sent to OpenAI Whisper for transcription. OpenAI processes this data under their API usage policies. Per OpenAI's current API terms, data submitted via the API is not used to train OpenAI's models. See OpenAI's API Data Usage Policy for details.
Noema integrates with the following third-party services. Each processes your data only to the extent required to provide their function:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| OpenAI | AI reflections, pattern analysis, voice transcription | Journal text, voice audio (transcription only) | openai.com/policies |
| Stripe | Payment processing & subscriptions | Email address, payment details (handled directly by Stripe) | stripe.com/privacy |
| Postmark | Transactional emails (reminder notifications) | Email address, optional notification content | postmarkapp.com/privacy |
| Psychology Today | Practitioner directory links (external) | None — external link only, no data transfer | psychologytoday.com/privacy |
We do not use Google Analytics, Facebook Pixel, or any other advertising-network tracking services.
Your data is retained for as long as your account is active. Journal entries, patterns, reflections, and mood data are stored indefinitely so your insights accumulate over time — that's the core value of the service.
When you cancel your subscription, your account enters a read-only period during which you can still access and export your data. After 90 days following cancellation, your account and all associated data are permanently deleted. You will receive an email reminder before deletion occurs.
You can request full deletion of your account and all associated data at any time by emailing privacy@noema-cognition.com. We will process deletion requests within 30 days. Deleted data cannot be recovered.
After deletion: journal entries, mood data, AI-generated content, patterns, and your email address are permanently removed from our systems. Anonymized, non-identifiable usage analytics may be retained for product analytics.
Depending on where you live, you may have the following rights over your personal data. To exercise any of them, contact us at privacy@noema-cognition.com.
Request what personal information we collect, use, disclose, and sell about you.
Request deletion of your personal information, subject to certain exceptions.
Opt out of the sale of personal information. We do not sell personal information.
We will not discriminate against you for exercising your CCPA rights.
Request a copy of your personal data we hold.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data ("right to be forgotten").
Request your data in a structured, machine-readable format.
Request that we limit how we use your data in certain circumstances.
Object to processing based on legitimate interests or for direct marketing.
Withdraw consent at any time where processing is consent-based.
Contact your local data protection authority if you believe we've violated GDPR.
We will respond to rights requests within 30 days. For complex requests, we may extend this by an additional 60 days with notice.
Email privacy@noema-cognition.com with "Privacy Request" in the subject line. Include your account email address. We may verify your identity before processing the request.
Noema is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. The nature of the service — structured self-examination, psychological pattern analysis, therapeutic framework matching — is designed for and appropriate only for adults.
If we discover that a user is under 18, we will immediately terminate their account and delete all associated data. If you believe we have inadvertently collected data from a minor, please contact us at privacy@noema-cognition.com.
We take the security of your data seriously, particularly given the sensitive nature of reflective journaling content.
No system is perfectly secure. In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of discovery, consistent with applicable law.
Noema is operated in the United States. If you access Noema from outside the U.S., your data may be transferred to and processed in the U.S., where data protection laws may differ from those in your jurisdiction.
For users in the EU/UK, data transfers to the U.S. are conducted under appropriate safeguards. OpenAI and Stripe maintain standard contractual clauses for international transfers. Contact us at privacy@noema-cognition.com for more information.
Noema Cognition is not a HIPAA-covered entity and does not operate as one.
Noema Cognition is not a healthcare provider, health plan, or healthcare clearinghouse as defined by the Health Insurance Portability and Accountability Act (HIPAA). We do not store Protected Health Information (PHI) as defined by HIPAA, and HIPAA's privacy and security rules do not apply to information you provide through our platform.
Your journal entries, mood data, and reflections are governed by this Privacy Policy — not by HIPAA. If you require HIPAA-compliant mental health support, please contact a licensed healthcare provider.
In compliance with FTC Act Section 5 and current AI enforcement guidance, Noema Cognition makes the following clear and conspicuous disclosures about AI-generated content:
For the full AI disclaimer, including HIPAA scope, FTC transparency, and crisis resources, see our Disclaimer page.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and update the "Last Updated" date at the top of this page. Continued use of Noema after a policy update constitutes your acceptance of the revised policy.
Minor updates (e.g., formatting corrections, clarifications that don't change substance) will not trigger email notification.
For privacy-related questions, requests, or concerns:
Email: privacy@noema-cognition.com
Contact form: noema-cognition.polsia.app/contact
Response time: Within 30 days for rights requests; within 3 business days for general inquiries.
We are committed to working with you to resolve any privacy concerns. If you are unsatisfied with our response, you have the right to contact your local data protection authority.