Legal

Privacy Policy

Your privacy is the foundation of everything we do at Sukha.

Last Updated: June 18, 2025  |  Effective Date: June 18, 2025

Summary: Sukha is built on the principle of privacy-first. We collect only what we need, we never sell your data, all conversations with our AI are anonymous by design, and you are always in control of your information.

1. Who We Are

Sukha ("Sukha", "we", "our", or "us") is an AI-powered mental wellness platform operated by Sukha Technologies, based in Chandigarh, India. We provide mental health support tools for corporate employees and workforce wellness analytics for employers.

For any privacy-related questions, contact us at: help@sukha.live or call +91 95285 47554.

2. Scope of This Policy

This Privacy Policy applies to all services offered by Sukha, including:

  • Our website at sukha.live
  • The Sukha mobile and web application
  • Our AI companion and wellness tools
  • The HR analytics dashboard
  • Any APIs, integrations (Slack, Microsoft Teams), or third-party embeds

3. Information We Collect

3.1 Information You Provide Directly

  • Registration details (name, work email, company name) for HR administrators
  • Anonymous session data for employees (no name or identity required)
  • Mood check-in responses and AI conversation inputs
  • Feedback, support requests, or communications with our team

3.2 Information Collected Automatically

  • Device information (browser type, operating system, device ID)
  • Usage data (features accessed, session duration, interaction patterns)
  • Log data (IP address, access timestamps, error logs)
  • Cookies and similar tracking technologies (see Section 9)

3.3 Information We Do NOT Collect

  • Employee real names or personal identity in AI sessions (anonymous by design)
  • Biometric data or health records
  • Financial information beyond what is necessary for billing (handled by PCI-compliant processors)
  • Location data beyond country/region-level (for compliance purposes)

4. How We Use Your Information

We use collected information solely for the following legitimate purposes:

  • Providing, improving, and personalizing our mental wellness services
  • Generating anonymized, aggregate wellness insights for HR dashboards
  • Communicating service updates, security alerts, and support responses
  • Ensuring platform security and preventing fraud or misuse
  • Complying with applicable Indian laws including the Digital Personal Data Protection Act, 2023 (DPDP Act)
  • Conducting internal research to improve AI models (only with anonymized, aggregated data)

5. Anonymity by Design — Our Core Commitment

Employee Privacy Guarantee: All employee interactions with the Sukha AI companion are conducted using anonymous user IDs. At no point does the HR dashboard reveal the identity, content of conversations, or individual mental health status of any specific employee. Employers only receive aggregate, statistical data.

This anonymity-first architecture is not a feature — it is a fundamental design principle. Even our own team cannot link a conversation to a specific employee without their explicit, voluntary disclosure.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

  • Service Providers: Trusted third-party vendors (cloud hosting, payment processors, analytics) operating under strict data processing agreements
  • Legal Requirements: When required by applicable law, court order, or government authority
  • Safety Situations: If we have reasonable belief that disclosure is necessary to prevent imminent harm (see Section 10 — Crisis Protocol)
  • Business Transfers: In the event of a merger or acquisition, with advance notice to you

7. Data Security

We implement industry-standard security measures to protect your information:

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Regular third-party security audits and penetration testing
  • Role-based access controls and least-privilege principles for our team
  • Automated threat detection and incident response protocols

While we take all reasonable precautions, no system is completely immune to security incidents. We will notify affected users in accordance with applicable law in the event of a breach.

8. Data Retention

  • Anonymous AI conversation logs: Retained for 12 months, then automatically deleted
  • HR account data: Retained for the duration of the subscription plus 6 months
  • Aggregate analytics data: Retained indefinitely (no personal information)
  • Support communications: Retained for 2 years

You may request earlier deletion of your data at any time (see Section 11).

9. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for platform functionality (session management, security)
  • Analytics Cookies: Help us understand how our platform is used (anonymized, aggregated)
  • Preference Cookies: Remember your settings and preferences

We do not use advertising or cross-site tracking cookies. You can control cookie settings in your browser at any time.

10. Crisis Protocol and Duty of Care

If our AI detects language indicating an immediate risk of harm to self or others, Sukha may — in exceptional circumstances — take the following steps:

  • Provide immediate crisis resources (national helplines, emergency contacts)
  • With explicit user consent, connect the user to a licensed therapist
  • If there is credible, imminent danger and no other option, contact appropriate emergency services (this is an extreme last resort)

We will always be transparent with users about these protocols and prioritize their safety while respecting their privacy.

11. Your Rights Under DPDP Act 2023

As a data principal under the Digital Personal Data Protection Act, 2023, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Grievance Redressal: File a complaint with our Data Protection Officer
  • Nomination: Nominate another person to exercise these rights on your behalf

To exercise these rights, contact us at help@sukha.live. We will respond within 30 days.

12. Children's Privacy

Sukha is designed exclusively for corporate employees aged 18 and above. We do not knowingly collect data from individuals under 18. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

13. International Data Transfers

Your data is primarily processed and stored in India. If data is transferred internationally (e.g., to cloud infrastructure providers), we ensure adequate protection through standard contractual clauses and equivalent safeguards as required under applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email (for registered users) and by posting the updated policy on our website with a new effective date. Continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Our Data Protection Officer

For any privacy concerns, data requests, or complaints: