Privacy Policy
How Citt.ai Processes and Protects Personal Data
Citt.ai is an AI therapy co-pilot used alongside licensed therapists. This notice explains what data we collect, why we process it, how our roles work, and what choices you have. For privacy, GDPR, DPO, or EU representative enquiries, contact Declan Ahern.
Last updated: April 20, 2026
Who We Are
Citt.ai operates the Citt.ai platform and website. Declan Ahern is the named privacy contact for Citt.ai and handles GDPR, DPO, and EU representative enquiries sent to declan@citt.ai. Our correspondence address is 90 Clapham Common North Side, London, UK, SW49SG.
Who Can Use Citt.ai
Citt.ai is intended only for users aged 18 or older. Patient use must be connected to a licensed therapist. We do not knowingly offer the service to anyone under 18.
When Data Comes From a Therapist or Clinic
If your therapist or clinic invites you to Citt.ai, they may provide your name, contact details, therapist assignment, care configuration, or other onboarding details needed to activate the service. That source information is processed under the role allocation described below and under the therapist's or clinic's own privacy obligations where they act as controller.
Managed Records and What They Mean for You
A therapist using Citt.ai may keep a record for you in their practice workspace before you have signed up for the patient-facing parts of the Service yourself. We call this a managed record. A managed record exists so the therapist can run scheduling, notes, transcription, and billing for your care inside Citt.ai, in the same way many practices use other practice-management tools.
While you have only a managed record:
- The therapist (or their practice) is the controller for that record. Citt.ai acts as a processor strictly on the therapist's documented instructions for the practice-management functions described above.
- Citt.ai does not treat you as a user of its patient-facing features. The patient-side AI chat, daily check-ins, in-app assessments, WhatsApp bot, and patient portal remain inactive for you. We do not collect chat history, check-in answers, or patient-portal usage data for you.
- Citt.ai is not contacting you on its own initiative, monitoring you between sessions, or running automated crisis detection on your behalf. Where Citt.ai sends you operational messages on the therapist's behalf (for example, an appointment confirmation, an invoice, or a personal invitation to claim a Citt.ai account), it does so as the therapist's processor and the therapist remains responsible for the lawful basis of that communication.
- Citt.ai assumes no clinical duty toward you and no obligation to triage, escalate, or respond to messages, signals, or events relating to your record. Your therapist's professional duty of care to you is unchanged and is not delegated to Citt.ai by the use of the Service. In an emergency, you should contact your local emergency services or crisis line.
A managed record becomes a claimed account only when you accept a personal invitation from your therapist, set a password, and accept our Terms and this Privacy Notice directly. From that point on, the patient-facing parts of the Service apply to you as set out in this notice (including the safety processing described in the role allocation below).
You may ask your therapist at any time to give you a copy of, correct, restrict, or delete the data they hold about you in Citt.ai. Where the therapist is the controller, your data rights are exercised through them; we will support them in actioning a valid request promptly.
How Our Roles Work
Citt.ai does not use one single role for every data flow. The role depends on the context:
- Citt.ai acts as controller for the public website, demo requests, therapist account administration, direct billing, consent records, security monitoring, and compliance operations.
- Therapists or clinics are normally the controller for patient-care data entered into the service as part of treatment, including chat content, check-ins, assessments, care plans, and therapist instructions.
- Citt.ai acts as processor for that patient-care data when we host, secure, transmit, transcribe, summarise, or otherwise process it on the therapist's or clinic's documented instructions.
- In limited cases, Citt.ai may act as an independent controller for security incident handling, fraud prevention, exercise or defence of legal claims, and emergency safety steps needed to protect vital interests.
Information We Collect
- Account and identity data: names, email addresses, phone numbers, country, therapist assignment, titles, and account credentials.
- Patient-care data: messages, check-ins, assessment answers and scores, therapist-configured prompts, notes, resources, uploads, and progress data.
- Audio and transcription data: voice notes, session audio where enabled, transcripts, and AI-generated note drafts.
- Usage, device, and audit data: timestamps, IP address or approximate device/network data, log events, delivery status, abuse-prevention signals, and security monitoring records.
- Billing and commercial data: subscription metadata, invoices, payment status, tax or accounting records, and Stripe customer identifiers.
- Website analytics and marketing data: cookie choices, campaign parameters, and other public-site measurement data only where you have enabled optional cookies.
- Data from therapists or clinics: referral details, therapist instructions, care-plan settings, and other information they provide so the service can be configured for you.
How We Use Personal Data
- Provide therapist-configured between-session support.
- Screen patient messages for risk signals before response generation.
- Produce transcripts, summaries, assessments, alerts, and workflow tools for therapists or clinics.
- Operate accounts, subscriptions, invoicing, and customer support.
- Protect the platform, investigate abuse, and maintain audit trails.
- Measure public-site performance and campaign effectiveness where you consent to optional cookies.
- Comply with legal obligations and exercise or defend legal rights.
Article 6 and Article 9 Basis Matrix
Where GDPR applies, the lawful basis depends on the data flow and on whether Citt.ai is acting as controller or processor.
| Processing activity | Role | Article 6 basis | Article 9 condition |
|---|---|---|---|
| Public website, demo requests, and general enquiries | Controller | Article 6(1)(f) legitimate interests and Article 6(1)(b) where you ask us to respond or arrange a demo | Not usually applicable |
| Therapist account creation, subscription management, billing, and support | Controller | Article 6(1)(b) contract and Article 6(1)(c) legal obligation for billing, tax, and record-keeping | Not usually applicable |
| Patient messaging, check-ins, assessments, care plans, therapist instructions, and clinical records used in therapy | Therapist or clinic as controller; Citt.ai as processor | Determined by the therapist or clinic, typically Article 6(1) (b), (c), or (e) as permitted by local law | Determined by the therapist or clinic, typically Article 9(2)(h) healthcare or another valid condition under local law |
| Clinical safety monitoring, abuse prevention, incident investigation, and audit logging | Controller or independent safety responsibility | Article 6(1)(f) legitimate interests, Article 6(1)(c) where law requires, and Article 6(1)(d) for vital interests in an emergency | Article 9(2)(h) where needed to support secure care delivery, and Article 9(2)(c) where vital interests are engaged |
| Optional WhatsApp messaging, voice notes, or similar optional features | Controller or processor by context | Article 6(1)(a) consent or Article 6(1)(b) where the feature is part of the service you request | Article 9(2)(a) explicit consent where required, or the therapist's applicable treatment basis where used as part of care |
| Public-site analytics and advertising technologies | Controller | Article 6(1)(a) consent | Not applicable |
Automated Processing and Human Oversight
Citt.ai uses automated systems to screen messages for risk, generate responses, produce transcripts, score assessments, prioritise review queues, and draft summaries or notes. These tools are designed to support care delivery, not replace professional judgment.
- Patient messages are screened for safety signals before response generation.
- Risk flags, summaries, and generated outputs can affect what a therapist sees or reviews first.
- Therapists or clinics remain responsible for care decisions, escalation decisions, and clinical interpretation.
- Citt.ai can surface crisis resources and notify the therapist or clinic, but it is not an emergency service and does not replace emergency response pathways.
Sharing and Subprocessors
We never sell personal data. We share it only with therapists or clinics involved in your care, with service providers acting on our behalf or on the therapist's behalf, and where required for legal, security, or vital-interest reasons.
| Provider | Purpose | Data | Location | Safeguards |
|---|---|---|---|---|
| AWS | Hosting, database, and storage | Account data, patient-care data, files, and logs | US / EU | Access controls, encryption, and contractual restrictions |
| OpenAI | Response generation and audio transcription | Message content, prompts, and audio/transcription payloads | US | Contractual controls and no training on API customer data by default |
| Deepgram | Speech-to-text services | Audio streams or files where transcription is enabled | US | Contractual restrictions and security commitments |
| Stripe | Payments and subscription billing | Payment identifiers, billing metadata, and invoice data | US | PCI DSS and contractual controls |
| Meta (WhatsApp) | Messaging channel | Message metadata and content where WhatsApp is enabled | US / EU | Platform terms and DPA commitments |
| Resend | Transactional email | Email addresses and message content needed for delivery | US | Contractual and security controls |
| Demo scheduling, optional calendar integrations, and consent-gated website measurement | Demo-booking contact details, calendar metadata, device identifiers, and website measurement data where consent is granted | US / EU | Contractual controls, consent gating where applicable, and vendor transfer terms | |
| Mailgun | Outbound campaign email | Email addresses and campaign delivery data | EU | DPA and security controls |
International Transfers
Some providers process data outside the country where the user, therapist, or clinic is located, including in the United States. Where GDPR applies, we use appropriate transfer safeguards such as standard contractual clauses, contractual restrictions, and vendor assessments. You can request more information by emailing declan@citt.ai.
Retention Schedule
| Data category | Retention period |
|---|---|
| Website enquiries, demo requests, and sales conversations | 12 months after last contact |
| Cookie preference records and public-site consent signals | 12 months |
| Therapist account, billing, tax, and commercial records | Account lifetime plus 7 years unless law requires longer |
| Patient identity, messages, check-ins, assessments, transcripts, summaries, and care records | Active care relationship plus our current 7-year clinical record retention setting by default. Some records are deleted or archived through approved deletion requests and operational retention workflows rather than automatic expiry alone. |
| Raw audio or session recordings used for transcription | Uploaded transcription audio is processed ephemerally and is not intentionally retained after processing. We retain the resulting transcript and related metadata. |
| Security and performance logs | Current operational settings target 90 days for API performance logs and 365 days for application error logs |
| Audit trails for access, deletion, and compliance events | Retained under current compliance settings and not subject to automatic deletion today |
| Backups | Up to 35 days |
| Records of privacy requests and complaint handling | 3 years after closure |
Security
We use encryption in transit and at rest, role-based and least-privilege access controls, audit logging, vendor controls, and incident response processes designed for privacy-sensitive care environments.
Your Rights
Depending on your location, you may have rights to access, rectify, erase, export, restrict, or object to certain processing, and to withdraw consent where consent is the legal basis.
- If Citt.ai is acting as controller, email declan@citt.ai.
- If your therapist or clinic is the controller for your care data, you should contact them first, and we will support their instructions where required.
- If you are in the EEA or UK, you may also complain to your local supervisory authority, including the Irish Data Protection Commission where relevant.
- If you use Citt.ai through Facebook or WhatsApp, you can also use our data deletion page to track platform requests submitted by Meta.
Cookies and Website Measurement
Necessary cookies are always active. Optional analytics and marketing technologies are used only with consent on the public website. See our Cookie Policy for details.
Changes to This Policy
We may update this policy when the product, vendors, or legal requirements change. If the changes are material, we will update the notice in the product or on the website and revise the date above.
Contact
Privacy contact, DPO enquiries, and EU representative enquiries should be sent to Declan Ahern at declan@citt.ai. Postal correspondence may be sent to 90 Clapham Common North Side, London, UK, SW49SG.