Skip to content

Privacy and data handling implementation #421

Open
Open
Privacy and data handling implementation#421
Assignees
BillChirico
Labels
backendBackend/API related changesprivacyPrivacy and security relatedsobers-buddySobers Buddy AI companion feature
Milestone
Sobers v2
@BillChirico

Description

@BillChirico
BillChirico
opened on Mar 11, 2026

🔒 Privacy and Data Handling Implementation

Overview

Ensure recovery data is handled with maximum security, transparency, and user control.

Goals

  • Clear disclosure of what data is used
  • No recovery details in AI provider logs
  • User can export/delete all data
  • Separate from analytics/telemetry
  • Volvox-managed infrastructure

Data Classification

Data Type Sensitivity Storage Retention
Conversation content HIGH Encrypted, user-only User-controlled
Learned patterns HIGH Encrypted, anonymized User-controlled
Check-in times MEDIUM Encrypted 90 days default
Trigger logs HIGH Local-first, encrypted User-controlled
Tool usage LOW Anonymized 1 year
Message interactions LOW Anonymized 1 year

Technical Measures

Encryption

  • At rest: AES-256 for all stored data
  • In transit: TLS 1.3 for all API calls
  • Key management: Hardware security modules (HSM)

Anonymization

  • User IDs hashed (SHA-256 + salt)
  • No PII in AI provider logs
  • Recovery details never leave device unencrypted

Data Minimization

  • Collect only what's needed
  • Automatic deletion after retention period
  • User can set shorter retention

User Controls

Privacy Settings

Data Export

  • JSON format, human-readable
  • Includes: conversations, patterns, preferences
  • Delivered via secure email link
  • Link expires in 24 hours

Data Deletion

  • Immediate deletion (soft delete + purge)
  • Confirmation required (type "DELETE")
  • 7-day grace period (can undo)
  • Permanent purge after 7 days

AI Provider Privacy

OpenAI/Anthropic Integration

  • Use zero-retention endpoints where available
  • No training on user data
  • Anonymized request IDs
  • Audit logging (internal only)

mem0 Integration (#423)

  • Encrypted memory storage
  • User owns their memory
  • Cross-user isolation
  • Geographic data residency

Compliance

GDPR (EU Users)

  • Right to access (export)
  • Right to deletion (forget me)
  • Right to portability (JSON export)
  • Data processing agreement

CCPA (California Users)

  • Disclosure of data collection
  • Right to deletion
  • Right to opt-out (of analytics)

HIPAA Considerations

  • Not a covered entity
  • Voluntary best practices
  • Encourage clinical integration

Implementation Tasks

  • Write privacy policy
  • Implement encryption at rest
  • Set up TLS 1.3 for all APIs
  • Build data export feature
  • Implement data deletion flows
  • Create privacy settings UI
  • Add anonymization layer
  • Set up audit logging
  • Conduct privacy audit
  • Document data flows

Acceptance Criteria

  • Privacy policy covers all data types
  • Data export works and is readable
  • Deletion removes data within 7 days
  • No PII in AI provider logs
  • Encryption verified (penetration test)
  • Settings allow retention customization
  • Audit logs capture access
  • Compliance documentation complete

Related

Part of Sobers v2

Metadata

Metadata

Assignees

Labels

backendBackend/API related changesprivacyPrivacy and security relatedsobers-buddySobers Buddy AI companion feature

Type

No type

Projects

Sobers v2

Status

Todo

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions