Legal document

Privacy Policy

Updated on Jun 1, 2026 v 1.0

In short

  • Minimal data — we collect only what is strictly necessary to provide our services, as the data controller.
  • Confidential conversations — stored encrypted and kept strictly confidential, never sold, used for ads or to train AI models.
  • Explicit consent — we process emotional well-being (sensitive) information only with your explicit consent.
  • Zero-cookie, no trackers and no behavioral advertising; we delete your data on request.
  • Global compliance — GDPR (European Union) and the UK Data Protection Act.

1. Introduction

Serena App is a global platform that offers emotional well-being support through a chatbot integrated with WhatsApp, helping users manage stress, sleep better and improve their overall well-being. We act as the data controller for the information described here, and this policy explains, clearly and transparently, how we collect, use and protect your personal data, in compliance with the main international regulations — including the General Data Protection Regulation (GDPR) of the European Union and the UK Data Protection Act.

2. Personal Data We Collect

We are committed to requesting only the minimum data needed to deliver our services. Depending on how you use Serena, this may include:

  • Your name, email address and phone number (WhatsApp), used to identify your account and communicate with you;
  • The content of your conversations, which we store to give the assistant context and continuity (its “memory”);
  • Information related to your emotional well-being and stress management, processed only when strictly necessary to personalize your support and with your explicit consent;
  • Billing data, when you subscribe, handled by certified third-party payment providers (PCI-DSS).

3. How We Use Your Data

We use the data we collect exclusively to:

  • Provide personalized emotional well-being support through the chatbot;
  • Give you safe and reliable access to our services;
  • Process payments, when applicable;
  • Improve the quality and reliability of our services through internal, aggregated analysis — never using the content of your conversations to train AI models.

4. Privacy and Confidentiality of Your Conversations

Your conversations are stored encrypted on our servers and treated with the utmost confidentiality. We keep them solely to give the assistant context and continuity — so Serena can understand the thread of your conversation and respond coherently. We do not use your conversations to train AI models, and we never sell them or use them for advertising. Because Serena is focused on emotional well-being, your messages may contain sensitive data, which we process only with your explicit consent (see section 9).

5. Data Sharing

We do not sell, trade or share your personal data for commercial purposes. We share it only with the parties strictly required to run the service — technology providers that support our operation (such as server hosting, cloud processing, security and payment processing) and legal authorities, when required by law. All such providers are contractually bound to confidentiality and security standards compatible with, or stricter than, those required by applicable law.

6. Storage and Security

Your data is kept on secure servers with encryption both in transit (TLS/SSL) and at rest, along with strict least-privilege access controls. It is retained only for as long as necessary to deliver the services, in accordance with applicable law. We continuously monitor for threats and, in the event of a confirmed security incident that may pose a relevant risk, we will notify the affected users and the competent authorities within the timeframe required by law.

7. Your Rights

Under international data protection laws, you have the right to:

  • Access — request a copy of your personal data;
  • Correction — update inaccurate or incomplete data;
  • Deletion — request the removal of your personal data;
  • Restriction — limit how your data is used in certain circumstances;
  • Portability — request the transfer of your data to another platform;
  • Withdraw consent — revoke your consent at any time, without retroactive effect. Withdrawing consent for your conversation history will permanently erase the assistant’s “memory” and may affect the fluidity of future interactions.

To exercise any of these rights, contact our Data Protection Officer at dpo@serenaapp.com.

8. Data Retention

We retain your personal data only for as long as needed to provide our services and meet our legal obligations. Once it is no longer required, your data is deleted or anonymized. When you cancel your account, any data we must keep is retained only for the periods required by applicable law, or in anonymized form that can no longer identify you.

To support you properly, we ask for your explicit consent to process sensitive information related to your emotional well-being. If you withdraw this consent, you may no longer be able to use the services.

10. International Compliance

Serena App complies with the GDPR of the European Union, the UK Data Protection Act and other applicable regulations, so that your personal data is protected across every region where our services are available.

11. International Data Transfers

To keep the service available 24/7 with low latency and strong security, we rely on leading cloud providers — namely Google Cloud Platform and Cloudflare — whose servers are primarily located in the United States. As a result, your data may be transferred outside your country of residence, including to countries whose data protection laws differ from your own. Whenever this happens, we apply appropriate safeguards — including Standard Contractual Clauses and Data Processing Addenda (DPAs) — to keep your data protected wherever it is processed.

12. Complaints

If you believe we are not meeting this policy or applicable data protection laws, you may contact your local supervisory authority. In the European Union, you can do so through your national Data Protection Authority.

13. Cookies and Technical Data

Serena App does not use cookies, web beacons, tracking pixels or device fingerprinting to map your behavior, and we do not run behavioral advertising. Your interactions with the chatbot take place inside WhatsApp, and our website does not load third-party trackers. Any storage we use is strictly technical and functional — for example, remembering your theme preference.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by email or within the platform, and those changes take effect from the moment of notification.

15. Contact

For any question or request related to this privacy policy, contact our Data Protection Officer at dpo@serenaapp.com.

Questions?

Reach out by email at dpo@serenaapp.com.

We’ll reply within 5 business days.