Privacy Policy

This policy describes how Calmauria (hereinafter “Calmauria”, “we”, “us”) processes the personal data of users of the calmauria.com website and the related service (the “Service”), in accordance with Regulation (EU) 2016/679 (“GDPR”) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.

1. Data controller

The data controller is CR OÜ (società di diritto estone, codice registro 16778262), che opera con il marchio Calmauria, with its registered office at Nõmme tee 64-3, Kristiine linnaosa, 11311 Tallinn, Harju maakond, Estonia. For any request concerning your data you can write to us at [email protected].

2. Categories of data we process

3. Purposes and legal bases

4. Cross-session memory

Only if you give a specific, optional consent, Auria keeps an encrypted summary of your conversations so that you can pick up where you left off in later sessions. You can withdraw this consent at any time from your account area or by writing to us: from that moment the memory will no longer be used and the summaries will be deleted.

5. How we protect your data

Sensitive content (session transcripts and summaries) is encrypted at the application level using the AES-256-GCM algorithm; the encryption keys are managed separately from the database. Passwords are protected with key derivation functions (scrypt). We adopt appropriate technical and organisational measures to ensure confidentiality, integrity and availability.

6. Providers and data processors

To provide the Service we rely on providers acting as data processors, each under appropriate contractual safeguards:

Some providers may process data outside the European Economic Area. In that case, transfers take place on the basis of appropriate safeguards under Articles 44 et seq. GDPR (in particular Standard Contractual Clauses). Where technically possible we favour providers offering EU data residency and contractual commitments not to train their models on your content.

7. Automated decision-making

The Service uses artificial intelligence to generate responses and, in parallel, an automated safety classifier that analyses each turn to detect risk signals (e.g. suicidal thoughts, danger to yourself or others). This processing does not produce legal effects concerning you: its sole purpose is your safety. We do not carry out profiling for marketing purposes.

8. Data retention

9. Minors

The Service is strictly reserved for adults (18 years of age or older). We do not knowingly collect data from minors. If we detect signs that a user may be a minor, we end the session and direct them to dedicated resources. If you believe that a minor has provided us with data, please write to us and we will delete it.

10. Handling of crisis situations

Calmauria does not handle emergencies. Where there are signals of a risk to life, Auria interrupts the conversation and directs the user to immediate human help (emergency numbers and helplines). In situations of imminent danger, call 112 (or your local emergency number).

11. Your rights

As a data subject you may exercise at any time the rights provided for in Articles 15-22 GDPR:

To exercise your rights, write to [email protected]. We will respond within the timeframes required by law.

12. Complaint to a supervisory authority

You have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, www.garanteprivacy.it) or with the supervisory authority of the EU Member State in which you reside.

13. Changes

We may update this policy from time to time. Changes will be published on this page together with the relevant update date.

Additional notice for United States residents — Consumer Health Data

The content of your conversations with Auria may constitute “consumer health data” under certain US state laws, including the Washington My Health My Data Act. With respect to such data:

Informativa sulla privacy — Calmauria