Your Privacy, Your Control: How InnerHaven Protects Your Data
When you share something personal with a companion — a fear, a goal, a memory of someone you've lost — that information deserves protection. InnerHaven is built around a simple principle: your data belongs to you, and you decide what happens to it. Here's exactly how privacy and control work across the platform.
What InnerHaven Stores
Transparency starts with knowing what exists. When you use InnerHaven, the platform stores three categories of personal data:
Messages
Memories
Settings
Modifiers
Usage Logs
Account Info
Messages are your conversation history with each companion. Memories are the facts, preferences, and personal details you've added through the Dashboard. Settings include your personality modifier configurations and custom instructions. Usage logs track message counts for subscription limits. Account info is your email, subscription tier, and authentication credentials (passwords are hashed with Argon2id and never stored in plain text).
What InnerHaven Does Not Store
- Payment card numbers or banking details (handled entirely by Stripe)
- Government IDs or identity documents
- Location data or GPS coordinates
- Contacts, phone numbers, or social media profiles
- Browsing history outside of InnerHaven
Memory Control: You Decide What Your Companions Know
The memory system is designed to make companions more personalized — but only with information you choose to share. Memories can be created manually from your Dashboard or suggested automatically from conversations (you approve or reject each suggestion). Every memory is user-controlled.
Full CRUD Access
From the Memories tab in your Dashboard, you can create, view, edit, and delete any memory at any time. Deleted memories are removed immediately — they no longer appear in companion context and are purged from storage.
Scoped Visibility
Every memory has a scope that determines which companions can access it:
- Global — Shared with all your companions across all roles
- Role-scoped — Shared only with companions in a specific role (e.g., only your Guides)
- Companion-specific — Visible to a single companion only
This means you can share your career goals with your Coach without your Best Friend referencing them in casual conversation. You control not just what your companions know, but which ones know it.
Pinning and Priority
Pinned memories always appear in your companion's context. Unpinned memories are prioritized by category — emotional context first, then preferences, then facts. You choose what always matters by pinning it; the system handles the rest intelligently.
Conversation Privacy
Your conversations with companions are private to your account. No other user can see your messages. InnerHaven staff do not read conversations as part of normal operations.
Conversations are stored to maintain context within a session and to support the memory system. Without stored messages, companions would have no way to reference what was discussed earlier in a conversation.
Session vs. Long-Term Memory
There's a distinction between session context and persistent memory:
- Session context includes recent messages in the current conversation. This gives your companion continuity within a single chat.
- Persistent memory includes memories in your Dashboard (both manually created and approved suggestions). These carry across all conversations and sessions.
Free users have session-based memory only — your companion remembers what was said in the current conversation but starts fresh next time. Starter, Adult, and Unlimited subscribers have access to the full persistent memory system, where memories carry forward indefinitely until you choose to change or delete them.
Data You Can Delete
InnerHaven provides deletion controls for every category of personal data:
| Data Type | How to Delete | Effect |
|---|---|---|
| Individual memories | Dashboard ? Memories tab | Removed from companion context immediately |
| All memories | Dashboard ? Memories tab | All memories cleared; companions start fresh |
| Conversation history | Chat interface per companion | Messages cleared for that companion |
| Custom companions | Dashboard ? Companions tab | Companion and its associated data removed |
| Entire account | Account settings | All data permanently deleted |
Deletion is real. When you delete a memory, it's removed from the database — not hidden, not archived, not retained "just in case." The same applies to account deletion: all associated data is permanently removed.
Payment Security
All payment processing is handled by Stripe. InnerHaven never sees, processes, or stores your credit card number, CVV, or banking details. Stripe is PCI DSS Level 1 certified — the highest level of payment security certification available.
What InnerHaven stores from the payment relationship: your Stripe customer ID (for managing subscriptions), subscription tier, and transaction history (amounts and dates, not card details).
Authentication Security
Passwords are hashed using Argon2id — the winner of the Password Hashing Competition and the current industry standard. The configuration uses 64 MB memory cost, 3 iterations, and 4 parallel threads. Even if the database were compromised, password recovery from hashes would be computationally infeasible.
Sessions are managed through JWT tokens with expiration. Tokens are issued at login and validated on every API request. There are no persistent cookies tracking you across sites.
Security Architecture
- All API communication over HTTPS (TLS encrypted)
- Argon2id password hashing (64 MB / 3 iterations / 4 threads)
- JWT-based session management with token expiration
- Rate limiting on authentication endpoints to prevent brute force
- Disposable email blocking (700+ domains) to reduce abuse
What InnerHaven Does Not Do
Some things are worth stating explicitly:
- No selling of personal data. Your conversations, memories, and personal details are not sold, licensed, or shared with third parties for advertising or data brokerage.
- No training on your conversations. Your messages are not used to train AI models. The AI models InnerHaven uses are provided by third-party services (via API) and your conversations are processed per-request, not retained for model improvement.
- No hidden data collection. InnerHaven does not collect data beyond what's described above. There are no tracking pixels, no fingerprinting scripts, and no cross-site tracking.
- No dark patterns. Cancellation, data deletion, and account management are straightforward. There are no "are you sure?" loops or buried settings designed to prevent you from exercising your rights.
The Design Philosophy
InnerHaven exists in a sensitive space. People share vulnerable, personal things with their companions — things they might not share with anyone else. That creates a responsibility that goes beyond legal compliance.
The privacy architecture is designed around a single question: if a user asked to see exactly what we know about them and exactly what we do with it, would the answer be something we're proud of? Every technical decision — from Argon2id hashing to real deletion to scoped memory visibility — is built to make sure the answer is yes.
Your Data, Your Rules
Review your memories, manage your companions, and take control of your InnerHaven experience.
Open Your Dashboard