Legal · Privacy policy

We don't know who you are.

We built it that way. Accordial is a private space where AI helps couples be heard through conflict, and appreciated through the good. Our privacy promise is structural, not aspirational. We do not collect names, email addresses, phone numbers, or any other directly identifying information. The only personal data tied to your account is what you choose to share with your partner inside the app, and that data is encrypted at rest on our servers.

Effective April 29, 2026Last updated April 29, 2026Version 3.0
The short version
If you read nothing else, read the table in Section 3.
  • No name, email, phone, address, or card number. The schema doesn't have fields for them.
  • Conversations are encrypted at rest. The keys never leave your phone.
  • No advertising trackers, no marketing pixels, no cross-site identifiers. Anywhere.
  • Delete your account from the app. Within 30 days, what we hold is gone.
Section 01

Who this policy applies to.

This policy applies to:

  • People who use the Accordial mobile app on iOS or Android.
  • People who visit the Accordial marketing site at tryaccordial.com.
  • Coaches who use the Accordial web portal to deliver sessions, and licensed therapists who use the portal to manage their membership, referrals, and pre-session briefs.

It does not apply to:

  • The contents of a session you book with a licensed therapist or coach. That information is collected and handled by the practitioner under their own privacy notice and professional code of conduct. Accordial is not a covered entity under HIPAA for those sessions, but practitioners on the platform may be.
  • Sites or services we link to from inside the app or on the marketing site. Crisis resources, the Apple App Store, the Google Play Store, and any third-party page have their own policies.
Section 02

The age requirement.

Accordial is for adults only. You must be at least 18 years old to create an account or use any feature of the app, including the free tier.

We verify age at sign-up. We do not knowingly collect any information from anyone under 18. If we discover that an account has been created by a minor, we will freeze the account immediately, delete all data associated with it, and notify a guardian contact if one is available. The age gate exists for safety reasons that are explained in our Terms of Service and is not subject to exception.

Section 03

What we collect, what we don't.

The defining fact about Accordial is what we deliberately do not collect. The table below is the most important part of this policy.

CategoryDo we collect it?Where it lives
Your real nameNoNowhere
Your email addressNoNowhere on Accordial servers
Your phone numberNoNowhere
Your physical addressNoNowhere
Your date of birthNo (we collect age confirmation only, not the date itself)Nowhere persistent
Your government IDNoNowhere
Your photo or faceNoNowhere
Your contacts listNoNowhere
Your card numberNoNowhere (subscriptions go through Apple or Google; coach sessions go through Apple Pay or Google Pay only; therapist sessions are paid in the therapist's own systems)
Your billing addressNoNowhere
The contents of your conversations with the AIStored encrypted at rest on our serversYour device
Messages you exchange with your partnerEncrypted at rest; used only to create the messages you sendOn our servers, encrypted at rest
Your relationship insights and patternsGenerated on demand, not stored as persistent profiles about youComputed when you view them, not retained
An anonymous account IDYesOn our servers, used to authenticate you
A username and a hashed passwordUsername and password hash on our serversOn our servers
Subscription status (active, paused, expired)Yes, tied to anonymous account IDOn our servers
The fact that you booked a session with a specific practitioner, and its timeYes (for coaches: refunds and disputes; for therapists: the booking request and confirmation only)On our servers, tied to anonymous account ID
What you paid a therapistNoHeld by your therapist's own payment systems
The mapping between your referral code and who your therapist knows you asNo, deliberately never storedOnly inside your therapist's own records
What you said during the sessionNoHeld by the practitioner under their own policy
Crash reports and error logsYes, anonymized and aggregatedOn our servers, no account ID attached

The principle behind every cell of this table is the same. If a piece of data can be used to identify you to anyone outside the app, we have either chosen not to collect it or arranged for it to never reach us.

Section 04

Authenticating you, anonymously.

To use Accordial you need an account, and to have an account you need a way to sign back in. We do this without ever learning your identity.

Username and password. You sign up by picking a username and a password. Neither is verified against any external identity. We do not ask for, request, or accept your email address, phone number, real name, or any other identifying information at any point in this flow. Your username can be anything you choose, and you can change it later.

What we store. We store your username and a one-way hash of your password. We do not store the password itself. The hash is computed with a slow, memory-hard algorithm (Argon2id) and a unique per-user salt, so even if our database were compromised, the passwords could not be reversed in any reasonable time.

Recovery. If you forget your password, your partner can generate a single-use 6-digit recovery code that lets you back in. This phrase, combined with your username, restores access if you forget your password. Because we store no email, this partner-generated code is the recovery path. If you forget your password and cannot reach your partner for a recovery code, we cannot help you regain access, because there is nothing about you on file for us to verify.

Either way, the credential we hold is tied to an anonymous account ID, not to your name, email, or phone number. We have no way to map an Accordial account to a real human identity.

Section 05

How we handle your conversations.

The conversations you have inside Accordial fall into three categories, and each is handled differently.

Conversations with the AI happen entirely on your device when you draft a message, vent, or ask for a translation. The text of what you write is encrypted at rest and used only to create your messages. When the AI responds, the response is delivered back to your device and stored encrypted there. We do not retain the contents of your AI conversations on our servers. We do not use them to train AI models. Our AI providers operate under zero-retention contracts that prohibit training on user content and require deletion immediately after the response is returned.

Messages with your partner are encrypted at rest. When you send a message to your partner, our servers store it encrypted at rest and deliver it to your partner. We never sell your messages and we never use them to train AI models. The same is true for shared calendar entries, expense logs, child profiles, and decision threads in co-parenting mode.

Insights and patterns are not stored as a persistent profile about you. When you open the Insights tab, the relevant computation happens against the encrypted data on your device. We do not maintain a longitudinal psychological profile, an emotional intensity score that follows you across months, or any persistent label about you or your partner as a person. Insights describe what you have told us happened recently; they do not diagnose you, score you, or score anyone else.

Our AI is designed to coach the person who is speaking, not to analyze the person being spoken about. We do not generate flags, scores, or diagnostic labels about your partner based on your description of them. This is a deliberate architectural choice for both ethical and legal reasons, and it is one of the most important promises we make.

Section 06

How we handle payments.

We never see your card number, billing address, or payment identity. Three separate payment rails handle three separate cases, and each one was designed to keep your card information away from us.

Subscriptions on iOS flow through Apple's In-App Purchase system. Apple is the merchant of record. We receive a receipt token tied to your anonymous account ID and nothing else. Apple has your card on file; we do not.

Subscriptions on Android flow through Google Play Billing. By default, Google's billing API would return your name, email, and Google account ID to us along with the purchase. We have configured the integration to actively scrub those fields before any data is written to our database. We hold only an obfuscated account ID, the purchase token, the order ID, and the subscription state. The PII filter is a server-side commitment rather than a structural guarantee, and we say so plainly: on Android, your anonymity from us depends on our policy, not on architecture we cannot bypass.

Coach sessions flow through Stripe and accept Apple Pay or Google Pay only. We do not accept manual card entry. We do not save payment methods. We do not create a Stripe Customer object for you. Each session is a fresh transaction. The wallet sends Stripe a one-time token instead of your card number; we receive only a payment intent ID for refund purposes.

Therapist sessions are paid directly to your therapist through their own payment systems. That payment never touches Accordial or our payment processors, and we hold no record of it. Your financial relationship with a licensed therapist exists entirely between you and them.

What payment processors still see. Apple, Google, and Stripe each see what their role requires. Apple and Google know who their account holders are. For coach sessions, Stripe sees the wallet token, the IP address of the request, and the transaction amount. Stripe also sees the coach's full identity, because coaches complete KYC to receive payouts, and the therapist's identity for membership billing, because therapists are identified by design. Stripe is a US payments company subject to US legal process and would have to comply with a valid subpoena directed at the data it holds. We mention this because the line between what we do and what our processors do matters to people who pick this product for its privacy.

Refunds. You can refund a subscription or coach session in-app without contacting us, without revealing who you are, and without speaking to a support agent. We built this for the same reason we built everything else: a privacy promise that requires you to email us with your real name to enforce is not a privacy promise. Refunds for therapist sessions are handled by your therapist under their own policies.

Section 07

The practitioner marketplace.

When you work with a practitioner, the data flow depends on which kind you choose, and the differences matter.

The practitioner is not anonymous. Therapists complete licensure and identity verification. Coaches complete credential verification and KYC for payouts. Their names, credentials, and licensed states appear on their profiles. The practitioner side of the marketplace is identified by design, because verification is the entire point of the marketplace.

Coach sessions happen on Accordial. You remain anonymous to us. We hold your anonymous account ID, the fact that you booked a session, the time of the session, and the amount paid. We do not hold what was discussed. The coach takes their own notes under their own policies.

Therapist sessions happen in the therapist's own practice. When you book a time with a therapist, we hold your anonymous account ID, the booking request and its time, and the anonymous referral code that connects you to that therapist. The slot is held for up to 12 hours until the therapist confirms. After confirmation, everything moves to the therapist's own tools: their intake, their session, their records, their payment. We hold no session content, no intake information, no clinical records, and no payment record for therapist sessions. The referral code is how your therapist connects your brief to you inside their own intake; we deliberately do not store that mapping, so we cannot connect your Accordial account to the identity your therapist knows you by. If your therapist is a HIPAA-covered entity, they will provide their own Notice of Privacy Practices and obtain HIPAA-compliant consent at intake.

The pre-session brief. When you book a therapist, you choose whether to allow an anonymized brief — recurring themes and patterns from your conversations, with no names, no contact details, and nothing identifying. Your therapist requests it from their portal, and we generate it on demand from data we already hold under your consent. You can decline at booking, and no brief will be available to request.

Coaches are not licensed mental health professionals. Coach profiles carry an explicit "NOT LICENSED" badge, and a mandatory disclaimer appears before any coach booking is confirmed. If you are experiencing a mental health crisis, suicidal thoughts, or domestic abuse, please contact 988 (Suicide & Crisis Lifeline) or a licensed clinician.

Section 08

Co-parenting mode.

If you subscribe to Whole and use co-parenting mode, the data architecture is the same as couples mode with a few additional notes.

Shared calendar entries, expenses, child profiles, and decision threads between co-parents are encrypted at rest. We hold it encrypted at rest. Both parents see the same shared data through their linked co-parenting space.

We do not require child names, dates of birth, schools, or medical conditions. We provide free-text fields and explicit guidance to use display labels (such as initials or pet names) rather than identifying information. The fields are encrypted whether you use real names or not, but we encourage minimization.

Active Safety Mode lets you pause sharing of new entries with your co-parent at any time. When Active Safety Mode is on, new calendar events, expenses, and decisions you create are stored on your device only and are not visible to your co-parent until you choose to share them. Existing entries that were shared before Active Safety Mode was activated remain visible to your co-parent, because we cannot retract data that has already reached their device.

Court-ready export. You can generate a timestamped, hash-chained export of co-parenting data from your account for use in legal proceedings. Only you can trigger this. The export contains data from your account; it does not include data your co-parent has not shared with you. We do not produce exports in response to subpoenas, civil discovery, or third-party requests; we have nothing to produce, because we hold only ciphertext.

Section 09

Crisis content and safety.

The app contains a persistent safety shield icon that opens a "Need support?" overlay with crisis resources, including 988 (Suicide & Crisis Lifeline), Crisis Text Line, and the National Domestic Violence Hotline. These resources are provided as links to external services. We do not log when you tap the shield, view the overlay, or follow a resource link. Tapping the shield is a private action.

If our AI detects signals consistent with imminent risk to yourself or another person, it may surface crisis resources, decline to continue with a particular conversation thread, and recommend professional help. These checks run as part of generating your reply, and only an anonymous aggregate count is logged, never the content. We do not maintain a crisis flag on your account, and we do not contact you, your partner, or any third party based on detected content.

We do not contact emergency services on your behalf. If you are in immediate danger, please call 911 (US) or your local emergency number directly.

Section 10

Cookies and tracking.

The Accordial marketing site at tryaccordial.com uses no advertising trackers, no marketing pixels, no session replay tools, and no cross-site identifiers. We do not run Meta Pixel, Google Ads conversion tracking, TikTok pixel, or LinkedIn Insight Tag. We do not embed third-party fonts that phone home. We do not sell or share information about visitors with advertising networks.

We use minimal first-party analytics to count page views and understand which pages people read. The analytics do not set cross-site cookies, do not fingerprint your browser, and do not retain IP addresses beyond aggregated traffic counting.

The mobile app does not contain advertising SDKs.

Section 11

What gets shared, with whom.

We share data only with the small number of vendors required to operate the service. Each one is named below with the specific role it plays.

Apple (iOS only). In-App Purchase for subscriptions. Apple knows who you are because it is your phone vendor. We receive a purchase receipt; Apple receives whatever its service requires. We do not use Sign in with Apple, and Apple has no role in authentication on Accordial.

Google (Android only). Google Play Billing for subscriptions. Google knows who you are because it is your phone vendor. We receive a purchase token after server-side scrubbing. We do not use Google Sign-in or any other Google identity service.

Stripe (session payments). Apple Pay or Google Pay tokens, payment intent processing, practitioner payouts. Stripe sees the wallet token, the request IP, and the transaction amount. Stripe sees the full identity of practitioners (who completed KYC); Stripe does not see your identity, because no Stripe Customer object is created for you.

LiveKit (session video and audio). Real-time video and audio infrastructure for practitioner sessions. The session is encrypted in transit. LiveKit sees connection metadata; it does not see decrypted audio or video content.

Anthropic and other AI providers. AI inference for translations, summaries, and insights. AI providers operate under contracts that prohibit training on user content and require deletion immediately after the response is returned. The AI provider sees the prompt and returns a response; we do not retain either after delivery to your device.

Our cloud hosting provider. Encrypted data storage and compute for the parts of the service that require a server (account authentication, ciphertext relay, subscription state). Our infrastructure provider stores your data encrypted at rest.

Crash reporting and error analytics. Anonymous crash reports without account IDs attached. Used to find and fix bugs.

We do not sell your information. We do not share it for advertising. We do not give it to data brokers. We do not run a marketing list. None of these vendors are permitted to use Accordial data for their own purposes.

Section 13

Your rights.

You have rights over your data regardless of where you live, and additional rights depending on your jurisdiction.

Everywhere. You can delete your account and all associated data at any time from inside the app (Profile → Delete all data). Deletion removes your encrypted records from our servers within 30 days, including from backups. Deletion is irreversible. You can also export your own data from the app in a portable format.

California (CCPA/CPRA). You have the right to know what personal information we collect, to delete it, to correct inaccuracies, to opt out of any sale or sharing of personal information (we do not sell or share any), to limit the use of sensitive personal information, and to non-discrimination for exercising these rights. To exercise these rights, use the in-app deletion and export tools, which are designed to satisfy California rights without requiring you to identify yourself to us.

Washington (My Health My Data Act). You have the right to access, correct, and delete consumer health data, and to withdraw consent. Inferences we generate about communication patterns may qualify as consumer health data under MHMDA. We do not retain persistent inferences as profiles about you, but the in-app export and deletion tools cover everything we do hold. We do not sell or share consumer health data.

Colorado, Connecticut, Maryland, New Jersey, Oregon, Texas, Virginia and other US state privacy laws. You have rights similar to California's. Use the in-app tools, or contact us through the methods in Section 15.

EEA, UK, and Switzerland (GDPR/UK GDPR). You have the rights to access, rectify, erase, restrict processing of, port, and object to processing of your personal data. The lawful bases we rely on are: contract performance (to provide the service you signed up for), legal obligation (to comply with laws that apply to us), and explicit consent (for any processing of special-category data, such as inferences about emotional or relational states). You have the right to withdraw consent at any time, which you can do by deleting your account or by toggling specific feature consents in settings. You have the right to lodge a complaint with your supervisory authority.

Children's data (COPPA, applicable globally). We do not collect data from anyone under 18, and we do not knowingly process data of any minor.

If a right is not effectively addressable through the in-app tools, contact us as described in Section 15. Because we do not collect identifying information, we cannot verify rights requests through the usual identity-confirmation methods (such as matching an email address). We can verify a request that is initiated from inside the authenticated app session, which is how the in-app tools work.

Section 14

Data retention.

We keep different categories of data for different lengths of time, all aimed at the minimum needed.

Account credentials (username, hashed password, anonymous account ID)
While your account is active; deleted within 30 days of account deletion.
Subscription state
While your account is active; deleted within 30 days of account deletion.
Ciphertext relayed between you and your partner
Stored only as long as needed for delivery to the recipient; deleted from our servers after delivery and confirmation, with a maximum of 30 days.
Session booking metadata (anonymous account ID, practitioner ID, date, amount)
7 years for tax and dispute resolution; required by US tax law for the practitioner side of the transaction.
Crash reports
90 days, then deleted.
Marketing site analytics (aggregated, no IPs)
13 months, then aggregated indefinitely.
Customer support interactions
None on a per-user basis; we run no support ticket system that retains data tied to an account.

When you delete your account, we delete everything we can within 30 days, including from backups. Session booking metadata that we are legally required to retain for tax and dispute resolution is anonymized so that nothing about it can be linked back to you.

Section 15

How to contact us.

The honest answer about contact is that we have built the product to require very little of it. The in-app tools are designed to handle account deletion, data export, refunds, and most rights requests without you needing to identify yourself to us.

For everything else:

When you email us, the email address you write from will reach us. If you would prefer to keep that address private, use a relay or forwarding service.

Accordial is operated by Accordial Tech LLC, a New Jersey limited liability company. Mailing address: 971 US Highway 202N STE N, Branchburg, New Jersey 08876, United States.

Section 16

Changes to this policy.

We will update this policy when the product changes or when the law changes. When we make a material change, we will:

  • Update the "Last updated" and "Effective date" at the top.
  • Post a clear in-app notice at least 30 days before the change takes effect.
  • Maintain a public changelog at tryaccordial.com/privacy-changelog showing what changed and why.

If you do not agree to a change, you can delete your account before the effective date.

Section 17

What this policy is not.

This policy describes what we do. It is not a guarantee that nothing about you can ever be discovered by anyone. The honest scoping is in our public privacy page and we restate it here:

  • If your partner has access to your unlocked phone, they can read your in-app data. Device-level access is outside our control. We recommend a device passcode and biometric lock.
  • Apple and Google know who their account holders are. Our use of in-app billing and obfuscated tokens limits what they share with us; it does not change what they themselves know.
  • Stripe and our other processors are subject to US legal process for the data they hold.
  • AI inference is not perfect. Our AI may misread tone, miss context, or produce a translation that does not match your intent. We design for these failures (visible "this doesn't seem right" feedback, edit-before-send, confidence qualifiers in language), but we do not promise that AI output is always correct.
  • The product does not diagnose, treat, or assess any mental, emotional, or relational condition. The Insights tab is reflective, not clinical.

We will keep telling you what we cannot guarantee, in plain language, in this section and in the rest of the app, for as long as Accordial exists.

A request, an audit, a question
A real person reads every privacy email.

If a paragraph here is unclear, or you'd like a copy of what we hold about you, write to us. We aim to reply within two business days. privacy@tryaccordial.com

See it in pictures
The privacy architecture

Where every piece of data lives, what we hold and what we don't, illustrated.

Open the architecture page