Dimini markDimini

Privacy Policy

Last updated: November 22, 2025

Demonstration Project Notice

Dimini is a demonstration project and proof-of-concept. This Privacy Policy describes how the system would handle data in a hypothetical production environment. Currently, Dimini should NOT be used with real patient information or Protected Health Information (PHI). This is for educational and demonstration purposes only.

This Privacy Policy describes how Dimini ("we", "our", or "us") collects, uses, and protects information when you use our AI-powered therapy assistant platform (the "Service"). Your privacy is critically important to us, especially given the sensitive nature of mental health data.

Information We Collect

Account Information

When you create an account as a therapist or administrator, we collect:

  • Email address
  • Name and professional credentials
  • Password (encrypted)
  • Professional license information (if applicable)

Patient Information

Therapists may input patient information including:

  • Patient name and contact details
  • Demographic information
  • Session metadata (date, time, duration)

Session Data

During therapy sessions, Dimini processes:

  • Conversation transcripts: Voice recordings are transcribed and processed
  • Extracted entities: Topics, emotions, people, and events identified by our AI
  • Semantic relationships: Connections between concepts discovered through embeddings
  • Session summaries: AI-generated insights and recommendations
  • Graph data: Visual representation of conversation patterns

Technical Data

We automatically collect certain technical information:

  • IP address and browser information
  • Device type and operating system
  • Usage patterns and feature interactions
  • Error logs and performance metrics

How We Use Your Information

AI Processing

Session transcripts are processed using:

  • OpenAI GPT-4: For entity extraction and natural language understanding
  • OpenAI Embeddings API: For semantic similarity calculations (text-embedding-3-small model)

These services process transcripts to identify topics, emotions, and relationships. Data is sent to OpenAI's API endpoints over encrypted connections. We recommend reviewing OpenAI's Privacy Policy for details on their data handling.

Data Storage

All data is stored using Supabase (PostgreSQL database):

  • Data encrypted at rest using industry-standard AES-256 encryption
  • Data transmitted over TLS/SSL encrypted connections
  • Database hosted in secure, SOC 2 Type II certified data centers
  • Vector embeddings stored using pgvector extension for similarity search

Service Delivery

We use your information to:

  • Provide real-time semantic graph visualization during sessions
  • Generate AI-powered session summaries and insights
  • Enable pattern recognition across multiple sessions
  • Maintain session history and patient records
  • Improve the accuracy of our AI models (in aggregate, de-identified form only)

Third-Party Services

Dimini integrates with the following third-party services:

Supabase (Database & Real-time)

Hosts our database and provides real-time synchronization. Data is encrypted at rest and in transit. Privacy Policy

OpenAI (AI Processing)

Processes transcripts for entity extraction and semantic analysis. We use their API with data processing agreements in place. Privacy Policy

Voice Integration Partners (Future)

Third-party voice agents may integrate with Dimini via our API. These partners have their own privacy policies governing voice recording and transcription.

Data Retention

We retain data as follows:

  • Session transcripts and graphs: Retained indefinitely unless deleted by therapist
  • Patient records: Retained until therapist requests deletion
  • Account information: Retained while account is active plus 90 days after deletion
  • Anonymized analytics: May be retained indefinitely for research and improvement

Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Export: Receive your data in a portable format
  • Objection: Object to certain processing activities
  • Restriction: Request limited processing of your data

Therapists have full control over patient data and can delete sessions, patients, or their entire account at any time through the platform interface.

Security Measures

We implement multiple layers of security:

  • End-to-end encryption for data in transit (TLS 1.3)
  • AES-256 encryption for data at rest
  • Secure authentication with password hashing (bcrypt)
  • API key rotation and management via environment variables
  • Regular security audits and updates
  • Limited employee access to production data
  • Automated backup and disaster recovery procedures

Note: No method of transmission or storage is 100% secure. While we use industry-standard security measures, we cannot guarantee absolute security.

HIPAA Compliance Status

Important: Dimini is currently a demonstration project and is NOT HIPAA-compliant. For production use with Protected Health Information (PHI), significant additional measures would be required including Business Associate Agreements (BAAs), comprehensive audit logging, advanced encryption, and adherence to HIPAA security rules. See our HIPAA Compliance page for details.

Children's Privacy

Dimini is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify users of material changes via email or prominent notice on our platform. Continued use of Dimini after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Legal Disclaimer: This Privacy Policy is provided for demonstration purposes as part of a hackathon project. It does not constitute legal advice. Any production deployment of similar technology should involve legal counsel to ensure compliance with HIPAA, GDPR, CCPA, and other applicable privacy regulations.