What actually happens to your conversations
Most companion apps make privacy promises they don't explain. Here is the real architecture — plainly, and only what's true today. Where a stronger guarantee exists only on our roadmap, we say so rather than imply it.
Encrypted in transit
Every connection between your device and Hana is protected with TLS — the same transport encryption your bank uses. Nothing you send or receive travels the open internet in the clear.
Run on hardware we own
Your conversations are answered by a model running on GPUs we operate directly — not rented inference from a third-party model provider. No outside AI company (OpenAI, Anthropic, Google, or anyone else) ever receives your messages. That's also why the model can be genuinely uncensored: there's no third party imposing their content policy on your private chat.
Never used for training
Your conversations are never used to train, fine-tune, or evaluate any model — ours or anyone else's. They aren't a dataset. The companion's memory of you lives only in your own account, to make her feel continuous to you — it is never pooled with other people's chats or fed back into the base model.
Isolated to your account
Each account's data is isolated — your conversations and memories are scoped to you and are not synced across to other users or mixed into a shared store. Discreet billing keeps the payment side separate from the companion side.
Credentials we never store in plaintext
We never keep your password. It's run through Argon2id — a deliberately slow, memory-hard hash — and only the hash is stored, so even we can't read it back. Your recovery code is hashed the same way, and session tokens are stored only as SHA-256 hashes. If our database were ever exposed, your password would not be in it.
Where we draw the line — honestly
On our hosted service your data is encrypted in transit and lives on infrastructure we operate and control — isolated to your account and never sent to a third-party model. What we do notclaim is that it's mathematically impossible for us to access: a hosted service we run is, by definition, a service we operate. Hardening data at restfurther is active work, and we'll describe each step here as it ships rather than promise it in advance.
If you want the strongest possible guarantee — where your conversations never leave hardware you physically control, and no operator can read them even in principle — Hana can be self-hostedon your own machine. That is the tier where “we literally can't read it” is true by construction.