JustAsk

Privacy Policy

This describes what JustAsk collects, why, and what we do with it. Plain language first, lawyer language never.

JustAsk is a private memory companion for someone living with memory loss. Because it holds personal — and often health-adjacent — memories about a vulnerable person added by their family, we treat that data with particular care. This policy explains how.

1. Who we are

JustAsk (“we”, “us”) is a service operated by Ian Gotts, and is part of AquaBrain. Contact: hello@aquabrain.ai.

2. The people involved

• The patient — the person the memories are for. They have a private memory “Brain”. They sign in to nothing; their device (the screen they talk to) holds a long-lived token instead of a login.
• The admin / co-admins — the caregiver(s) who set the family up. They have an account (email sign-in).
• Family members — people who add memories. They do not have an account; they unlock the capture page (or the iOS app) with a personal 4-digit PIN.

3. What we collect

3.1 Account & access data

• Admin email address — used for sign-in and account-related messages.
• Family member name and 4-digit PIN — the PIN is hashed before storage; we never keep it in the clear.
• Patient device tokens — hashed before storage; they bind a specific screen to the Brain and can be revoked.
• Authentication metadata — IP address and user-agent at sign-in time, kept by our auth provider for abuse prevention.

3.2 The memories and family content

• Memories — everything family members add through the web capture page or the iOS app.
• Patient details — the patient’s first name and timezone, set by the admin.
• Lenses — the tags (people, decades, topics) the family creates to organise memories.
• Calendar link — if the admin connects a read-only ICS/iCal calendar, the subscription URL is stored encrypted and used only to let the companion mention upcoming plans. It is never returned to a browser.

3.3 Spoken questions & answers

• When the patient asks a question, it is sent to our service to find relevant memories and compose a gentle reply.
• If a natural or premium voice is enabled, the reply text is turned into audio. Synthesized audio is cached so repeated questions don’t re-incur cost; the cache is keyed to the family’s Brain.

3.4 Operational data

• Access log — a record of who/what/when on each Brain (e.g. a memory added, a question asked), used for security and support. It holds internal ids, not the memory text.
• Request and error logs — paths, status codes, response times and stack traces, retained briefly for debugging and scrubbed of content where practical.

3.5 Payment data

• Subscription and billing details — when paid plans go live, payment will be collected and processed by Stripe. Stripe handles card details directly; we never receive or store your full card number, only limited billing metadata (plan, status, card brand and last four digits). During the preview there is nothing to pay.

4. AI inference and voice

JustAsk uses OpenRouter to generate embeddings of memories and to compose the companion’s replies. The included natural voice is generated by OpenAI’s text-to-speech. If a family chooses the premium voice option, they connect their own ElevenLabs account: that API key is stored encrypted, used only to synthesize that family’s replies, and billed to them by ElevenLabs directly. We do not log the bodies of inference or speech requests beyond what is needed to return the immediate response. In the iOS app, voice dictation (turning what you say into text) uses Apple’s on-device speech recognition.

5. What we do not do

• We do not train AI models on your memories.
• We do not sell your data.
• We load no tracking pixels, third-party ad tags or marketing analytics on the site or apps.
• We never receive full card numbers (see 3.5).

6. How we use the data

• To run the service: sign admins in, store the memories family add, find them and compose warm answers for the patient, speak those answers, and show plans from the connected calendar.
• To keep families separate and respond to abuse or security events.
• To support and improve the product, without training on your content.

7. Who processes data on our behalf

We use a small set of infrastructure providers (“sub-processors”). Each receives only the data needed for its role.

• Supabase — authentication, database, storage and Edge Functions. Hosts the bulk of the content.
• Vercel — hosting for the JustAsk web pages.
• Resend — transactional email (sign-in, account messages).
• OpenRouter — AI inference for embeddings and composing replies.
• OpenAI — the included natural companion voice (text-to-speech).
• ElevenLabs — premium voice, only if a family connects their own account.
• Apple — iOS app distribution via TestFlight / App Store, and on-device speech recognition for dictation.
• Stripe — payment processing and subscription billing, when paid plans are enabled.
• Sentry — error reports and diagnostics.

8. Where the data lives

Primary storage is in the United States via Supabase. If you are in the UK / EU / EEA, data is transferred and stored in the US under the standard contractual terms our sub-processors offer.

9. How long we keep it

• Active content — for as long as the family’s Brain exists.
• Deleted items — purged from primary storage promptly; may persist in encrypted backups for up to 30 days before rolling off.
• Brain / account deletion — email hello@aquabrain.ai and we will erase the Brain and its content from primary storage within 7 days.
• Request and error logs — 30 days.

10. Your rights

• An admin can delete any family member, screen or memory, and disconnect the calendar, at any time.
• Request full deletion of a Brain (see above) or a copy of what we hold.
• If you are in the UK / EU, exercise GDPR rights including access, objection, restriction, and complaint to your supervisory authority.

11. Security

All traffic is TLS. Database access is gated by row-level security so each family sees only its own data. PINs and device tokens are hashed before storage; the calendar URL and any ElevenLabs key are encrypted at rest. No service is uncrackable, so please don’t add anything to a memory that you would be unwilling to lose.

12. A note on sensitive memories

Memories about a person living with memory loss can be deeply personal. The companion is designed to be gentle and never to volunteer distressing facts, but it is guidance, not a guarantee. If there is something you never want repeated back, the surest course is simply not to add it.

13. Children

JustAsk is intended for use by adults caring for an adult. We do not knowingly collect data from anyone under 18.

14. Changes

If this policy changes materially, we will email every admin with an active account before the change takes effect.

Last updated: 13 June 2026. Questions: hello@aquabrain.ai.

← Back to JustAsk