WITHIN PRIVACY POLICY
[Last Modified: August, 2025]
This Privacy Policy (“Privacy Policy”), is an integral part of our End User License Agreement (“EULA”), and governs the processing and transfer of personal data collected or processed by using or accessing “WithIn” mobile application ( “we”, “us” or “our”) or our services, all as detailed in the applicable EULA (respectively the “App” and “Services”).
Any capitalized terms not defined herein shall have the meaning ascribed to them in the EULA.
This Privacy Policy explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it and how you may exercise your rights related to your Personal Data (as defined below), among others, and where applicable, as required according to the EU General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”) and other US states as further detailed below.
If you have any questions regarding this Privacy Policy or our data practices, you are welcome to contact us at: support@withinapp.ai
Within’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
This Privacy Policy explains our data collection practices that are applicable to any users of our App or our Services (“you” or “your”).
We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Policy will become effective within 30-days upon the display of the modified Policy. We recommend you review this Policy periodically to ensure that you understand our most updated privacy practices.
You can find here information regarding the purposes for which we process your personal data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data, and how it is technically processed.
Non-Personal Data
During your interaction with our website and Services, we may collect aggregated, non-personal non-identifiable information, which may be made available or gathered via your access to and use of the Services (“Non-Personal Data “). We are not aware of the identity of the user from which the Non-Personal Data is collected. The Non-Personal Data being collected may include your aggregated usage information and technical information transmitted by your device, such as: the type and model of your mobile device, operating system and its version, device language settings, app version, general country location, date and time of use, etc.
Personal Data
We may also collect from you, directly or indirectly, during your access or interaction with Services, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data”). The types of Personal Data that we collect as well as the purpose for processing and the lawfulness are specified in the table below.
We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person's health or data concerning a person’s sex life or sexual orientation (“Special Categories of Personal Data”). Notwithstanding the foregoing, the nature of the Services permits you to submit any input (as defined in the EULA) at your discretion (subject to the limitations set forth in the EULA), including, but not limited to, Special Categories of Personal Data.
The table below details the processing of Personal Data, the purpose, lawful basis, and processing operations:
DATA SET | PURPOSE AND OPERATIONS | LAWFUL BASIS |
Registration Information: In order to register and create an account through our App, we will collect the Personal Data that you are required to provide us during the registry process, such as your full name, email address and password. Additionally, if you sign up via your social media account (i.e., Google or Facebook), we may have access to certain information that you allow social media to share with us. You represent and warrant that you will not provide us with inaccurate, misleading or false information. | This information will be processed for the purpose of performing our contract with you, to set up your account with us and enable you to use our Services. | The registration information is processed to perform our contract with you and the direct marketing is subject to our legitimate interest. |
Contact Information: If you voluntarily contact us, you may be required to provide us with certain information such as your name and , email address (“Contact Information”) and any additional information you decide to share with us. | We will use this data to respond to your inquiry.
| We process such Contact Information subject to our legitimate interest and the performance of a contract with you, if your inquiry relates to a contractual relationship with us. We may keep such correspondence if we are legally required to. |
Push Notifications: | This information will be processed to allow us to send push notification to users from our server. | As the token is Non-Personal Data it does not require a lawful basis. |
Log Data and Unique Identifiers: | In most cases, this data will not include Personal Data, however we treat this information as Personal Data as we may be able to reasonably identify you. | We process this data set for our legitimate Interest of protecting our App and Services and optimizing the App and Services. |
Microphone and Audio: As part of our services, you may provide input using your device's microphone and provide us with Audio data using the microphone. In order to access your microphone we will need you to provide us with the permission to access the microphone through the device settings. | We request these permissions to offer you with additional way to provide an Input. This permission must be affirmatively enabled through in-app settings or the device’s settings. You may disable the permissions at any time; however, disabling it may result in certain features or all features not functioning properly. Even if you enable microphone access, you may still choose to enter a text input instead. | We process this information based on your consent provided through the organic in-app permissions in order to execute our contract with you and provide you with our services. |
User Input and Output Data: When you use our Services, we collect the information you voluntarily provide as input such as text, audio, or other content you submit through the App. In addition, we may process and store the output generated by the Services in response to your input. The nature and categories of personal Data depend on the data you choose to provide. | We process this data to provide, improve, and personalize our Services. | User Input and Output Data is processed to perform our contract with you and based on your consent. |
Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of personal data to third-party countries, as further detailed in the Data Transfer Section, is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the Services and to enforce the Terms, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is based on our legitimate interests.
We may collect different categories of Personal Data and Non-Personal Data from you, depending on the nature of your interaction with the Services provided through the website and Platform, as detailed above. If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data or for as long as it remains combined.
Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:
Our Services and some of our Service Providers utilize “cookies” or software development kits (SDKs)” anonymous identifiers and other tracking technologies (collectively, “Tracking Technologies”) which help us provide and improve our Services, personalize your experience and monitor the performance of our activities, as well as the usage of our App and Services as a whole.
The specific SDK we currently use, the purpose of the SDK, their privacy policy and opt-out controls are set forth in the table below:
NAME | PURPOSE | PRIVACY AND OPT OUT |
Google Cloud Platform Services | Analytics, Authentication Performance and Operational | Google Cloud Privacy Policy: https://cloud.google.com/privacy |
Firebase | Authentication, Analytics & Crash data | Firebase Privacy Policy: https://firebase.google.com/support/privacy |
OpenAI API | LLM Module | OpenAI Privacy Policy: |
Google Generative AI (Gemini) | LLM Module | Google Privacy Policy: |
LangChain | LLM Module | LangChain Privacy Policy: |
We share your data with third parties, including our partners or service providers that help us provide our Services. You can find here information about the categories of such third-party recipients.
CATEGORY OF RECIPIENT | DATA THAT WILL BE SHARED | PURPOSE OF SHARING |
Service Providers | All data | We may disclose Personal Data to our service providers, contractors, and third parties, including, but not limited to, our cloud and hosting provider, analytics and marketing providers, fraud prevention and analytic tools, and tracking tools. These service providers are limited by contracts that restrict their use of the data and require the implementation of security measures. The service providers process the data solely to provide the needed services. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services. |
Any acquirer of our business | All data | We may share Personal Data in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, the acquiring company will assume the rights and obligations as described in this Policy. |
Governmental agencies, or authorized third parties. | Subject to law enforcement authority request. | We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose. |
In addition, we may share or allow you with the option to share information where you requested us to share such informaoitn or where you decided to share the information through the sharing feature provided through the App. When we share information with services providers and partners, we ensure they only have access to such information that is strictly necessary for us to provide the Services. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (such service providers may use other non-personal data for their own benefit).
In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to optout, where applicable.
Other circumstances in which we will retain your Personal Information for longer periods of time include: (i) where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obligated to retain your data for any particular period, and we may delete it for any reason and at any time, without providing you with prior notice if our intention to do so.
We take great care in implementing physical, technical, and administrative security measures for the services that we believe comply with applicable regulation and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed, or accidentally lost.
If you feel that your privacy was not dealt with properly or was dealt with in a way that was in breach of our Privacy Policy or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data, please contact us at our email. We will make a reasonable effort to notify you and the appropriate authorities (if required by applicable law) if we discover a security incident related to your Personal Data.
We use Google Cloud which are located in EU, US and Asia. Further, certain processing activities are conducted in Israel, or other countries. In the event of data transfer out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law. Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection) it shall be transferred under the provisions of the standard contractual clauses approved by the European Union. If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at our email.
According to data protection and privacy laws, you may be granted certain rights with regards to your Personal Data, depending on your jurisdiction. These rights may include one or all of the following: (i) request to amend your Personal Data we store; (ii) review and access your Personal Data that we hold; (iii) request to delete your Personal Data that we hold (as long as we do not have a legitimate reason for retaining the data); (iv) restrict or object to the processing of your Personal Data; (v) exercise your right of data portability; (vi) contact a supervisory authority in your jurisdiction and file a complaint; and (vii) withdraw consent (to the extent applicable). If you wish to submit a request to exercise your rights, contact us at:
When you contact us and request to exercise your rights regarding your Personal Data, we will require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort, as required or permitted under applicable law. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.
The Services are not intended for use by children under the age of 13, and we do not knowingly process children's information. We will discard any information we receive from a user that is considered a "child" immediately upon discovering that such a user shared information with us. Please contact us at: support@withinapp.ai if you have reason to believe that a child has shared any information with us.
Residents of certain U.S. states (depending on the applicable state law, acting in an individual or household context and not in a commercial or employment context or as a representative of business), including California, Colorado, Connecticut, Virginia, and Utah, may have additional rights under applicable privacy laws and be entitled to additional disclosures.
“Personal Data” under applicable US privacy laws, generally means any information that is linked or reasonably linkable to an identified or identifiable individual (and usually does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the states laws scope, such as: HIPAA, non-profit entities, etc.).
“Sensitive Data” means data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, citizenship, or immigration status; The processing of genetic or biometric data for the purpose of uniquely identifying an individual; Personal Data collected from a known child; Precise geolocation data.
We are required to provide you with a clear and accessible privacy notice that includes the categories of Personal Data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of Personal Data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.
Categories of Personal Data & Categories of third parties with whom Personal Data is shared: Under the paragraph “Personal Data” of this Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that we are collecting and processing, and the purposes for which Personal Data is processed, stored or used. Under the paragraph “Data Sharing” of this Privacy Policy, we detail and disclose the categories of third parties we share Personal Data with for business purposes. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent.
“Sale” of Personal Data: Under US privacy laws, in principle, the term “sale” is referring to disclosing or making available Personal Data to a third-party in exchange for monetary or other valuable consideration, including for targeted advertising purposes. We do not “sell” information as most people would commonly understand that term, we do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment. However, subject to the definition of the term “Sale” under US privacy laws, we may “sell” the Identifiers.
Consumer Rights: Residents of certain U.S. states, including Colorado, Connecticut, Virginia, and Utah, may have additional rights under applicable privacy laws, subject to certain limitations, which may include:
The paragraph “User rights” provides additional information regarding your principal rights.
Exercising Your Privacy Rights: You may submit a request to exercise most of your privacy rights under U.S. state privacy laws by contacting us at: support@withinapp.ai. When you submit a request, we will take steps to verify your identity and your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial and how to remedy any deficiencies, where applicable.
Authorized agents may initiate a request on behalf of another individual by contacting us at support@withinapp.ai; authorized agents will be required to provide proof of their authorization and we may also require that the relevant User directly verify their identity and the authority of the authorized agent.
If we decline to take action on your request, we shall so inform you without undue delay, within the timeframe set out under applicable law. Our notification will include a justification for declining to take action and instructions on how you may appeal. Within the timeframe set out under applicable law of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the applicable authority or Attorney General of your jurisdiction