Privacy Policy
Last updated: 18 April 2026
Overview
This policy describes what personal data Harmonia collects when you use harmonism.io, the MunAI Companion (on the website, in Telegram, or in the Harmonia mobile application), and the Harmonic Profile Assessment — and how that data is processed, shared, and protected. It is written in plain language but is intended to satisfy the transparency requirements of the European Union's General Data Protection Regulation (GDPR, Regulation 2016/679) and France's Loi Informatique et Libertés.
Data controller
The data controller is Harmonia, a philosophical project led by Tahir Zniber, reachable at tahirzniber@proton.me. Until Harmonia incorporates as a registered legal entity, the founder acts as controller in a personal capacity. This page will be updated the moment that changes; you may always ask for our current contact details.
What we collect
Registration data. When you create an account we collect your email address, a display name of your choice, a hashed password, and your preferred interface language.
Interaction data. When you speak with MunAI — on the website, in Telegram, or in the mobile application — we record the content of your messages, the Companion's responses, timestamps, and message counts. These form the memory that allows the Companion to meaningfully continue a conversation across sessions.
Harmonic Profile Assessment data. If you complete the Harmonic Profile Assessment, we receive and store your results, including Enneagram typing (type, wing, instinctual stack, health level), constitutional data (Ayurvedic dosha, Wu Xing, Yin-Yang, Jing reserve), your eight Wheel engagement levels, and your developmental altitude. Some of this information — especially elements relating to physical health, vitality, mental functioning, and psychological state — constitutes "special category" data under Article 9 of the GDPR. We process it only on the basis of your explicit and separately captured consent.
Technical data. To operate the service and protect it from abuse we record IP addresses, browser type, approximate session metadata, and a functional identifier cookie (harmonia_client_id) that allows a returning visitor to resume a conversation before logging in.
Derived data. From conversations and assessments the system generates profile summaries, per-pillar engagement scores, growth-edge notes, and conversation consolidations. These inferences are used to personalise the guidance you receive and are treated with the same protections as the underlying data.
Why we process this data
To provide the core service — responding to you through MunAI, holding continuity across sessions, reflecting your Harmonic Profile back to you, and sending transactional messages (account confirmation, password reset). With your separate optional consent we also use your email address to send periodic reflections from Harmonia — substantive writing, not commercial noise. You can withdraw that consent at any time without affecting the rest of the service.
Legal basis
For account creation, service provision, and transactional messages: performance of a contract between you and Harmonia (Article 6(1)(b) of the GDPR).
For the processing of conversations with MunAI, including the retention of memory across sessions: your consent (Article 6(1)(a)), given at registration and withdrawable at any time.
For the processing of special-category data gathered by the Harmonic Profile Assessment (health-related, psychological-tendency, and constitutional information): your explicit and separately captured consent (Article 9(2)(a)).
For periodic editorial emails: your separate consent (Article 6(1)(a)), withdrawable at any time via a link at the bottom of every email.
For the protection of the service against abuse, fraud, and unlawful use: our legitimate interest (Article 6(1)(f)) in keeping the infrastructure safe. We balance this against your rights and use only the minimum necessary.
Who receives your data
Running the Companion means that certain parts of your data are processed by sub-processors who act under contract with us. We use:
- Anthropic PBC (United States) — provides the Claude model that generates the Companion's responses. The content of your message is sent to Anthropic for the duration of each inference call.
- OpenAI, L.L.C. (United States) — provides the embedding model that retrieves relevant vault passages semantically when you ask a question.
- Supabase Inc. — stores your authenticated account record (email, hashed password, metadata).
- Hostinger International Ltd. (European Union — Cyprus) — provides the hosting and SQL storage for the live databases.
- Resend, Inc. (United States), using Amazon Web Services SES (European Union — Ireland) as transport — delivers transactional and editorial email.
We do not sell your personal data. We do not rent it. We do not share it with advertising networks or data brokers. No part of your data is used to train public AI models.
Transfers outside the European Economic Area
Anthropic, OpenAI, Supabase, and Resend are established in the United States. Such transfers rely on the EU–US Data Privacy Framework adequacy decision (Commission Decision C(2023) 4745) for providers certified under it, and on Standard Contractual Clauses (Commission Decision 2021/914) as a fallback mechanism. Where a provider offers a European region we use it.
How long we keep your data
Your account and its associated memory are kept as long as your account is active. If you delete your account, your personal identifiers and conversation memory are deleted within thirty days, except where we are legally required to retain specific records — in which case we retain only the minimum required, for the minimum duration required. Server access logs are retained for thirty days.
Your rights
Under the GDPR you have the right of access (Article 15), rectification (Article 16), erasure (Article 17, "right to be forgotten"), restriction of processing (Article 18), data portability (Article 20), objection (Article 21), and withdrawal of consent at any time (Article 7(3)). To exercise any of these rights, write to tahirzniber@proton.me. We will respond within thirty days.
You also have the right to lodge a complaint with a supervisory authority. For France that is the Commission Nationale de l'Informatique et des Libertés (CNIL, www.cnil.fr). You may also contact the supervisory authority of your country of habitual residence or place of alleged infringement.
Automated decision-making
MunAI provides guidance, not decisions. Nothing the Companion says produces legal effects or similarly significant effects on you within the meaning of Article 22 of the GDPR. You remain the sole decision-maker in every matter of health, finance, relationships, and life direction discussed with it.
Disclosure that you are interacting with artificial intelligence
MunAI is an artificial intelligence system. It speaks in the voice of a contemplative companion, but it is a language model — specifically, the Claude model developed by Anthropic — configured to respond from within the Harmonist framework. You are never at any point speaking to a human member of the Harmonia team when you use the Companion. This disclosure is made in accordance with Article 50 of the EU AI Act (Regulation 2024/1689).
Security
Passwords are hashed at rest. Conversation and profile databases are stored server-side with file-level access controls. Transport is encrypted with TLS. No security regime is perfect; if you discover a vulnerability, write to tahirzniber@proton.me.
Children
Harmonia is not directed to children under the age of sixteen. We do not knowingly collect data from anyone under sixteen. If you believe a minor has created an account, write to us and we will delete it.
Changes to this policy
We will update this page if the way we process your data changes in a meaningful way, and — where required — we will ask you for a new consent before the change takes effect. The "last updated" date at the top always reflects the currently effective version.
Contact
For any question about your data, write to tahirzniber@proton.me.