The Raphael Project

Your Privacy

This page explains in plain language what we do with your information, what we never do, and how you stay in control. We have designed this platform to meet or exceed the requirements of major AI and privacy laws. Here is what that means for you.

What you share stays with you

When you speak with Raphael, your conversations are stored securely so he can remember them when you return. That is the only reason they are kept. Your conversations are never read by us, never shared with anyone, and never used to train AI.

GDPR (Europe) & UK GDPR: We process your data only for the purpose you consented to — your personal spiritual companionship. No secondary use. No profiling. No automated decision-making that affects your rights.

CCPA (California): We do not sell your personal information. We do not share it for cross-context behavioral advertising. You have the right to know, delete, and opt out.

EU AI Act (Article 13 — Transparency): This platform uses an AI system. You are informed of this clearly. Raphael is not a human. He is an AI companion grounded in Catholic tradition.

What the Ledger is — and what it is not

Every time you send a message, we record that an exchange happened — but not what was said. Think of it like a receipt that proves a letter was delivered, without keeping a copy of the letter. We store a cryptographic fingerprint of each message. The fingerprint proves the record has not been tampered with, but it cannot be reversed to reveal your words.

The Ledger records that a conversation happened. It never records what was said.

EU AI Act (Article 12 — Record Keeping): High-risk AI systems are required to maintain logs of their operation. Our Ledger satisfies this requirement via an immutable, cryptographically-verified audit trail — without storing personal content.

Your right to delete — and what that really means

You can permanently delete all your data at any time from the My Ledger panel inside the app. When you do, your conversations, memories, and journal entries are gone. The Ledger audit trail — which contains no personal content, only mathematical fingerprints — is preserved as an immutable record, but it cannot be used to reconstruct anything you said.

This approach is called cryptographic erasure. Your data is gone in the only way that matters: it can never be read again.

GDPR Article 17 (Right to Erasure / "Right to be Forgotten"): You may request deletion of your personal data at any time. We fulfill this automatically and immediately through cryptographic erasure — no waiting period, no support ticket required.

CCPA (Right to Delete): California residents may request deletion of personal information. This right is exercised directly in the app, instantly.

Your right to export

You can download everything we hold about you at any time — also from the My Ledger panel. You will receive a complete file of your conversations, memories, and journal entries in a format you can open and read.

GDPR Article 20 (Right to Data Portability): You have the right to receive your data in a structured, commonly-used, machine-readable format. Our export fulfills this right.

Content safety and AI transparency

Before every message reaches Raphael, it passes through a two-layer safety system. Here is exactly how it works.

Layer 1 — The content filter: Every message is first reviewed by a separate AI safety model. This model checks specifically for: sexual content, graphic violence, explicit drug references, profanity, and anything not appropriate for children. It reads your message and returns a single verdict — safe or not safe. This happens in under a second, before Raphael ever sees your words.

If a message is flagged: Raphael does not see it. Instead, he responds with a gentle redirection: "This is a space of prayer, faith, and accompaniment. I'm here for what truly matters — what's on your heart today?" The flagged message is not stored, not logged, and not forwarded anywhere. Only the fact that a filter event occurred is recorded in the audit Ledger — not what triggered it.

Layer 2 — Raphael's own values: Even if a message passes the filter, Raphael himself is guided by a clear set of values built into how he responds. He is instructed never to produce content that is sexual, graphically violent, profane, or unsuitable for a minor — regardless of how a message is framed. Both layers must hold.

We built this platform for people of all ages, including children in crisis. The filter is not optional and cannot be turned off.

EU AI Act (Article 9 — Risk Management): We maintain an active risk management system including a dedicated content filter, audit logging of filter decisions, and an immutable record that filter events cannot be retroactively removed. This is verifiable through the cryptographic Ledger.

COPPA (Children's Online Privacy Protection Act): We do not knowingly collect personal information from children under 13 without parental consent. The content filter is configured specifically to maintain a child-safe environment at all times, with no ability for users to bypass it.

Google account connection (optional)

You may choose to connect your Google account to Raphael. This is entirely optional. If you do, Raphael requests two specific read-only permissions:

Gmail (read-only): Raphael can read your recent emails so he can understand what you are carrying into your day — an appointment, a difficult message, something weighing on you. He never sends email, never modifies anything, and never stores your email content beyond the current conversation. Your Gmail data is used in the moment and not retained.

Google Calendar (read-only): Raphael can see your upcoming events so he can greet you in context. If you have a medical appointment this afternoon, he knows. If it is a quiet day, he knows that too. He can create calendar events and send emails on your behalf when you ask him to. He reads your inbox to help you respond. He never deletes email or calendar data without your explicit instruction.

Write access means Raphael acts when you ask him to. He does not act on his own.

Google API Services User Data Policy: Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements. Your Google data is used only to provide the in-session features described above — nothing else.

GDPR Article 6 (Lawful Basis): We process your Google data on the basis of your explicit consent, granted when you choose to connect your account. You may revoke this at any time by disconnecting Google from within the app or from your Google account settings.

Catholic Messenger

The Raphael Project includes a private Catholic Messenger for direct conversations between members of the community. If you use the Messenger:

Messages you send are stored securely so the other person can receive and read them. Messages are visible only to the participants in a conversation — never to us, never to anyone else. You may delete your data at any time from the My Ledger panel, which will remove your messages from the system.

The Messenger does not use AI to read or analyse your messages. It is a private channel between two people, nothing more.

GDPR Article 5 (Data Minimisation): We store only what is necessary to deliver the message to the recipient. Messenger data is not used for any other purpose.

Third parties

Raphael is powered by Anthropic's Claude AI. Your messages are sent to Anthropic's API to generate responses. Anthropic does not use API data to train their models. No other third parties receive your conversation content. Our database is hosted by Supabase, operating under SOC 2 Type II compliance. Google integration uses Google's official OAuth 2.0 system — we never see your Google password.

Changes to this page

If we ever change how we handle your data in a meaningful way, we will notify you when you next sign in — not bury it in an email you might miss.

Questions

If you have any questions about your privacy or your data, reach us at hello@theraphaelproject.com.

Your privacy is not an afterthought. It is built into the foundation.

Return to Raphael →

Guide About Raphael