Last Updated: 27 June 2026

Seryno (“Seryno”, “we”, “us”, or “our”) provides self-guided tools for personal growth, self-reflection, and education, drawing on concepts from Rational Emotive Behavior Therapy (REBT). This Privacy Policy explains what personal data we process, why, on what legal basis, and the rights you have. We are committed to data minimization and to handling your information transparently and lawfully.

1. Who We Are (Data Controller)

The data controller responsible for your personal data is Dr. Reza Abbasi, who operates the “Seryno” application as a sole trader based in Portugal (European Union).

  • Postal address: Rua Joaquim A, 479, 4000-311 Porto, Portugal
  • Contact for privacy matters: info@seryno.com

2. The Sensitive Nature of Your Data

Seryno lets you log thoughts, beliefs, events, and emotional states for journaling and REBT-style self-reflection. We want to be clear: even though we ask you not to enter directly identifying information (such as your full name, phone number, address, or government ID), the content you write — because it relates to your thoughts and emotional state and is linked to your account — is treated by law as special category personal data (“data concerning health”) under Article 9 of the GDPR. This treatment depends on the nature of the content itself and applies regardless of the category under which Seryno is listed in any app store (for example, Lifestyle, Education, or Self-Help).

We process this content only with your explicit consent, which we request when you create your account and begin using the journaling and disputation features. You can withdraw this consent at any time by ceasing to use those features and/or deleting your account (see Section 9). Withdrawing consent does not affect processing carried out before withdrawal.

Please continue to avoid entering identifying details about yourself or others. Because we ask you to keep entries free of identifiers, we do not perform automated masking or anonymization before content is processed. Keeping identifiers out of your entries reduces risk to you.

3. What Data We Collect and Why

CategoryExamplesPurposeLegal basis
Account dataEmail address, authentication credentialsCreate and secure your account; sync across devicesPerformance of a contract (Art. 6(1)(b))
User contentYour journal entries, logged thoughts/beliefs/events, emotional/mood tracking, REBT inputsProvide the journaling, tracking, and AI disputation featuresExplicit consent (Art. 9(2)(a)) + contract (Art. 6(1)(b))
Subscription & billing dataSubscription status, transaction identifiers, purchase records (held by our payment processors; we do not store full card numbers)Manage paid subscriptions, prevent abuse, meet tax/accounting dutiesContract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c))
Usage & diagnostics dataCrash logs, app stability data, aggregated/anonymized usage patterns, device/SDK identifiers used by analyticsImprove app stability and performanceConsent where required by ePrivacy/local law; otherwise legitimate interests (Art. 6(1)(f))

Where analytics or diagnostics rely on device identifiers, we will request your consent through an in-app control, and you can change your choice at any time in the app settings.

4. How Your Data Is Processed, Including AI

To provide the REBT disputation feature, the text you enter is transmitted to a third-party Artificial Intelligence / Large Language Model (LLM) service provider that processes it on our behalf to generate automated reflection suggestions in real time.

  • Categories of recipients (processors): cloud infrastructure and database providers; authentication providers; AI/LLM processing providers; analytics providers; and payment/subscription processors. We disclose categories rather than brand names for security reasons. A current list of specific sub-processors is available on request at info@seryno.com.
  • No model training: Our agreements with our AI provider require that data you submit is used solely for real-time processing of your request and is not used to train, fine-tune, or otherwise improve their models.
  • No automated decisions with legal effect: The AI produces suggestions only. It does not make decisions that produce legal or similarly significant effects about you within the meaning of Article 22 GDPR. You remain in control of how you use any output.
  • Automated, not human, support: REBT suggestions are generated automatically. Our staff do not routinely read your entries; we access content only where strictly necessary (e.g., to investigate a security incident or as legally required).
  • Limited use of your entries: We use your journal and tracking entries only to store them for you, sync them across your devices, and — when you use the disputation feature — process them to generate your suggestions. We do not analyze, profile, sell, share for advertising, or otherwise use your entries for any other purpose.

5. International Data Transfers

Seryno is operated from Portugal, but some of our processors (including cloud, authentication, analytics, and AI providers) are located outside the European Economic Area, including in the United States. Where we transfer your personal data outside the EEA, we rely on appropriate safeguards, namely Standard Contractual Clauses (SCCs) approved by the European Commission and/or transfers to recipients certified under the EU–U.S. Data Privacy Framework, together with supplementary measures where appropriate. You may request a copy of the relevant safeguard by contacting info@seryno.com.

6. Data Retention

  • Account and user content: retained while your account is active. On account deletion, this data is deleted as described in Section 9.
  • Billing and transaction records: retained for as long as required by Portuguese tax and accounting law (currently up to 10 years), even after account deletion, in a form limited to what the law requires.
  • Diagnostics/analytics: retained in identifiable form for up to 14 months, after which it is aggregated or deleted.

7. Data Storage, Syncing, and Security

Your account and content are stored using industry-standard, encrypted cloud database infrastructure to enable multi-device sync across iOS, Android, and Web. We apply technical and organizational measures appropriate to the sensitivity of the data, including encryption in transit and at rest where supported, and restricted access. No system is perfectly secure; if a personal data breach occurs that is likely to result in a risk to your rights, we will notify the competent supervisory authority and, where required, you, in accordance with the GDPR.

8. Your Rights

If you are in the EEA, the UK, or a jurisdiction with similar protections, you have the right to: access your data; rectify inaccurate data; erase your data; restrict or object to processing; data portability; and to withdraw consent at any time. To exercise these rights, contact info@seryno.com. We will respond within the timeframes required by law (generally one month under the GDPR).

You also have the right to lodge a complaint with a data protection supervisory authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD) — www.cnpd.pt. You may also contact the authority in your country of residence.

9. Account Deletion

You own your data. If you delete your Seryno account, we delete your stored journals, logs, and account records from our active production systems without undue delay. Please note:

  • Residual copies may persist for a short period in encrypted system backups maintained for security and disaster recovery, after which they are overwritten; and transient processing logs at our processors are deleted in accordance with their retention schedules.
  • We may retain a minimal set of billing/transaction records where required by law (see Section 6).

Apart from these limited exceptions, account deletion is intended to be permanent and is not reversible. We do not maintain long-term historical archives of deleted account content.

10. Children

Seryno is not directed to, and may not be used by, anyone under 16 years of age (or a higher age where required locally). We do not knowingly collect data from children below this age. If you believe a child has provided us data, contact info@seryno.com and we will delete it.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you in the app or by email and update the “Last Updated” date. For changes that expand how we use sensitive data, we will seek fresh consent where required.

12. Contact

Questions or requests regarding this Privacy Policy: info@seryno.com.