Last updated: May 2025 · Governed by the laws of Malaysia
GIWM (God Is With Me) is a faith-based AI companion service operated by Voxel Asia Sdn Bhd, a company registered in Malaysia. Our platform is accessible at giwm.me.
We built GIWM to be a private, unhurried space for reflection. That intention shapes every decision we make about your data.
Account information. When you register, we collect your email address and a hashed password. We use this to identify your account and nothing else.
Subscription data. If you become a paid subscriber, payment is processed by Stripe. We do not store your card details. We receive a subscription status and renewal date from Stripe.
Usage data. We track message counts per account to enforce fair usage limits. We do not log the content of those messages.
Journal entries. Only if you choose to use the journal feature. See the journal section below for full details.
Your conversations with Gabriel are not stored. When you close the chat window, everything you said is gone. We have no record of it. We cannot retrieve it. This is by design.
We do not sell your data. We do not share your data with advertisers. We do not use your data to train AI models.
The journal is entirely optional. It activates only when you choose to use it. If you never open the journal, nothing in this section applies to you.
How encryption works. Your journal entries are encrypted on your device before they leave it. The encryption key is derived from your account email address using a standard cryptographic process (PBKDF2 + AES-GCM). The derived key itself is never sent to or stored by GIWM — what reaches our servers is unreadable ciphertext.
What this means in practice. Because the key is derived from a value we already hold on file (your email), this encryption is not zero-knowledge. It is designed to protect your entries against database exposure — for example, if our database were leaked, breached, or accessed by a third party who did not also have our application code. It is not a guarantee that GIWM staff with full code and infrastructure access cannot decrypt entries. We do not access journal contents as part of normal operations, and our systems are not built around doing so.
Recovery. If you lose access to your account, you can recover your journal by logging in with the same email address you registered with. Your entries will decrypt automatically. No support ticket required.
Email changes. If you change your account email address, your existing journal entries will become permanently unreadable — the key will no longer match. Export or delete your entries before changing your email.
Deletion. You may delete individual entries or your entire journal at any time from within the journal panel. Deletion is immediate and permanent. We do not keep backups of deleted entries.
We use a session cookie to keep you signed in. We do not use advertising cookies, tracking pixels, or third-party analytics.
We use the following third-party services to operate GIWM:
Each of these providers has their own privacy policy. We share only what is necessary for each service to function.
Your conversation messages are sent to Anthropic's API to generate Gabriel's responses. Anthropic processes these in real time but does not retain them for training purposes under our API agreement.
Under the Personal Data Protection Act 2010 (PDPA), you have the right to access the personal data we hold about you, correct inaccurate data, and withdraw consent for processing. To exercise these rights, contact us at the address below.
Your journal entries are stored encrypted. The normal way to read or export them is to sign in to your account — only your authenticated client decrypts them in the course of regular use. If you have lost account access, contact us; staff-assisted recovery is technically possible but is not part of normal operations.
We retain your account information for as long as your account is active. If you delete your account, your data is removed within 30 days, except where retention is required by law.
Journal entries are deleted immediately upon your request, or when your account is deleted.
GIWM is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.
We may update this policy from time to time. When we do, we will update the date at the top of this page. Continued use of GIWM after a policy change constitutes acceptance of the updated policy.
For privacy-related enquiries, contact us at: hello@giwm.me
Voxel Asia Sdn Bhd · Kuala Lumpur, Malaysia