Lilith — Help & Privacy Guide

What is Lilith?

Lilith is a private, text-based session with an AI behavioral psychiatrist. She is direct, clinically precise, and draws on psychoanalytic and behavioral frameworks to help you identify patterns you may not be able to see from the inside.

Each session is a real conversation — not a quiz, a mood tracker, or a checklist. You bring what's on your mind. Lilith helps you see it more clearly.

Lilith is not a licensed clinical service. She is an AI experience. If you are in crisis, please contact a qualified professional or a crisis line in your area.

Sessions

Each conversation is a session — a focused exchange with a defined length. When the session ends, you choose what happens to it.

Remember Session Lilith writes a brief clinical note covering the topics you discussed, patterns she observed, and concrete next steps. This note is encrypted and stored so she can reference it in future sessions.
Forget Session The conversation is permanently deleted from the server. No note is written. Nothing carries forward. This is immediate and irreversible.
End Session Ends the conversation early and takes you through the same Remember / Forget choice. You are never locked into finishing a full session before you can leave.
Session Summary At the end of a session you can request a structured clinical summary: Presenting Concern, Impact, Clinical Impression, and Action Plan. You can copy it to your own notes. It is written from your words — not Lilith's.
Rejoin If you close the app mid-session, Lilith will ask on your next login whether you want to continue where you left off or start fresh.

Memory & The Vault Key

Lilith's memory of you builds over time through session notes — short clinical records she writes after each session you choose to remember. These notes are what let her say "we've talked about this before" without you having to re-explain yourself each time.

Your notes are protected by a Vault Key — a passphrase only you know. Before any note is stored on our servers, it is encrypted using your Vault Key. The server holds only ciphertext. An administrator reading the database sees scrambled data with no decryption capability.

When you start a new session, you enter your Vault Key to unlock your history. Lilith decrypts your notes in memory for that session only — the key is never written to disk or retained between requests.

If you lose your Vault Key, your session history cannot be recovered. There is no reset, no backdoor, and no support escalation that can retrieve it. This is intentional — it is the only design that is genuinely private.

You can view the topics Lilith currently remembers at any time via Menu → What Lilith Remembers.

Technical Security

This application was designed and built by a developer specialising in cybersecurity and privacy. The encryption architecture was chosen specifically to ensure that user data cannot be accessed by the server operator under any circumstances — including legal requests, data breaches, or administrative access.

Encryption

AES-256-GCM — the same standard used by financial institutions and government agencies. Each note is encrypted with a unique initialisation vector so no two ciphertexts are alike, even for identical content.

Key Derivation

Your Vault Key is never stored. A key is derived from it at request time using PBKDF2-HMAC-SHA256 with 200,000 iterations and a unique salt — an industry-standard approach that makes brute-force attacks computationally impractical.

Vault Verification

To confirm you've entered the correct Vault Key without storing the key itself, we encrypt a known sentinel value with your key at setup. On unlock, we check whether the decryption succeeds — nothing else is needed.

Session Messages

Conversations in progress are stored only if you choose to Remember them. Forgotten or in-progress sessions are deleted and cannot be reconstructed.

Authentication

Passwords are hashed with bcrypt before storage. Sessions are managed via signed JWTs with a 72-hour expiry — your credentials are never stored in a recoverable form.

Data Deletion

You can permanently delete all your stored data at any time via Menu → Purge All My Data. This deletes every session note and conversation record associated with your account. Your login is retained unless you contact us.

Zero-knowledge design: The server can verify your identity, count your sessions, and store your encrypted notes — but it cannot read them. Even a full database dump exposes no usable session content.

Your Account

Display Name The name Lilith uses when addressing you. Set it in Settings. It does not need to be your real name.
Secret Word Your login password. You can change it in Settings at any time. It is stored as a one-way bcrypt hash — we cannot recover or read your current Secret Word.
Screenshot The camera button in the message bar captures the current screen and saves it directly to your device. Nothing is transmitted to the server.

Paid Membership (Coming Soon)

Free sessions are meaningful, but a longer relationship with Lilith goes deeper. Paid members will unlock:

Extended Sessions More exchanges per session, so a single conversation can follow a thread all the way through rather than stopping at the surface.
Deeper Memory Lilith carries a longer clinical history into each session. Patterns that took months to name don't have to be re-established from scratch.
Action Plans A structured PDF at the end of each session: your key insights, concrete homework, and curated reading matched to what you worked on. Something to carry between sessions.

For early access enquiries: help@textual.games