Coco.

The problem

Demand for mental-health support is staggering and mostly unmet: over 1.1 billion people live with a mental disorder[5], and in the US alone, of 61.5M adults with a mental-health condition, nearly half received no treatment. Apps rushed into that gap — and then became the problem. Mozilla's review labelled mental-health apps the worst product category it has ever tested for privacy, with most top apps failing its bar[4]; the FTC fined BetterHelp for sharing mental-health data with advertisers; and a wave of AI "therapy" chatbots began drawing wrongful-death lawsuits and regulatory bans.

Coco was built for the world afterthat reckoning — where "just trust our cloud" and "our chatbot is basically a therapist" are no longer viable, legally or ethically.

Market & opportunity

The mental-health apps market is projected to roughly double from ~$7.5B in 2024 to ~$17.5B by 2030 (14.6% CAGR)[1]. But the more important 2026 story is the regulatory vise closing on AI-as-therapist: Nevada and then Illinois passed laws in 2025 prohibiting AI from independently providing therapy (Illinois' WOPR Act, fines to $10,000)[6]; the FTC opened a formal inquiry into AI companion chatbots in September 2025[7]; the APA issued a health advisory warning that generative-AI wellness chatbots lack validation and safety protocols[8]; and a Character.AI teen-suicide case reached a landmark settlement in early 2026[9].

The most instructive data point is a tombstone: Woebot — the most clinically rigorous, FDA-engaged consumer therapy chatbot — shut down its app in mid-2025 after ~$124M raised, because there is no regulatory pathway for an LLM that acts as a therapist[2]. Meanwhile the apps that thriveare wellness-positioned (Calm, Headspace) or privacy-credible (Wysa was one of only two apps to pass Mozilla's bar)[3][4]. Coco sits deliberately in that surviving quadrant.

Who it's for

People who want daily, low-stakes emotional support — a place to journal, breathe, track mood, and talk something through at 2am — but who are (rightly) unwilling to trust a cloud with their darkest entries. The wedge is the privacy- and safety-conscious user the category's scandals created.

Constraints

• It must never position as therapy.That's now a legal third rail. Coco is explicitly a wellness companion: no diagnosis, no treatment claims, no clinician impersonation.
• Sensitive data cannot sit in a breachable cloud. Mood, journal, and chat are the most exfiltration-damaging data a person can give an app. Default storage is on-device.
• Crisis cannot wait on a network round-trip. If a user signals self-harm, the SOS path has to fire instantly, even offline.
• The AI must refuse harm and resist jailbreaks— method questions, "ignore previous instructions," roleplay-as-clinician — without breaking character or leaking its prompt.

Architecture & what I built

Local-first by default

Mood logs, daily check-ins, journal entries (including voice journaling transcribed via Groq Whisper), and chat history all live in AsyncStorage on-device. Nothing syncs to a backend unless the user explicitly exports. A single "Erase all my data" action clears every key. Firebase is used for auth only — its ID token authenticates the Groq proxy; no user content is stored there.

The guardrail stack (the actual product)

The AI companion runs on Groq (Llama 3.3 70B) behind a Vercel Edge Function, wrapped in layers that are the real engineering:

• A constraining system prompt — warm, reflective, plain language; explicitly not a therapist; refuses diagnosis, medication advice, self-harm and eating-disorder methods; never claims to remember past sessions.
• Two-tier crisis detection — a server-side regex bank plus a smaller client-side bank so the SOS banner appears before the server even responds. Crisis replies acknowledge, validate, steer toward a human or hotline, and avoid probing method/intent questions; minors are nudged to a trusted adult too.
• A hard-refusal layer— harmful-intent and prompt-injection patterns (method-of-harm questions, "developer mode," jailbreak attempts) return a safe standard reply plus SOS resources, while staying in character.
• Cost & abuse controls — history trimmed to the last 16 turns, each message clamped to 4 KB, soft per-identity rate limiting, and provider errors never leaked to the client.

The supporting toolkit

Around the companion: a 5-point mood tracker with trends, daily gratitude/feeling check-ins with streaks, free-form and voice journaling, Reanimated-4 breathing visualisations, a 5-4-3-2-1 grounding guide, sleep and meditation audio, a curated SOS/hotline directory (988, Crisis Text Line, Childline, Befrienders), a therapist/places directory, and peer-support community circles that run posts through a moderation endpoint before publishing.

Trade-offs

• Local-first over cloud sync.No effortless cross-device history or server-side analytics — but no breach surface for the most sensitive data a user owns. For this category, that's the right side of the trade.
• Refusal over helpfulness at the edges.The hard-refusal layer will sometimes decline a borderline-but-benign request. In mental-health AI, a false "no" is vastly cheaper than a false "here's how."
• Wellness positioning over clinical claims.Coco gives up the credibility (and reimbursement) of a clinical product to stay off the regulatory third rail that just killed Woebot's consumer app.

Goals & what's next

Outcome

Coco is live on the App Store and Play Store, shipping a wellness companion whose design choices read like a direct response to the 2025–2026 headlines: data on-device, AI that refuses to be a therapist, crisis detection that fires before the network does. In a category where the growth-at-all-costs model is now a liability, Coco bets that trust is the product — and builds the architecture to back the claim.