Privacy Policy

OTIUM CREATIONS (PTY) LTD

Effective Date: 01 November 2025

1. INTRODUCTION

1.1 Our Commitment to Privacy

Otium Creations (Pty) Ltd ("Otium," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Atlas and our related services (collectively, the "Services").

1.2 Scope of This Policy

This Privacy Policy applies to all information collected through:

Our website (https://otiumcreations.com)
Our mobile applications (iOS and Android)
Our web application
Communications between you and us
Any other services we provide

1.3 Data Controller

Otium Creations (Pty) Ltd, registered in South Africa (registration number 2025/557746/07), is the data controller responsible for your personal information.

1.4 Agreement to Policy

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not use our Services.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information

Email address
Password (encrypted)
Display name or username
Age verification
Billing information (processed by FastSpring) - We do not store your full payment card details; these are handled securely by FastSpring

Profile Information

Personal preferences
Wellness goals
Timezone and language preferences

Content and Inputs

Conversations with Atlas
Mood check-ins
Voice recordings (when using voice features)
Ritual configurations
Feedback and ratings

Communications

Support requests
Email correspondence
Survey responses
Feedback submissions

2.2 Information Collected Automatically

Usage Information

Features accessed
Session duration and frequency
Interaction patterns
Performance metrics
Error logs and diagnostics

Device Information

Device type and model
Operating system and version
App version
Screen resolution
Unique device identifiers

Location Information

IP address
Time zone
General geographic location (country/region)

Analytics Data

Page views and navigation paths
Feature engagement metrics
Conversion events
Performance data

2.3 Information from Third-Party Services

Payment Information (via FastSpring)

Transaction history
Subscription status
Payment method type (not full details)

3. HOW WE USE YOUR INFORMATION

3.1 Providing and Improving Services

Deliver core Atlas functionality
Personalize your experience
Generate insights and patterns
Maintain conversation context (tier-dependent)
Process voice interactions
Create mood visualizations

3.2 Account Management

Create and manage your account
Process payments and subscriptions
Provide customer support
Send service-related communications

3.3 Service Development

Improve AI responses and accuracy
Develop new features
Fix bugs and technical issues
Analyze usage patterns
Conduct research and analytics

3.4 Safety and Security

Detect and prevent fraud
Monitor for abuse or violations
Ensure platform safety
Comply with legal obligations
Enforce our Terms of Service

3.5 Communications

Send transactional emails
Provide product updates (with consent)
Respond to inquiries
Send marketing communications (with consent)

3.6 Legal Compliance

Comply with applicable laws
Respond to legal requests
Protect our rights and property
Prevent illegal activities

4. HOW WE SHARE YOUR INFORMATION

4.1 We Do Not Sell Your Personal Information

We never sell, rent, or trade your personal information to third parties for their marketing purposes. We also do not use your personal data for targeted advertising.

4.2 Service Providers

We share information with trusted service providers who assist us in operating our Services:

Essential Service Providers

Anthropic: AI model processing (Claude)
OpenAI: AI model processing (voice features)
FastSpring: Payment processing (https://fastspring.com/privacy/)
Supabase: Infrastructure and data storage
Fly.io: Infrastructure hosting
MailerLite: Email communications
Google Analytics: Usage analytics
Meta Pixel: Analytics and marketing
Google Search Console: Website performance monitoring

These providers are contractually obligated to protect your information and use it only for providing services to us.

4.3 Legal Requirements

We may disclose information when required by law or in response to:

Court orders or subpoenas
Government requests
Law enforcement investigations
To protect rights, property, or safety

4.4 Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot reasonably identify you for research, marketing, or other purposes.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. DATA RETENTION

5.1 Retention Periods

We retain your information for as long as necessary to provide Services and fulfill the purposes described in this Policy:

Active Accounts

Account data: Duration of account plus 30 days
Conversation history: Based on subscription tier
Usage analytics: 24 months
Error logs: 90 days

After Account Deletion

Free tier: 30 days
Core tier: 90 days
Studio tier: 180 days
Legal compliance data: As required by law

5.2 Deletion Requests

You may request deletion of your personal information. We will comply except where retention is necessary for:

Legal obligations
Fraud prevention
Resolving disputes
Enforcing agreements

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security measures including:

Encryption in transit (TLS/SSL)
Encryption at rest for sensitive data
Access controls and authentication
Regular security audits
Incident response procedures
Employee training and confidentiality agreements

6.2 Sensitive Data Protection

Enhanced protections for sensitive data include:

Additional encryption layers
Restricted access controls
Audit logging
Segregated storage
Regular security assessments

6.3 No Absolute Security

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and limiting access to your devices.

6.4 Breach Notification

If a data breach occurs that may compromise your personal information, we will notify affected users as required by applicable law.

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability

You have the right to:

Access your personal information
Receive a copy of your data
Export your data in a portable format

7.2 Correction and Update

You may update or correct your information through:

Account settings
Contacting support
In-app profile management

7.3 Deletion

You can request deletion of your account and personal information, subject to legal retention requirements.

7.4 Opt-Out Rights

You may opt out of:

Marketing communications
Analytics tracking
Third-party integrations
Certain data processing activities

7.5 Restriction and Objection

You may request that we:

Restrict processing of your data
Object to certain uses
Limit data sharing

7.6 Consent Withdrawal

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

7.7 Regional Rights

European Union (GDPR)

EU residents have additional rights including:

Right to erasure ("right to be forgotten")
Right to data portability
Right to object to processing
Right to restrict processing
Right to lodge a complaint with supervisory authorities

California (CCPA/CPRA)

California residents have rights including:

Right to know what information is collected
Right to delete personal information
Right to opt-out of sale (we don't sell data)
Right to non-discrimination

South Africa (POPIA)

South African residents have rights under the Protection of Personal Information Act, including:

Right to access and correct information
Right to object to processing
Right to lodge complaints with the Information Regulator

8. INTERNATIONAL DATA TRANSFERS

8.1 Cross-Border Transfers

Your information may be transferred to and processed in countries other than your country of residence, including:

South Africa (primary processing)
United States (service providers)
European Union (infrastructure)

8.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers through:

Standard contractual clauses
Data processing agreements
Adequacy decisions where applicable
Technical and organizational measures

Nothing in this Policy affects your mandatory rights under applicable consumer protection or data protection laws.

8.3 Your Consent

By using our Services, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction.

9. CHILDREN'S PRIVACY

9.1 Age Requirements

Our Services are not intended for users under 18. We do not knowingly collect information from users under 18. If you are under 18, please do not use our Services. Parents who believe we have collected such data should contact us immediately.

9.2 Parental Controls

Parents or guardians who believe we have collected information from their child should contact us immediately for removal.

10. THIRD-PARTY SERVICES AND LINKS

10.1 Third-Party Privacy Practices

This Policy does not apply to third-party services. We encourage you to review the privacy policies of:

Payment processors (FastSpring: https://fastspring.com/privacy/)
Analytics providers
Any linked websites

10.2 No Liability

We are not responsible for the privacy practices of third parties. Your interactions with third-party services are governed by their privacy policies.

11. AI-SPECIFIC PRIVACY CONSIDERATIONS

11.1 AI Processing

Your conversations and inputs are processed using AI models from trusted providers including Anthropic, OpenAI, and others we may integrate in the future. This processing involves:

Text analysis and generation
Pattern recognition
Sentiment analysis
Personalization algorithms

11.2 Model Training

We do not use your personal conversations to train base AI models. Your data may be used to:

Improve our specific service configurations
Enhance personalization
Develop aggregate insights

11.3 AI Limitations

Our AI systems:

May retain context within sessions
Do not have perfect memory across all interactions
Cannot access external information about you
Process data according to tier-specific retention

12. DATA PROTECTION OFFICER

12.1 Contact for Privacy Matters

For privacy-related questions or to exercise your rights, contact:

Email: support@otiumcreations.com
Address: Sandton, Gauteng, 2169, South Africa

12.2 Response Timeline

We aim to respond to privacy requests within:

General inquiries: 5 business days
Rights requests: 30 days (or as required by law)
Urgent matters: 48 hours

13. COOKIES AND TRACKING TECHNOLOGIES

13.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our Services. We use cookies and similar tracking technologies such as pixels, beacons, and local storage.

13.2 Types of Cookies We Use

Essential Cookies (Always Active)

Purpose: Required for core functionality
Examples: Login and authentication, Security features, Session management, Account preferences
Cannot be disabled as they are necessary for the Services to function

Analytics Cookies (Optional - You Control)

Purpose: Understand how you use our Services to improve performance
Technologies used: Google Analytics, Google Search Console
Data collected: Pages visited, Click patterns, Device information, Geographic location (country/region level)
Retention: Up to 24 months
Opt-out: Can be disabled through cookie settings

Marketing Cookies (Optional - You Control)

Purpose: Measure advertising effectiveness
Technologies used: Meta Pixel
Data collected: Ad interactions, Campaign effectiveness
Retention: Up to 12 months
Opt-out: Can be disabled through cookie settings
Note: We do NOT use these for personalized ad targeting on our platform

13.3 How We Use Cookies

We use cookies to:

Keep you logged in securely
Remember your preferences and settings
Analyze how our Services are used
Improve performance and user experience
Measure marketing campaign effectiveness
Detect and prevent fraud
Ensure security

13.4 Third-Party Cookies

Some cookies are placed by third-party services:

Google Analytics

Provider: Google LLC
Purpose: Website and app analytics
Privacy Policy: https://policies.google.com/privacy
Opt-out: https://tools.google.com/dlpage/gaoptout

Meta Pixel

Provider: Meta Platforms, Inc.
Purpose: Advertising analytics
Privacy Policy: https://www.facebook.com/privacy/policy/
Opt-out: https://www.facebook.com/settings?tab=ads

Google Search Console

Provider: Google LLC
Purpose: Search performance monitoring
Privacy Policy: https://policies.google.com/privacy

13.5 Managing Your Cookie Preferences

You can control cookies through:

Our Cookie Settings

Access via our website footer: "Cookie Preferences"
Toggle analytics and marketing cookies on/off
Changes take effect immediately
Essential cookies cannot be disabled

Browser Settings

Chrome: Settings > Privacy and Security > Cookies
Firefox: Settings > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Edge: Settings > Privacy > Cookies

Note: Disabling essential cookies may prevent you from using certain features.

Mobile App Settings

iOS: Settings > Privacy > Tracking
Android: Settings > Google > Ads

13.6 Cookie Lifespan

Our cookies have the following lifespans:

Session cookies: Deleted when you close your browser
Persistent cookies:
- Essential: Up to 12 months
- Analytics: Up to 24 months
- Marketing: Up to 12 months

13.7 Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. We respect DNT signals for non-essential cookies. When DNT is enabled:

Analytics cookies are not set
Marketing cookies are not set
Essential cookies remain active (required for functionality)

13.8 Updates to Cookie Practices

We may update our use of cookies. Material changes will be communicated through:

Email notification
Website banner
Updated effective date in this Policy

13.9 Cookie Consent

For EU/EEA Users: We obtain explicit consent before placing non-essential cookies. You can withdraw consent at any time through cookie settings.

For Other Jurisdictions: By continuing to use our Services, you consent to our use of cookies as described. You may opt out at any time.

13.10 More Information

For questions about our cookie practices, contact: support@otiumcreations.com

For detailed information, see our Cookie Policy at: https://otiumcreations.com/cookie

14. MARKETING AND COMMUNICATIONS

14.1 Marketing Preferences

You can manage marketing preferences through:

Account settings
Unsubscribe links in emails
Contacting support

14.2 Transactional Communications

We may send non-marketing communications about:

Account security
Service updates
Legal notices
Payment confirmations

These essential communications cannot be opted out of while maintaining an account.

15. SPECIAL PROVISIONS FOR SPECIFIC FEATURES

15.1 Voice Features

When using voice features:

Voice data is processed in real-time
Recordings may be temporarily stored
You can request deletion of voice data
Processing involves third-party speech services

16. CHANGES TO THIS PRIVACY POLICY

16.1 Updates

We may update this Privacy Policy to reflect changes in:

Our practices
Legal requirements
Service features
Industry standards

16.2 Notification

We will notify you of material changes through:

Email notification
In-app announcements
Website notices

16.3 Effective Date

Changes become effective 30 days after notification unless otherwise specified. Continued use after changes constitutes acceptance.

17. CONTACT INFORMATION

Otium Creations (Pty) Ltd

Address: Sandton, Gauteng, 2169, South Africa
Privacy Inquiries: support@otiumcreations.com
Website: https://otiumcreations.com

By using our Services, you acknowledge that you have read and understood this Privacy Policy.