Privacy Policy - OTIUM Emotional Wellness

1. INTRODUCTION

1.1 Our Commitment to Privacy
Otium Creations (Pty) Ltd ("Otium," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Atlas and our related services (collectively, the "Services").

1.2 Scope of This Policy
This Privacy Policy applies to all information collected through:

Our website (https://otiumcreations.com)
Our mobile applications (iOS and Android)
Our web application
Communications between you and us
Any other services we provide

1.3 Data Controller
Otium Creations (Pty) Ltd, registered in South Africa (registration number 2025/557746/07), is the data controller responsible for your personal information.

1.4 Agreement to Policy
By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not use our Services.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information

Email address
Password (encrypted)
Display name or username
Age verification
Billing information (processed by Paddle) - We do not store your full payment card details; these are handled securely by Paddle

Profile Information

Personal preferences
Wellness goals
Timezone and language preferences

Content and Inputs

Conversations with Atlas
Journal entries
Mood check-ins
Voice recordings (when using voice features)
Ritual configurations
Feedback and ratings

Communications

Support requests
Email correspondence
Survey responses
Feedback submissions

2.2 Information Collected Automatically

Usage Information

Features accessed
Session duration and frequency
Interaction patterns
Performance metrics
Error logs and diagnostics

Device Information

Device type and model
Operating system and version
App version
Screen resolution
Unique device identifiers

Location Information

IP address
Time zone
General geographic location (country/region)

Analytics Data

Page views and navigation paths
Feature engagement metrics
Conversion events
Performance data

2.3 Information from Third-Party Services

Health and Wellness Data (with your permission)

Apple Health data
Google Fit data
Wearable device metrics
Sleep and activity patterns

Payment Information (via Paddle)

Transaction history
Subscription status
Payment method type (not full details)

Social Media (if you connect accounts)

Basic profile information
Authentication tokens

2.4 Sensitive Information
We may process sensitive data including:

Mental health and emotional state indicators
Health and wellness information
Biometric data (with explicit consent)

This sensitive data is processed only with your explicit consent and receives enhanced protection as described in Section 6.

3. HOW WE USE YOUR INFORMATION

3.1 Providing and Improving Services

Deliver core Atlas functionality
Personalize your experience
Generate insights and patterns
Maintain conversation context (tier-dependent)
Process voice interactions
Create mood visualizations

3.2 Account Management

Create and manage your account
Process payments and subscriptions
Provide customer support
Send service-related communications

3.3 Service Development

Improve AI responses and accuracy
Develop new features
Fix bugs and technical issues
Analyze usage patterns
Conduct research and analytics

3.4 Safety and Security

Detect and prevent fraud
Monitor for abuse or violations
Ensure platform safety
Comply with legal obligations
Enforce our Terms of Service

3.5 Communications

Send transactional emails
Provide product updates (with consent)
Respond to inquiries
Send marketing communications (with consent)

3.6 Legal Compliance

Comply with applicable laws
Respond to legal requests
Protect our rights and property
Prevent illegal activities

4. HOW WE SHARE YOUR INFORMATION

4.1 We Do Not Sell Your Personal Information
We never sell, rent, or trade your personal information to third parties for their marketing purposes. We also do not use your personal data for targeted advertising.

4.2 Service Providers
We share information with trusted service providers who assist us in operating our Services:

Essential Service Providers

Anthropic: AI model processing
Paddle: Payment processing
Supabase: Infrastructure and data storage
MailerLite: Email communications
Google Analytics: Usage analytics

These providers are contractually obligated to protect your information and use it only for providing services to us.

4.3 Legal Requirements
We may disclose information when required by law or in response to:

Court orders or subpoenas
Government requests
Law enforcement investigations
To protect rights, property, or safety

4.4 Aggregated and De-identified Data
We may share aggregated or de-identified data that cannot reasonably identify you for research, marketing, or other purposes.

4.5 With Your Consent
We may share your information for other purposes with your explicit consent.

5. DATA RETENTION

5.1 Retention Periods
We retain your information for as long as necessary to provide Services and fulfill the purposes described in this Policy:

Active Accounts

Account data: Duration of account plus 30 days
Conversation history: Based on subscription tier
Usage analytics: 24 months
Error logs: 90 days

After Account Deletion

Free tier: 30 days
Core tier: 90 days
Studio tier: 180 days
Legal compliance data: As required by law

5.2 SafeSpace Mode
When SafeSpace Mode is activated:

Session data is not stored beyond the session
No long-term retention occurs
Local-only storage options available (Core/Studio)

5.3 Deletion Requests
You may request deletion of your personal information. We will comply except where retention is necessary for:

Legal obligations
Fraud prevention
Resolving disputes
Enforcing agreements

6. DATA SECURITY

6.1 Security Measures
We implement industry-standard security measures including:

Encryption in transit (TLS/SSL)
Encryption at rest for sensitive data
Access controls and authentication
Regular security audits
Incident response procedures
Employee training and confidentiality agreements

6.2 Sensitive Data Protection
Enhanced protections for sensitive data include:

Additional encryption layers
Restricted access controls
Audit logging
Segregated storage
Regular security assessments

6.3 No Absolute Security
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and limiting access to your devices.

6.4 Breach Notification
If a data breach occurs that may compromise your personal information, we will notify affected users as required by applicable law.

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability
You have the right to:

Access your personal information
Receive a copy of your data
Export your data in a portable format

7.2 Correction and Update
You may update or correct your information through:

Account settings
Contacting support
In-app profile management

7.3 Deletion
You can request deletion of your account and personal information, subject to legal retention requirements.

7.4 Opt-Out Rights
You may opt out of:

Marketing communications
Analytics tracking
Third-party integrations
Certain data processing activities

7.5 Restriction and Objection
You may request that we:

Restrict processing of your data
Object to certain uses
Limit data sharing

7.6 Consent Withdrawal
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

7.7 Regional Rights

European Union (GDPR)
EU residents have additional rights including:

Right to erasure ("right to be forgotten")
Right to data portability
Right to object to processing
Right to restrict processing
Right to lodge a complaint with supervisory authorities

California (CCPA/CPRA)
California residents have rights including:

Right to know what information is collected
Right to delete personal information
Right to opt-out of sale (we don't sell data)
Right to non-discrimination

South Africa (POPIA)
South African residents have rights under the Protection of Personal Information Act, including:

Right to access and correct information
Right to object to processing
Right to lodge complaints with the Information Regulator

8. INTERNATIONAL DATA TRANSFERS

8.1 Cross-Border Transfers
Your information may be transferred to and processed in countries other than your country of residence, including:

South Africa (primary processing)
United States (service providers)
European Union (infrastructure)

8.2 Transfer Safeguards
We ensure appropriate safeguards for international transfers through:

Standard contractual clauses
Data processing agreements
Adequacy decisions where applicable
Technical and organizational measures

Nothing in this Policy affects your mandatory rights under applicable consumer protection or data protection laws.

8.3 Your Consent
By using our Services, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction.

9. CHILDREN'S PRIVACY

9.1 Age Requirements
Our Services are not intended for users under 18. We do not knowingly collect information from users under 18. If you are under 18, please do not use our Services. Parents who believe we have collected such data should contact us immediately.

9.2 Parental Controls
Parents or guardians who believe we have collected information from their child should contact us immediately for removal.

10. THIRD-PARTY SERVICES AND LINKS

10.1 Third-Party Privacy Practices
This Policy does not apply to third-party services. We encourage you to review the privacy policies of:

Payment processors (Paddle)
Health integrations (Apple Health, Google Fit)
Analytics providers
Any linked websites

10.2 No Liability
We are not responsible for the privacy practices of third parties. Your interactions with third-party services are governed by their privacy policies.

11. AI-SPECIFIC PRIVACY CONSIDERATIONS

11.1 AI Processing
Your conversations and inputs are processed using AI models from trusted providers including Anthropic, Groq, and others we may integrate in the future. This processing involves:

Text analysis and generation
Pattern recognition
Sentiment analysis
Personalization algorithms

11.2 Model Training
We do not use your personal conversations to train base AI models. Your data may be used to:

Improve our specific service configurations
Enhance personalization
Develop aggregate insights

11.3 AI Limitations
Our AI systems:

May retain context within sessions
Do not have perfect memory across all interactions
Cannot access external information about you
Process data according to tier-specific retention

12. DATA PROTECTION OFFICER

12.1 Contact for Privacy Matters
For privacy-related questions or to exercise your rights, contact:

Email: support@otiumcreations.com
Address: Sandton, Gauteng, 2068, South Africa

12.2 Response Timeline
We aim to respond to privacy requests within:

General inquiries: 5 business days
Rights requests: 30 days (or as required by law)
Urgent matters: 48 hours

13. COOKIES AND TRACKING TECHNOLOGIES

13.1 Technologies We Use

Essential Cookies: Required for Service functionality
Analytics Cookies: Usage patterns and improvements
Preference Cookies: Remember your settings
Performance Cookies: Monitor Service performance

13.2 Managing Cookies
You can control cookies through:

Browser settings
Our cookie preferences center
Device settings for mobile apps

13.3 Do Not Track
We currently do not respond to Do Not Track signals, but you may opt out of analytics tracking in settings.

14. MARKETING AND COMMUNICATIONS

14.1 Marketing Preferences
You can manage marketing preferences through:

Account settings
Unsubscribe links in emails
Contacting support

14.2 Transactional Communications
We may send non-marketing communications about:

Account security
Service updates
Legal notices
Payment confirmations

These essential communications cannot be opted out of while maintaining an account.

15. SPECIAL PROVISIONS FOR SPECIFIC FEATURES

15.1 Voice Features
When using voice features:

Voice data is processed in real-time
Recordings may be temporarily stored
You can request deletion of voice data
Processing involves third-party speech services

15.2 Biometric Data
If you enable biometric features:

Data is processed with explicit consent
Enhanced security measures apply
You may revoke consent at any time
Storage follows tier-specific retention

15.3 Health Integrations
When connecting health services:

Data sharing requires explicit permission
You control what data is shared
Disconnection immediately stops data flow
Historical data handling follows retention policy

16. CHANGES TO THIS PRIVACY POLICY

16.1 Updates
We may update this Privacy Policy to reflect changes in:

Our practices
Legal requirements
Service features
Industry standards

16.2 Notification
We will notify you of material changes through:

Email notification
In-app announcements
Website notices

16.3 Effective Date
Changes become effective 30 days after notification unless otherwise specified. Continued use after changes constitutes acceptance.

17. CONTACT INFORMATION

Otium Creations (Pty) Ltd

Address: Sandton, Gauteng, 2068, South Africa
Privacy Inquiries: support@otiumcreations.com
Website: https://otiumcreations.com

By using our Services, you acknowledge that you have read and understood this Privacy Policy.