Privacy Policy

OTIUM CREATIONS (PTY) LTD

Effective Date: 03 December 2025

1. INTRODUCTION

1.1 Our Commitment to Privacy

Otium Creations (Pty) Ltd ("Otium," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Atlas and our related services (collectively, the "Services").

1.2 Scope of This Policy

This Privacy Policy applies to all information collected through:

• Our website (https://otiumcreations.com)
• Our web application
• Communications between you and us
• Any other services we provide

1.3 Data Controller

Otium Creations (Pty) Ltd, registered in South Africa (registration number 2025/557746/07), is the data controller responsible for your personal information.

1.4 Agreement to Policy

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree, please do not use our Services.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information

• Email address
• Password (encrypted)
• Display name or username
• Age verification
• Billing information (processed by FastSpring) - We do not store your full payment card details; these are handled securely by FastSpring

Profile Information

• Personal preferences
• Wellness goals
• Timezone and language preferences

Content and Inputs

• Conversations with Atlas
• Mood check-ins
• Voice recordings (when using voice features)
• Ritual configurations
• Feedback and ratings

Communications

• Support requests
• Email correspondence
• Survey responses
• Feedback submissions

2.2 Information Collected Automatically

Usage Information

• Features accessed
• Session duration and frequency
• Interaction patterns
• Performance metrics
• Error logs and diagnostics

Device Information

• Device type and model
• Operating system and version
• App version
• Screen resolution
• Unique device identifiers

Location Information

• IP address
• Time zone
• General geographic location (country/region)

Analytics Data

• Page views and navigation paths
• Feature engagement metrics
• Conversion events
• Performance data

2.3 Information from Third-Party Services

Payment Information (via FastSpring)

• Transaction history
• Subscription status
• Payment method type (not full details)

3. HOW WE USE YOUR INFORMATION

3.1 Providing and Improving Services

• Deliver core Atlas functionality
• Personalize your experience
• Generate insights and patterns
• Maintain conversation context (tier-dependent)
• Process voice interactions
• Create mood visualizations

3.2 Account Management

• Create and manage your account
• Process payments and subscriptions
• Provide customer support
• Send service-related communications

3.3 Service Development

• Improve AI responses and accuracy
• Develop new features
• Fix bugs and technical issues
• Analyze usage patterns
• Conduct research and analytics

3.4 Safety and Security

• Detect and prevent fraud
• Monitor for abuse or violations
• Ensure platform safety
• Comply with legal obligations
• Enforce our Terms of Service

3.5 Communications

• Send transactional emails
• Provide product updates (with consent)
• Respond to inquiries
• Send marketing communications (with consent)

3.6 Legal Compliance

• Comply with applicable laws
• Respond to legal requests
• Protect our rights and property
• Prevent illegal activities

4. HOW WE SHARE YOUR INFORMATION

4.1 We Do Not Sell Your Personal Information

We never sell, rent, or trade your personal information to third parties for their marketing purposes. We also do not use your personal data for targeted advertising.

4.2 Service Providers

We share information with trusted service providers who assist us in operating our Services:

Essential Service Providers

• Anthropic: AI model processing (Claude)
• OpenAI: AI model processing (voice features)
• FastSpring: Payment processing (https://fastspring.com/privacy/)
• Supabase: Infrastructure and data storage
• Fly.io: Infrastructure hosting
• MailerLite: Email communications
• Google Analytics: Usage analytics
• Meta Pixel: Analytics and marketing
• Google Search Console: Website performance monitoring

These providers are contractually obligated to protect your information and use it only for providing services to us.

4.3 Legal Requirements

We may disclose information when required by law or in response to:

• Court orders or subpoenas
• Government requests
• Law enforcement investigations
• To protect rights, property, or safety

4.4 Aggregated and De-identified Data

We may share aggregated or de-identified data that cannot reasonably identify you for research, marketing, or other purposes.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. DATA RETENTION

5.1 Retention Periods

We retain your information for as long as necessary to provide Services and fulfill the purposes described in this Policy:

Active Accounts

• Account data: Duration of account plus 30 days
• Conversation history: Based on subscription tier
• Usage analytics: 24 months
• Error logs: 90 days

After Account Deletion

• Free tier: 30 days
• Core tier: 90 days
• Studio tier: 180 days
• Legal compliance data: As required by law

5.2 Deletion Requests

You may request deletion of your personal information. We will comply except where retention is necessary for:

• Legal obligations
• Fraud prevention
• Resolving disputes
• Enforcing agreements

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL)
• Encryption at rest for sensitive data
• Access controls and authentication
• Regular security audits
• Incident response procedures
• Employee training and confidentiality agreements

6.2 Sensitive Data Protection

Enhanced protections for sensitive data include:

• Additional encryption layers
• Restricted access controls
• Audit logging
• Segregated storage
• Regular security assessments

6.3 No Absolute Security

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and limiting access to your devices.

6.4 Breach Notification

If a data breach occurs that may compromise your personal information, we will notify affected users as required by applicable law.

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability

You have the right to:

• Access your personal information
• Receive a copy of your data
• Export your data in a portable format

7.2 Correction and Update

You may update or correct your information through:

• Account settings
• Contacting support
• In-app profile management

7.3 Deletion

You can request deletion of your account and personal information, subject to legal retention requirements.

7.4 Opt-Out Rights

You may opt out of:

• Marketing communications
• Analytics tracking
• Third-party integrations
• Certain data processing activities

7.5 Restriction and Objection

You may request that we:

• Restrict processing of your data
• Object to certain uses
• Limit data sharing

7.6 Consent Withdrawal

Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

7.7 Regional Rights

European Union (GDPR)

EU residents have additional rights including:

• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing
• Right to restrict processing
• Right to lodge a complaint with supervisory authorities

California (CCPA/CPRA)

California residents have rights including:

• Right to know what information is collected
• Right to delete personal information
• Right to opt-out of sale (we don't sell data)
• Right to non-discrimination

South Africa (POPIA)

South African residents have rights under the Protection of Personal Information Act, including:

• Right to access and correct information
• Right to object to processing
• Right to lodge complaints with the Information Regulator

8. INTERNATIONAL DATA TRANSFERS

8.1 Cross-Border Transfers

Your information may be transferred to and processed in countries other than your country of residence, including:

• South Africa (primary processing)
• United States (service providers)
• European Union (infrastructure)

8.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers through:

• Standard contractual clauses
• Data processing agreements
• Adequacy decisions where applicable
• Technical and organizational measures

Nothing in this Policy affects your mandatory rights under applicable consumer protection or data protection laws.

8.3 Your Consent

By using our Services, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction.

9. CHILDREN'S PRIVACY

9.1 Age Requirements

Our Services are not intended for users under 18. We do not knowingly collect information from users under 18. If you are under 18, please do not use our Services. Parents who believe we have collected such data should contact us immediately.

9.2 Parental Controls

Parents or guardians who believe we have collected information from their child should contact us immediately for removal.

10. THIRD-PARTY SERVICES AND LINKS

10.1 Third-Party Privacy Practices

This Policy does not apply to third-party services. We encourage you to review the privacy policies of:

• Payment processors (FastSpring: https://fastspring.com/privacy/)
• Analytics providers
• Any linked websites

10.2 No Liability

We are not responsible for the privacy practices of third parties. Your interactions with third-party services are governed by their privacy policies.

11. AI-SPECIFIC PRIVACY CONSIDERATIONS

11.1 AI Processing

Your conversations and inputs are processed using AI models from trusted providers including Anthropic, OpenAI, and others we may integrate in the future. This processing involves:

• Text analysis and generation
• Pattern recognition
• Sentiment analysis
• Personalization algorithms

11.2 Model Training

We do not use your personal conversations to train base AI models. Your data may be used to:

• Improve our specific service configurations
• Enhance personalization
• Develop aggregate insights

11.3 AI Limitations

Our AI systems:

• May retain context within sessions
• Do not have perfect memory across all interactions
• Cannot access external information about you
• Process data according to tier-specific retention

12. DATA PROTECTION OFFICER

12.1 Contact for Privacy Matters

For privacy-related questions or to exercise your rights, contact:

Email: support@otiumcreations.com
Address: Sandton, Gauteng, 2169, South Africa

12.2 Response Timeline

We aim to respond to privacy requests within:

• General inquiries: 5 business days
• Rights requests: 30 days (or as required by law)
• Urgent matters: 48 hours

13. COOKIES AND TRACKING TECHNOLOGIES

13.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our Services. We use cookies and similar tracking technologies such as pixels, beacons, and local storage.

13.2 Types of Cookies We Use

Essential Cookies (Always Active)

• Purpose: Required for core functionality
• Examples: Login and authentication, Security features, Session management, Account preferences
• Cannot be disabled as they are necessary for the Services to function

Analytics Cookies (Optional - You Control)

• Purpose: Understand how you use our Services to improve performance
• Technologies used: Google Analytics, Google Search Console
• Data collected: Pages visited, Click patterns, Device information, Geographic location (country/region level)
• Retention: Up to 24 months
• Opt-out: Can be disabled through cookie settings

Marketing Cookies (Optional - You Control)

• Purpose: Measure advertising effectiveness
• Technologies used: Meta Pixel
• Data collected: Ad interactions, Campaign effectiveness
• Retention: Up to 12 months
• Opt-out: Can be disabled through cookie settings
• Note: We do NOT use these for personalized ad targeting on our platform

13.3 How We Use Cookies

We use cookies to:

• Keep you logged in securely
• Remember your preferences and settings
• Analyze how our Services are used
• Improve performance and user experience
• Measure marketing campaign effectiveness
• Detect and prevent fraud
• Ensure security

13.4 Third-Party Cookies

Some cookies are placed by third-party services:

Google Analytics

• Provider: Google LLC
• Purpose: Website and app analytics
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: https://tools.google.com/dlpage/gaoptout

Meta Pixel

• Provider: Meta Platforms, Inc.
• Purpose: Advertising analytics
• Privacy Policy: https://www.facebook.com/privacy/policy/
• Opt-out: https://www.facebook.com/settings?tab=ads

Google Search Console

• Provider: Google LLC
• Purpose: Search performance monitoring
• Privacy Policy: https://policies.google.com/privacy

13.5 Managing Your Cookie Preferences

You can control cookies through:

Our Cookie Settings

• Access via our website footer: "Cookie Preferences"
• Toggle analytics and marketing cookies on/off
• Changes take effect immediately
• Essential cookies cannot be disabled

Browser Settings

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Settings > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Privacy > Cookies

Note: Disabling essential cookies may prevent you from using certain features.

13.6 Cookie Lifespan

Our cookies have the following lifespans:

• Session cookies: Deleted when you close your browser
• Persistent cookies:
  • Essential: Up to 12 months
  • Analytics: Up to 24 months
  • Marketing: Up to 12 months

13.7 Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. We respect DNT signals for non-essential cookies. When DNT is enabled:

• Analytics cookies are not set
• Marketing cookies are not set
• Essential cookies remain active (required for functionality)

13.8 Updates to Cookie Practices

We may update our use of cookies. Material changes will be communicated through:

• Email notification
• Website banner
• Updated effective date in this Policy

13.9 Cookie Consent

For EU/EEA Users: We obtain explicit consent before placing non-essential cookies. You can withdraw consent at any time through cookie settings.

For Other Jurisdictions: By continuing to use our Services, you consent to our use of cookies as described. You may opt out at any time.

13.10 More Information

For questions about our cookie practices, contact: support@otiumcreations.com

For detailed information, see our Cookie Policy at: https://otiumcreations.com/cookie

14. MARKETING AND COMMUNICATIONS

14.1 Marketing Preferences

You can manage marketing preferences through:

• Account settings
• Unsubscribe links in emails
• Contacting support

14.2 Transactional Communications

We may send non-marketing communications about:

• Account security
• Service updates
• Legal notices
• Payment confirmations

These essential communications cannot be opted out of while maintaining an account.

15. SPECIAL PROVISIONS FOR SPECIFIC FEATURES

15.1 Voice Features

When using voice features:

• Voice data is processed in real-time
• Recordings may be temporarily stored
• You can request deletion of voice data
• Processing involves third-party speech services

16. CHANGES TO THIS PRIVACY POLICY

16.1 Updates

We may update this Privacy Policy to reflect changes in:

• Our practices
• Legal requirements
• Service features
• Industry standards

16.2 Notification

We will notify you of material changes through:

• Email notification
• In-app announcements
• Website notices

16.3 Effective Date

Changes become effective 30 days after notification unless otherwise specified. Continued use after changes constitutes acceptance.

17. CONTACT INFORMATION

Otium Creations (Pty) Ltd

Address: Sandton, Gauteng, 2169, South Africa
Privacy Inquiries: support@otiumcreations.com
Website: https://otiumcreations.com

By using our Services, you acknowledge that you have read and understood this Privacy Policy.