Privacy Policy

---

Generation Lotus / Gen Lotus

Privacy Policy

Last updated: 24 September 2025
Applies to: the Generation Lotus mobile/web application and related services (the “App”).

1) Who we are (Data Controller)

Controller: Generation Lotus, trading as Generation Lotus / Gen Lotus
Registered office: Slotplein, 2902HR Capelle aan den Ijssel, Netherlands
Chamber of Commerce (KvK): 000061451479
VAT: 410467789B01
Contact (privacy): Hardik.Gala@generationlotus.com
Data Protection Officer (DPO) or Privacy Lead: No DPO appointed; privacy lead reachable at the address above.

We determine the purposes and means of processing personal data related to your use of the App. Where we use third‑party vendors, they act as processors or sub‑processors under our instructions.

2) What data we process

We collect and process only what is necessary. Categories may include:

A. Account & Identity Data

• Name, email, country/region, age band (to meet age‑of‑consent rules).
• Authentication identifiers (e.g., Firebase UID), password hashes, tokens.

B. Usage & Technical Data

• App interactions, feature use, crash logs, diagnostics, device type/OS, IP address, language, time zone, coarse location (from IP), and similar telemetry.
• Cookies/SDK identifiers (see Cookies & SDKs below).
• Firebase products used:Firestore, Cloud Storage, Crashlytics, and (optionally) Analytics (GA4/Firebase Analytics).

C. Transaction Data (if you buy tokens/subscriptions)

• Purchase history, plan type, renewal/cancellation status, last 4 digits of card (if provided by the payment processor).
• We do not store full card numbers; payments are processed by our payment provider acting as an independent controller or processor.

D. In‑App Content You Choose to Provide (optional features you use)

• Journal/check‑in entries, workbook responses, mood/habit inputs, and metadata you enter.
• Files or media you upload to your private space.

 E. AI Voice Counselor — No Call Recordings

• We do not record or store the audio content of counseling calls.
• Calls are routed through our voice infrastructure vendor VAPI, which provides HIPAA‑compliant handling.
• We do not create transcripts and do not use conversation content for model training.
• We may receive limited call metadata (e.g., call start/stop time, duration, error codes) for reliability, fraud prevention, and support.

F. Chat Assistant (OpenAI API)

• When you use the in‑app chat assistant, your prompts and the assistant’s replies are transmitted to OpenAI’s API as our processor to generate responses.
• Per OpenAI’s platform documentation, API inputs/outputs are not used to train OpenAI models unless a customer opts in. We do not opt in for model training.
• For abuse monitoring and service operations, OpenAI may retain API inputs/outputs for up to ~30 days before deletion, unless a longer period is legally required. For eligible endpoints and enterprise plans, Zero Data Retention (ZDR) may be available; where enabled, OpenAI does not retain request/response content.
• We keep only minimal chat metadata in our systems as needed for feature functionality, support, and safety; you may delete your chat history within the App where available.

3) Why we process your data (Purposes & Legal Bases)

We rely on the lawful bases below, depending on the activity:

• Provide & secure the App. To create and manage your account, authenticate (e.g., Firebase Auth), operate core features, ensure uptime, and prevent fraud/abuse. Legal basis: performance of a contract (GDPR Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f)).
• AI voice counseling (no recordings). To route real‑time voice sessions via VAPI and collect minimal reliability/fraud‑prevention metadata. Legal basis: contract and legitimate interests.
• Journals, workbooks, happiness index. To save your entries and progress and sync across devices. Legal basis: contract. If you choose to include information that could reveal health or other special‑category data, we rely on your explicit consent (Art. 9(2)(a)) for that processing, which you can withdraw at any time in settings.
• Payments. To process token purchases and subscriptions, handle refunds, billing, and required financial record‑keeping. Legal basis: contract and legal obligation.
• Analytics and product improvement. To analyze aggregated usage patterns, diagnostics, and crash reports to improve stability and features. Legal basis: legitimate interests; and consent where required for non‑essential SDKs/cookies (e.g., if we enable Analytics in the future).
• Customer support and safety. To respond to requests, troubleshoot, and investigate abuse/policy violations. Legal basis: legitimate interests and, where applicable, legal obligation.
• Marketing (optional). To send you product news, offers, or surveys via email/push. Legal basis: consent (opt‑in; withdraw any time).

Where we rely on legitimate interests, we balance our interests against your rights and expectations and implement safeguards (pseudonymization, data minimization, opt‑outs).

4) Who processes your data (Processors & Sub‑processors)

We use reputable vendors under written data‑processing terms. Core providers include:

• Google Firebase (Google LLC / Google Ireland Limited): authentication, cloud database/storage, Crashlytics, and Analytics. We configure Firebase to use encryption in transit and at rest and, where available, EU region services.
• VAPI: voice infrastructure for AI counseling. VAPI provides (optional) HIPAA‑compliant safeguards. We instruct VAPI not to retain or use audio content beyond what’s necessary to connect the call; we do not store call recordings.
• OpenAI API: processor for the chat assistant feature. OpenAI acts under our instructions; no model training on our API data (we do not opt in). OpenAI may retain API inputs/outputs for up to ~30 days for abuse detection and operations, then deletes them, subject to legal requirements. On the standard OpenAI API plan, Zero Data Retention (ZDR) is not enabled by default; if our plan changes in the future and ZDR becomes available, we will update this Policy accordingly.
• Stripe, Apple Pay, Google Pay: payment processing and wallet services used to complete transactions within the App (including methods offered via Stripe, such as iDEAL or PayPal). These parties may act as independent controllers for parts of the processing (e.g., their fraud‑prevention and compliance obligations).

We keep an up‑to‑date list of sub‑processors (on request or posted in‑app). We require all processors to implement appropriate technical and organizational measures and not to use your data for their own advertising or model training.

5) International transfers

Our target audience is in the EU, and we aim to store primary user data in EU regions where feasible. If data is transferred outside the EEA/UK, we rely on lawful transfer mechanisms such as Standard Contractual Clauses (SCCs), adequacy decisions, and supplemental safeguards. Some processors (e.g., OpenAI and certain Google services) may process data in the United States; SCCs and additional safeguards apply.

 6) Data retention

We keep data only as long as needed for the purposes described:

• Account data: deleted or anonymized within 30 days after you delete your account or request deletion, subject to legal retention requirements. Our processors may complete deletion from backups/logs on their own schedules (e.g., Google may take up to 180 days following a recovery period of up to 30 days).
• Journal/workbook entries: kept until you delete them or delete your account.
• Chat history (OpenAI): we keep minimal metadata necessary for functionality; OpenAI may retain API request/response content for up to ~30 days for abuse monitoring (ZDR is not enabled on our current plan).
• Call metadata (no recordings): minimal records (timestamps, duration, technical logs) retained for 12 months for security, fraud prevention, and auditing.
• Crash logs (Crashlytics): retained by Firebase Crashlytics for about 90 days before purging from live and backup systems.
• Analytics data: not currently collected (GA4/Firebase Analytics is disabled). If enabled in the future, we will seek consent and set retention to a conservative window (e.g., 2–14 months) consistent with GDPR.
• Billing/tax records: retained for 7 years (statutory).
• System backups/security logs: retained for up to 180 days then purged on rolling schedules.

When data is no longer required, we delete or irreversibly anonymize it.

7) Security (TOMs)

We implement technical and organizational measures including: encryption in transit/at rest, role‑based access controls, least‑privilege principles, audit logging, key management, secure development lifecycle, employee confidentiality undertakings, and vendor due diligence. We regularly review configurations (e.g., Firebase Security Rules) and conduct risk assessments.

Breach response: We investigate incidents promptly and notify the Dutch Supervisory Authority (Autoriteit Persoonsgegevens) and affected users without undue delay and, where GDPR requires, within 72 hours of becoming aware of a personal‑data breach.

8) Cookies, SDKs & similar tech

We use necessary cookies/SDKs for core functionality (e.g., authentication, security, load balancing). We do not currently run non‑essential analytics or marketing SDKs. If we enable Firebase Analytics (GA4) or similar in the future, we will first present a consent banner/in‑app control and only run such SDKs after your consent. You can withdraw consent at any time in settings. See our Cookie/SDK Notice for details (provider names, purposes, retention, links to vendor policies).

9) Your rights (GDPR)

Subject to conditions and exceptions, you have the right to:

• Access your data and obtain a copy;
• Rectify inaccurate or incomplete data;
• Erase data (“right to be forgotten”);
• Restrict processing;
• Port data you provided in a machine‑readable format;
• Object to processing based on legitimate interests and to direct marketing;
• Withdraw consent at any time (does not affect prior lawful processing).

To exercise rights, use in‑app controls or contact us at Hardik.Gala@generationlotus.com. We may ask for information to verify your identity. We respond within one month (extendable by two months for complex requests).

10) Children’s privacy

The App is not intended for individuals under 18 years old. We do not knowingly process personal data of individuals under 18. If you believe someone under 18 has provided data, contact us and we will take appropriate steps to delete it.

11) Do we make automated decisions?

We do not make decisions with legal or similarly significant effects based solely on automated processing. The AI counselor generates conversational responses in real time, without storing call content. You can stop using the feature at any time.

12) Third‑party links & independent controllers

Some parts of the App may link to or embed content from external services operated by third parties (e.g., YouTube/Google for the Video of the Week or Reel of the Day). Their privacy practices are governed by their own policies, and they may act as independent controllers. We do not share your personal data with these services unless necessary to provide the feature you request. We encourage you to review their policies (e.g., Google/YouTube Privacy Policy).

 13) Complaints

If you have concerns, contact us first at Hardik.Gala@generationlotus.com. You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).
Website: https://autoriteitpersoonsgegevens.nl
Tel: +31 (0)70 888 85 00

14) Changes to this policy

We may update this Policy from time to time. Material changes will be communicated in‑app or by email. The “Last updated” date shows the latest version. Your continued use of the App after changes take effect constitutes acceptance of the updated Policy.

15) Contact us

Generation Lotus
Email: Hardik.Gala@generationlotus.com