Privacy Policy — Lights On Me
Last updated: July 6, 2026
1. Who we are
The Lights On Me application (the "App") is operated as a sole proprietorship by:
[YOUR NAME] [YOUR FULL ADDRESS] 1XXX Geneva, Switzerland
Contact email: timo3190@gmail.com
The App is currently in private beta. It provides voice-based guidance for personal wellbeing exploration. Lights On Me is not a medical, psychological, or therapeutic service. It does not replace consultation with a qualified healthcare professional under any circumstances.
2. Data we collect
2.1 Account data
- Email address
- Password (hashed, never stored in plain text)
- Anonymous unique identifier
2.2 Profile data
- Free-text answers to onboarding questions (current situation, goal, main blocker)
- Optional answers from extended profile (what you've already tried, your inner voice style)
- Programme followed and progression day
2.3 Session data
- Text transcriptions of your voice recordings
- Duration of each session, word count
- Whether you listened to your feedback, whether you chose a follow-up question
- Emotional ratings you give to received feedbacks (😞 / 😐 / 😊)
- Your answers to the WHO-5 wellbeing questionnaire (5 questions, World Health Organization), offered at certain steps of your journey: used only as an internal signal to adapt your guidance, never displayed as a score
2.4 Derived data (automatically generated by AI)
- Session summaries
- Weekly summaries (a qualitative look back at your week)
- Dynamic profile (synthesis of your journey, refreshed every 5 sessions)
- Sensitive content detection (keywords signaling distress, to offer support resources)
2.5 Technical data
- Error and crash reports (via Sentry, no personal data attached)
- App language
2.6 Audio recordings
The recordings of your voice sessions (sessions, daily compass, free talk) are transmitted temporarily for transcription, then immediately deleted once the text is obtained: they are never retained.
Two optional features do, however, retain an audio file, because their value lies in hearing your own voice again: the voice letter you record to yourself at the start of a programme (revealed at the end of the programme) and the "savor a moment" clips. These files are stored with our hosting provider (Zurich region), protected by the same access controls as the rest of your data, never transcribed or analyzed, playable only by you, and deleted with your account (savoring clips are additionally deleted at the end of their weekly replay window).
3. Why we use your data
Purpose
Legal basis (GDPR art. 6)
Operate your personalized guidance
Performance of contract
Remember your journey and adapt sessions
Performance of contract
Detect distress situations to offer support resources
Legitimate interest + protection of the person
Prevent abuse (rate limiting)
Legitimate interest
Improve the App via anonymized statistics
Legitimate interest
Contact you when needed (security, major updates)
Legitimate interest
4. Sub-processors and international transfers
We use the following sub-processors to operate the App. All provide adequate GDPR safeguards (Standard Contractual Clauses or European Commission adequacy decision):
Sub-processor
Role
Data location
Safeguards
Supabase Inc.
Database and storage (account, sessions, text transcriptions, retained audio files)
Zurich, Switzerland
Swiss FADP + GDPR
Anthropic PBC
Conversational AI (feedback generation)
United States
EU Standard Contractual Clauses
Deepgram Inc.
Temporary voice transcription
United States
EU Standard Contractual Clauses
Sentry (Functional Software Inc.)
Bug reports (no personal data)
Germany (EU region)
GDPR
Apple Inc.
App Store + TestFlight distribution
United States
EU Standard Contractual Clauses
Google LLC
Google Play distribution
United States
EU Standard Contractual Clauses
No data is sold to third parties for advertising purposes.
5. Data retention
Data type
Duration
Account and session data
As long as your account is active
After account deletion
Immediate and permanent deletion (all account-linked tables are erased automatically at the time of the request)
Anonymized technical reports (Sentry)
30 days maximum
Audio recordings of voice sessions
Never retained (deleted immediately after text transcription)
Retained audio files (start-of-programme voice letter, "savor a moment" clips)
Until your account is deleted; savoring clips are additionally deleted at the end of their weekly replay window
Derived data (session summaries, weekly summaries, dynamic profile)
Linked to your account, same durations
Proof of consent to the Terms and this Privacy Policy
10 years from acceptance, including after account deletion
Crisis detection safety log
Kept without time limit, including after account deletion (category + 200-character excerpt max + language). Legal basis: Article 9(2)(h) and Article 17(3)(e) GDPR (protection of persons, defence of legal claims). The log is technically tamper-proof; deletion is only possible upon judicial decision. You can request to view the entries concerning you by writing to the contact address (right of access, Article 15 GDPR).
Exception to the right to erasure: a record of your acceptance of the Terms of Service and this Privacy Policy is preserved in a separate and tamper-proof log, including after account deletion. This log contains only: email address, internal identifier (UUID), date and time of acceptance, version of the documents accepted, IP address and User-Agent. Legal basis: Article 17(3)(e) GDPR — retention necessary for the defence of legal claims. Duration: 10 years (ordinary statute of limitations under Swiss law, Article 127 of the Code of Obligations). The log is technically tamper-proof and inaccessible to users and employees alike; deletion is only possible upon judicial decision or documented manifest error.
Suspension in case of dispute: if a formal dispute is ongoing (filed complaint, court proceedings or a request from an authority), deletion of the data concerned may be suspended for the duration of the procedure, in accordance with Article 17(3)(e) GDPR.
6. Your rights
Under GDPR and Swiss FADP, you have the following rights at any time:
- Right of access: obtain a copy of all your data
- Right to rectification: correct inaccurate information
- Right to erasure ("right to be forgotten"): delete your account and all your data
- Right to portability: receive your data in a readable format (JSON; your retained audio files are provided via download links)
- Right to object: refuse certain processing based on legitimate interest
- Right to restriction: freeze the processing of your data in certain cases
- Right to withdraw consent at any time
To exercise these rights, write to timo3190@gmail.com from the email address associated with your account. We will respond within a maximum of 30 days.
You may also lodge a complaint with:
- FDPIC (Federal Data Protection and Information Commissioner) in Switzerland: edoeb.admin.ch
- CNIL in France: cnil.fr
- The data protection authority of your country of residence
7. Security
We implement the following measures to protect your data:
- HTTPS/TLS encrypted communication on all requests
- Hashed passwords (never stored in plain text)
- Row Level Security (RLS) on the database: each user can only access their own data
- Regular security audits
- No personal data in bug reports
No system is infallible; we encourage you to use a strong, unique password.
8. Sensitive content detection
For your safety, the App analyzes the text of what you share (transcripts of your voice sessions, text you type) to detect signs of acute distress (suicidal ideation, self-harm, abuse, severe addictions). When detected:
- Instead of an AI feedback, the App displays a support message and verified emergency resources (24/7 professional helplines for your country)
- An anonymized detection event is logged for safety and system improvement (category + 200-character extract max + language, with no identifying data other than your internal user ID)
No external human contact is automatically triggered. You remain the sole decision-maker. In case of imminent danger, contact emergency services immediately (112 in Europe, 911 in North America, 143 La Main Tendue in Switzerland, 988 in the US).
9. Minors
The App is restricted to adults (18 years and older). Age is confirmed at account creation. If you are under 18, do not use the App. If we discover that an account has been created by a minor, we will delete it immediately.
10. Cookies and tracking
The mobile App does not use cookies. It contains no advertising pixels or third-party trackers for marketing purposes.
11. Changes to this policy
This policy may be updated to reflect legal, technical, or functional changes. The last updated date appears at the top of this document. In case of substantial changes, you will be notified within the App at least 14 days before the changes take effect.
12. Governing law and jurisdiction
This policy is governed by Swiss law. For users residing in the European Union, the mandatory provisions of GDPR and national data protection laws apply additionally.
Any dispute will fall under the jurisdiction of the courts of Geneva, Switzerland, subject to mandatory rules of jurisdiction applicable to consumers.
For any question: timo3190@gmail.com