Lights On Me

Privacy Policy — Lights On Me

Last updated: July 6, 2026

1. Who we are

The Lights On Me application (the "App") is operated as a sole proprietorship by:

[YOUR NAME] [YOUR FULL ADDRESS] 1XXX Geneva, Switzerland

Contact email: timo3190@gmail.com

The App is currently in private beta. It provides voice-based guidance for personal wellbeing exploration. Lights On Me is not a medical, psychological, or therapeutic service. It does not replace consultation with a qualified healthcare professional under any circumstances.

2. Data we collect

2.1 Account data

2.2 Profile data

2.3 Session data

2.4 Derived data (automatically generated by AI)

2.5 Technical data

2.6 Audio recordings

The recordings of your voice sessions (sessions, daily compass, free talk) are transmitted temporarily for transcription, then immediately deleted once the text is obtained: they are never retained.

Two optional features do, however, retain an audio file, because their value lies in hearing your own voice again: the voice letter you record to yourself at the start of a programme (revealed at the end of the programme) and the "savor a moment" clips. These files are stored with our hosting provider (Zurich region), protected by the same access controls as the rest of your data, never transcribed or analyzed, playable only by you, and deleted with your account (savoring clips are additionally deleted at the end of their weekly replay window).

3. Why we use your data

Purpose

Legal basis (GDPR art. 6)

Operate your personalized guidance

Performance of contract

Remember your journey and adapt sessions

Performance of contract

Detect distress situations to offer support resources

Legitimate interest + protection of the person

Prevent abuse (rate limiting)

Legitimate interest

Improve the App via anonymized statistics

Legitimate interest

Contact you when needed (security, major updates)

Legitimate interest

4. Sub-processors and international transfers

We use the following sub-processors to operate the App. All provide adequate GDPR safeguards (Standard Contractual Clauses or European Commission adequacy decision):

Sub-processor

Role

Data location

Safeguards

Supabase Inc.

Database and storage (account, sessions, text transcriptions, retained audio files)

Zurich, Switzerland

Swiss FADP + GDPR

Anthropic PBC

Conversational AI (feedback generation)

United States

EU Standard Contractual Clauses

Deepgram Inc.

Temporary voice transcription

United States

EU Standard Contractual Clauses

Sentry (Functional Software Inc.)

Bug reports (no personal data)

Germany (EU region)

GDPR

Apple Inc.

App Store + TestFlight distribution

United States

EU Standard Contractual Clauses

Google LLC

Google Play distribution

United States

EU Standard Contractual Clauses

No data is sold to third parties for advertising purposes.

5. Data retention

Data type

Duration

Account and session data

As long as your account is active

After account deletion

Immediate and permanent deletion (all account-linked tables are erased automatically at the time of the request)

Anonymized technical reports (Sentry)

30 days maximum

Audio recordings of voice sessions

Never retained (deleted immediately after text transcription)

Retained audio files (start-of-programme voice letter, "savor a moment" clips)

Until your account is deleted; savoring clips are additionally deleted at the end of their weekly replay window

Derived data (session summaries, weekly summaries, dynamic profile)

Linked to your account, same durations

Proof of consent to the Terms and this Privacy Policy

10 years from acceptance, including after account deletion

Crisis detection safety log

Kept without time limit, including after account deletion (category + 200-character excerpt max + language). Legal basis: Article 9(2)(h) and Article 17(3)(e) GDPR (protection of persons, defence of legal claims). The log is technically tamper-proof; deletion is only possible upon judicial decision. You can request to view the entries concerning you by writing to the contact address (right of access, Article 15 GDPR).

Exception to the right to erasure: a record of your acceptance of the Terms of Service and this Privacy Policy is preserved in a separate and tamper-proof log, including after account deletion. This log contains only: email address, internal identifier (UUID), date and time of acceptance, version of the documents accepted, IP address and User-Agent. Legal basis: Article 17(3)(e) GDPR — retention necessary for the defence of legal claims. Duration: 10 years (ordinary statute of limitations under Swiss law, Article 127 of the Code of Obligations). The log is technically tamper-proof and inaccessible to users and employees alike; deletion is only possible upon judicial decision or documented manifest error.

Suspension in case of dispute: if a formal dispute is ongoing (filed complaint, court proceedings or a request from an authority), deletion of the data concerned may be suspended for the duration of the procedure, in accordance with Article 17(3)(e) GDPR.

6. Your rights

Under GDPR and Swiss FADP, you have the following rights at any time:

To exercise these rights, write to timo3190@gmail.com from the email address associated with your account. We will respond within a maximum of 30 days.

You may also lodge a complaint with:

7. Security

We implement the following measures to protect your data:

No system is infallible; we encourage you to use a strong, unique password.

8. Sensitive content detection

For your safety, the App analyzes the text of what you share (transcripts of your voice sessions, text you type) to detect signs of acute distress (suicidal ideation, self-harm, abuse, severe addictions). When detected:

No external human contact is automatically triggered. You remain the sole decision-maker. In case of imminent danger, contact emergency services immediately (112 in Europe, 911 in North America, 143 La Main Tendue in Switzerland, 988 in the US).

9. Minors

The App is restricted to adults (18 years and older). Age is confirmed at account creation. If you are under 18, do not use the App. If we discover that an account has been created by a minor, we will delete it immediately.

10. Cookies and tracking

The mobile App does not use cookies. It contains no advertising pixels or third-party trackers for marketing purposes.

11. Changes to this policy

This policy may be updated to reflect legal, technical, or functional changes. The last updated date appears at the top of this document. In case of substantial changes, you will be notified within the App at least 14 days before the changes take effect.

12. Governing law and jurisdiction

This policy is governed by Swiss law. For users residing in the European Union, the mandatory provisions of GDPR and national data protection laws apply additionally.

Any dispute will fall under the jurisdiction of the courts of Geneva, Switzerland, subject to mandatory rules of jurisdiction applicable to consumers.

For any question: timo3190@gmail.com