Privacy Policy

Last updated: April 2, 2026

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Laveer. We believe in being straightforward about what we do with your information.

"We," "us," and "our" refer to Unlimited Wisdom Limited, a company incorporated in the Isle of Man under company number 021982V. "Laveer" or "the Service" refers to the Laveer application and related services.

We handle your data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), as applied to the Isle of Man under the Isle of Man Data Protection Act 2018, and other applicable data protection laws.

1. Data Controller

The data controller for your personal data is:

Unlimited Wisdom Limited
Company Number: 021982V
Isle of Man
Email: support@laveer.ai

2. What Data We Collect

2.1 Data You Give Us

Account information: Your email address, password (stored encrypted), or Apple ID authentication token.
Voice recordings: Audio from your voice sessions. These are processed in real time by our AI to generate insights. We don't store raw audio after processing, unless you opt in to session playback.
Text inputs: Questionnaire answers, journal entries, chat messages, and anything else you type into the app.
Questionnaire responses: Your answers to onboarding and in-app assessments (based on frameworks like SRIS, Locus of Control, and Actively Open-Minded Thinking).
Goals and preferences: Topics and goals you choose or mention during sessions.

2.2 Data the Service Creates

Your cognitive profile: Scores, patterns, insights, and metrics generated from your interactions — including the Clarity Score, reflection metrics, and reasoning patterns. These are AI-generated, not clinical or diagnostic.
Session summaries: AI-written summaries of your voice sessions, including themes, values, and patterns identified.
Usage history: Which sessions you've completed, practices you've done, and features you've used.

2.3 Data Collected Automatically

Device information: Device type, OS version, device identifiers, and app version.
Usage analytics: How you interact with the app — session frequency, feature usage, screen views, engagement.
Crash and performance data: Technical logs that help us find and fix bugs.
IP address: Used for approximate location (country/region) and security. We don't use it to track you.

2.4 Data from Third Parties

Apple: If you subscribe through Apple In-App Purchase, Apple sends us a transaction receipt and your subscription status. We never see your payment card details or full Apple ID.
Payment processors (Stripe, Adyen, PayPal): If you subscribe through our website, the payment processor sends us a transaction confirmation, subscription status, and billing country. We don't store your full card number — that's held by the payment processor.

3. How We Use Your Data

Here's what we use your data for and the legal basis under GDPR:

What we do	Why it's lawful (GDPR Art. 6)
Run the Service — AI sessions, insights, your cognitive profile	Contract (Art. 6(1)(b))
Manage your account and subscription	Contract (Art. 6(1)(b))
Process payments and refunds	Contract (Art. 6(1)(b))
Send you service messages (subscription confirmations, terms changes)	Contract (Art. 6(1)(b))
Improve and develop Laveer	Legitimate interest (Art. 6(1)(f))
Analyse usage trends in aggregate	Legitimate interest (Art. 6(1)(f))
Keep the Service secure and prevent abuse	Legitimate interest (Art. 6(1)(f))
Meet legal obligations (tax, regulatory)	Legal obligation (Art. 6(1)(c))
Send marketing messages (only if you opt in)	Consent (Art. 6(1)(a))

3.1 How AI Processing Works

Your voice and text inputs are processed by AI models to create personalised insights, session responses, and cognitive profile data. This is core to how Laveer works and is covered under "performance of contract."

The AI analyses what you say and how you reason — your thinking style, values, and patterns. It does not make automated decisions that have legal or similarly significant effects on you. Everything it produces is an informational tool for self-reflection, not a binding decision.

3.2 Aggregated Data

We may create aggregated, de-identified datasets from user interactions for research, product improvement, and statistical analysis. This data can't identify you and isn't personal data under GDPR.

4. Who We Share Data With

We don't sell your personal data. We only share it with the following service providers, each bound by a data processing agreement under GDPR Article 28:

Provider	What they do	What data they see	Where
Google Cloud (Firebase)	Infrastructure, storage, authentication	Account data, usage data, cognitive profiles	EU
Anthropic (Claude)	AI processing for sessions and insights	Session content (voice transcripts, text)	US*
ElevenLabs	Voice synthesis for session responses	Session context for voice generation	EU
Amplitude	Product analytics	Usage events, pseudonymised device IDs	US*
Apple	App Store payments, subscription management	Transaction receipts, subscription status	US*
Third-party payment processors	Website payment processing (when applicable)	Payment details, transaction data, billing address	US/EU*

*For US transfers, see Section 7 below. **Processor location depends on provider and your region. These providers maintain EU data processing capabilities.

We may also share data with legal/accounting advisors and with law enforcement when required by law.

5. How Long We Keep Your Data

We keep your data only as long as we need it:

Account data: As long as your account is active. Deleted within 30 days of account deletion, unless we're legally required to keep it.
Session content and cognitive profile: As long as your account is active (this is what makes Laveer's continuity work). Deleted within 30 days of account deletion.
Payment records: Up to 7 years, as required by tax and accounting law.
Usage analytics: Up to 24 months, in pseudonymised form.
Crash logs: Up to 12 months.

When you delete your account, we start deleting your data within 30 days. Encrypted backups may take up to 90 days to fully purge.

6. Your Rights

Under GDPR, you have the right to:

Access your data (Art. 15) — request a copy of what we hold about you.
Correct inaccurate data (Art. 16).
Delete your data (Art. 17) — you can do this directly in the app via "Delete Account," which removes your data and cancels your subscription.
Restrict processing in certain circumstances (Art. 18).
Port your data — receive it in a structured, machine-readable format (Art. 20).
Object to processing based on legitimate interest (Art. 21). If you object, we'll stop unless we have compelling grounds to continue.
Withdraw consent at any time, without affecting prior processing.
Lodge a complaint with a supervisory authority. For Isle of Man residents, that's the Isle of Man Information Commissioner (inforights.im). For EEA residents, it's your local Data Protection Authority.

To exercise any of these rights, email support@laveer.ai. We'll respond as fast as we can, within 30 days.

7. International Data Transfers

Your data is primarily stored in the EU (Google Cloud / Firebase EU region).

When we transfer data to processors outside the EEA — including Anthropic, Amplitude, and Apple in the US — we make sure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission;
The EU-U.S. Data Privacy Framework, where the recipient is certified; or
Other transfer mechanisms recognised under GDPR Chapter V.

You can request a copy of the relevant safeguards by emailing support@laveer.ai.

8. Security

We take reasonable technical and organisational measures to protect your data, including:

Encryption in transit (TLS) and at rest;
Access controls on a need-to-know basis;
Regular security reviews;
Secure authentication (password hashing, OAuth);
Incident response procedures.

No system is perfectly secure, and we can't guarantee absolute security — but we take it seriously.

9. Children's Privacy

Laveer is available to users aged 16 or older. We do not knowingly collect personal data from anyone under 16.

If you're a parent or guardian and believe your child under 16 has provided data to us, please contact support@laveer.ai and we'll delete it promptly.

10. Tracking and Cookies

The Laveer mobile app doesn't use browser cookies. Here's what we do use:

Device identifiers: Used by Amplitude for usage analytics. These are pseudonymised and not linked to your real identity outside the app.
Firebase Analytics: May use device-level identifiers for crash reporting and performance monitoring.
Apple ATT: We comply with Apple's App Tracking Transparency framework. If you decline tracking, we won't access your IDFA for advertising.

If we introduce web-based features in the future, we'll update this section with any cookie usage.

11. Do Not Track / Global Privacy Control

We honour Global Privacy Control (GPC) signals where required by law. If we detect a GPC signal, we treat it as a valid opt-out of any sale or sharing of personal data (to the extent applicable under laws like CCPA).

12. California Privacy Rights (CCPA/CPRA)

If you're a California resident, you have additional rights:

Right to know what personal data we collect and why.
Right to delete your personal data.
Right to opt out of sale — we don't sell your data.
Right to non-discrimination for exercising your rights.

To exercise these rights, email support@laveer.ai.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we'll update the "Last updated" date and notify you through the app or by email at least 30 days before the changes take effect.

Continued use of Laveer after the changes take effect means you accept the updated policy.

14. Contact Us

Questions about your privacy or want to exercise your rights? Get in touch:

Unlimited Wisdom Limited
Email: support@laveer.ai
Company Number: 021982V (Isle of Man)

For data protection requests specifically, email support@laveer.ai with the subject line "Data Protection Request."