1. Information We Collect

Information You Provide Directly

• Account Information: Name, email address, and authentication details
• Profile Data: Optional demographic information for personalized experiences
• Wellness Information: Responses to assessment questionnaires and self-reflection tools
• Communication Data: Messages sent through our platform and support interactions
• AI Conversations: Interactions with Sisi the Fox for service improvement
• Payment Information: Billing details processed securely through Stripe
• Feedback: Reviews, testimonials, and user experience feedback

Information We Collect Automatically

• Technical Data: IP address, device type, browser information, and operating system
• Usage Analytics: Pages visited, time spent, and feature interactions (anonymized)
• Performance Data: Error logs and system performance metrics
• Location Data: General geographic location (country/state level only)
• Cookie Data: Preferences and session information (see Cookie Policy)

Sensitive Information

We may process sensitive personal information related to your mental health and wellbeing, but only with your explicit consent and for the sole purpose of providing personalized wellness support. This includes emotional state indicators and stress level assessments.

2. How We Use Your Information

Primary Purposes

• Service Delivery: Provide personalized AI companion experiences and wellness programs
• AI Training: Improve Sisi's responses and emotional intelligence (anonymized data only)
• Personalization: Customize content and recommendations based on your preferences
• Progress Tracking: Monitor your wellness journey and provide meaningful insights
• Community Features: Enable safe sharing and connection with other users
• Payment Processing: Handle transactions for premium services and healing packs

Secondary Purposes

• Customer Support: Respond to inquiries and resolve technical issues
• Service Improvement: Analyze usage patterns to enhance user experience
• Security: Detect and prevent fraud, abuse, and security threats
• Legal Compliance: Meet regulatory requirements and legal obligations
• Marketing: Send relevant updates and offers (with explicit consent)

3. Legal Basis for Processing (GDPR)

4. Information Sharing and Third Parties

Trusted Service Providers

We Never Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share data with trusted partners who help us deliver our services, and they are contractually bound to protect your privacy.

5. International Data Transfers

As an Australian company, we primarily store data within Australia and the Asia-Pacific region. However, some of our service providers may process data in other countries, including:

• United States: For AI processing and analytics (with appropriate safeguards)
• European Union: For European users and GDPR compliance
• Singapore: For Asia-Pacific data processing and backup storage

All international transfers are protected by appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or certification schemes.

6. Your Privacy Rights

Under Australian Privacy Law

• Access: Request a copy of personal information we hold about you
• Correction: Ask us to correct inaccurate or outdated information
• Deletion: Request deletion of your personal information (subject to legal requirements)
• Restriction: Ask us to limit how we process your information
• Portability: Request your data in a machine-readable format
• Objection: Object to certain types of processing
• Complaint: Lodge complaints with the Australian Privacy Commissioner

Additional Rights for EU Residents (GDPR)

• Right to be Forgotten: Request complete erasure of your data
• Consent Withdrawal: Withdraw consent at any time for consent-based processing
• Automated Decision Making: Opt-out of automated profiling
• Data Protection Officer: Contact our DPO for privacy concerns

How to Exercise Your Rights

7. Data Security and Protection

Technical Safeguards

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Authentication: Multi-factor authentication and secure session management
• Access Controls: Role-based access with principle of least privilege
• Network Security: Firewalls, intrusion detection, and DDoS protection
• Regular Audits: Security assessments and vulnerability testing

Organizational Measures

• Staff Training: Regular privacy and security awareness training
• Incident Response: 24/7 monitoring and rapid response procedures
• Data Minimization: Only collect and retain necessary data
• Backup & Recovery: Secure, encrypted backups with disaster recovery plans

8. Data Retention

9. Cookies and Tracking

Essential Cookies

These cookies are necessary for the website to function and cannot be disabled:

• Authentication: Keep you logged in securely
• Session Management: Maintain your preferences during your visit
• Security: Prevent fraud and unauthorized access

Optional Cookies

These cookies enhance your experience and can be disabled:

• Analytics: Understand how you use our service (Google Analytics)
• Personalization: Remember your preferences and settings
• Performance: Optimize loading times and user experience

10. Children's Privacy (COPPA Compliance)

While our service is designed to be safe for users 16 and older, we recognize that some younger users may access our content. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

• Users 13-15: Parental guidance recommended
• Users 16-17: Can use service but parents should be informed
• Users 18+: Full access to all features

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will:

• Email you about significant changes
• Post updates prominently on our website
• Maintain previous versions for your reference
• Allow 30 days for you to review changes before they take effect

12. Contact Information

13. Regulatory Information