LightHeart legal

Privacy Policy

This page explains what information LightHeart processes, why it is used, how deletion works, and how to contact the owner about privacy requests.

Last updated: May 6, 2026

LightHeart is a mobile-first emotional wellbeing app built around reflective conversation, journaling, stories, voice capture, and memory continuity across time. This Privacy Policy explains how personal information is processed when you use LightHeart, related web interfaces, and connected features.

The data controller for LightHeart is Ferruccio Nati. This policy is written for an international audience and should be read together with the Terms of Service.

1. Scope and role of LightHeart

LightHeart acts as controller for personal data processed to provide account access, chat, journaling, stories, voice features, memory continuity, customer support, and subscription management.

Some processing operations are carried out by infrastructure and service partners acting as processors or independent controllers, depending on the specific service and legal relationship.

2. Information you provide directly

Depending on how you use LightHeart, you may provide:

  • account information such as your name, email address, password, and sign-in details connected to Google, Apple, or email/password account creation;
  • optional profile information such as a profile image and appearance preferences;
  • onboarding answers, including the topics you want help reflecting on, optional age range or identity selections, theme choices, and the first journal-style message you submit;
  • chat messages, journal entries, written stories, edits you make to transcriptions, and support or account-deletion requests you send to LightHeart;
  • voice recordings or audio uploads you choose to submit for story capture or transcription;
  • subscription and purchase-related information needed to confirm whether your trial or paid access is active.

3. Information created, derived, or stored in the service

LightHeart also creates or stores information such as:

  • AI-generated replies, transcriptions, summaries, and prompts;
  • memory items, reflection summaries, timeline summaries, value snapshots, and other continuity features built from your stories or conversations;
  • inferred themes, emotions, patterns, value signals, or similar reflective insights derived from what you choose to share;
  • conversation-thread metadata, story status, timestamps, local date and timezone context, and records needed to keep your history coherent over time;
  • local device storage used to keep onboarding progress, pending onboarding exchanges, and visual preferences available across app sessions;
  • notification permission state and related preference or registration status where you enable reminders or push messaging.

4. How voice, chat, journaling, stories, and memory are used

If you type in chat, write stories, or journal inside LightHeart, that content may be stored so the app can show your history back to you, maintain continuity, and generate future reflective features.

If you record or upload audio, LightHeart may store the audio file, create a transcription, let you edit that transcription, and then use the resulting text to build related story, reflection, and memory features.

LightHeart is designed to remember what matters over time. That means some of your messages or stories may be turned into memory entries, summaries, or retrieval context so later interactions do not always start from zero.

5. Purposes of processing

LightHeart uses information to:

  • create and secure your account and keep you signed in;
  • provide reflective conversation, stories, journaling, transcription, memory, and timeline features;
  • personalize the app experience, including continuity across time, themes, and notification flows;
  • operate the 3-day free trial and manage access to paid features after the trial ends;
  • troubleshoot service issues, protect the app, prevent abuse, and improve reliability;
  • respond to support, privacy, correction, or deletion requests;
  • comply with legal obligations and enforce our terms.

6. Legal bases (EEA, UK, and Switzerland)

Where GDPR or equivalent laws apply, LightHeart relies on:

  • Performance of a contract to provide the service you request, including authentication, chat continuity, memory retrieval, and subscription access;
  • Consent where required, including microphone access and optional notifications, and any optional feature where consent is the applicable legal basis;
  • Legitimate interests in maintaining reliability, abuse prevention, security, service improvement, and support, where those interests are not overridden by your rights;
  • Legal obligations where processing is necessary to comply with applicable law, lawful requests, tax/accounting rules, or dispute handling.

7. Sharing and third-party processing

LightHeart does not publish your private reflections and does not sell personal information. Information is shared only as needed with service categories such as:

  • cloud hosting, databases, authentication, and delivery partners used to operate account and product features (for example, Convex and similar providers);
  • AI and memory infrastructure providers used to generate transcriptions, summaries, and continuity retrieval context (for example, OpenAI and Pinecone integrations);
  • purchase and subscription infrastructure providers, including app stores and entitlement infrastructure used to validate paid access (for example, Apple, Google, and RevenueCat);
  • notification and communications providers used for service and account messaging (for example, OneSignal and email providers);
  • professional advisors, regulators, or authorities where required to comply with law, protect rights, investigate abuse, or address disputes;
  • a successor entity if LightHeart is involved in a merger, sale, financing, or transfer of all or part of the service, subject to appropriate confidentiality handling.

8. International data transfers

Because LightHeart may be used globally, personal data may be transferred to and processed in countries outside your own jurisdiction. Where required by law, transfers from the EEA, UK, or Switzerland are made using recognized safeguards, such as Standard Contractual Clauses, and supplementary measures where appropriate.

9. Subscription, trial, and payment-related data

LightHeart offers a 3-day free trial. After the trial ends, payment is required to continue premium access.

LightHeart does not publish a fixed price in this policy because pricing can vary by country, currency, taxes, storefront, and purchase context. After the trial, you are charged according to the price shown to you in the applicable purchase flow or store.

LightHeart may receive subscription status, entitlement state, product identifiers, trial state, renewal information, and limited transaction-related metadata needed to unlock access, restore purchases, or support billing questions. LightHeart does not need to store your full card number.

If you purchase through Apple's App Store, Apple may process transaction and account data as an independent controller under Apple's own terms and privacy notices. See Apple Privacy Policy, Apple Media Services Terms, and Apple Standard EULA.

10. Data retention

LightHeart keeps information for as long as it is reasonably needed to operate your account, provide continuity features, support the service, resolve disputes, or comply with legal obligations.

Local device caches, such as onboarding progress or theme preferences, may remain on your device until you clear them, reinstall the app, or overwrite them. Purchase and legal-compliance records may be kept longer than reflective content where required.

After deletion requests are completed in active systems, limited copies may remain in encrypted backups for a restricted retention cycle before automatic overwrite. LightHeart may also retain limited records where required for legal claims, fraud prevention, tax, or accounting compliance.

11. Account deletion and what gets removed

LightHeart currently allows account deletion from the profile area of the app. When you delete your account, LightHeart is designed to remove the main active-service records associated with that account, including:

  • account records and active authentication sessions;
  • chat threads and chat messages;
  • stories, reflections, summaries, and memory-profile records;
  • stored voice-story audio assets and related transcriptions;
  • memory items, related versions, retrieval logs, and associated memory-index cleanup tasks;
  • saved app preferences stored on the server side.

App-store purchase ledgers and certain processor-side records may remain subject to those providers' legal and operational retention duties.

12. Your rights and request handling

Depending on your location, you may have rights to access, correct, delete, restrict processing, object to processing, withdraw consent, and request portability of personal data.

To exercise rights, contact the privacy email listed below with enough information for account verification. LightHeart may request additional information reasonably necessary to confirm identity before completing high-risk requests. We respond within the timeframes required by applicable law.

You can also manage permissions such as microphone access and push notifications through your device settings. If you disable certain permissions, some LightHeart features may not work as intended.

13. California and similar regional rights

Where applicable law provides additional rights (for example, certain U.S. state privacy laws), LightHeart supports rights requests and does not deny service solely for exercising legally protected privacy rights, subject to lawful exceptions.

14. Children and minimum age

LightHeart is not directed to children under 13. If you are under the age of digital consent in your jurisdiction, you may use LightHeart only with valid parent or legal guardian authorization where required by law.

If LightHeart learns that personal data was collected from a child in violation of applicable law, we will take reasonable steps to delete that data and restrict related processing.

15. Security and wellbeing notice

LightHeart uses reasonable safeguards intended to protect your information, but no system can promise absolute security.

LightHeart is not a medical, psychiatric, psychological, therapy, or crisis service and does not replace professional care. If you may be in danger or need urgent help, do not rely on LightHeart as your emergency resource.

16. Changes to this Privacy Policy

LightHeart may update this Privacy Policy from time to time. If that happens, the updated version will be posted here with a revised effective date and, where appropriate, additional notice inside the app or by email.

17. Contact

For privacy requests or questions about this policy, contact:

Ferruccio Nati

Email: nivoaiapp@gmail.com

Address: Italy