1. How Your Data Is Stored & Synced
Data kept on-device or in your iCloud account only
- Journal entries, reflections, goals, habits, to-dos
- Attachments (photos, files, links)
- App-usage monitoring tokens (app identifiers & session durations)
- Game scores, preferences, custom settings
Backup & sync
- Lotus uses Apple CloudKit to store data in your private iCloud container
- We never receive or hold a server-side copy
Local export (future)
- You may generate a plaintext/PDF usage report that stays local unless you share it via the iOS share-sheet
2. What We Do NOT Collect
- No server-side copies of your personal content
- No behavioral profiling, advertising, or data resale
- No social-media tracking SDKs
- Any future cloud features will be strictly opt-in
3. Diagnostics & Analytics
Apple-supplied (always on)
- Crash reports & basic install metrics handled by Apple
Optional third-party (future)
- Tools like Firebase Crashlytics or Sentry will be OFF by default
- You will see a clear toggle in Settings → Privacy and must give explicit opt-in consent
- Where data are fully anonymised, we may rely on "legitimate interest" (GDPR Art 6 (1)(f)) to process minimal crash data
4. Screen-Time & App Blocking
- Uses Apple's FamilyControls framework entirely on-device
- Lotus cannot see detailed usage of other apps
- All decisions happen locally; nothing leaves your device
5. Why & Under What Legal Basis We Process Data
- Core functionality & iCloud sync: Contract performance (GDPR Art 6(1)(b)) | CPRA Category: "Service Provider" data
- Optional crash diagnostics: Consent (GDPR Art 6(1)(a)) or Legitimate interest (GDPR Art 6(1)(f)) | CPRA Category: "Analytics"
- Face ID / Touch ID lock: Consent for biometric data (GDPR Art 6(1)(a)) | CPRA Category: "Sensitive"
(Note: Raw biometric data never leaves Apple's Secure Enclave)
6. Data Security & Access
- All data encrypted in transit & at rest by Apple
- Optional Face ID / Touch ID lock protects local data
- Fuyu Labs LLC accesses data only when you explicitly request support
6A. Data-Breach Notifications
In the unlikely event of a security incident that affects the confidentiality, integrity, or availability of personal data, we will notify affected users and—when required—regulators within:
- 72 hours (GDPR)
- 30 days (California CPRA)
7. Third-Party Services
Integrated today:
- Apple FamilyControls, CloudKit, App Store Payments
Not integrated:
- No ad networks, data brokers, or social SDKs
- No marketing analytics
8. Your Privacy Rights & Controls
- View, edit, delete, or export your data at any time
- Disable iCloud sync in iOS Settings → Apple ID → iCloud
- Request complete deletion by emailing synclively@gmail.com
9. Data Retention & Deletion
- Data remain in iCloud until you delete them
- Deleting Lotus removes local data; follow Apple steps to remove iCloud backups
- We hold zero copies after deletion
10. Children's Privacy & Age Gate
Lotus is intended for users 13 years or older. On first launch, a neutral age gate is presented ("I am 13 or older / I am under 13"). If "under 13" is selected, the app locks and no data are collected.
For teens 13–16 in jurisdictions requiring parental consent for any "sharing" of personal data, Lotus collects no data that are "sold or shared" under CPRA or GDPR; therefore no additional consent is required. Optional analytics (if introduced) will require a parent/guardian approval through Family Sharing.
11. International Data Transfers
Your iCloud data may reside in Apple data centres worldwide under Apple's transfer mechanisms (SCCs, BCRs, or adequacy decisions).
12. Potential Future Analytics or Support Tools
Any future crash-reporting or support tools will be:
- Explained in-app, disabled by default, and opt-in
- Used only to improve stability & support
- Never for advertising or resale
13. Changes to This Policy
We'll notify you of significant changes via in-app notice or email. Continued use after the effective date equals acceptance.
14. Contact Us
Fuyu Labs LLC
Email: synclively@gmail.com
We aim to respond within 90 days, though complex matters may take longer.
15. International Users & GDPR / UK / CA / AU Rights
EU / EEA / UK residents – rights of access, rectification, erasure, restriction, portability, and objection.
Canada & Australia – analogous statutory rights.
Send requests to synclively@gmail.com; we aim to respond within 90 days, though complex matters may take longer.
EU GDPR Art 27 Representative (when applicable)
If required for official EU launch: synclively@gmail.com
16. CPRA 'Do Not Sell or Share' Link
Lotus does not sell or share personal data as defined by the California Consumer Privacy Act. If this ever changes, a "Do Not Sell or Share My Personal Information" link will appear in-app Settings.