LifelyBack to Home

Privacy Policy

Last updated: 28 December 2025

1. Introduction

Lifely ("we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI Twin service (the "Service").

We are the data controller for the personal data we process. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account
  • Profile Information: Personal details you share during onboarding, including personality traits, interests, and preferences
  • Social Media Data: Information from connected social media accounts (with your explicit consent), including posts, profile information, and engagement patterns
  • Chat Data: Messages and conversations with your AI Twin
  • Reflections: Journal entries and reflections you create within the Service
  • Photos: Profile photos you upload to personalise your AI Twin

2.2 Information Collected Automatically

  • Usage Data: How you interact with our Service, including features used and time spent
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and pages viewed

3. How We Use Your Information

We use your personal data for the following purposes:

  • To provide the Service: Creating and maintaining your AI Twin, generating personalised insights, and enabling conversations (Legal basis: Contract performance)
  • To improve the Service: Analysing usage patterns to enhance features and user experience (Legal basis: Legitimate interests)
  • To communicate with you: Sending service updates, promotional emails (with consent), and responding to enquiries (Legal basis: Contract performance / Consent)
  • To process payments: Managing subscriptions and billing through our payment processor (Legal basis: Contract performance)
  • To ensure security: Protecting against fraud, abuse, and security threats (Legal basis: Legitimate interests)
  • To comply with legal obligations: Meeting our legal and regulatory requirements (Legal basis: Legal obligation)

4. Data Sharing and Third Parties

We may share your data with the following categories of recipients:

  • Service Providers: Third-party companies that help us operate the Service, including:
    • Supabase (database and authentication hosting)
    • Stripe (payment processing)
    • Vercel (website hosting)
    • AI service providers (for generating insights and conversations)
    • Resend (email communications)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal data to third parties. We ensure all service providers are bound by data processing agreements that comply with UK GDPR requirements.

5. International Data Transfers

Some of our service providers are located outside the UK. When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the UK Information Commissioner's Office
  • Adequacy decisions recognising the destination country's data protection standards
  • Other legally approved transfer mechanisms

6. Data Retention

We retain your personal data for as long as necessary to:

  • Provide the Service to you
  • Comply with our legal obligations
  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal purposes.

7. Your Rights

Under UK GDPR, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at privacy@lifely.app. We will respond within one month of receiving your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Secure authentication mechanisms
  • Regular security assessments
  • Access controls and staff training
  • Row Level Security on database tables

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Cookies

We use essential cookies to enable core functionality of the Service. We may also use analytics cookies to understand how users interact with our Service. You can manage cookie preferences through your browser settings.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer
Email: privacy@lifely.app
Address: Lifely, United Kingdom