Privacy Notice

Last updated: May 31, 2026

1. Who we are

Samexo Pty Ltd ("we", "us") provides the Samexo Pty Ltd life-operating-system. We are the data controller for personal data you provide when using the Service.

2. Data we collect

• Account data: name, email, login credentials, optional profile details (lifestyle, goal, wake/sleep times).
• Content you create: journal entries, routines, grocery lists, financial goals, family records, learning sessions, wellness logs.
• AI prompts & responses: text you send to the Samexo Pty Ltd assistant and the responses generated.
• Device & usage: IP address (for approximate location and emergency-info localization), browser, device identifiers, basic telemetry.
• Support messages: feedback you submit.

3. How we use it

• Provide and operate the Service (contract performance).
• Personalize insights, routines, and AI responses (legitimate interests).
• Security, fraud prevention, and abuse detection (legitimate interests).
• Customer support and product improvement (legitimate interests).
• Comply with legal obligations (legal obligation).

4. Who we share data with

• Hosting & infrastructure: Supabase (database & authentication), Cloudflare (edge runtime), Lovable (hosting platform).
• AI providers: Google Gemini and OpenAI via the Lovable AI Gateway, for assistant responses and insights.
• Merchant of Record: Paddle.com handles all payments, subscription management, tax compliance, and invoicing on our behalf.
• Geo lookup: ipapi.co for approximate country detection (emergency numbers, currency).
• Authorities: where required by law.

5. International transfers

Data may be processed outside your country. We rely on Standard Contractual Clauses or adequacy decisions where applicable.

6. Retention

We retain account data while your account is active. On deletion, your content is deleted or anonymized within 30 days, except where retention is required by law (e.g. tax records, kept by Paddle as MoR).

7. Your rights

You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to withdraw consent. You may also lodge a complaint with your supervisory authority. Email us to exercise any right; we respond within 30 days.

8. Security

We use industry-standard technical and organizational measures: encryption in transit (HTTPS), row-level security on all user tables, access controls on administrative interfaces.

9. Cookies

We use essential cookies for authentication and session management. We do not use marketing or third-party advertising cookies.

10. Children

Samexo Pty Ltd is not directed to children under 16. We do not knowingly collect data from children.

Terms · Refund Policy