Privacy Policy
Last updated: May 17, 2026
Data Controller: AUCUSTOM, Nederhorst 54, 7608 JX Almelo, Netherlands
Email: info@virtual-lotus.com
KvK: 95187111
BTW: NL005135718B81
For the purposes of the General Data Protection Regulation (GDPR), AUCUSTOM is the Data Controller. For all data protection matters, you can contact our Privacy Lead at info@virtual-lotus.com.
1. Introduction
This Privacy Policy explains how AUCUSTOM ("we", "us") collects, uses, and protects your personal data when you use VirtualLotus (the "Service"). By using the Service, you accept the practices described below.
2. What VirtualLotus Is
VirtualLotus is an AI companion platform. Users can have conversations with AI-powered characters for emotional support and companionship.
VirtualLotus is NOT a medical service, therapy, counseling, or crisis intervention tool. If you are in crisis, contact emergency services (112 in the EU) or a local crisis helpline (see Section 14).
3. What Data We Collect
3.1 Account Data
Email address — used for authentication via secure magic link. We do not use or store passwords.
3.2 Usage Data
IP address — used for rate limiting and abuse prevention. Not linked to your identity.
Browser language — used to display the interface in your preferred language.
Message counts — used for daily and lifetime usage limits.
3.3 Chat Data (Free Users)
Chat messages — processed in real time by our AI providers to generate responses. Messages are held temporarily in server memory during your session and are automatically deleted after the session ends. Free users do not have chat history stored in our database.
3.4 Chat History (Premium Users Only)
If you have an active Premium subscription, we store:
- Content of messages you send
- Content of AI responses
- Metadata: character ID, timestamp, session ID, user ID
Purpose: To provide persistent chat history and continuity between sessions — a core Premium feature.
Legal basis: Art. 6(1)(b) GDPR — performance of a contract (Premium subscription).
You may delete your chat history at any time using the "Clear history" function in the app, or by deleting your account.
3.5 Payment Data
Subscription plan and status — stored to provide access to paid features.
Stripe Customer ID and Subscription ID — stored to manage your subscription.
Credit card details are never stored by us. All payments are processed by Stripe. See Stripe's Privacy Policy.
3.6 Generated Images
Image prompts and generated images — stored to track usage limits. Images are generated by OpenAI's GPT Image API. You may request deletion at any time.
3.7 Profile Data
Premium status and plan information — stored to provide the correct features.
4. Data Storage Location
All user data — including Premium chat history — is stored on Supabase servers located in EU West (Ireland). Primary storage does not leave the European Economic Area (EEA), except where data is transferred to AI providers as described in Section 5.
Supabase encrypts all data at rest using AES-256.
5. Sub-processors
| Service | Purpose | Location |
|---|---|---|
| Supabase | Authentication, database, chat history | EU (AWS Ireland) |
| Stripe | Payment processing | USA |
| Anthropic | AI chat (Claude) | USA |
| OpenAI | Image generation | USA |
| Vercel | Website hosting | USA |
| Cloudflare | DNS, security | USA |
| Zoho | Business email | EU / India |
International transfers: Some sub-processors are located in the USA. All transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent safeguards.
6. Why We Process Data (Legal Basis)
Contract performance (Art. 6(1)(b)) — account, chat processing, Premium chat history, image generation.
Legitimate interest (Art. 6(1)(f)) — rate limiting, abuse prevention, security.
Consent (Art. 6(1)(a)) — for optional cookies or analytics (if used).
7. Data Retention
7.1 Free Users
Chat messages: temporary only, deleted after the session ends.
7.2 Premium Users
Chat history is stored as long as your Premium subscription is active.
After cancellation: retained for 30 days (grace period — if you re-subscribe, your history remains available).
After 30 days: automatically and permanently deleted.
You may manually delete chat history at any time via the "Clear history" function.
7.3 Account Deletion
Deleting your account immediately deletes: chat history, messages, sessions, generated images, profile data.
7.4 Payment Records
Retained for 7 years (Dutch tax law).
8. Your Rights (GDPR)
You have the right to: access your data (Art. 15), rectify inaccurate data (Art. 16), erase your data (Art. 17) — including the in-app "Clear history" button and full deletion upon account removal, restrict processing (Art. 18), data portability (Art. 20), object to processing based on legitimate interest (Art. 21), and withdraw consent (Art. 7) at any time.
To exercise your rights, email: info@virtual-lotus.com. We respond within 30 days.
If you are not satisfied, you may lodge a complaint with the Dutch Data Protection Authority.
9. Cookies
Essential cookies — required for authentication and session management.
Local storage — used for theme preference. Stored only on your device.
We do not use tracking, analytics, or advertising cookies.
10. Children
VirtualLotus is not intended for users under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us at info@virtual-lotus.com and we will delete it immediately.
11. Security
We implement technical and organizational measures including:
- HTTPS/TLS encryption in transit
- AES-256 encryption at rest (Supabase)
- Row Level Security (RLS) — users can only access their own data
- Separate admin access keys with restricted scope
- No storage of payment card details
We follow the principle of data minimization — we only collect what is necessary.
12. Changes to This Policy
We may update this Privacy Policy. Significant changes will be announced on our website. The "Last updated" date shows the latest revision.
13. Contact
AUCUSTOM
Nederhorst 54, 7608 JX Almelo, Netherlands
Email: info@virtual-lotus.com
KvK: 95187111
BTW: NL005135718B81
14. Crisis Resources
VirtualLotus is not a crisis service. If you or someone you know is in immediate danger, contact emergency services or one of the following helplines:
| Region | Service | Contact |
|---|---|---|
| EU | Emergency | 112 |
| USA / Canada | Emergency | 911 |
| UK | Emergency | 999 |
| Netherlands | 113 Zelfmoordpreventie | 0900-0113 / 113.nl |
| Netherlands | De Kindertelefoon | 0800-0432 |
| UK | Samaritans | 116 123 / samaritans.org |
| UK | SHOUT | Text SHOUT to 85258 |
| Germany | Telefonseelsorge | 0800 111 0 111 |
| France | Suicide prevention | 3114 |
| Poland | Centrum Wsparcia | 800 70 2222 |
| Spain | Teléfono de la Esperanza | 717 003 717 |
| USA | 988 Suicide & Crisis Lifeline | 988 |
| Canada | Talk Suicide Canada | 1-833-456-4566 |
| Australia | Lifeline | 13 11 14 |
| Japan | TELL Lifeline | 03-5774-0992 |
| South Korea | Crisis Line | 1577-0199 |
| International | IASP Directory | iasp.info |
You are never alone. Help is available 24/7.