Privacy Policy

Effective date: October 2025

Controller: Lia Corneo Ltd
Registered office: Charilaou Xylophorou 13, 4103 Agios Athanasios, Limassol, Cyprus
Email: [email protected]


1. Quick summary (plain language)

We built Lia to help creators grow. We treat your privacy seriously. This page explains, in plain terms, what we collect, why, and what controls you have. If you prefer legal detail, read on — the full rules are below.

Key points:

  • You can delete messages and in-app data from the app. For full deletion of account records or external form data, email [email protected]. Some records required for billing or law may be kept.

  • We use trusted service providers (OpenAI, Supabase, Stripe, Cloudflare) — they may process data outside the EU.

  • Lia is intended for people aged 16 and older. We do not knowingly collect data from children under 16.


2. What this Privacy Policy covers

This Policy explains how Lia Corneo Ltd (“we”, “us”, “Lia”) collects, uses, discloses, and protects personal data when you:

  • use the Lia mobile app (Expo / React Native) or related web pages;

  • buy or access the Lia course or any AI bot features;

  • contact support or otherwise communicate with us.

It also explains your rights and how to exercise them.


3. Data we collect

3.1 Account & identity data

  • Email address (used for login via Supabase auth)

  • Account identifier (user ID)

  • Display name (if you provide one)

3.2 Content & interaction data

  • Messages you send to Lia (chat content)

  • Answers to onboarding forms and questionnaires used to personalise Lia

  • Inferred traits and categories derived from messages (e.g., personality tags, preferences) — used to personalise the product

3.3 Billing & purchase data

  • Billing records, invoices, and subscription status (processed by Stripe). We do not store raw card numbers.

3.4 Technical & analytics

  • Device information required to operate the app (basic device model, OS version) and diagnostics.

  • Cloudflare analytics (cookie-less) or similar. We do not use third-party advertising identifiers or tracking SDKs by default.

3.5 Logs & security

  • Access logs, IP addresses, timestamps, error reports and other system logs necessary for operation and security.


4. How we use your data (purposes and legal bases)

We use personal data for the following purposes and legal bases:

  1. To provide the service (contract performance): receive, store and display your messages; send AI replies; maintain your account. (Legal basis: contract performance.)

  2. To improve Lia (legitimate interests): analyze anonymised usage patterns and ways to make Lia better. We balance this with your privacy. (Legal basis: legitimate interests.)

  3. Billing and fraud prevention (contract / legal obligation): process payments and comply with tax and legal obligations.

  4. Security & abuse prevention (legitimate interests / legal): detect abuse, secure accounts, and investigate incidents.

  5. Compliance with law (legal obligation): respond to lawful requests from authorities or to enforce rights.

  6. Customer support (contract / legitimate interests): respond to your inquiries and troubleshoot issues.


5. Sharing & processors

We use reputable third-party processors to operate the service:

  • OpenAI — model inference and generation of AI replies.

  • Supabase — database, auth, and serverless functions.

  • Stripe — payments and billing.

  • Cloudflare — DNS, performance, and analytics.

  • Framer — hosting the marketing site (if used).

  • Any other provider will be listed in an updated policy.

These parties process data on our instructions. They may operate outside the EU. Where transfers occur we use Standard Contractual Clauses (SCCs) or other appropriate safeguards.

We may also share anonymised, aggregated data for research or product development. We will not sell your personal data.


6. International transfers

Your data may be transferred to, stored, and processed in countries outside your own, including the United States. When we transfer personal data from the EEA or UK to other countries, we rely on the European Commission’s Standard Contractual Clauses (2021/914/EU) and, where applicable, the UK International Data Transfer Addendum.
The competent supervisory authority for Lia Corneo Ltd is the Office of the Commissioner for Personal Data Protection (Cyprus).


7. Retention

We retain personal data only as long as necessary to provide the service, comply with legal obligations, and for legitimate business purposes such as improving Lia. When data is no longer necessary, we delete or irreversibly anonymise it. Certain records (e.g. billing, tax, anti-fraud logs) may be retained for longer to comply with legal requirements.


8. Your rights

Subject to local law, you may have the right to:

  • access the personal data we hold about you;

  • correct inaccurate or incomplete data;

  • request deletion of your data (subject to limited exceptions for legal/billing reasons);

  • restrict or object to processing in certain circumstances;

  • obtain a portable copy of your data;

  • withdraw consent where processing is based on consent;

  • lodge a complaint with a supervisory authority (for EU users, the Cyprus Commissioner for Personal Data Protection).

To exercise a right, contact [email protected]. We will verify identity before acting on certain requests.


9. Deletion & account closure

  • In-app deletion: From the app Settings you can delete chat messages and in-app profile data.

  • Full deletion: To request removal of all remaining records (including form answers and other data not removable in-app), email [email protected] and provide the requested information to verify identity. We will comply unless we must retain certain records for legal or legitimate business reasons (for example billing records for tax, fraud prevention, or ongoing disputes). We aim to complete verified deletion requests within 30 days where possible.


10. Children

Lia is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided data to us, contact [email protected] and we will delete it.


11. Security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These measures include encryption in transit, access controls, and regular security reviews. However, no system is perfectly secure. In the event of a data breach likely to result in risk to your rights or freedoms, we will notify you and the competent supervisory authority without undue delay, in accordance with Articles 33 and 34 GDPR.


12. Cookies & analytics

Our public site uses Cloudflare analytics by default (cookie-less). We do not install advertising tracking or use cross-site identifiers by default. If we later enable additional analytics (e.g., GA4), we will update this Policy and add a cookie banner as required.


13. Third-party content & links

The app or site may link to third-party services. This Policy does not apply to how those third parties handle your data. Check third-party privacy notices before sharing personal data.


14. Model training and improvement

Anonymised or aggregated data derived from your interactions may be used to improve our algorithms and train future versions of Lia. Personal identifiers are removed or masked before such use.


15. Changes to this Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Material changes will be highlighted on our site with the updated effective date. Continued use after changes means acceptance.


16. Contact / DPO

For questions, requests, or to exercise your rights: [email protected]
Mailing address: Charilaou Xylophorou 13, 4103 Agios Athanasios, Limassol, Cyprus