Privacy

LoLa . privacy.

Effective: May 2026

LoLa is operated by Noctara, Inc. (Marietta, Ohio, United States). This policy describes what we collect, why, and how you control it.

Your words are yours. The architecture keeps the rhythm.

1. what we collect

Apple ID metadata: the Apple sub identifier and optional email you authorize during Sign in with Apple.
Your answers: the text you type in response to LoLa's daily question.
Behavioral keystroke signal: timing between keystrokes, pause duration, deletion count, rewrite count, speed variation. Per question. We do not capture the content of individual keystrokes; we capture the rhythm of how you type.
Mark: a three-character identifier the architecture produces for you.
Session metadata: timestamps, device type, app version, push token.
Subscription state: which tier you carry, when it was activated, when it renews.

2. what we do with it

Generate LoLa's daily sentence about you.
Persist your archive so you can return to it.
Improve the compression engine across all users (aggregate, never individual).
Train and refine the behavioral authentication system (US patent application 64/048,624).

3. what we never do

Sell your data to third parties.
Share your individual answers with anyone, including your pair.
Surface individual reads to your coach, employer, or any other party (if you also use VEX through a coach, only aggregated rhythm is visible to them, and only with your explicit opt-in).
Track you across other apps or websites. LoLa contains no IDFA-using SDK.

4. data rights

By using LoLa, you grant Noctara, Inc. a perpetual, worldwide, non-exclusive license to use, store, process, analyze, and derive insights from your behavioral data and identity compression for current and future Noctara products. You retain ownership of your written answers. The compression output (word, rhythm, mark, behavioral fingerprint) is jointly owned. You can use your word and mark publicly; the compression methodology and aggregate patterns belong to Noctara.

You can request deletion of your individual answers at any time by opening LoLa, tapping the settings glyph, and choosing delete my account. Aggregate behavioral patterns that have been merged into the architecture cannot be individually extracted or deleted; they are part of the engine.

5. how data is stored

LoLa data lives in Supabase Postgres (US-East region), with row-level security restricting access to the service role and the user. Apple Sign In tokens are verified against Apple's keys server. Behavioral signal is stored as JSON blobs adjacent to your reads.

6. children

LoLa is rated 12+. We do not knowingly collect data from anyone under 13. If you believe a child under 13 has used LoLa, write hello@noctaracorp.com and we will delete the account immediately.

7. third parties

The only third parties LoLa uses are: Apple (sign-in, payments, push notifications), Supabase (database hosting), Vercel (serverless functions hosting), Anthropic (LLM inference for the daily sentence), Resend (transactional email). None of them receive personally identifying data beyond what is necessary for their function.

8. changes

If we materially change this policy, you will see an in-app notice the next time you open LoLa. The current version is always at noctaracorp.com/lola/privacy.

9. contact

Privacy questions: hello@noctaracorp.com. Mailing address available on request.