This policy explains how LenNotes collects, uses, and protects your personal information, and your rights under POPIA, the GDPR, and other data protection laws.
1. Introduction
VaultAir Systems (Pty) Ltd ("VaultAir", "we", "us", or "our") operates LenNotes, a WhatsApp-first notes, reminders, and lists assistant ("LenNotes" or the "Service"). This Privacy Policy explains how we collect, use, store, share, and protect personal information when you create a LenNotes account, link WhatsApp, use the Service, or contact us.
This Policy is designed to comply with the Protection of Personal Information Act, 2013 (POPIA) in South Africa; the General Data Protection Regulation (GDPR) in the European Union and European Economic Area; the UK GDPR and Data Protection Act 2018; and other applicable data protection laws in the countries where we operate. Please read it together with the LenNotes Terms of Service.
2. Who Is Responsible for Your Data
The data controller and responsible party for LenNotes is:
- VaultAir Systems (Pty) Ltd
- Company registration number: 2025/540482/07
- Registered address: Stellenbosch, 7600, Western Cape, Republic of South Africa
- Email: privacy@vaultair.systems
Information Officer (POPIA): Jan Pool, contactable at privacy@vaultair.systems with the subject line "Information Officer". POPIA requires responsible parties to register their Information Officer with the Information Regulator of South Africa.
EU/UK representative (GDPR Article 27 / UK GDPR): VaultAir does not currently maintain an establishment in the EEA or UK. If you are in the EEA or UK, contact us at privacy@vaultair.systems with the subject line "EU/UK Privacy". Where applicable law requires us to appoint a representative under Article 27, we will appoint one and publish their details here.
3. What Information We Collect
We collect information you provide, information generated through your use of the Service, and limited technical information.
Account details: Email address and a hashed password used to create and secure your account.
Phone and WhatsApp data: The phone number you verify (in E.164 format) and WhatsApp messages, metadata, and delivery status needed to operate the chat-based assistant.
Your content: The notes, reminders, lists, and other items you create or send to LenNotes, including any text you choose to store.
Preferences: Settings such as timezone (used to schedule reminders) and theme/display preferences stored on your device.
Technical and usage data: IP address, device/browser type, log data, message timestamps, and similar information used to operate and secure the Service.
Support requests: The email address and message content you submit through the support form, used to respond to you.
You decide what to store in LenNotes. Please avoid storing special categories of personal information (such as health, biometric, or financial data) or other people’s personal information unless you have a lawful basis and the right to do so.
4. How We Use Your Information
We use personal information only for lawful purposes, including to:
- create and secure your account and verify your phone number;
- deliver core functionality — capturing notes, organising lists, and sending reminders;
- schedule and send reminders accurately using your timezone;
- generate AI-assisted summaries, search, and organisation of your content;
- provide customer support and respond to your requests;
- operate, maintain, secure, and improve the Service;
- detect, prevent, and investigate abuse, fraud, and security incidents; and
- comply with legal obligations.
We do not sell your personal information, and we do not use your content for third-party advertising.
5. Legal Bases for Processing
Depending on your location and the type of data, we rely on one or more of the following legal bases under GDPR Article 6 and the equivalent justifications under POPIA:
Contract: To provide the Service you sign up for, including storing your notes and sending your reminders.
Consent: For optional features and communications, and where consent is otherwise required. You may withdraw consent at any time.
Legitimate interests: To secure the Service, prevent abuse, and improve our product, balanced against your rights.
Legal obligation: To comply with tax, accounting, regulatory, and lawful requests from authorities.
6. AI and Automated Processing
LenNotes uses automated processing, including AI models (currently from OpenAI), to summarise, search, classify, and organise the content you submit. No solely automated decision is made that produces legal or similarly significant effects on you.
Our AI provider processes your content only to generate features for you under its business/API terms. We do not permit your content to be used to train third-party AI models, except where we tell you clearly in advance and obtain any consent required by law.
7. How We Protect Your Information
We implement appropriate technical and organisational measures, including:
- encryption in transit (HTTPS/TLS) and at rest where supported by our cloud provider;
- hashing of account passwords;
- scoped, token-based authentication and access controls;
- rate limiting and abuse protection;
- limited retention of logs and personal data; and
- due-diligence assessment of service providers that handle personal data.
No system is completely secure. Please use a strong, unique password and keep your account credentials confidential.
8. Data Retention
We retain personal information only for as long as necessary for the purposes described in this Policy, unless a longer period is required by law.
Account and content: Retained while your account is active. You may request deletion at any time.
Support correspondence: Retained for a reasonable period to handle your enquiry and for record-keeping.
Logs and technical data: Retained for a limited period for troubleshooting and security.
Records required by law: Retained for the period required by applicable tax, accounting, or regulatory rules.
When data is no longer needed, we delete or anonymise it.
9. Your Rights
Depending on where you live, you may have the following rights regarding your personal information:
Access: Request a copy of the personal information we hold about you.
Rectification: Correct inaccurate or incomplete information.
Erasure: Request deletion of your account and personal information.
Restriction: Ask us to limit processing in certain circumstances.
Portability: Receive your data in a structured, machine-readable format where applicable.
Objection: Object to processing based on legitimate interests.
Withdraw consent: Withdraw consent at any time where processing is based on consent.
Complaint: Lodge a complaint with a supervisory authority.
To exercise your rights, email privacy@vaultair.systems with the subject line "Privacy Request", or use the LenNotes support form. We may need to verify your identity. We aim to respond within 30 days, or sooner where required by law (such as one month under GDPR).
South Africa (POPIA): You may complain to the Information Regulator at inforegulator.org.za. EU (GDPR): You may contact your local data protection authority (see edpb.europa.eu). UK (UK GDPR): You may contact the ICO at ico.org.uk.
10. Sharing and Service Providers
We share personal information only as described below. All service providers (operators/processors) are bound by contractual obligations to protect your data and process it only on our instructions.
Meta / WhatsApp: Messaging delivery via the WhatsApp Cloud API; your use of WhatsApp is also subject to WhatsApp’s own policies.
OpenAI: AI processing for summaries, search, and organisation of your content.
Amazon Web Services (AWS): Cloud hosting, transactional email (Amazon SES), and SMS verification (Amazon SNS).
Professional advisers and authorities: Legal, accounting, or compliance advisers, and law enforcement or regulators when required by valid legal process.
We may also share information in connection with a merger, acquisition, or sale of assets, with notice where required by law. A current list of service providers is available on request at privacy@vaultair.systems.
11. International Data Transfers
VaultAir is based in South Africa, and your information may be processed in South Africa, the European Union, the United States, and other countries where our service providers operate. Where data is transferred from the EEA, UK, or other jurisdictions requiring safeguards, we rely on appropriate mechanisms such as the European Commission Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement or Addendum, adequacy decisions where available, or your explicit consent where required.
12. Cookies and Local Storage
The LenNotes web pages use only essential cookies and browser local storage needed for the product to function — for example, remembering your theme preference and keeping your session secure. These do not require consent. We do not use advertising cookies on LenNotes.
Where analytics cookies are used on the vaultair.systems domain, they load only after you accept analytics cookies in our consent banner, and are described in the VaultAir Privacy Policy. You can manage cookies through your browser settings; disabling essential cookies may affect functionality.
13. Children’s Privacy
LenNotes is intended for users aged 18 and over. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at privacy@vaultair.systems and we will delete it promptly.
14. Data Breach Notification
If a personal data breach (a "security compromise" under POPIA) is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected users as required by law. Where GDPR or UK GDPR applies, we aim to notify the competent authority without undue delay and, where feasible, within 72 hours of becoming aware. Under POPIA, we notify the Information Regulator and affected data subjects as soon as reasonably possible after discovery.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, where changes are material, take reasonable steps to notify you. Where applicable law requires renewed consent, we will ask for it before applying the changes.
16. Contact Us
For privacy questions, rights requests, or complaints, contact:
- VaultAir Systems (Pty) Ltd
- Information Officer: Jan Pool
- Email: privacy@vaultair.systems (subject: "Privacy Request" or "Information Officer")
- Or use the LenNotes support form on the main product page.
For legal or privacy requests, email privacy@vaultair.systems or use the LenNotes support form on the main product page.