Maureen Zehring
Privacy Policy — Lemma

This Privacy Policy explains how Studio Epshtein (“we”, “us”) collects, uses, and protects your information when you use the Lemma mobile application (the “App”) — an idea-capture and execution tool. By using Lemma you agree to this Policy.
1. Who we are
The data controller is Studio Epshtein. For any privacy request you can contact us at office@studio-epshtein.co.il.

2. Information we collect
We only collect what is needed to run the App. We do not use advertising, and we do not use analytics or tracking SDKs.
  • Account data. Your email address (for the one-time login code). If you sign in with Google, we receive your name and email address from Google. We assign you a user ID.
  • Your content. The ideas you create — titles, descriptions, notes, tags and “spark” ratings — and any photos, drawings, and voice recordings you attach.
  • Voice transcription. If you ask to transcribe a voice note, the audio is sent to our transcription provider (Groq) to produce text. The resulting transcript is stored with your idea.
  • On-device only (not collected by us). If you grant calendar permission, the App can create an event in your device’s calendar. This stays on your device — we do not read or store your calendar. Sharing an idea (e.g. to WhatsApp or email) is initiated by you and handled by the app you choose.
  • Authentication tokens. Your login session is stored securely on your device (Android Keystore). We do not store your password — Lemma uses passwordless email codes and Google sign-in.
3. How we use your information
  • To create your account and sign you in.
  • To store, sync, and display your ideas and attached media across sessions.
  • To transcribe voice notes when you request it.
  • To let you share or schedule an idea when you choose to.
  • To keep the service secure and to comply with legal obligations.
4. Legal basis
We process your data to provide the service you request (performance of our agreement with you) and, where applicable, with your consent (e.g. camera, microphone, and calendar permissions). Processing is carried out in accordance with the Israeli Protection of Privacy Law, 5741-1981.
5. Service providers we use
We do not sell your data and we do not share it for advertising. We rely on the following providers, who process data on our behalf under their own security and privacy terms:
  • Supabase — database, file storage, and authentication (hosting your account and content).
  • Groq — speech-to-text transcription of voice notes you choose to transcribe.
  • Google — “Sign in with Google” authentication (only if you use it).
  • Resend — delivery of one-time login-code emails.
6. Data retention
We keep your account and content for as long as your account is active. When you delete an idea it is removed from our systems. When you delete your account, your personal data and content are deleted, except where we must retain limited information to meet a legal obligation.

7. Security
Data is encrypted in transit (TLS) and at rest. Access to your content is restricted to your account through row-level security, and your session token is held in your device’s secure storage. No method of transmission or storage is 100% secure, but we work to protect your information.

8. Your rights and choices
  • Access & correction. You can view and edit your ideas at any time in the App.
  • Delete content. You can delete individual ideas in the App.
  • Delete your account. In the App go to Account → Delete Account, or email us at office@studio-epshtein.co.il to request deletion of your account and associated data.
  • You may also ask us to confirm what data we hold about you.
9. Children
Lemma is intended for adults and is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

10. International processing
Your data may be processed on servers operated by our providers outside Israel. Where this happens, we rely on those providers’ safeguards for international data handling.

11. Visitors from the EEA / UK
If you are in the EEA or UK, you have rights under the GDPR/UK GDPR, including access, rectification, erasure, restriction, portability, and objection. To exercise them, contact office@studio-epshtein.co.il.

12. Changes to this Policy
We may update this Policy from time to time. We will revise the “Last updated” date above and, for material changes, provide notice in the App.

13. Contact
Studio Epshtein — office@studio-epshtein.co.il
Made on
Tilda