Privacy Policy
Version: 2.0-draft
Effective Date: 2026-06-01
LULL Privacy Policy FOR ATTORNEY REVIEW AND APPROVAL
This Privacy Policy describes how Rhetoric Innovations LLC collects, uses, stores, and shares information when you use the Lull journaling application and related services. Key additions in this version: Section 1.6 (Conversation Corpus), Section 3.3 (School Channel Sharing), Section 4.6 (Counselor Access Log), Section 7 (updated School/FERPA section).
1. INFORMATION WE COLLECT
1.1 Information You Provide Directly
- Account registration information: first name, email address, birthdate, and password
- Profile information: age range, usage mode (Personal, Student, Veteran), and settings preferences
- Journal entries, Question of the Day responses, Log It captures, and Audio Capture summaries
- Guardian connection information: Connect Code usage and guardian account details
- School enrollment information: student account type and school association
- Communications with us: support requests and feedback
1.2 Information Collected Automatically
- Device information: device type, operating system, app version, and browser type
- Usage data: features used, session frequency, session duration, and interaction patterns
- Technical logs: error reports and performance data
- IP address and approximate location at the time of account creation and consent recording
1.3 Information We Do NOT Collect
1.4 Audio Capture — Special Notice
Lull's Audio Capture feature processes audio entirely on your device using on-device speech recognition. Raw audio is never transmitted to Rhetoric Innovations LLC servers. Only a compressed text summary is stored. Raw audio is deleted from your device immediately after the summary is generated.
1.5 Children Under 13 — COPPA-Specific Disclosures
For users under 13, we collect only: first name (for personalization), parent or guardian email address (for consent verification), birthdate (for age verification only), journal entry content (to provide the core service), and account activity data (for guardian or school dashboard). We do not collect any information from children under 13 beyond what is strictly necessary to provide the journaling service and comply with safety and legal obligations.
1.6 Conversation Corpus
To provide longitudinal journaling features including pattern recognition, psychological fingerprint matching, reflective continuity, and growth tracking, Lull stores full conversation transcripts in a secure encrypted database called the conversation corpus. Each conversation is stored with:
- The full text of user messages and AI responses in chronological order
- A timestamp for the session
- Links to any situations indexed from that session
- Word count and a searchable text index
Conversation corpus data is encrypted at rest and in transit. It is accessible only to the individual user through the Lull application. For school-enrolled students, it may also be accessed by an assigned school counselor under defined safety threshold conditions as described in Section 3.3 and in our Terms of Service.
1.7 School-Specific Data
For school-enrolled students, we collect: school association (school name and ID), guardian consent records (including guardian email, digital signature, documents acknowledged, IP address at time of consent, and timestamp), and counselor alert records (including alert tier, trigger type, and conversation content for Tier 2 and Tier 3 alerts).
2. HOW WE USE YOUR INFORMATION
2.1 Service Provision
- To create and manage your account
- To provide journaling, reflection, and AI response features
- To build memory summaries and psychological fingerprints that allow Lull to recognize patterns over time
- To operate the guardian dashboard and safety notification features
- To operate the school counselor alert system for school-enrolled students
2.2 Safety Features
- To analyze journal content for safety signals using automated AI-powered semantic evaluation
- To surface crisis resources within the application when safety signals are detected
- To notify connected guardians or trusted contacts at defined safety threshold levels
- To notify assigned school counselors at defined safety threshold levels for school-enrolled students
- To maintain safety logs and counselor access logs for legal compliance purposes
2.3 Guardian and School Consent Management
- To send and record guardian consent for school-enrolled students
- To maintain an auditable record of consent including signature, documents acknowledged, and timestamp
- To send consent reminders for pending consents
2.4 Service Improvement
- To monitor and improve application performance and reliability
- To diagnose and resolve technical issues
2.5 Communications
- To send account-related notifications including subscription confirmations and account updates
- To send safety-related communications as described in Section 2.2
- To send guardian consent requests and confirmations
- To respond to your support requests
2.6 What We Do NOT Use Your Information For
3. HOW WE SHARE YOUR INFORMATION
3.1 We Do Not Sell Your Data
Rhetoric Innovations LLC does not sell, rent, or trade your personal information to any third party for any purpose. This applies to all users including users under 18.
3.2 Service Providers
We share information with the following service providers solely to operate the Service:
3.3 School Channel — Counselor Access
For school-enrolled students, we share specific conversation content with the assigned school counselor under the following conditions:
- Tier 2 Safety Alert: The specific session's conversation content is accessible to the assigned counselor through the secure counselor portal
- Tier 3 Safety Alert: The specific session plus the three most recent prior sessions are accessible to the assigned counselor through the counselor portal
- Pattern-Level (Tier 1) Alert: A general summary of concern categories is shared with the counselor. No individual session content is shared for Tier 1 alerts.
All counselor access to student conversation content is logged in a tamper-evident access log. Counselors may only access content through the secure Lull counselor portal and are bound by their school's Data Processing Agreement.
3.4 Legal Requirements
We may disclose information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of the Company, our users, or the public.
3.5 Business Transfers
In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity. We will provide notice of such transfer and the opportunity to delete your account before the transfer takes effect.
4. DATA RETENTION
4.1 Active Accounts
We retain your account data and journal entries for as long as your account is active. You may delete individual journal entries at any time through the application.
4.2 Deleted Accounts
Upon account deletion, all journal entries, conversation corpus data, Log It captures, audio summaries, memory summaries, profile data, and psychological index data will be permanently deleted within 30 days. You will receive email confirmation when deletion is complete.
4.3 Safety Logs
Safety-related logs (records of safety detection events) are retained for up to 7 years after account deletion for legal compliance purposes. These logs contain only metadata about safety detection events, not journal entry content.
4.4 Sensitive Pattern Logs
Behavioral pattern detection logs used to adapt the AI journaling experience are automatically cleared when no relevant signals appear within the applicable detection window (7 days for urge patterns, 30 days for behavioral patterns). These logs are retained for no longer than 30 days after the last relevant signal.
4.5 Guardian Consent Records
Guardian consent records including digital signatures, documents acknowledged, IP addresses, and timestamps are retained permanently as legal proof of consent. These records are not deleted when a student account is deleted.
4.6 Counselor Access Logs
Records of counselor access to student conversation content through the counselor portal are retained for 7 years after the access event as part of the tamper-evident audit trail. These records include: counselor identity, student identifier, alert accessed, access type, and timestamp.
4.7 Payment Records
Payment transaction records are retained for 7 years as required by applicable tax and financial regulations. Retained payment records do not include full payment card details.
5. DATA SECURITY
We implement industry-standard security measures to protect your information, including:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of data at rest including all journal entries and conversation corpus data
- Row-level security policies in the database layer ensuring users can only access their own data
- Separate role-based access controls for counselor portal access
- Tamper-evident audit logging for all counselor access to student conversation content
- Regular security monitoring and incident response procedures
- Limited employee access to user data on a need-to-know basis
6. YOUR RIGHTS AND CHOICES
6.1 Access and Portability
You may request a copy of your personal information at any time by contacting [email protected]. We will provide your data in a commonly used electronic format within 30 days.
6.2 Correction
You may update your account information at any time through account settings. For information that cannot be updated through the application, contact [email protected].
6.3 Deletion
You may delete your account and all associated data at any time through account settings. Upon deletion request, all data except safety logs, counselor access logs, guardian consent records, and payment records will be permanently deleted within 30 days.
6.4 Guardian Consent Revocation
Guardians who have provided consent for school-enrolled students may contact [email protected] to revoke consent. Revocation of consent will result in the student account being deactivated. Counselor access to previously created alerts will remain available to the school per the DPA terms.
6.5 California Residents
California residents have additional rights under CCPA and CPRA, including the right to know what personal information is collected, the right to delete personal information, the right to opt out of sale (we do not sell data), and the right to non-discrimination for exercising privacy rights. Contact [email protected].
6.6 Nevada Residents
Nevada residents may opt out of the sale of covered information. We do not sell covered information. Contact [email protected].
6.7 European Users
[ATTORNEY REVIEW REQUIRED: If the Service is made available to EU residents, GDPR compliance obligations apply including lawful basis for processing, data subject rights, DPO requirements, and standard contractual clauses for international transfers. Recommend legal review before EU deployment.]
7. CHILDREN'S PRIVACY — COPPA COMPLIANCE
7.1 Information Collected from Children Under 13
For users under 13, we collect only: first name, parent or guardian email address (for consent), birthdate (for age verification), journal entry content (to provide the core service), and account activity data (for guardian or school dashboard).
7.2 Verifiable Parental Consent
Before collecting personal information from a child under 13, we obtain verifiable parental or school consent. Accounts are not activated until this consent is received. Consumer accounts require parental consent. School accounts may use school-level DPA consent per Section 7.4.
7.3 Parental Rights
Parents or legal guardians of children under 13 have the right to: review personal information collected from their child; request deletion of their child's personal information; refuse to permit further collection or use; revoke previously granted consent. Contact [email protected]. We respond within 10 business days.
7.4 School Consent Exception
Pursuant to 16 C.F.R. § 312.5(b)(1), schools may provide consent in place of parents when Lull is deployed for educational purposes under an executed School Data Processing Agreement. School consent covers collection and use of student data for the educational purpose defined in the DPA. Schools represent to the Company that they have provided appropriate parental notice regarding the use of Lull.
7.5 No Behavioral Advertising to Children
We do not use the personal information of children under 13 for behavioral advertising. We do not serve any advertising within the Lull application to any user.
7.6 California Age-Appropriate Design Code
For all users under 18, regardless of state of residence, we apply California AB 2273 standards including: maximum privacy by default, no profiling for advertising, no dark patterns encouraging excessive personal information sharing.
8. SCHOOL AND INSTITUTIONAL USE — FERPA AND STUDENT PRIVACY LAWS
8.1 School Deployments
When Lull is deployed by a school or educational institution under a licensing agreement, additional privacy protections apply. Schools deploying Lull must execute a Data Processing Agreement with Rhetoric Innovations LLC prior to student enrollment.
8.2 FERPA Compliance
When deployed by a school receiving federal funding, Lull may be subject to FERPA, 20 U.S.C. § 1232g. In FERPA-covered deployments, Lull acts as a school official with a legitimate educational interest in accordance with 34 C.F.R. § 99.31(a)(1). Student records within Lull are used only for educational purposes and are not disclosed to third parties except as permitted by FERPA and as described in this Privacy Policy.
8.3 SOPIPA and State Student Privacy Laws
Lull complies with the Student Online Personal Information Protection Act (SOPIPA) and equivalent state student privacy laws. We do not use student data to build a personal profile for purposes other than the educational purpose for which data was collected, sell student data, or disclose student data for advertising purposes.
8.4 Counselor Access to Student Data
The counselor access framework described in Sections 1.7, 3.3, and in the Terms of Service constitutes a disclosure to a school official under FERPA 34 C.F.R. § 99.31(a)(1) with a legitimate educational interest in student safety. This framework is governed by the school's Data Processing Agreement with Rhetoric Innovations LLC.
9. THIRD-PARTY LINKS AND SERVICES
The Service may contain links to third-party websites or services, including crisis resource websites. We are not responsible for the privacy practices of third parties. Please review the privacy policies of any third-party services you access through Lull.
10. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy periodically. We will notify you of material changes by email and by posting updated policy with an updated effective date. For changes that materially reduce your privacy protections, we will seek your affirmative consent before the changes take effect for your account.
11. CONTACT INFORMATION
Privacy Inquiries: [email protected] General Contact: [email protected] Company: Rhetoric Innovations LLC | Website: lulljournal.app
For urgent privacy concerns related to children's data or school student data, we will respond within 2 business days.
FOR ATTORNEY REVIEW AND APPROVAL — NOT EFFECTIVE UNTIL COUNSEL APPROVES Rhetoric Innovations LLC | lulljournal.app | [email protected]