Privacy
This page explains, in plain English, what data Neumatics and the SoulMap app collect, why, where it lives, and what you can do about it. The mechanics align with GDPR, the EU AI Act, and the EU Data Act.
Plain-English drafting. This policy is drafted by the operator in plain English and is reviewed periodically. If you have a specific question that isn't answered here, email lotus@neumatics.eu.
Who we are
Neumatics is operated by Fotis Dovas, sole proprietor, registered in Greece. The data controller for everything on this site is Fotis Dovas, reachable at lotus@neumatics.eu. Data-protection enquiries: lotus@neumatics.eu.
What we collect
| Category | What | Why |
|---|---|---|
| Account | Email, optional display name, sign-in metadata | To operate your account |
| Demographics (optional) | Demographic facets you choose to share (age band, country, gender, language) | Used only with your consent, to personalise your Echo sessions and contextualise your profile |
| Echo responses | Your forced-choice responses inside the daily Echo micro-experience | Scored against psychometric instruments to build your profile |
| Profile inferences | Trait scores (Big Five, HEXACO, attachment, Schwartz values, EQ, moral foundations) with reliability metadata | Powers your SoulMap experience |
| Device and log data | Performance, error rates, anonymous usage metrics | To keep the service running and improve it |
We do not collect: clinical-grade health information, biometric identifiers, voice or physiological capture, or any data from anyone under 18.
Lawful bases
- Consent (Art. 6(1)(a), Art. 9(2)(a)) for consent-gated processing — the demographic facets you choose to share. Granular, separate toggles. Withdrawable at any time.
- Performance of a contract (Art. 6(1)(b)) for everything required to deliver your account and your Echo sessions.
- Legitimate interest (Art. 6(1)(f)) for operational security, fraud prevention, and aggregate usage analytics — balanced and overridden by your objection.
How long we keep it
| Data | Default retention |
|---|---|
| Account + profile | Until you delete your account |
| Echo responses | 24 months rolling, or until you delete them individually |
| Operational logs | 90 days |
| DSAR audit trail | 6 years (regulatory requirement) |
Your rights
You can, at any time and at no cost:
- Access — request a copy of everything we hold about you.
- Rectify — correct anything that is wrong.
- Erase — delete your account; the deletion cascades across Firestore, BigQuery, and trace storage with an audit record.
- Restrict — pause specific processing while we investigate a complaint.
- Object — opt out of any legitimate-interest processing.
- Port — receive your data in a structured, machine-readable format.
Email lotus@neumatics.eu. Default turnaround is 30 days.
You also have the right to lodge a complaint with the Hellenic Data Protection Authority (dpa.gr).
Children
The SoulMap app and every Neumatics product are 18+ only. We do not knowingly collect data from anyone under 18. If you believe a minor has signed up, please email lotus@neumatics.eu and we will delete the account immediately.
International transfers
The default hosting region is the EU (Google Cloud europe-west regions). Where a sub-processor (e.g., LLM provider) operates outside the EU, the transfer is governed by Standard Contractual Clauses and limited to the minimum necessary.
Cookies and similar
We use a small set of strictly-necessary cookies for authentication and session persistence. We do not run third-party advertising or behavioural cross-site tracking.
Sub-processors
A current list of sub-processors (Firebase, Google Cloud, Google Gemini) is available on request via lotus@neumatics.eu. We will publish the list on this page in the next revision.
Features not yet active
Some parts of the Neumatics design have been published for transparency but are not currently offered. Specifically:
- Marketplace and research-data products. No aggregate datasets are exported, licensed, or sold. No demographic anchoring for dataset buyers takes place. The consent-vintage and revocation-cascade machinery described in our design documentation is not in operation.
- Non-custodial wallet and royalty settlement. The app does not currently create wallets, collect public XRPL addresses, or settle royalties of any kind. We hold no wallet metadata.
- XRPL infrastructure providers are accordingly not among our active sub-processors. They would be added to the published sub-processor list before any wallet feature activates.
None of the processing associated with these features occurs today. Before any of them activates, we will update this policy, notify account holders, and request fresh consent where the law requires it. The design posture behind these features is documented at /about/data-ethics.
Updates
We will post material changes here and notify account holders via email. The "Last updated" date at the top of this page reflects the most recent revision.