Data Policy
What we do with your data.
This page is maintained by Lilac Creative to explain what we collect on lilaccreative.io and the member hub, why we collect it, who helps us process it, and how you can ask us to change or delete it. Plain English, no legal cosplay.
Last updated: June 28, 2026
On this page
01
What we collect.
We only collect what's needed to run the site, our member hub, and our client work:
- Account info when you sign up: name (or display name), email, password hash, optional profile photo and bio.
- Membership & billing data if you join the Academy: subscription status and the last four digits of your card. Full card numbers go directly to Stripe — we never see or store them.
- Learning activity inside the member hub: courses started, lessons completed, reflections you write, AI chat history with Lilac AI, knowledge-check attempts, bookmarks, and discussion posts.
- Messages you send us through the contact form, replies, or email.
- Basic technical data your browser sends automatically: IP address, device/browser type, and pages visited.
We do not collect government IDs, precise location, health data, or biometric data.
02
Why we collect it.
- To create and secure your account.
- To deliver courses, save your progress, and personalize your hub.
- To process Academy subscriptions and send required billing receipts.
- To respond when you contact us.
- To detect abuse and keep the site running.
- To send the newsletter or course updates — only if you opted in. You can unsubscribe from any email.
We don't sell your data. We don't run advertising. We don't profile you for third-party marketing.
03
Who processes it.
A handful of trusted vendors help us run the platform. Each one only receives the data it needs to do its job:
- Lovable Cloud — hosts our database, authentication, and file storage. Your account, profile, and learning data live here.
- Stripe — processes Academy payments. Stripe receives your billing details directly; we receive subscription status and the last four digits of your card.
- Lovable AI Gateway (Google Gemini models) — powers the Ask Lilac AI assistant, lesson summaries, and knowledge checks. Your prompts and lesson context are sent to the model to generate a response and are not used to train it.
- ElevenLabs — generates the audio "read aloud" version of lessons. Lesson text is sent; no personal info is included.
- YouTube (Google) — embeds recorded webinars. Playing an embedded video sets YouTube's own cookies.
- Email delivery — transactional emails (sign-up confirmations, receipts, replies) are sent through our email provider.
04
AI features & your content.
When you use Ask Lilac AI, knowledge checks, or auto-generated lesson intros, your message and the related lesson content are sent to our AI provider to generate a response. These conversations are saved to your account so you can return to them later. We do not use member content to train third-party models.
Reflections you write in lessons are private to you and our admins, and are compiled into your end-of-course report. They are never shown to other members.
06
Retention & deletion.
We keep your account data for as long as your account is active. When you delete your account or cancel your membership, we remove your personal data within 30 days, except for records we're legally required to keep (for example, invoices for tax purposes).
Public posts you've made in member discussions may be anonymized rather than deleted so replies from others remain coherent. You can request full removal of those too.
07
Your rights & requests.
You can ask us at any time to:
- See a copy of the data we hold about you.
- Correct anything that's wrong.
- Delete your account and personal data.
- Export your reflections and course reports.
- Unsubscribe from non-essential emails.
Email Contact@lilaccreative.io from the address on your account. We aim to respond within 14 days.
08
How we protect it.
Data is transmitted over HTTPS. Passwords are hashed — we can't see them. Database access is restricted by row-level security policies, so members can only read and write their own data, and admin-only data stays admin-only. Stripe handles payment card data on its own PCI-compliant infrastructure.
No system is perfect. If something goes wrong, we'll tell affected users directly and explain what happened and what we're doing about it.
09
Children.
This site and the Academy are built for working professionals. We don't knowingly collect data from anyone under 16. If you believe a child has created an account, contact us and we'll remove it.
10
Changes to this page.
When we change anything material — new vendors, new data collected, changed retention — we'll update the "last updated" date at the top and, for active members, send a heads-up by email.
11
Contact.
Questions, requests, or concerns about your data: Contact@lilaccreative.io.
You can also reach us through the contact page.