Effective Date: April 14, 2026
Last Updated: April 14, 2026
1. Introduction
Wijaya Raya Capital Pte. Ltd., operating as Evolusea ("we," "us," "our"), operates the Evolusea: AI Compass mobile application and related services (collectively, the "Services"). We provide AI-powered spiritual wellness and personal growth tools β including conversational guidance, journaling, goal tracking, daily quotes, mood tracking, vision boards, wisdom stories, and religious calendar events β personalized to your belief system, language, and emotional state.
This Privacy Policy explains how we collect, use, protect, share, and transfer your personal data. It applies to all users of our Services regardless of location, with additional provisions for users in Thailand, Indonesia, and Singapore.
Data Controller:
Wijaya Raya Capital Pte. Ltd. (operating as "Evolusea")
Email: privacy@evolusea.com
10 Collyer Quay, #10-01 Ocean Financial Centre, Singapore 049315
Data Protection Officer:
Email: dpo@evolusea.com
This policy is governed by applicable data protection laws including Thailand's Personal Data Protection Act B.E. 2562 ("PDPA"), Indonesia's Personal Data Protection Law No. 27 of 2022 ("UU PDP"), and Singapore's Personal Data Protection Act 2012 ("Singapore PDPA").
2. Data We Collect
2.1 Data You Provide
Account Information: Email address, encrypted password, and sign-in method (email, Google, or Apple). Required for account creation and authentication.
Profile Information: Display name, country of residence, and language preference (English, Thai, or Indonesian).
Religious or Philosophical Belief (Sensitive Data): Your selected belief system, chosen during onboarding. This is used to personalize spiritual guidance, content, and calendar events. Under the PDPA and UU PDP, religious belief is classified as sensitive personal data. We collect it only with your explicit consent, obtained before any processing occurs. You may change or remove this selection at any time.
Conversations: Messages you exchange with our AI-powered guide, which may include personal reflections and emotional disclosures.
Journal Entries: Notes you create, including titles, content, and optional mood tags.
Goals and Progress: Goal titles, descriptions, target dates, and completion status.
Collections: Curated groups of notes, goals, and stories you organize for personal reflection.
Mood Data: Mood selections you record through check-ins or journal entries.
Preferences: Your selected personal growth focus and preferred conversation style for the AI guide.
2.2 Data Generated Through Use
AI-Generated Content: Summaries of your conversations and journal entries, created automatically to improve continuity and personalization.
Usage Records: Internal records of AI feature usage for quota enforcement and service management. These records do not contain the content of your conversations.
Engagement Data: Activity records, streaks, and milestones calculated from your use of the Services.
Device Information: Device type, operating system version, app version, and push notification identifiers.
2.3 Data From Third Parties
Authentication Providers: When you sign in via Google or Apple, we receive your email address and a unique identifier. We never receive your social account password.
Payment Processors: If you subscribe to our premium tier, our payment partner provides subscription status, purchase date, and expiration date. We never receive or store your payment card details, bank information, or billing address β these are handled entirely by Apple's App Store or Google Play.
3. How We Use Your Data
To Provide the Services: Creating your account; delivering AI-guided conversations; generating content summaries; providing personalized quotes, stories, and calendar events; tracking goals and mood; managing subscriptions.
To Personalize Your Experience: Adapting AI responses to your belief system, emotional state, language, and preferences; curating content relevant to your faith tradition.
To Communicate With You: Sending push notifications for goal reminders, calendar events, and important service updates; responding to support inquiries.
To Maintain and Improve the Services: Monitoring service performance and reliability; enforcing usage limits; identifying and resolving errors; improving features based on aggregated usage patterns.
To Ensure Security: Preventing unauthorized access; protecting against abuse and fraud; enforcing our Terms of Service.
To Comply With Law: Meeting legal obligations; responding to lawful government requests.
We do not sell your personal data, build advertising profiles, serve targeted ads, or use your data to train AI models.
4. AI-Powered Features
Core features of our Services β including conversational guidance, content summarization, and religious calendar generation β are powered by artificial intelligence provided by third-party AI service providers.
What This Means for Your Data
When you use AI-powered features, relevant data is sent to our AI service providers for processing. For conversations, this includes your messages, belief system, mood context, and conversation history. For summarization, this includes the text of your notes or conversations. For calendar generation, this includes belief system and language parameters.
We do not send directly identifying information (such as your email address, real name, or account ID) to AI service providers. Your data is processed to generate a response and is not used by these providers to train their AI models, per their API data usage commitments.
Where AI Data Is Processed
Our AI service providers are located in the United States. This means that data processed through AI features is transferred internationally. See Section 6 for the safeguards we apply to such transfers.
Limitations of AI
AI-generated responses may occasionally be inaccurate, incomplete, or culturally imprecise. Our AI guidance is not a substitute for professional counseling, therapy, or religious authority.
5. Who We Share Your Data With
We do not sell your personal data. We share it only with the following categories of recipients, each acting under contractual data protection obligations:
Cloud Infrastructure Providers: We host our application and database with a cloud provider in the Southeast Asia region to keep your data geographically close to you.
Authentication Services: We use a third-party authentication platform to manage secure sign-in, email verification, and session management.
AI Service Providers: As described in Section 4, we use third-party AI providers located in the United States to power AI features.
Payment and Subscription Services: Our subscription management partner, located in the United States, processes subscription status and entitlements. They do not receive your personal profile data.
Analytics and Error Monitoring: We use analytics and error reporting services to monitor app stability, detect crashes, and understand aggregated usage patterns. These services receive technical data (device information, error reports) and do not have access to the content of your conversations or notes.
Content Management: We use a content management system to author and publish wisdom stories. This system handles editorial content only and does not process user personal data.
Legal and Regulatory Authorities: We may disclose your data where required by law, regulation, legal process, or enforceable government request.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy commitments described in this policy.
6. International Data Transfers
Our primary systems are hosted in Southeast Asia. However, certain services we rely on are operated from the United States, meaning your data may be transferred internationally when you use AI-powered features, authentication, payment, and error monitoring services.
We apply the following safeguards to international transfers:
For users in Thailand: We rely on your explicit consent (obtained during onboarding), contractual necessity, and appropriate safeguards including standard contractual clauses, in compliance with Sections 28β29 of the PDPA.
For users in Indonesia: We ensure that receiving parties maintain adequate data protection standards or that equivalent contractual safeguards are in place, in compliance with the UU PDP.
For users in Singapore: We ensure that receiving organizations provide a comparable standard of protection through contractual arrangements, in compliance with the Transfer Limitation Obligation under the Singapore PDPA.
7. Data Retention
We retain your data only as long as necessary for the purposes described in this policy or as required by law.
Account, Profile, and Content Data (conversations, notes, goals, collections, mood check-ins, preferences, engagement records): Retained for the duration of your account.
AI Usage Records: Retained for up to 12 months for service management, then anonymized or deleted.
Push Notification Tokens: Automatically removed when invalid. Deleted upon account deletion.
Subscription Records: Retained for the duration of your account. Transaction records may be kept longer for tax and financial compliance.
Error Logs and Analytics: Retained for 30β90 days per our service providers' standard policies. These do not contain personal content.
Account Deletion
You can permanently delete your account at any time from your profile settings. Upon deletion, all your data is immediately and irreversibly removed from our systems, including your account, profile, all conversations and AI-generated summaries, all notes, goals, collections, mood records, preferences, notification tokens, subscription entitlements, and engagement data. This action cannot be undone.
8. Data Security
We implement technical, administrative, and organizational measures to protect your data:
Encryption: All data in transit is encrypted via TLS/HTTPS. Data at rest is encrypted using industry-standard methods. Our API does not accept unencrypted connections.
Access Controls: Token-based authentication on all endpoints; email verification for new accounts; automatic session expiration and refresh; rate limiting to prevent brute-force attacks.
Application Safeguards: Input validation and sanitization; usage limits on AI features; environment isolation between development, staging, and production systems.
Infrastructure: Database access restricted through secure gateway architecture with no direct public exposure; credentials and secrets stored in encrypted parameter management β never in source code.
No system is perfectly secure. If you become aware of unauthorized access to your account, contact us immediately at privacy@evolusea.com.
9. Your Privacy Rights
9.1 All Users
Access: View your data at any time within the app (profile, conversations, notes, goals, mood history, collections).
Correction: Update your profile information at any time through settings.
Deletion: Permanently delete your account and all data from your profile settings.
Portability: Request a copy of your data in a machine-readable format by emailing privacy@evolusea.com.
Withdraw Consent: Where processing is based on consent (including your belief system), you may withdraw at any time by updating your settings or deleting your account. Withdrawal does not affect processing that occurred before withdrawal.
9.2 Thailand (PDPA)
You additionally have the right to restrict processing, object to processing based on legitimate interest, and request erasure. You may lodge a complaint with the Personal Data Protection Committee (PDPC) at https://www.pdpc.or.th. We respond to rights requests within 30 days.
9.3 Indonesia (UU PDP)
You additionally have the right to be informed of processing purposes and legal bases, object to or suspend processing, request destruction of your data, and seek compensation for violations. We acknowledge rights requests within 3 Γ 24 hours of receipt.
9.4 Singapore (Singapore PDPA)
You additionally have the right to access information about how your data has been used or disclosed in the past year, request correction of errors, and request portability to another organization. You may lodge a complaint with the PDPC at https://www.pdpc.gov.sg. We respond to requests within 30 days.
9.5 How to Exercise Your Rights
Use your in-app settings for access, correction, consent management, and deletion. For all other requests, contact privacy@evolusea.com or our Data Protection Officer at dpo@evolusea.com. We may verify your identity before processing your request.
10. Data Breach Notification
If a breach occurs that is likely to affect your rights:
Thailand: We will notify the PDPC within 72 hours and affected individuals without undue delay where there is a high risk to their rights and freedoms.
Indonesia: We will notify affected individuals within 3 Γ 24 hours and report to the relevant authority as required.
Singapore: We will notify the PDPC within 3 calendar days of assessment (where the breach is likely to cause significant harm or affects 500+ individuals) and notify affected individuals as soon as practicable.
We will describe the nature of the breach, the data involved, the likely consequences, and the steps taken to address it.
11. Mobile Tracking Technologies
Evolusea is a mobile application. We do not use browser cookies in the app. The following technologies are used:
Analytics: Aggregated usage metrics (screen views, feature usage, session data) to improve the app experience. You may opt out through your device settings.
Crash Reporting: Automatic collection of crash diagnostics (device model, OS version, error details) to maintain app stability. These reports do not contain conversation or note content.
Push Notification Tokens: Device tokens to deliver notifications. You can disable notifications through device settings at any time.
If you visit any Evolusea web properties, a separate Cookie Policy will apply.
12. Children's Privacy
Evolusea is not directed at children.
Thailand: We require parental or guardian consent for individuals who cannot legally consent on their own under the PDPA.
Indonesia: Children's data is classified as sensitive under the UU PDP. We do not knowingly collect it without appropriate consent.
Singapore: Consent for individuals under 18 must be given by a parent or legal guardian under the Singapore PDPA.
All other jurisdictions: We do not knowingly collect data from anyone under 16 (or the applicable local minimum age).
If you believe a child has provided us with data without appropriate consent, contact us at privacy@evolusea.com and we will promptly delete it.
13. Third-Party Links
Our Services may contain links to external websites or services. We are not responsible for the privacy practices of third parties and encourage you to review their policies.
14. Marketing Communications
Functional notifications (goal reminders, calendar alerts) are part of the Services. Marketing communications are sent only with your consent or where permitted by law. You may opt out of marketing at any time through app settings or by contacting privacy@evolusea.com.
15. Changes to This Policy
We may update this policy to reflect changes in our practices, technology, or legal requirements. For material changes, we will notify you through the app at least 14 days in advance. Where required by law, we will obtain renewed consent for changes affecting sensitive data processing.
16. Contact Us
Privacy Inquiries: privacy@evolusea.com
Data Protection Officer: dpo@evolusea.com
Address: 10 Collyer Quay, #10-01 Ocean Financial Centre, Singapore 049315
Regulatory contacts:
Thailand β PDPC: https://www.pdpc.or.th
Indonesia β Ministry of Communications and Digital Affairs / PDP Agency
Singapore β PDPC: https://www.pdpc.gov.sg
17. Language
This policy is available in English, with translations in Thai and Indonesian for convenience. The English version prevails in case of inconsistency, except where local law requires the local language version to govern.
Last reviewed: April 14, 2026