Privacy Policy.

This Privacy Policy explains how ELF UNLIMITED LTD ("we", "us", "our"), the operator of listentojesus.live, collects and uses your personal data. We are based in the United Kingdom and we follow the UK GDPR and the Data Protection Act 2018.

1. Who we are

ELF UNLIMITED LTD
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Company ID: 16461751
Contact: [email protected]

For the purposes of UK GDPR, we are the data controller of the personal data described below.

2. What data we collect

We collect only what we need to deliver the service:

• Email address — when you sign up, purchase, or join the trial.
• Payment information — processed directly by Stripe; we never see or store your card details.
• Telegram user ID — when you connect to our bot to receive messages.
• Conversation content — the questions you send to the bot and the responses you receive.
• Basic technical data — IP address, browser type, time of visit, when you use the site (standard server logs).

3. Why we use it (legal basis)

• To deliver the service you paid for — sending daily messages, processing your questions, providing customer support. Legal basis: contract.
• To send you transactional and sequence emails related to your purchase or trial. Legal basis: contract / legitimate interest.
• To process payments and prevent fraud. Legal basis: contract / legal obligation.
• To improve the quality of the service, including reviewing anonymised conversation patterns. Legal basis: legitimate interest.

4. Who we share data with

We share data with a small set of trusted processors who help us run the service:

• Stripe — payment processing.
• Brevo — email delivery.
• BuddyPro — Telegram bot infrastructure and conversation processing.
• Cloudflare — website hosting and security.
• OpenAI / Anthropic — the underlying language models used to generate responses. Your messages are processed by these providers under their data processing terms.

We do not sell your personal data. We do not share it for advertising. We do not give it to third parties for purposes unrelated to running the service.

5. The privacy of your conversations

The conversations you have with the bot are treated as confidential. We want you to feel free to ask anything, including the things you would not say out loud anywhere else.

• Your conversations are not stored under your real name. Inside the bot, you are identified only by your Telegram user ID and the email address you signed up with. We do not attach your real name, address, or any other personal identifiers to the content of your messages.
• No one reads your conversations passively. We do not browse, monitor, or review the content of individual users' chats. There is no human dashboard where someone can scroll through what you wrote.
• We may access an individual conversation only in narrow, exceptional cases: a binding legal request (court order, subpoena), a credible report of abuse or safety concern, or your own explicit request to support (for example, if you ask us to investigate a problem in your chat).
• Data is encrypted in transit and at rest. All communication uses HTTPS/TLS, and the underlying databases are encrypted on disk. This does not mean end-to-end encryption — by design, the AI provider must process your message in order to answer it.
• We do not use your conversations to train AI models, and we do not use them for marketing, advertising, or profiling.
• You can ask us to delete your conversation history at any time by writing to [email protected]. We act on the request within 30 days.

To be fully transparent: because your subscription is linked to your email address, an unauthorised data breach could in theory allow someone to reconnect a conversation to a person via that email. We treat the underlying systems with the same level of care a healthcare provider would apply to a sensitive record, but we do not pretend we are end-to-end encrypted, because we are not.

6. How long we keep it

• Account & email data: for as long as you are a customer, plus 6 years for tax and accounting (UK requirement).
• Conversation history: for the duration of your subscription, then deleted within 90 days unless you ask us to keep it longer or delete it sooner.
• Server logs: 30 days.

7. Your rights

Under UK GDPR you have the right to:

• Ask for a copy of the data we hold about you.
• Ask us to correct anything that is wrong.
• Ask us to delete your data ("right to be forgotten"), subject to legal retention requirements.
• Withdraw consent for marketing emails at any time.
• Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, write to [email protected]. We respond within 30 days.

8. International transfers

Some of our processors (Stripe, OpenAI, Anthropic) are based outside the UK. We rely on Standard Contractual Clauses and equivalent safeguards approved by the UK government.

9. Cookies

We use only essential cookies needed for the site and the checkout to work. We do not use third-party advertising or tracking cookies.

10. Children

The service is not intended for anyone under 18. We do not knowingly collect data from children.

11. Changes to this policy

If we make significant changes, we will update the "Last updated" date and, where appropriate, notify you by email.