This Addendum applies to the extent that Lets tipit ltd processes any "Personal Data" subject to the UK GDPR, EU GDPR, or the Australian Privacy Act.

• Data Controller: You (the User) are the controller of your personal journal entries and reflections stored locally.

• Data Processor: Lets tipit ltd acts as a processor only for account-level data (e.g., email, subscription status) required to maintain your access to the Service.

We will only process your data to:

• Provide the wellness services and "Tip Deck" access.

• Ensure the security and integrity of the App.

• Comply with legal obligations (e.g., tax records for Coin purchases).

We use a limited number of third-party "Sub-processors" to assist in providing our services. These currently include:

• Cloud Hosting: [e.g., AWS / Google Cloud] for account authentication.

• Payment Processing: Apple (App Store) and Google (Play Store).

• Analytics: [e.g., Firebase / Mixpanel] for app performance monitoring.

We ensure that all Sub-processors are bound by data protection terms no less protective than those in our own Privacy Policy.

We implement appropriate technical measures to protect your data, including:

• Encryption: Data is encrypted in transit using SSL/TLS.

• Anonymization: Usage data is anonymized wherever possible.

• Access Control: Access to our database is restricted to authorized personnel only.

In the unlikely event of a data breach that affects your personal information, we will notify the relevant Supervisory Authority (e.g., the ICO in the UK) and you, the user, within 72 hours of becoming aware of the breach, where required by law.