Política de privacidad
Resumen en español
Introducción
lovd se compromete a proteger su privacidad. Esta política de privacidad explica qué información recopilamos, cómo la utilizamos y cuáles son sus derechos en virtud del RGPD.
Información que recopilamos
Información que usted proporciona:
- Datos de la cuenta (nombre, correo electrónico, contraseña, foto de perfil).
- Datos de pago (gestionados por Polar.sh).
- Contenido (fotos, colecciones, comentarios).
Información recopilada automáticamente:
- Datos de uso (páginas visitadas, funciones utilizadas).
- Información del dispositivo (dirección IP, navegador, sistema operativo).
- Cookies.
Cómo utilizamos su información
- Para prestarle nuestros servicios.
- Para comunicarnos con usted.
- Para garantizar la seguridad de la plataforma.
- Para mejorar nuestros servicios.
Cesión de información
No vendemos sus datos personales. Solo compartimos información con proveedores de servicios de confianza (Supabase, PostHog, Polar.sh, Cloudflare, Vercel, Resend).
Sus derechos en virtud del RGPD
- Derecho de acceso.
- Derecho de rectificación.
- Derecho de supresión.
- Derecho a la portabilidad de los datos.
- Derecho de oposición.
Conservación de los datos
- Información de la cuenta: hasta la eliminación de la cuenta (ventana de cancelación de 7 días) + 90 días para la purga de copias de seguridad.
- Fotos y contenidos: se eliminan inmediatamente cuando usted los borra en una cuenta activa; tras la cancelación de la suscripción, accesibles durante un periodo de gracia cuya duración coincide con el tiempo que estuvo suscrito; al finalizar dicho periodo, se enviará una notificación final y el contenido se eliminará.
- Registros de pago: 7 años (obligación legal).
- Tras la cancelación: dispondrá de un periodo de gracia con acceso de visualización cuya duración coincide con el tiempo que estuvo suscrito; antes de que termine, enviaremos recordatorios y una exportación completa; si no renueva la suscripción, el contenido se eliminará tras una notificación final.
Contacto
Para consultas de privacidad: privacy@lovd.app
Full Legal Text (English)
Last updated: 17 March 2026
1. Introduction
lovd ("we," "our," or "us") is committed to protecting your privacy and ensuring you understand how we handle your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable laws.
Data Controller: Lovd.app (KVK: 99510774) Amsterdam, Netherlands BTW-id: NL005390427B04 Email: privacy@lovd.app
2. Information We Collect
Information You Provide
Account Information:
- Name
- Email address
- Password (stored securely hashed)
- Profile picture (optional)
Payment Information:
- Billing name and address
- Payment details are processed by Polar.sh (our payment processor) and not stored by us
Content:
- Photos and images you upload
- Collection names and descriptions
- Comments and interactions
Communications:
- Support requests
- Feedback you provide
Information Collected Automatically
Usage Data:
- Pages visited and features used
- Time spent on the platform
- Actions taken (uploads, shares, etc.)
Device Information:
- IP address
- Browser type and version
- Operating system
- Device type
Cookies and Similar Technologies:
- Authentication cookies (essential)
- Preference cookies (functional)
- Analytics cookies (with consent)
See Section 8 for our full Cookie Policy.
Information from Third Parties
Authentication Providers: If you sign in via Google or other providers, we receive basic profile information you've authorized them to share.
3. How We Use Your Information
Legal Bases for Processing
Under GDPR, we process your data based on these legal grounds:
| Purpose | Legal Basis |
|---|---|
| Provide our services | Contract performance |
| Process payments | Contract performance |
| Send service communications | Contract performance |
| Ensure platform security | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Improve our services | Legitimate interest |
| Send marketing (with consent) | Consent |
Specific Uses
To Provide Our Services:
- Store and display your photos
- Enable sharing and collaboration
- Process your subscription
To Communicate With You:
- Service updates and changes
- Security alerts
- Support responses
- Marketing (only with your consent)
To Ensure Safety and Security:
- Detect and prevent fraud
- Scan for prohibited content (including CSAM)
- Enforce our Terms of Service
- Protect our users and platform
To Improve Our Services:
- Analyze usage patterns
- Fix bugs and issues
- Develop new features
4. How We Share Your Information
We do not sell your personal data. We share information only as described below:
Service Providers
We use trusted third parties to help operate our services:
| Provider | Purpose | Location | Data Shared |
|---|---|---|---|
| Supabase | Database and storage | EU (Frankfurt) | Account data, photos |
| PostHog | Product analytics | EU available | Usage data, device info |
| Polar.sh | Payment processing | EU | Billing info, email |
| Cloudflare | CDN and security | Global (EU processing) | IP address, content |
| Vercel | Hosting | EU available | Usage data |
| Resend | Email delivery | US (EU transfers) | Email address, name |
All providers are bound by data processing agreements ensuring GDPR compliance.
Legal Requirements
We may disclose information when required by law, including:
- Court orders or legal process
- Government requests
- To protect rights, safety, or property
- To report illegal content to authorities
CSAM Reporting
We are legally required to report child sexual abuse material (CSAM) to relevant authorities, including the National Center for Missing & Exploited Children (NCMEC). This may include account information and content.
With Your Consent
We may share information with third parties when you explicitly consent, such as sharing photos with other users you invite.
5. International Data Transfers
Your data may be transferred outside the European Economic Area (EEA). When this happens, we ensure appropriate safeguards:
- EU-US Data Privacy Framework: For US providers certified under the framework
- Standard Contractual Clauses: EU-approved contract terms
- Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
You can request information about specific safeguards by contacting us.
6. Data Retention
We retain your data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Photos and content | Deleted immediately when you delete them on an active account; on subscription cancellation, accessible during a grace period matching how long you were subscribed (see Terms of Service), after which a final notification is sent and the content is removed; on account deletion, removed at the end of the 7-day cancellation window with backups purged within 90 days |
| Payment records | 7 years (legal requirement) |
| Support communications | 3 years |
| Server logs | 90 days |
| Analytics data | 26 months |
After subscription cancellation:
- You enter a grace period of viewing access whose length matches how long you were subscribed
- Grace time accumulates across successive billing periods
- During your grace period, content remains viewable and downloadable
- Before your grace period ends, we send reminder emails and a complete export of your content
- Resubscribing during your grace period restores full access and earns additional grace time
- A family member or trusted contact may resubscribe on your behalf
- If you do not resubscribe before your grace period ends, your content is removed after a final notification
After account deletion:
- Content is deleted within 30 days
- Backups are purged within 90 days
- Some data may be retained longer if required by law
7. Your Rights Under GDPR
As an EU resident, you have the following rights:
Right to Access
You can request a copy of all personal data we hold about you.
Right to Rectification
You can correct inaccurate or incomplete personal data.
Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.
Right to Restrict Processing
You can ask us to limit how we use your data in certain circumstances.
Right to Data Portability
You can request your data in a structured, machine-readable format.
Right to Object
You can object to processing based on legitimate interests, including profiling and direct marketing.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
Right to Lodge a Complaint
You can complain to your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl).
How to Exercise Your Rights
Contact us at privacy@lovd.app with your request. We will respond within 30 days. We may ask for verification of your identity.
You can also manage some data directly:
- Download your data: Account Settings > Data Export
- Delete your account: Account Settings > Delete Account
- Update your information: Account Settings > Profile
8. Cookie Policy
What Are Cookies?
Cookies are small files stored on your device that help websites function and provide information to site owners.
Cookies We Use
Essential Cookies (Always Active) Required for the website to function. Cannot be disabled.
- Authentication: Keep you logged in
- Security: Protect against attacks
- Preferences: Remember your settings
Analytics Cookies (Optional) Help us understand how you use lovd.
- Usage patterns
- Feature popularity
- Error tracking
Third-Party Cookies Some services we use may set their own cookies:
- Cloudflare (security)
- Analytics services (if enabled)
Managing Cookies
You can control cookies through:
- Browser settings
- Our cookie consent banner
- Account privacy settings
Note: Disabling essential cookies may prevent you from using our services.
9. Children's Privacy
lovd is not intended for users under 18 years of age. We do not knowingly collect personal data from children under 18.
If we discover we have collected data from someone under 18, we will:
- Immediately delete their account and data
- Notify their parent/guardian if contact information is available
If you believe a child under 18 is using lovd, please contact us immediately at safety@lovd.app.
10. Security
We implement appropriate technical and organizational measures to protect your data:
Technical Measures:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest
- Secure password hashing
- Regular security audits
- Access controls and monitoring
Organizational Measures:
- Staff training on data protection
- Limited access on a need-to-know basis
- Incident response procedures
- Regular policy reviews
Despite our efforts, no system is 100% secure. If you discover a security vulnerability, please report it to security@lovd.app.
11. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes:
- We will update the "Last updated" date
- We will notify you by email
- We may display a notice in the app
Your continued use after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related inquiries:
Email: privacy@lovd.app
General Support: support@lovd.app
Postal Address: lovd B.V. Amsterdam, Netherlands
Response Time: We aim to respond within 5 business days, and will address GDPR requests within 30 days as required by law.
13. Additional Information for Specific Regions
European Economic Area (EEA)
This entire policy is designed with GDPR compliance in mind. The legal bases for processing and your rights are detailed in Sections 3 and 7.
United Kingdom
Post-Brexit, we comply with the UK GDPR. Your rights are equivalent to those under EU GDPR.
California (CCPA)
While we primarily operate in the EU, California residents have similar rights under CCPA:
- Right to know what data we collect
- Right to delete your data
- Right to opt-out of data sales (we do not sell data)
- Right to non-discrimination
Contact us at privacy@lovd.app to exercise these rights.