Last updated: 29 December 2025
lovd ("we," "our," or "us") is committed to protecting your privacy and ensuring you understand how we handle your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable laws.
Data Controller: Lovd.app (KVK: 99510774) Amsterdam, Netherlands BTW-id: NL005390427B04 Email: privacy@lovd.app
Account Information:
Payment Information:
Content:
Communications:
Usage Data:
Device Information:
Cookies and Similar Technologies:
See Section 8 for our full Cookie Policy.
Authentication Providers: If you sign in via Google or other providers, we receive basic profile information you've authorized them to share.
Under GDPR, we process your data based on these legal grounds:
| Purpose | Legal Basis |
|---|---|
| Provide our services | Contract performance |
| Process payments | Contract performance |
| Send service communications | Contract performance |
| Ensure platform security | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Improve our services | Legitimate interest |
| Send marketing (with consent) | Consent |
To Provide Our Services:
To Communicate With You:
To Ensure Safety and Security:
To Improve Our Services:
We do not sell your personal data. We share information only as described below:
We use trusted third parties to help operate our services:
| Provider | Purpose | Location | Data Shared |
|---|---|---|---|
| Supabase | Database and storage | EU (Frankfurt) | Account data, photos |
| PostHog | Product analytics | EU available | Usage data, device info |
| Polar.sh | Payment processing | EU | Billing info, email |
| Cloudflare | CDN and security | Global (EU processing) | IP address, content |
| Vercel | Hosting | EU available | Usage data |
| Resend | Email delivery | US (EU transfers) | Email address, name |
All providers are bound by data processing agreements ensuring GDPR compliance.
We may disclose information when required by law, including:
We are legally required to report child sexual abuse material (CSAM) to relevant authorities, including the National Center for Missing & Exploited Children (NCMEC). This may include account information and content.
We may share information with third parties when you explicitly consent, such as sharing photos with other users you invite.
Your data may be transferred outside the European Economic Area (EEA). When this happens, we ensure appropriate safeguards:
You can request information about specific safeguards by contacting us.
We retain your data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Photos and content | Until deleted by you + 30 days |
| Payment records | 7 years (legal requirement) |
| Support communications | 3 years |
| Server logs | 90 days |
| Analytics data | 26 months |
After account deletion:
As an EU resident, you have the following rights:
You can request a copy of all personal data we hold about you.
You can correct inaccurate or incomplete personal data.
You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it.
You can ask us to limit how we use your data in certain circumstances.
You can request your data in a structured, machine-readable format.
You can object to processing based on legitimate interests, including profiling and direct marketing.
Where processing is based on consent, you can withdraw it at any time.
You can complain to your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl).
Contact us at privacy@lovd.app with your request. We will respond within 30 days. We may ask for verification of your identity.
You can also manage some data directly:
Cookies are small files stored on your device that help websites function and provide information to site owners.
Essential Cookies (Always Active) Required for the website to function. Cannot be disabled.
Analytics Cookies (Optional) Help us understand how you use lovd.
Third-Party Cookies Some services we use may set their own cookies:
You can control cookies through:
Note: Disabling essential cookies may prevent you from using our services.
lovd is not intended for users under 18 years of age. We do not knowingly collect personal data from children under 18.
If we discover we have collected data from someone under 18, we will:
If you believe a child under 18 is using lovd, please contact us immediately at safety@lovd.app.
We implement appropriate technical and organizational measures to protect your data:
Technical Measures:
Organizational Measures:
Despite our efforts, no system is 100% secure. If you discover a security vulnerability, please report it to security@lovd.app.
We may update this Privacy Policy periodically. When we make material changes:
Your continued use after changes take effect constitutes acceptance of the updated policy.
For privacy-related inquiries:
Email: privacy@lovd.app
General Support: support@lovd.app
Postal Address: lovd B.V. Amsterdam, Netherlands
Response Time: We aim to respond within 5 business days, and will address GDPR requests within 30 days as required by law.
This entire policy is designed with GDPR compliance in mind. The legal bases for processing and your rights are detailed in Sections 3 and 7.
Post-Brexit, we comply with the UK GDPR. Your rights are equivalent to those under EU GDPR.
While we primarily operate in the EU, California residents have similar rights under CCPA:
Contact us at privacy@lovd.app to exercise these rights.