Legal

Polityka prywatności

Jak lovd zbiera, wykorzystuje i chroni twoje dane osobowe.
To jest dokument prawnie wiążący. Pełny prawnie wiążący tekst jest dostępny tylko po angielsku. Poniżej znajdziesz podsumowanie po polsku, a następnie pełny angielski tekst prawny.

Podsumowanie po polsku

Przegląd

lovd to platforma do dzielenia się zdjęciami skupiona na prywatności, z siedzibą w Amsterdamie, Holandia. Ta Polityka prywatności wyjaśnia, jakie informacje zbieramy, jak je wykorzystujemy i twoje prawa zgodnie z RODO.

Jakie dane zbieramy

  • Informacje o koncie: Imię, adres e-mail, hasło (bezpiecznie zahashowane), zdjęcie profilowe
  • Informacje płatnicze: Przetwarzane przez Polar.sh, nie przechowywane przez nas
  • Zawartość: Zdjęcia, nazwy kolekcji, komentarze
  • Dane użytkowania: Odwiedzane strony, używane funkcje, typ urządzenia

Jak wykorzystujemy twoje dane

  • Świadczenie naszych usług (przechowywanie i wyświetlanie twoich zdjęć)
  • Komunikacja z tobą (aktualizacje serwisu, alerty bezpieczeństwa)
  • Zapewnienie bezpieczeństwa (zapobieganie oszustwom, wykrywanie zabronionych treści)
  • Ulepszanie usług (analiza wzorców użytkowania)

Twoje prawa zgodnie z RODO

  • Prawo dostępu: Zamów kopię wszystkich danych
  • Prawo do sprostowania: Popraw niedokładne dane
  • Prawo do usunięcia: Żądaj usunięcia danych
  • Prawo do przenośności danych: Otrzymaj dane w ustrukturyzowanym formacie
  • Prawo do sprzeciwu: Sprzeciw się przetwarzaniu

Przechowywanie danych

  • Informacje o koncie: Do usunięcia konta (7-dniowe okno anulowania) + czyszczenie kopii zapasowych w ciągu 90 dni
  • Zdjęcia i zawartość: Usuwane natychmiast, gdy usuniesz je na aktywnym koncie; przy usunięciu konta, usuwane z końcem 7-dniowego okna anulowania, a kopie zapasowe w ciągu 90 dni
  • Dokumenty płatnicze: 7 lat (wymóg prawny)
  • Po anulowaniu subskrypcji: 90-dniowy okres karencji z dostępem tylko do odczytu; przed końcem wysyłamy przypomnienia i kompletny eksport; jeśli nie odnowisz, treści zostaną usunięte po ostatecznym powiadomieniu

Kontakt

W sprawach prywatności: privacy@lovd.app


Last updated: 17 March 2026

1. Introduction

lovd ("we," "our," or "us") explains here what personal data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable laws.

Data Controller: Lovd.app (KVK: 99510774) Amsterdam, Netherlands BTW-id: NL005390427B04 Email: privacy@lovd.app

2. Information We Collect

Information You Provide

  • Account: name, email address, password (stored securely hashed), optional profile picture
  • Payment: billing name and address. Card details are handled by our payment processor, Polar, and are not stored by us
  • Content: photos and images you upload, collection names and descriptions, comments and interactions
  • Communications: support requests and feedback

Information Collected Automatically

  • Usage data: pages visited, features used, time on the platform, actions taken (uploads, shares, etc.)
  • Device information: IP address, browser type and version, operating system, device type
  • Cookies: authentication (essential), preferences (functional), analytics (with consent), see Section 8

Information from Third Parties

If you sign in via Google or another provider, we receive the basic profile information you authorized them to share.

3. How We Use Your Information

PurposeLegal Basis
Provide our servicesContract performance
Process paymentsContract performance
Send service communicationsContract performance
Ensure platform securityLegitimate interest
Prevent fraud and abuseLegitimate interest
Comply with legal obligationsLegal obligation
Improve our servicesLegitimate interest
Send marketing (with consent)Consent

Specific Uses

  • Provide services: store and display your photos, enable sharing and collaboration, process your subscription
  • Communicate: service updates, security alerts, support responses, and marketing (only with your consent)
  • Safety and security: detect and prevent fraud, scan for prohibited content (including CSAM), enforce our Terms of Service, protect users and the platform
  • Improve services: analyze usage patterns, fix bugs, develop new features

4. How We Share Your Information

We do not sell your personal data. We share it only as described below.

Service Providers

ProviderPurposeLocationData Shared
SupabaseDatabase and storageEU (Frankfurt)Account data, photos
PostHogProduct analyticsEU availableUsage data, device info
PolarPayment processingEUBilling info, email
CloudflareCDN and securityGlobal (EU processing)IP address, content
VercelHostingEU availableUsage data
ResendEmail deliveryUS (EU transfers)Email address, name

All providers are bound by data processing agreements ensuring GDPR compliance.

We may disclose information when required by law, including court orders or legal process, government requests, to protect rights, safety, or property, and to report illegal content to authorities.

CSAM Reporting

We are legally required to report child sexual abuse material (CSAM) to relevant authorities, including the National Center for Missing & Exploited Children (NCMEC). This may include account information and content.

We may share information with third parties when you explicitly consent, such as sharing photos with users you invite.

5. International Data Transfers

When data is transferred outside the European Economic Area (EEA), we apply appropriate safeguards: the EU-US Data Privacy Framework (for certified US providers), Standard Contractual Clauses, or EU adequacy decisions. Contact us for information about specific safeguards.

6. Data Retention

We retain your data only as long as necessary:

Data TypeRetention Period
Account informationUntil account deletion (7-day cancellation window) + 90-day backup purge
Photos and contentDeleted immediately when you delete them on an active account; on subscription cancellation, accessible during a grace period (see Terms of Service), after which a final notification is sent and the content is removed; on account deletion, removed at the end of the 7-day cancellation window, with backups purged within 90 days
Payment records7 years (legal requirement)
Support communications3 years
Server logs90 days
Analytics data26 months

After subscription cancellation: you enter a 90-day read-only grace period during which content remains viewable and downloadable. Before it ends, we send reminder emails and a complete export of your content. Resubscribing during the grace period restores full access. If you do not resubscribe before the grace period ends, your content is removed after a final notification.

After account deletion: nothing is removed during a 7-day cancellation window. After 7 days, content, profile, and account are permanently removed from active systems, and backups are purged within 90 days. Some data may be retained longer if required by law (see the table above).

7. Your Rights Under GDPR

As an EU resident, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Rectification: correct inaccurate or incomplete data
  • Erasure ("right to be forgotten"), request deletion, which we honor unless legally required to retain the data
  • Restrict processing: limit how we use your data in certain circumstances
  • Data portability: receive your data in a structured, machine-readable format
  • Object: object to processing based on legitimate interests, including profiling and direct marketing
  • Withdraw consent: where processing relies on consent, withdraw it at any time
  • Lodge a complaint: with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens

How to Exercise Your Rights

Email privacy@lovd.app. We respond within 30 days and may ask you to verify your identity.

You can also manage some data directly:

  • Export your data: Account > Data
  • Delete your account: Account > Data, then "Delete account"
  • Update your information: Account > Profile

Cookies are small files stored on your device that help websites function and provide information to site owners.

Essential cookies (always active): required for the site to function and cannot be disabled: authentication (keeps you logged in), security (protects against attacks), and preferences (remembers your settings).

Analytics cookies (optional): help us understand usage patterns, feature popularity, and errors.

Third-party cookies: some services we use, such as Cloudflare (security) and analytics services (if enabled), may set their own cookies.

You can control cookies through your browser settings, our cookie consent banner, or your account privacy settings. Disabling essential cookies may prevent you from using our services.

9. Children's Privacy

lovd is not intended for users under 18, and we do not knowingly collect personal data from them. If we discover we have collected data from someone under 18, we will immediately delete their account and data, and notify their parent or guardian where contact information is available.

If you believe a child under 18 is using lovd, contact us at safety@lovd.app.

10. Security

We implement appropriate technical and organizational measures to protect your data.

Technical: encryption in transit (TLS/HTTPS) and at rest, secure password hashing, regular security audits, access controls and monitoring.

Organizational: staff training on data protection, need-to-know access, incident response procedures, regular policy reviews.

No system is 100% secure. If you discover a security vulnerability, please report it to security@lovd.app.

11. Changes to This Policy

We may update this policy periodically. For material changes, we will update the "Last updated" date, notify you by email, and may display a notice in the app. Continued use after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

We aim to respond within 5 business days and will address GDPR requests within 30 days as required by law.

13. Additional Information for Specific Regions

European Economic Area (EEA): this policy is designed for GDPR compliance; legal bases and your rights are detailed in Sections 3 and 7.

United Kingdom: we comply with the UK GDPR, and your rights are equivalent to those under EU GDPR.

California (CCPA): California residents have similar rights, to know what data we collect, to delete it, to opt out of data sales (we do not sell data), and to non-discrimination. Contact privacy@lovd.app to exercise these rights.

Twoje wspomnienia zasluguja na wlasciwy dom. Bez reklam. Bez zbierania danych. Bez trenowania AI na twoich zdjeciach.

Na zawsze darmowe, bez karty kredytowej
Nieograniczone kolekcje, notatki i wydarzenia
Zapros kogokolwiek do ogladania lub dodawania wspomnien