Politica de confidențialitate
Rezumat în limba română
Prezentare generală
lovd este o platformă de partajare a fotografiilor orientată către confidențialitate, cu sediul în Amsterdam, Olanda. Această Politică de confidențialitate explică ce informații colectăm, cum le folosim și drepturile tale conform GDPR.
Ce date colectăm
- Informații de cont: Nume, adresă de email, parolă (stocată securizat, hashuită), fotografie de profil
- Informații de plată: Procesate de Polar, nu sunt stocate de noi
- Conținut: Fotografii, nume de colecții, comentarii
- Date de utilizare: Pagini vizitate, funcționalități folosite, tip de dispozitiv
Cum folosim datele tale
- Furnizarea serviciilor noastre (stocarea și afișarea fotografiilor tale)
- Comunicarea cu tine (actualizări de serviciu, alerte de securitate)
- Asigurarea securității (prevenirea fraudei, detectarea conținutului interzis)
- Îmbunătățirea serviciilor noastre (analiza modelelor de utilizare)
Drepturile tale conform GDPR
- Dreptul de acces: Solicită o copie a tuturor datelor
- Dreptul de rectificare: Corectează datele inexacte
- Dreptul la ștergere: Solicită ștergerea datelor tale
- Dreptul la portabilitatea datelor: Primește datele tale într-un format structurat
- Dreptul de opoziție: Opune-te prelucrării
Retenția datelor
- Informații de cont: Până la ștergerea contului (fereastră de anulare de 7 zile) + curățarea backup-urilor în 90 de zile
- Fotografii și conținut: Șterse imediat când le ștergi pe un cont activ; la anularea abonamentului, accesibile în timpul unei perioade de grație, după care se trimite o notificare finală și conținutul este eliminat; la ștergerea contului, eliminate la sfârșitul ferestrei de anulare de 7 zile, cu backup-urile curățate în 90 de zile
- Evidența plăților: 7 ani (cerință legală)
- După anulare: o perioadă de grație doar pentru citire de 90 de zile, cu acces de vizualizare; înainte de încheiere trimitem mementouri și un export complet; reabonarea în timpul celor 90 de zile restabilește accesul complet; dacă nu te reabonezi, conținutul este eliminat după o notificare finală
Contact
Pentru întrebări de confidențialitate: privacy@lovd.app
Full Legal Text (English)
Last updated: 17 March 2026
1. Introduction
lovd ("we," "our," or "us") explains here what personal data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable laws.
Data Controller: Lovd.app (KVK: 99510774) Amsterdam, Netherlands BTW-id: NL005390427B04 Email: privacy@lovd.app
2. Information We Collect
Information You Provide
- Account: name, email address, password (stored securely hashed), optional profile picture
- Payment: billing name and address. Card details are handled by our payment processor, Polar, and are not stored by us
- Content: photos and images you upload, collection names and descriptions, comments and interactions
- Communications: support requests and feedback
Information Collected Automatically
- Usage data: pages visited, features used, time on the platform, actions taken (uploads, shares, etc.)
- Device information: IP address, browser type and version, operating system, device type
- Cookies: authentication (essential), preferences (functional), analytics (with consent), see Section 8
Information from Third Parties
If you sign in via Google or another provider, we receive the basic profile information you authorized them to share.
3. How We Use Your Information
Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Provide our services | Contract performance |
| Process payments | Contract performance |
| Send service communications | Contract performance |
| Ensure platform security | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Improve our services | Legitimate interest |
| Send marketing (with consent) | Consent |
Specific Uses
- Provide services: store and display your photos, enable sharing and collaboration, process your subscription
- Communicate: service updates, security alerts, support responses, and marketing (only with your consent)
- Safety and security: detect and prevent fraud, scan for prohibited content (including CSAM), enforce our Terms of Service, protect users and the platform
- Improve services: analyze usage patterns, fix bugs, develop new features
4. How We Share Your Information
We do not sell your personal data. We share it only as described below.
Service Providers
| Provider | Purpose | Location | Data Shared |
|---|---|---|---|
| Supabase | Database and storage | EU (Frankfurt) | Account data, photos |
| PostHog | Product analytics | EU available | Usage data, device info |
| Polar | Payment processing | EU | Billing info, email |
| Cloudflare | CDN and security | Global (EU processing) | IP address, content |
| Vercel | Hosting | EU available | Usage data |
| Resend | Email delivery | US (EU transfers) | Email address, name |
All providers are bound by data processing agreements ensuring GDPR compliance.
Legal Requirements
We may disclose information when required by law, including court orders or legal process, government requests, to protect rights, safety, or property, and to report illegal content to authorities.
CSAM Reporting
We are legally required to report child sexual abuse material (CSAM) to relevant authorities, including the National Center for Missing & Exploited Children (NCMEC). This may include account information and content.
With Your Consent
We may share information with third parties when you explicitly consent, such as sharing photos with users you invite.
5. International Data Transfers
When data is transferred outside the European Economic Area (EEA), we apply appropriate safeguards: the EU-US Data Privacy Framework (for certified US providers), Standard Contractual Clauses, or EU adequacy decisions. Contact us for information about specific safeguards.
6. Data Retention
We retain your data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion (7-day cancellation window) + 90-day backup purge |
| Photos and content | Deleted immediately when you delete them on an active account; on subscription cancellation, accessible during a grace period (see Terms of Service), after which a final notification is sent and the content is removed; on account deletion, removed at the end of the 7-day cancellation window, with backups purged within 90 days |
| Payment records | 7 years (legal requirement) |
| Support communications | 3 years |
| Server logs | 90 days |
| Analytics data | 26 months |
After subscription cancellation: you enter a 90-day read-only grace period during which content remains viewable and downloadable. Before it ends, we send reminder emails and a complete export of your content. Resubscribing during the grace period restores full access. If you do not resubscribe before the grace period ends, your content is removed after a final notification.
After account deletion: nothing is removed during a 7-day cancellation window. After 7 days, content, profile, and account are permanently removed from active systems, and backups are purged within 90 days. Some data may be retained longer if required by law (see the table above).
7. Your Rights Under GDPR
As an EU resident, you have the right to:
- Access: request a copy of the personal data we hold about you
- Rectification: correct inaccurate or incomplete data
- Erasure ("right to be forgotten"), request deletion, which we honor unless legally required to retain the data
- Restrict processing: limit how we use your data in certain circumstances
- Data portability: receive your data in a structured, machine-readable format
- Object: object to processing based on legitimate interests, including profiling and direct marketing
- Withdraw consent: where processing relies on consent, withdraw it at any time
- Lodge a complaint: with your local data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens
How to Exercise Your Rights
Email privacy@lovd.app. We respond within 30 days and may ask you to verify your identity.
You can also manage some data directly:
- Export your data: Account > Data
- Delete your account: Account > Data, then "Delete account"
- Update your information: Account > Profile
8. Cookie Policy
Cookies are small files stored on your device that help websites function and provide information to site owners.
Essential cookies (always active): required for the site to function and cannot be disabled: authentication (keeps you logged in), security (protects against attacks), and preferences (remembers your settings).
Analytics cookies (optional): help us understand usage patterns, feature popularity, and errors.
Third-party cookies: some services we use, such as Cloudflare (security) and analytics services (if enabled), may set their own cookies.
You can control cookies through your browser settings, our cookie consent banner, or your account privacy settings. Disabling essential cookies may prevent you from using our services.
9. Children's Privacy
lovd is not intended for users under 18, and we do not knowingly collect personal data from them. If we discover we have collected data from someone under 18, we will immediately delete their account and data, and notify their parent or guardian where contact information is available.
If you believe a child under 18 is using lovd, contact us at safety@lovd.app.
10. Security
We implement appropriate technical and organizational measures to protect your data.
Technical: encryption in transit (TLS/HTTPS) and at rest, secure password hashing, regular security audits, access controls and monitoring.
Organizational: staff training on data protection, need-to-know access, incident response procedures, regular policy reviews.
No system is 100% secure. If you discover a security vulnerability, please report it to security@lovd.app.
11. Changes to This Policy
We may update this policy periodically. For material changes, we will update the "Last updated" date, notify you by email, and may display a notice in the app. Continued use after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
- Privacy inquiries: privacy@lovd.app
- General support: support@lovd.app
- Postal address: Lovd.app, Amsterdam, Netherlands
We aim to respond within 5 business days and will address GDPR requests within 30 days as required by law.
13. Additional Information for Specific Regions
European Economic Area (EEA): this policy is designed for GDPR compliance; legal bases and your rights are detailed in Sections 3 and 7.
United Kingdom: we comply with the UK GDPR, and your rights are equivalent to those under EU GDPR.
California (CCPA): California residents have similar rights, to know what data we collect, to delete it, to opt out of data sales (we do not sell data), and to non-discrimination. Contact privacy@lovd.app to exercise these rights.