Privacy Policy

Lovai (the "Service") values the protection of personal information. We comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Japan's Act on the Protection of Personal Information (APPI), and other applicable privacy laws. This Privacy Policy explains how we collect, use, share, and protect your information.

1. Information we collect

The Service may collect the following information.

1.1 Account information

• Email address
• Username (handle)
• Display name
• Profile image
• Bio

1.2 Usage information

• Post content
• Likes, bookmarks, and follow history
• Purchase history
• Direct message content

1.3 Technical information

• IP address
• Browser type and version
• Device information
• Access logs
• Cookie information

1.4 Payment information

Payment information related to purchasing or selling premium content is managed by the payment processor (Stripe, Inc.). The Service does not store sensitive payment information such as credit card numbers.

2. Purposes of use

We use collected information for the following purposes.

• Account creation and management
• Providing and operating the Service
• User support
• Improving the Service and developing new features
• Usage analysis
• Detection and prevention of fraudulent activity
• Compliance with legal obligations
• Sending important notices

3. Legal basis for processing (GDPR)

We process your personal data based on the following legal grounds:

4. Sharing and disclosure

We do not sell your personal information. We share data only in the following cases:

• With your consent
• When required by law or valid legal process
• To protect life, body, or property
• With service providers who process data on our behalf (under data processing agreements)
• In connection with a merger, acquisition, or sale of assets (with notice to users)

4.1 External services we use

The Service uses the following external services.

Please review each service's privacy policy on its website.

5. Data retention

We retain your data for the following periods:

6. Cookies

We use cookies for the following purposes.

• Maintaining login sessions
• Saving user settings (such as dark mode)
• Analyzing Service usage

You can disable cookies in your browser settings, but some features may not work properly.

7. Protection of information

We take the following measures to protect collected information.

• Encryption of communications via SSL/TLS
• Access controls for databases
• Row Level Security (RLS) for data access control
• Regular security audits

8. Your privacy rights

Depending on your location, you may have some or all of the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Correct inaccurate or incomplete data
• Right to erasure ("Right to be forgotten"): Request deletion of your data
• Right to restrict processing: Limit how we use your data
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests, including AI Training
• Right to withdraw consent: Withdraw consent at any time for consent-based processing

To exercise these rights, contact support@lovai.app. We will respond within 30 days (or as required by applicable law).

9. Rights for EU/EEA/UK residents (GDPR)

If you are in the European Union, European Economic Area, or United Kingdom, you have the following additional rights:

• Right to lodge a complaint: You may file a complaint with your local data protection authority (DPA).
• Automated decision-making: We do not make solely automated decisions that produce legal effects concerning you.
• Data Protection Officer: Contact our DPO at privacy@lovai.app.

International transfers

Your data may be transferred outside the EU/EEA. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Transfers to countries with adequacy decisions
• Binding Corporate Rules where applicable

10. Rights for California residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA and CPRA:

• Right to know: Request information about the categories and specific pieces of personal information we have collected
• Right to delete: Request deletion of your personal information
• Right to correct: Request correction of inaccurate personal information
• Right to opt-out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising
• Right to limit sensitive personal information: Limit use and disclosure of sensitive personal information
• Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

Categories of information collected in the past 12 months:

• Identifiers (email, username, IP address)
• Commercial information (purchase history)
• Internet activity (browsing history, interactions)
• Inferences (preferences derived from usage)

To submit a request, email privacy@lovai.app or use the "Do Not Sell My Personal Information" link in our footer.

11. Rights for other U.S. state residents

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with privacy laws have similar rights including:

• Right to access, correct, and delete personal data
• Right to data portability
• Right to opt-out of targeted advertising and sale of personal data
• Right to appeal our decisions regarding your requests

Contact privacy@lovai.app to exercise these rights.

12. Handling of data upon account deletion

When an account is deleted, information is handled as follows:

• Profile information: Deleted within 30 days
• Post content: Deleted (posts with purchase history may be retained for legal compliance)
• Purchase history: Retained for 7 years (legal requirement)
• Log data: Deleted after 90 days
• Backups: Removed from backups within 90 days

13. Children's privacy

The Service is not intended for users under 18. We do not knowingly collect personal information from children under 16 (or 13 in the US). If we discover we have collected such information, we will promptly delete it. Parents or guardians who believe their child has provided personal information should contact us immediately.

14. International data transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards including:

• Standard Contractual Clauses for EU/EEA transfers
• Data Processing Agreements with all processors
• Technical and organizational security measures

Primary data locations:

• Database: AWS (Tokyo, Japan / US regions)
• Authentication: Supabase (AWS infrastructure)
• Payments: Stripe (US with global compliance)
• Hosting: Vercel (Global CDN)

15. Changes to this Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you of material changes at least 30 days before they take effect through:

• Email notification (for significant changes)
• In-app notification
• Update to the "Last updated" date above

Continued use after the effective date constitutes acceptance of the updated policy.

16. Contact

For inquiries about this policy or to exercise your privacy rights:

End