Download

Loveable Privacy Policy

Privacy Policy

Effective Date: Dec 17, 2024

At Loveable, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (“App”). Please read this Privacy Policy carefully. By accessing or using the App, you agree to the terms of this Privacy Policy.

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. How We Share Your Information
  4. Data Storage and Security
  5. User Rights & Controls
  6. Children’s Privacy
  7. Communications
  8. Account Deletion
  9. Payments
  10. Data Protection
  11. International Considerations
  12. Compliance with Laws
  13. User Rights Under GDPR
  14. Third-Party Services
  15. Local Storage and Tracking
  16. Future Features
  17. Changes to This Privacy Policy
  18. Contact Us
  19. Complaints and Dispute Resolution
  20. Data Protection Officer
  21. How We Handle Privacy Requests
  22. Data Protection Measures
  23. Miscellaneous
  24. Definitions
  25. User Feedback and Suggestions
  26. Granular Control Over Data Collection
  27. Accessibility
  28. Language Options
  29. Transparency About Data Processing Activities

1. Information We Collect

1.1 Personal Information You Provide

We collect personal information that you voluntarily provide when you register or use the App:

  • Name
  • Email Address
  • City and State

1.2 Information Collected with Your Consent

  • Location Data: With your explicit consent, we collect your location data, which is tied only to your uploaded messages data.
  • Lab Experiment Feedback: Any data you voluntarily submit for Lab Experiment feedback.

1.3 Information Collected Automatically

When you use the App, certain information is collected automatically:

  • Usage Data: Information about how you use the App, such as the number of messages sent and your love score, which is calculated and stored on our servers.
  • Analytics Data: We use third-party analytics tools like Firebase and Google Analytics to collect and analyze usage information.

1.4 Device Information

  • We do not collect device identifiers.
  • We do not access device features such as the camera, photos, or contacts.

1.5 Data Minimization

We are committed to collecting only the personal data that is necessary to provide and improve our services. We do not collect excessive or irrelevant information beyond what is required for the stated purposes.

1.6 Granular Control Over Data Collection

Within the App settings, you can manage your preferences for data collection, including enabling or disabling location tracking and participation in lab experiments. This allows you to tailor the data you share according to your comfort level.

2. How We Use Your Information

2.1 Providing and Improving the App

  • Message Data: Used to create heatmaps and aggregate message counts.
  • City and State: Used for groups functionality
  • Lab Experiment Data: Aggregated to share experiment results publicly in an anonymized form.

2.2 Communications

  • Marketing: Your email may be used for Loveable marketing purposes. We will never sell your email to third parties.
  • Support: To respond to your inquiries and provide customer support.

2.3 Geo-fencing

We use publicly available data for geo-fence locations to enhance your experience.

2.4 Data Minimization

We ensure that only the necessary data is used for the intended purposes, adhering to the principle of data minimization to protect your privacy.

3. How We Share Your Information

3.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf:

  • Firebase
  • Google Analytics
  • Sentry (Error Logging)
  • Heroku
  • MongoDB Atlas
  • Prismic

These service providers have access to your data only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose.

3.2 Legal Obligations

We may disclose your information:

  • To comply with legal obligations.
  • To protect and defend our rights and property.
  • To prevent or investigate possible wrongdoing.

3.3 Aggregate Data

We may share aggregated, anonymized data publicly (e.g., statistics and facts) that does not identify you personally.

3.4 Third-Party Links

Our App may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices or the content of these third-party sites. We encourage you to review the privacy policies of any third-party services you use.

4. Data Storage and Security

4.1 Storage Location

  • Data is stored in MongoDB Atlas servers located in the United States.

4.2 Data Retention

  • We retain your data indefinitely unless you request deletion.

4.3 Security Measures

  • Encryption: Data is protected using 256-bit encryption and is encrypted at rest.
  • Secure Transfers: We use TLS and SSL protocols for data transfer.
  • Access Controls: Role-based access to the database to ensure only authorized personnel can access your data.
  • Disaster Recovery: Regular backups are performed as part of our disaster recovery plan.

4.4 Data Breaches

  • In the event of a data breach, we will notify affected users within 72 business hours of becoming aware of the breach, in accordance with GDPR requirements. The notification will include information about the nature of the breach, the data affected, and the measures we are taking to address it.

4.5 Sensitive Data

While we do not intentionally collect sensitive personal data, if you choose to provide such information, we implement additional security measures to protect it, including enhanced encryption and restricted access.

4.6 Regular Security Audits

We conduct regular security audits and vulnerability assessments to identify and address potential threats.

5. User Rights & Controls

5.1 Access to Data

  • You can access your data within the App.

5.2 Data Deletion

  • You may request deletion of your data by contacting us at [email protected].
  • Personally Identifiable Information (PII) such as your name and email will be deleted upon account deletion.

5.3 Data Export

5.4 Updating Information

5.5 Withdrawing Consent

You have the right to withdraw your consent for data processing at any time. To do so, contact us directly at [email protected]. Upon withdrawal, we will cease processing your data for the purposes you have revoked consent for.

6. Children’s Privacy

  • We do not knowingly collect data from children under 13 years of age.
  • If we become aware of data collected from a child under 13, we will delete it immediately.
  • Parents or guardians can contact us to request deletion of data.

7. Communications

7.1 Marketing Emails

  • We may send marketing emails. You can opt out by following the unsubscribe instructions or contacting us.

7.2 Push Notifications

  • We send push notifications. You can opt out by changing your device settings.

7.3 Support Communications

8. Account Deletion

  • How to Delete: Use the “Delete Account” option in the App, which sends us a deletion request.
  • Processing Time: We will delete your PII within one week of the request.
  • Account Deletion Process:
    1. Initiate Deletion: Use the “Delete Account” option within the App.
    2. Confirmation: You will receive an email confirming your deletion request.
    3. Processing: We will process your request and delete your Personal Identifiable Information (PII) within one week.
    4. Final Confirmation: You will receive a final email once your account and PII have been successfully deleted.

If you encounter any issues during this process, please contact us at [email protected].

9. Payments

  • In-App Purchases: Handled through Google Play and the Apple App Store.
  • Payment Information: We do not collect or store payment information.
  • In-App Purchases Data Handling: All payment transactions are processed securely through Google Play and the Apple App Store. We do not store or have access to your payment information. Any data related to your purchases is managed by these third-party platforms in accordance with their respective privacy policies.

10. Data Protection

10.1 Security Measures

  • Encryption: TLS and SSL protocols are used.
  • Access Controls: Role-based access ensures only authorized staff access data.
  • Staff Training: Staff is trained annually on privacy practices.

10.2 Handling Data Breaches

  • Notification: Affected users will be notified promptly.
  • Mitigation: We will take steps to mitigate the breach and prevent future occurrences.

10.3 Incident Response Plan

We have a comprehensive incident response plan to promptly address and mitigate any security breaches.

11. International Considerations

11.1 Data Transfers

  • Your data may be transferred internationally.
  • We comply with GDPR and CCPA regulations for international data transfers.

11.2 Safeguards

  • We use standard contractual clauses and other safeguards for data transfers.
  • International Data Transfer Mechanisms: When transferring your data outside of the United States, we implement appropriate safeguards to ensure your data remains protected. These safeguards include Standard Contractual Clauses (SCCs) and other legally recognized measures to comply with international data protection laws.

12. Compliance with Laws

12.1 GDPR

  • We adhere to GDPR principles for users in the European Union.
  • Legal Basis: Processing is necessary for the performance of a contract and for our legitimate interests.

12.2 CCPA

  • California residents have specific rights under the CCPA.
  • We do not sell personal information.

12.3 COPPA

  • We comply with the Children’s Online Privacy Protection Act.

12.4 Additional Laws

  • In addition to GDPR, CCPA, and COPPA, we comply with other applicable data protection laws, such as Brazil’s Lei Geral de Proteção de Dados (LGPD), to ensure the privacy and protection of your personal data.

13. User Rights Under GDPR

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Correct inaccurate data.
  • Right to Erasure: Request deletion of your data.
  • Right to Restrict Processing: Limit how we use your data.
  • Right to Data Portability: Receive your data in a portable format.

To exercise these rights, contact [email protected].

14. Third-Party Services

14.1 List of Services

  • Firebase
  • Google Analytics
  • Heroku
  • MongoDB
  • Facebook
  • Prismic

14.2 Data Use by Third Parties

  • Access only to necessary data for core functions.
  • Governed by their own privacy policies.

14.3 Opt-Out

  • By using the App, you consent to data processing by third parties as described.
  • Data is not sold for profit.

14.4 Data Access by Third Parties

Each third-party service provider listed below has access only to the data necessary to perform their specific functions:

  • Firebase & Google Analytics: Access usage data to analyze app performance and user behavior.
  • Sentry: Access error logs to monitor and fix application issues.
  • Heroku & MongoDB Atlas: Access stored message data and user information to maintain app functionality.
  • Facebook & Prismic: Access user interaction data if social media integration is implemented.

These providers are contractually obligated to protect your data and use it solely for the purposes outlined above.

15. Local Storage and Tracking

  • Local Storage: Used to enhance user experience by storing preferences and settings.
  • Cookies: We do not use cookies.
  • Do Not Track Requests: Geo-tracking can be toggled in the App settings.
  • Device Identifiers: We do not collect, store, or track any device-specific identifiers such as IMEI numbers, MAC addresses, or advertising IDs.
  • Do Not Track (DNT): Our App respects your preferences regarding tracking. When you enable “Do Not Track” in the App settings, we will disable geo-tracking features. Please note that “Do Not Track” does not affect the collection of usage data necessary for the App’s functionality.

15.1 Detailed Local Storage Usage

We use local storage to save your preferences, such as language settings and theme choices, to enhance your user experience. The data stored locally does not include any personal or sensitive information.

16. Future Features

  • Social Media Integration: We may integrate with social media platforms in the future. Updates will be reflected in this Privacy Policy. Standard Language: Should we integrate social media platforms, we will specify which platforms are integrated and how data is shared with them, ensuring compliance with their privacy policies and obtaining necessary user consents.

17. Changes to This Privacy Policy

  • We may update this Privacy Policy periodically.
  • Notification: Changes will be notified via email.
  • Effective Date: The date at the top reflects the latest update.
  • Policy Reviews and Updates: We regularly review and update this Privacy Policy to ensure it remains compliant with applicable laws and accurately reflects our data processing practices. The latest version will always be available within the App.

18. Contact Us

If you have any difficulty accessing or understanding any part of this policy, please contact us at [email protected] for assistance.

19. Complaints and Dispute Resolution

We are committed to resolving any complaints about our collection or use of your personal data.

  • How to Submit a Complaint: Contact us at [email protected].
  • Response Time: We aim to respond within 30 days.
  • Resolution Process: We will investigate and attempt to resolve any complaints or disputes.

Best Practice Recommendation: We strive to address complaints promptly and fairly, ensuring that any issues are resolved to your satisfaction while maintaining compliance with applicable laws.

20. Data Protection Officer

Our Data Protection Officer (DPO) is Evan Carr

21. How We Handle Privacy Requests

We handle data subject rights in compliance with applicable laws:

  • Verification: We may need to verify your identity before fulfilling your request.
  • Timeframe: Requests are typically processed within 30 days.
  • Exercising Your Rights:
    1. Submit a Request: Email your request to [email protected] with a clear subject line indicating your request (e.g., “Data Access Request”).
    2. Verification: We may ask for additional information to verify your identity before processing your request.
    3. Response: We will respond to your request within 30 days with the information you requested or confirm that your data has been deleted.
    4. Further Assistance: If you need further assistance, please contact us at [email protected].

22. Data Protection Measures

  • Staff Training: Our staff undergoes annual privacy training.
  • Access Controls: Strict role-based access to personal data.
  • Regular Audits: We perform regular audits to ensure compliance.
  • Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential threats.
  • Incident Response Plan: We have a comprehensive incident response plan to promptly address and mitigate any security breaches.

23. Miscellaneous

  • Legal Basis for Processing: Processing your data is necessary for the performance of our services and for our legitimate interests in improving the App.
  • Automated Decision-Making: We do not use your data for automated decision-making processes, including profiling, that significantly affect you. All data processing is performed with human oversight to ensure fairness and accuracy.

24. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, such as collection, storage, use, or deletion.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes data on behalf of the Data Controller.
  • PII (Personally Identifiable Information): Data that can identify an individual, such as name, email, and location data.
  • Usage Data: Information about how you interact with the App, including features used and frequency of use.

25. User Feedback and Suggestions

We value your feedback regarding our privacy practices. If you have any suggestions or concerns, please contact us at [email protected]. Your input helps us improve our services and protect your privacy more effectively.

26. Granular Control Over Data Collection

Within the App settings, you can manage your preferences for data collection, including enabling or disabling location tracking and participation in lab experiments. This allows you to tailor the data you share according to your comfort level.

27. Accessibility

We strive to make our Privacy Policy accessible to all users, including those with disabilities. If you have difficulty accessing or understanding any part of this policy, please contact us at [email protected] for assistance.

28. Language Options

Currently, this Privacy Policy is available in English. If you require a translation of this policy into another language, please contact us at [email protected].

29. Transparency About Data Processing Activities

We engage in the following data processing activities:

  • Collection: Gathering personal data you provide during registration and usage.
  • Storage: Securely storing your data on MongoDB Atlas servers in the United States.
  • Analysis: Analyzing usage data through Firebase and Google Analytics to improve App performance.
  • Aggregation: Aggregating message data and lab experiment feedback for public sharing in anonymized forms.
  • Deletion: Removing your PII upon account deletion requests.

30. Commitment to Transparency and Continuous Improvement

We are dedicated to maintaining transparency in our data practices and continuously improving our privacy measures. We regularly review our Privacy Policy to incorporate new legal requirements and best practices to better protect your information.

Scroll to Top