Lovia
Feedback

Privacy Policy for the Lovia web app

1. Definitions and general information

This privacy policy explains what personal data is processed when you use Lovia, for which purposes, and what rights you have.

Personal data means any information relating to an identified or identifiable natural person (e.g. email address, usage data, device information).

Lovia is aimed at an adult audience and covers intimate and sex-education topics. Use is voluntary and can be stopped at any time.

2. Hosting and server log files

Our web app is hosted on Vercel. When you access the app, technically necessary connection data is processed, including date and time of access, URL visited, referrer URL, IP address (shortened or full, depending on infrastructure), browser and device information, and HTTP status codes.

Processing serves delivery of the app, stability and security, and error analysis.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure, functional operation); for registered users also Art. 6(1)(b) GDPR.

Region: USA – Vercel data center Washington, D.C. (region iad1)

3. Registration and user account

You can use parts of Lovia without providing your real name. Some features require a user account.

For sign-in we use Supabase Auth by email: you enter your email address and receive a one-time sign-in link (magic link) or one-time code (OTP). We process especially your email address, authentication and session information (e.g. access tokens), and technical metadata of the sign-in process. We do not offer social logins (OAuth); we do not store passwords.

Purposes include setting up and managing your account, sign-in, abuse prevention, and providing personalized features.

Legal bases: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

4. Use of the app and stored content

When you use the app, in-app data may be stored voluntarily, e.g. favorites, progress (XP, completed positions), settings, and other user-related content.

Note on sensitive topics: the app covers intimate content but does not actively require special categories of personal data under Art. 9 GDPR. Users may still store content voluntarily.

Legal bases: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

5. Supabase (backend, database, auth, storage)

We use Supabase as a processor (PostgreSQL, authentication, storage). Depending on use, account and authentication data, in-app data, and technical metadata are processed.

Server location: EU (Ireland).

Legal bases: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.

6. Web analytics

6.1 Aggregated page views (Vercel Web Analytics)

To assess reach and stability we collect aggregated page views via Vercel Web Analytics. No marketing cookies are set, no local storage is used for tracking, and no persistent user profiles are created. Visitors are recognized server-side only via a daily pseudonymous hash that resets each day.

We process especially visited page URLs, referrer, device and browser type, and approximate origin (country/region). This is not linked to your user account.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reach and operations analysis with privacy-friendly, cookieless measurement). Consent is not required.

Processor: Vercel Inc. (hosting and analytics infrastructure). Region see section 2.

6.2 Optional product analytics

With your active consent we may additionally use pseudonymous product analytics (e.g. clicks, feature use, technical usage events) to improve Lovia.

Services: Google Analytics 4 (product and reach analytics), PostHog (product analytics), and Vercel Speed Insights (performance). We use pseudonymous identifiers (e.g. anonymous session IDs) instead of real names.

Without consent, no events are sent to Google Analytics, PostHog, or Speed Insights. If you withdraw consent, we stop future transfers. Vercel Web Analytics (section 6.1) is unaffected.

Legal basis: Art. 6(1)(a) GDPR (consent). Optional product analytics starts only after you actively agree.

You can change or withdraw consent at any time with future effect in privacy settings: /privacy-settings

7. Cookies and similar technologies

We primarily use technically necessary technologies for login, session management, security, and core app functionality.

Vercel Web Analytics (section 6.1) works cookieless and does not set tracking cookies. For optional product analytics (section 6.2), similar technologies (e.g. local storage for consent or pseudonymous session IDs) are used only after consent.

Non-essential cookies or comparable tracking technologies are used only where there is a legal basis and, where required, consent has been obtained.

8. Legal bases for processing

  • Art. 6(1)(b) GDPR (contract performance for registered users)
  • Art. 6(1)(f) GDPR (legitimate interests, operation and improvement)
  • Art. 6(1)(a) GDPR (consent where required, e.g. optional communications)

9. Recipients / processors

Data is shared only as needed to operate the service. Recipients may include Vercel (hosting and web analytics), Supabase (backend), and—with consent—Google (Google Analytics 4) and PostHog (product analytics).

We do not share data with third parties for advertising purposes.

10. Retention

We retain personal data only as long as needed for the respective purposes or as required by law.

On request we delete your account and related data unless legal retention duties apply.

11. Your rights

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing under Art. 6(1)(f) GDPR (Art. 21 GDPR)
  • Withdraw consent (Art. 7(3) GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

Privacy contact: info@lovia.rocks

12. Security measures

We apply appropriate technical and organizational measures, including TLS encryption, access controls, role-based permissions, pseudonymization where possible, security updates, monitoring, and backup and recovery procedures.

13. Voluntary use and deletion

Use of Lovia is voluntary. You may stop at any time and request deletion of your account and personal data unless legal retention obligations apply.

Deletion contact: info@lovia.rocks

14. Updates

We update this privacy policy when legal requirements, features, or service providers change.

Last updated: 30. Mai 2026