Last updated April 23, 2023
Lovetap’s mission is to connect people with what they ❤️ — and since most people don’t ❤️ being tracked across the internet and having their personal data stored and sold, we don’t do that. This document describes specifically what information we do and don’t collect about you as a customer or visitor.
As a guiding principle, we aim to collect only the information needed to provide a complete and valuable service. We especially aim to protect the privacy of visitors to our customers’ websites, some of whom surely have no interest in interacting with us but are nonetheless unwilling or unable to block our services from their devices.
We’ll never sell or trade your personal information to third parties, and we won’t use your name or company in marketing statements without your permission either. We also strive to minimize the number of third parties that process your data on our behalf.
We don’t log or store any IP addresses or geolocation coordinates of visitors or customers.
When you visit a website or app that uses Lovetap, we won’t place any cookies on your device, nor will we use local storage, browser fingerprinting, or any other mechanism of tracking you between visits or linking your activity to a personal profile.
We don’t record site-wide mouse movements, keystrokes, or other detailed session replay data.
We don’t use tracking pixels or third party services to retarget you with ads.
When you create a Lovetap account, you will not be asked for a name or profile photo.
Lovetap servers do not store any of your billing details like name, address, or card number. Those details are collected and stored securely by Lovetap's payment processor, Stripe.
When you visit a website or app that uses Lovetap, we will store aggregated data about your session. These aggregates include your imprecise geolocation data (city, region, and country as determined by your IP address). We also store any time you interact with a Lovetap button or widget. This information helps our customers understand how their visitors respond to their content and whether they are achieving their goals.
When you sign up for a Lovetap account, we will ask for your email address. This helps you reset your password if you forget it, and gives us a way to send you important account updates. We will also, with your consent, email you with product news.
If you sign up for a paid Lovetap subscription, our payment processor will ask you for your billing details. Credit card information is submitted directly to our payment processor and doesn’t touch Lovetap servers. Your billing history is also hosted by Stripe in a portal that we link to on your account page. We use aggregate billing information to inform strategic decisions.
When you log in, we ask your browser to store a persistent first-party cookie with a temporary token that gives your browser access for that session. It is an opaque token, meaning that it does not encode any information about your account.
As a Lovetap customer, you have the option to send us information about the content your visitors are interacting with, including a title and description. We use this information to create a searchable dashboard that helps our customers find the data they need.
When you email Lovetap with a question or to ask for help, we keep that correspondence, including your email address, so that we have a history of past correspondence to reference if you reach out in the future. This correspondence may include information like your name and picture if your email software sends it.
We also store information you may volunteer, for example, written responses to surveys. If you agree to a customer interview, we may ask for your permission to record the conversation for future reference or use. We will only do so with your express consent.
No Lovetap human looks at your website content except for the purpose of fixing problems when they arise. We may need to fix bugs in our software, or investigate and prevent restricted uses. Accessing a customer’s account when investigating any issue is a measure of last resort. We want to protect the privacy and safety of both our customers and the people reporting issues to us, and we do our best to balance those responsibilities throughout the process.
Lovetap LLC is a U.S. company and has data infrastructure located in the U.S.
Requests for user data. Our policy is to not respond to government requests for user data unless we are compelled by legal process or in limited circumstances in the event of an emergency request. However, if U.S. law enforcement authorities have the necessary warrant, criminal subpoena, or court order requiring us to share data, we must comply. Likewise, we will only respond to requests from government authorities outside the U.S. if compelled by the U.S. government through procedures outlined in a mutual legal assistance treaty or agreement. It is Lovetap’s policy to notify affected users before we share data unless we are legally prohibited from doing so, and except in some emergency cases.
Preservation requests. Similarly, Lovetap’s policy is to comply with requests to preserve data only if compelled by the U.S. Federal Stored Communications Act, 18 U.S.C. Section 2703(f), or by a properly served U.S. subpoena for civil matters. We do not share preserved data unless required by law or compelled by a court order that we choose not to appeal. Furthermore, unless we receive a proper warrant, court order, or subpoena before the required preservation period expires, we will destroy any preserved copies of customer data at the end of the preservation period.
If we are audited by a tax authority, we may be required to share billing-related information. If that happens, we will share only the minimum needed, such as billing addresses and tax exemption information.
If Lovetap LLC is acquired by or merges with another company, we’ll notify you well before any of your personal information is transferred or becomes subject to a different privacy policy.
We use a few third-party subprocessors to help run our applications and provide our services to you. This list is exhaustive and is always updated prior to the release of new software that uses new subprocessors.
We use Courier and Postmark to send customers email and manage their email preferences. When you create an account, they will receive your email address and the contents of any email we send you.
We use Stripe to calculate taxes, process payments, and manage subscriptions. When you upgrade from your free trial, they will receive your billing details, billable resource usage, and subscription status information.
We use Fly and Cloudflare to host our website, web application, and databases. Whenever you use our website or API, they will receive your IP address and some information about your device and activity in the process of connecting you to our service and running our servers.
We use Algolia to provide search capabilities to our customers. They will receive any searchable data that you explicitly provide about your content when connecting to our service.
At Lovetap, we strive to apply the same data rights to all customers, regardless of their location. Some of these rights include:
Many of these rights can be exercised by signing in and updating your account information.
If you have questions about exercising these rights or need assistance, please contact us at privacy@lovetap.fm or at Lovetap LLC, 8605 Santa Monica Blvd, PMB 91192, West Hollywood, CA 90069. If an authorized agent is corresponding on your behalf, we will need written consent with a signature from the account holder before proceeding.
If you are in the EU or UK, you can contact your data protection authority to file a complaint or learn more about local privacy laws.
All connections between our servers and your browser are encrypted with TLS. Your email address is encrypted before we store it in our database and decrypted when we need to send you an email. We also store a SHA-256 hash of your email address that we use to look up your account information when you log in. This means that if the contents of our main database file were leaked, your email address would not be exposed. We do not collect any other PII at this time.
Other data, including content metadata you’ve uploaded, is not encrypted while stored in our database. When we have implemented at-rest encryption for our main database, we will update this document.
Our service runs on multiple servers that run around the world and connect to each other via an encrypted private network managed by our hosting provider. We will never transfer your data over the Internet without using industry-standard encryption systems managed by trusted parties.
Our products and other web properties are operated in the United States. If you are located in the European Union, UK, or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to and stored in the United States. By using our websites or services and/or providing us with your personal information, you consent to this transfer.
If you cancel your account, we’ll log out all existing dashboard sessions and disable any account functionality. As per our Cancellation Policy, Your account data will be permanently deleted within 60 days. We do not guarantee that we will be able to restore account functionality if you change your mind before your account data is deleted, but you are welcome to ask.
The European Data Protection Board (EDPB) has issued guidance that personal data transferred out of the EU must be treated with the same level of protection that is granted under EU privacy law. UK law provides similar safeguards for UK user data that is transferred out of the UK. Accordingly, Lovetap has adopted a data processing agreement with Standard Contractual Clauses to help ensure this protection. Lovetap’s Data Processing Agreement is available on GitHub.
There are also a few ad hoc cases where EU personal data may be transferred to the U.S. in connection with Lovetap LLC operations, for instance, if an EU user signs up for our newsletter or participates in one of our surveys or buys swag from our company online store. Such transfers are only occasional and data is transferred under the Article 49(1)(b) derogation under GDPR and the UK version of GDPR.
We may update this policy as needed to comply with relevant regulations and reflect any new practices. You can view a history of the changes to our policies on GitHub. Whenever we make a significant change to our policies, we will refresh the date at the top of this page and take any other appropriate steps to notify users.
Have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information? Please get in touch by emailing us at privacy@lovetap.fm and we’ll be happy to try to answer them!
This privacy policy was adapted from the open source privacy policy published by 37signals. We thank them for sharing a valuable resource with the community.
This policy applies to all products created and owned by Lovetap LLC.