Privacy Policy

Last Updated: July 1, 2026

1. Introduction

loravae ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our copyright protection services and platform.

By using our services, you agree to the collection and use of information in accordance with this policy.

2. Legal Disclaimer

Loravae is not a law firm, solicitor, or regulated legal practitioner.

Nothing contained within this Privacy Policy, our Terms of Service, or any communications from Loravae constitutes legal advice. Our services are administrative and technical in nature. If you require legal advice, please consult a qualified and regulated solicitor or legal professional in your jurisdiction.

Loravae is fiscally sponsored by Hack Club. Hack Club is a 501(c)(3) nonprofit (EIN: 81-2908499). Registered under The Hack Foundation, a 501(c)(3) nonprofit (EIN: 81-2908499).

Loravae is not regulated by the Solicitors Regulation Authority (SRA), the Bar Standards Board (BSB), or any equivalent legal regulatory body in any jurisdiction.

3. Data Protection Officer

Our Data Protection Officer (DPO) is responsible for overseeing our data protection strategy and ensuring compliance with applicable privacy laws.

DPO Contact:

Charlie Walsh

Email: dp@chxr.uk

3. Information We Collect

3.1 Information Collected Automatically

When you visit our platform, our systems automatically log certain technical information:

  • Device & Connection Data: IP address, device type, browser type, operating system, and user agent strings.
  • Login & Security Logs: Timestamps of successful/failed logins, and device identifiers used to access your account.
  • Activity Analytics: Pages visited, features accessed, and general interaction with our dashboard to improve the user experience.

3.2 Information Inputted Directly by Clients

This is the information you actively provide to us when using Loravae or filling out our forms:

  • Account Details: Name, email address, phone number, and password.
  • KYC Verification Data: Title, full legal name, government-issued IDs (passport, national ID, etc.), and biometric facial scans (handled securely).
  • Copyright & Case Data: URLs of protected content, evidence files, descriptions of infringing content, and responses submitted on our Information Intake forms.
  • Communications: Support tickets, live chat conversations (via Zendesk), emails sent to our team, and case comments.
  • Payment & Purchase Data: Product serial numbers, subscription plan levels, and payment verification records (processed securely via PayPal).

3.3 Information Manually Inputted by Staff

During the lifecycle of your account or case, our internal administrative and legal teams may add data to your profile:

  • Case Investigation Notes: Private administrative logs, details of copyright infringement investigations, and risk assessments.
  • Platform Communication: Documentation of correspondence between our team and hosting providers, domain registrars, or infringing parties on your behalf.
  • Account Status Updates: Flags regarding verification status, subscription amendments, or records of legal compliance reviews.

4. How We Use Your Information

We use your information for the following purposes:

4.1 Service Provision

  • Providing copyright protection services
  • Processing takedown requests
  • Managing your account and subscription
  • Facilitating communication between clients and administrators

4.2 Security and Authentication

  • Verifying your identity, age compliance (13+), and preventing unauthorized access
  • Monitoring login activity for security purposes
  • Detecting and preventing fraudulent activity
  • Maintaining platform security and integrity

4.3 Communication

  • Sending service-related notifications
  • Providing customer support
  • Updating you on case progress
  • Sending important account information

4.4 Legal Compliance

  • Complying with legal obligations
  • Responding to legal requests
  • Protecting our rights and interests
  • Enforcing our terms of service

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

  • Third-party service providers who assist in our operations
  • Payment processors for subscription management
  • Cloud storage and hosting providers
  • Communication and support platforms

5.2 Disclosure to Law Enforcement & Legal Authorities

We may disclose your personal data to law enforcement agencies, regulatory bodies, courts, or other government authorities when required to do so by applicable law, valid legal process (e.g. court order, subpoena, search warrant), or where we reasonably believe disclosure is necessary to protect rights, safety, or property. Data shared in these circumstances may include, but is not limited to:

  • Case Information: Full case records including takedown submissions, case timelines, investigation notes, infringement reports, and correspondence with platforms or registrars.
  • Client Contact Information: Full name, email address, phone number, and any registered business details associated with the account.
  • Intake Form Submissions: Data collected via our Information Intake forms, including the submitter's name, email, IP address, declared ownership information, and any evidence or URL data provided in the submission.
  • Login & Session Information: Authentication timestamps, session identifiers, IP addresses used during login, and device/browser metadata where available and collected.
  • Support Tickets & Communications: Full support ticket threads, internal staff notes, and where applicable, records of phone conversations conducted through our platform.
  • KYC Verification Records: Government-issued identity document data (e.g. passport, national ID), biometric verification results, and age verification outcomes provided during our KYC process.
  • Payment Records: Transaction reference IDs, subscription status, and billing confirmation data processed through PayPal.
  • Any other data we hold: We reserve the right to disclose any additional information we hold on a user or third party where legally compelled to do so or where necessary to prevent harm, fraud, or abuse of our platform.

We will, where legally permitted, notify affected users of such requests prior to disclosure.

5.3 Copyright Enforcement

  • Sharing necessary information with platforms for takedown requests
  • Providing evidence to support copyright claims
  • Communicating with alleged infringers when required

6. Data Storage and Security

6.1 Data Storage

  • Data is stored on secure cloud infrastructure
  • We use MongoDB for database storage with encryption
  • Files and content are stored using secure cloud storage services
  • Backups are maintained for data recovery purposes

6.2 Security Measures

  • Passwords are encrypted using industry-standard hashing
  • Secure HTTPS connections for all data transmission
  • Regular security monitoring and updates
  • Access controls and authentication requirements
  • Login history tracking for security purposes

7. Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records

Specific retention periods:

  • Account Data: Retained while account is active plus 7 years after closure
  • Login History: Last 10 login sessions per account
  • Takedown Records: Retained for 7 years for legal compliance
  • Communication Records: Retained for 3 years
  • KYC Verification Documents: Retained until verification is adequate and then deleted
  • Payment Records: Retained for 7 years for tax and legal purposes

8. Your Rights

Depending on your location, you may have the following rights:

8.1 Access and Portability

  • Right to access your personal information
  • Right to receive a copy of your data in a portable format
  • Right to know what information we have about you

8.2 Correction and Updates

  • Right to correct inaccurate information
  • Right to update your personal details
  • Right to complete incomplete information

8.3 Deletion and Restriction

  • Right to request deletion of your data (subject to legal requirements)
  • Right to restrict processing of your information
  • Right to object to certain types of processing

To exercise these rights, please contact our DPO at dp@chxr.uk.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication: Maintaining your login session
  • Security: Protecting against unauthorized access
  • Functionality: Remembering your preferences
  • Analytics: Understanding platform usage (anonymized)

Essential cookies are necessary for the platform to function. You can control non-essential cookies through your browser settings.

10. Third-Party Services & Integrations

To provide our copyright protection services securely and efficiently, we integrate with specific external technical platforms. Below is a detailed breakdown of the systems we utilize, how they process your data, and standard industry services that we explicitly do not use.

10.1 Systems in Active Use

  • Zendesk: Used as our core customer support portal and live chat widget. To authenticate and provide a seamless support experience, we prefill Zendesk widgets with your name, email, and phone number, and generate secure authentication tokens.
  • Resend: Used to deliver all transactional email notifications including registration confirmations, password reset links, case status alerts, and administrative notifications. Resend processes your recipient email address and message contents.
  • Youverse: Used for secure biometric identity verification and Government ID validation during client KYC checks to ensure compliance with our 13+ age requirement and to prevent fraudulent ownership claims.
  • PayPal: Used for subscription billing and payment processing. Transaction reference IDs and billing status are verified via secure Instant Payment Notification (IPN) callbacks. Loravae does not store full card or bank details.
  • Vercel Blob Storage: Our primary object storage for client-submitted documentation, case evidence, signed legal agreements, and generated resolution documents.
  • Cloudflare R2: Used exclusively for securely hosting job application materials (CVs, cover letters, and portfolios) submitted via our careers portal.
  • MongoDB: Our primary database, storing client profiles, case records, support tickets, KYC outcomes, agreements, intake form responses, and internal platform configuration.
  • Vercel: Our hosting infrastructure and serverless compute provider, serving all front-end assets and API endpoints for the Loravae platform.

10.2 Systems We Do NOT Use

To protect creator privacy and maintain maximum data sovereignty, we explicitly do not integrate with or use the following platforms or service categories:

  • Intercom: We do not use Intercom for chat, support messaging, or any form of user tracking or engagement analytics.
  • Sellauth: We no longer use Sellauth for licensing or serial key distribution. Product serial keys are managed internally within our own database.
  • Stripe: We do not process any payments through Stripe or other credit card merchant processors.
  • Google Analytics & Ad Trackers: We do not run Google Analytics, Facebook Pixel, TikTok Pixel, or any behavioral advertising or retargeting scripts on our platform.
  • Amazon Web Services (AWS) S3: We do not use AWS S3 or any other AWS storage service for client data.
  • Marketing Automation Platforms: We do not sync your personal data to mailing list or CRM tools such as HubSpot, Mailchimp, Klaviyo, or ActiveCampaign.

All active service providers are governed by their respective privacy policies. We encourage users to review them to understand how they handle data.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

12. Children's Privacy

Our services are not intended for individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our platform and updating the "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact:

Data Protection Officer:

Charlie Walsh

Email: dp@chxr.uk

General Inquiries:

loravae

Email: hello@loravae.org.uk

15. Complaints

If you believe we have not handled your personal information in accordance with this policy, you have the right to file a complaint with your local data protection authority.