Who we are
Loremill (“Loremill”, “we”, “us”) is the AI game companion: pick a game, ask a question, get a cited answer. This policy explains how we handle personal data when you use the website and product.
For privacy questions or to exercise your rights under GDPR, write to antonio.aiello.loremill@gmail.com.
What we collect
We keep the dataset deliberately small. The categories below are everything we store about you:
Your email address and a unique account identifier provided by our authentication provider (Clerk). If you sign in with Google, we receive your email and a Google account identifier — never your Google password.
If you upgrade to Pro, our payment processor (Stripe) returns a customer identifier and subscription status, which we link to your account. Card numbers, billing addresses, and tax data are held by Stripe — they never reach our servers.
The games you add to your library and which one is currently active. This is preference data, kept so the chat opens to the right context.
Each time you ask a question, we store the question text, the game it was asked about, response latency, token counts, and a hash used for caching. We do this for two reasons: enforcing the free-tier daily limit, and improving answer quality on a curated evaluation set. We do not pair questions with your name or send them to advertisers.
We use PostHog to record anonymized product events (sign-up, checkout started, subscription completed, page views). These events are tied to your account identifier so we can debug regressions, not to a third-party advertising profile.
Our hosting provider (Vercel) records standard request metadata — IP address, user-agent, timestamp — for security and debugging. These logs are retained for a short window and then discarded.
What we don’t collect
- Save files, character builds, party state, or anything from your local machine.
- Voice, video, microphone, or camera input.
- Browsing history outside Loremill.
- Payment card numbers (handled entirely by Stripe).
- Sensitive categories of data under GDPR Article 9.
How we use the data
- Answer your questions and stream cited responses.
- Enforce the free-tier daily limit and bill Pro subscribers.
- Cache answers across users to keep the product fast and affordable. Cache keys are derived from the game and a normalized hash of the question — not from your account.
- Diagnose bugs and reduce regressions through analytics events and logs.
- Improve answer quality by reviewing aggregated question patterns. We don’t train external models on your questions.
- Send transactional email (sign-in, receipts) via Resend. We don’t send marketing email without separate, explicit opt-in.
Legal bases (GDPR)
- Contract: account creation, answering your questions, providing the Pro subscription.
- Legitimate interest: caching, abuse prevention, product analytics, security logs.
- Legal obligation: tax records held by Stripe, fraud-prevention duties.
- Consent: any future marketing email or non-essential cookies will be opt-in.
Subprocessors
We use a small set of trusted infrastructure providers to run the product. They process data on our instructions only.
| Provider | Purpose | Region |
|---|---|---|
| Clerk | Authentication | US (DPF-certified) |
| Supabase | Account database, usage log | EU |
| Upstash | Rate limiting, answer cache | EU |
| Vercel | Hosting, request logs | Global edge |
| Stripe | Subscription billing | US / EU |
| Anthropic | Answer reformulation (Claude) | US |
| Perplexity | Source retrieval | US |
| PostHog | Product analytics | EU |
| Resend | Transactional email | US / EU |
Where data is transferred outside the EEA, we rely on the provider’s Standard Contractual Clauses or Data Privacy Framework certification.
Cookies
We use a minimal set of first-party cookies for session authentication (Clerk) and CSRF protection. PostHog sets a first-party identifier cookie used only for product analytics. We do not use advertising cookies, retargeting pixels, or third-party tracking.
Retention
- Account data: kept while your account is active. Deleted within 30 days of account deletion.
- Usage log (questions and metadata): retained for up to 12 months, then aggregated or deleted.
- Cached answers: 7 to 30 days depending on how volatile the game’s information is.
- Billing records held by Stripe: retained per legal/tax obligations (typically 10 years in the EU).
- Operational logs: 30 days.
Your rights
Under GDPR you have the right to access, correct, export, and delete your personal data, and to restrict or object to certain processing. To exercise any of these, email antonio.aiello.loremill@gmail.com from the address tied to your account. We respond within 30 days.
You can also delete your account directly from Settings; this triggers cascading deletion of your profile, library, and usage log. If you’re unsatisfied with how we handle your data, you have the right to lodge a complaint with your local supervisory authority.
Security
Data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to a small set of operators and gated by single sign-on with hardware-key second factors. Stripe webhooks and Clerk webhooks are signature-verified before any state change.
Children
Loremill is not directed to children under 16. We don’t knowingly collect data from anyone under that age. If you believe a child has created an account, contact us and we will delete it.
Changes to this policy
When we materially change how we handle data, we’ll update this page and notify Pro subscribers by email. The “Last updated” date at the top reflects the most recent revision. Continued use after a change means you accept the updated policy.
Last updated May 7, 2026