← Back to LoveLetter

Privacy Policy

Datenschutzerklärung (GDPR / DSGVO)

Last updated: 2026-06-11

1. Controller

The controller responsible for processing your personal data within the meaning of the General Data Protection Regulation (GDPR / DSGVO) is:

Stefan Uhlenberg
Weinfeldweg 1A
36148 Kalbach
Germany
Email: privacy@love-letter.app

2. What data we process

  • Account data: email address, username, password (stored only as a salted hash), age confirmation (18+).
  • Profile content: your letter text, drawings, interests, and the optional self-declared attributes you add (e.g. personality, lifestyle, what you are seeking).
  • Approximate location: if you provide a location, we may derive coarse coordinates to enable distance-based discovery.
  • Usage & device data: activity timestamps, device and session information, and technical logs (e.g. IP address) necessary to operate and secure the Service.
  • Messages: private messages are end-to-end encrypted in your browser/app; we store only the ciphertext and cannot read their content.
  • Payment data: if you purchase Premium, billing is handled by our payment providers (e.g. Stripe, Apple, Google); we do not store full card numbers.

3. Purposes & legal bases

  • Providing the Service and your account, including matching and discovery — Art. 6(1)(b) GDPR (performance of a contract).
  • Safety, moderation, fraud prevention, and securing the Service — Art. 6(1)(f) GDPR (legitimate interests).
  • Sending transactional emails (e.g. verification, security) — Art. 6(1)(b) GDPR; optional marketing/digest emails only with your consent — Art. 6(1)(a) GDPR.
  • Processing payments and meeting legal/tax obligations — Art. 6(1)(b) and 6(1)(c) GDPR.

4. Recipients & processors

We use carefully selected service providers (processors) for hosting, email delivery, payment processing, and content moderation, who act on our instructions under data-processing agreements pursuant to Art. 28 GDPR. We do not sell your personal data.

5. International transfers

LoveLetter is offered worldwide. Where data is transferred to countries outside the EU/EEA, we ensure an adequate level of protection through appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision of the European Commission.

6. Retention

We keep your personal data only as long as necessary for the purposes described above or as required by law. When you delete your account, we delete or anonymise your personal data, except where we must retain certain records (e.g. billing data) to comply with statutory retention periods.

7. Your rights

Under the GDPR you have the right to:

  • access your personal data (Art. 15);
  • rectification (Art. 16) and erasure (Art. 17);
  • restriction of processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interests (Art. 21);
  • withdraw consent at any time, without affecting prior processing.

To exercise these rights, contact us at privacy@love-letter.app. You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence or the place of the alleged infringement.

8. Cookies & local storage

We use cookies and local/session storage that are strictly necessary to keep you signed in and to operate the Service. Any non-essential cookies are only set with your consent.

9. Children

The Service is for adults only and is not directed to anyone under 18. We do not knowingly collect personal data from minors.

10. Changes to this policy

We may update this Privacy Policy to reflect changes to the Service or legal requirements. The current version is always available on this page, with the "last updated" date shown above.