A short, honest privacy notice.
Most privacy policies are written by lawyers for lawyers. This one is written so you can read it in five minutes and know exactly what we do — and what we don't.
Lova builds and runs websites and apps for the people who hire us. To do that, we collect the smallest amount of personal information we can get away with — usually just your email, name, and the contents of the project we are building together. We never sell your data. We never run advertising trackers on you. We never share information with a third party except the small handful of companies listed in §04 below, and only because they help us deliver the service you are paying for.
| Type | Collected | Why |
|---|---|---|
| Email address | Always | Account, billing receipts, project notifications |
| Full name | Always | Address you on invoices, in messages |
| Company name | Optional | Invoice header, scope-of-work documents |
| Phone number | Optional | Project communication if you opt in |
| Billing address | If invoiced | Tax determination, invoice compliance |
| Card / bank info | Never by us | Stripe processes payments. We see only the last 4 digits. |
| Project content | Always | The thing we are building for you |
| Crash and error data | Always | So we can fix bugs before you report them |
| IP address | Edge logs | Abuse prevention, retained <30 days at Cloudflare |
| Site analytics (first-party) | Always | We record anonymous visit data on lova.dev with our own cookieless analytics (stored in our database, not shared): the page path, the referring site, device type, browser, operating system, screen width, country, any UTM campaign tags in the link, and a per-visit session id that clears when you close the tab. No cookies and no personal data; your IP address is never stored — only an anonymous visitor hash that resets every day. |
| Marketing analytics | Limited | Google Ads tag (gtag.js) + Google Tag Manager (GTM-ND48S4ZT) record pageviews + ad-click attribution. No Google Analytics 4, no Meta Pixel, no session-replay trackers. See §04 processors table. |
To run your project
Project files, chat history, deliverables, and milestones live inside your portal at lova.dev/portal. We refer to them when we are building, when we are answering your questions, and when we send you receipts.
To bill you
We use Stripe to process payments. Stripe sees the card; we see the last four digits, the country code, and a transaction ID. That's it. Texas sales tax is calculated by Stripe Tax on Texas-resident customers for templated work and maintenance plans.
To fix problems
When something breaks, Sentry captures the error, browser, and the URL you were on. We do not capture form contents, passwords, or anything you typed into a private field. Errors are kept 90 days and then deleted.
To talk to you
We use HubSpot to remember the conversation between us. Resend delivers transactional email — receipts, password resets, project updates. No newsletters unless you specifically opt in.
A short list. Each one signs a data-processing agreement with Lova and is independently audited.
-
Account database, authentication, project state
Email, name, hashed password, your projects, deliverables, payments rows
Region AWS US-East
-
Payment processing
Card info processed by Stripe directly. Lova never sees raw card numbers.
Region US
-
Error and crash diagnostics
Stack traces, browser/device metadata, anonymized session replays on error
Region US
-
Hosting, CDN, DNS
IP address, request logs (retained <30 days)
Region Global edge
-
Transactional email delivery
Email address, message metadata
Region US-East
-
Customer relationship management
Name, email, phone, company, conversation history
Region US
-
Conversion measurement for paid advertising; marketing tag management
Pageview events, anonymized device/browser metadata, ad-click attribution cookies (_ga, _gid, _gcl_au). Google Tag Manager (GTM-ND48S4ZT) loads + manages these marketing tags. No name, email, or payment data.
Region US (Google global infrastructure)
Lova for Android and Lova for iOS are thin wrappers around this website. When you open the app it lands on the marketing homepage at lova.dev — no account is required to browse, read about pricing, or use the "Start a project" intake form. Existing clients can sign in at lova.dev/login from inside the app to reach the client portal. The apps do not collect anything that the website does not collect. Push notifications are off by default — if you ever turn them on we will use Apple's APNs and Google's FCM to deliver them. We never read the contents of messages routed through these services; they exist only to wake the app.
Wherever you live, you have rights over the personal information we hold about you. We do not sell or share your data, we do not run advertising, and we do not collect sensitive personal information (no race, health, biometrics, precise location, or financial-account details beyond what Stripe handles). To exercise any of the rights below, email [email protected]. We respond within forty-five (45) days and will not discriminate against you for asserting these rights.
Access
Ask for a copy of everything we have about you.
Correct
Fix anything that is wrong. The portal lets you edit most fields directly.
Delete
Ask us to erase your account and project history. We honor the request within 30 days unless tax law requires us to keep an invoice on file. See how to delete your account & data.
Port
Get a structured export of your data so you can take it elsewhere.
Object
Tell us to stop processing your data. We will, unless we have a legal duty to keep it.
Opt out
You have the right to opt out of any sale or sharing of personal information. We do not sell or share — there is nothing to opt out of. We honor Global Privacy Control (GPC) signals where applicable.
Appeal
If we deny a rights request, reply within sixty (60) days and we will reconsider. We respond to appeals within sixty (60) days of receipt.
Complain
In the US, the Texas Attorney General handles consumer privacy complaints. If you live outside the US, your country's data-protection authority may also accept complaints.
Email [email protected]
Phone (972) 280-7178
Mail Lova Studio LLC · 6675 S Custer Rd Ste 500 · McKinney, TX 75070
Response Within two business days. Always.
We will update this notice when our practices change. The version number and effective date at the top of the page change with it. If we ever do something materially different — selling data, running ads, anything you would notice — we will email every active client at least 30 days before it takes effect.
lova Built right. Kept running.