This website · Last updated 6 June 2026
This policy explains how the Loreium website (loreium.app) handles personal data. If you use the Loreium app, please also read our app privacy policy, which covers your account and gameplay data.
The controller for your data under the GDPR is:
Loreium UG (haftungsbeschränkt)
Lindenstr. 16, 83607 Holzkirchen, Germany
Contact[email protected]
Full company details are listed in our imprint.
We do not use any third-party analytics, advertising, or tracking services on this website, and we do not build profiles of visitors. We collect the following:
Request-access form
If you ask for early access, we collect your name, email address, and any optional message you write. We use this to respond to you and manage access to the product. Your submission is delivered to us by email through our email provider, Resend.
Theme preference
When you switch between light and dark mode, we store your choice in a functional cookie on your device so the site remembers it on your next visit. This cookie is not used for tracking.
Server logs
Our hosting provider automatically records standard technical data when you load a page — such as your IP address, the time of the request, and your browser type. These logs are used to operate the site securely and diagnose problems.
Account flows
A few pages (such as password reset and email confirmation) pass authentication data to our authentication provider, Supabase, to complete the requested action. See the app privacy policy for details on account data.
We handle request-access submissions to respond to your enquiry and on the basis of our legitimate interest in managing access to the product (Art. 6(1)(b) and (f) GDPR). We process server logs on the basis of our legitimate interest in operating and securing the website (Art. 6(1)(f) GDPR). The theme cookie is strictly functional and set to deliver the preference you actively chose. We do not set any non-essential cookies.
The website is hosted on DigitalOcean (servers located in Frankfurt, Germany). Supabase provides the authentication service used by our account-related pages. Resend delivers request-access form submissions to us by email. These providers process data on our behalf under data processing agreements.
Our hosting and database are located in the EU. Our email provider (Resend) is based in the United States, so request-access submissions may be processed outside the EU. Where data is transferred outside the EU, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.
We keep request-access correspondence for as long as needed to handle your enquiry and any resulting access, and delete it when it is no longer required. Technical server logs are kept for a limited period (typically up to 90 days) and then deleted.
Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to certain processing. Where we rely on consent, you also have the right to withdraw it at any time, without affecting processing already carried out. To exercise any of these rights, email us at [email protected].
You also have the right to lodge a complaint with a data protection supervisory authority. For our company, the competent authority is the Bavarian State Office for Data Protection Supervision (BayLDA).
We may update this policy as the website evolves. The date at the top of this page reflects the most recent revision.