Privacy Policy

This website · Last updated 6 June 2026

This policy explains how the Loreium website (loreium.app) handles personal data. If you use the Loreium app, please also read our app privacy policy, which covers your account and gameplay data.

Who is responsible

The controller for your data under the GDPR is:

Loreium UG (haftungsbeschränkt)

Lindenstr. 16, 83607 Holzkirchen, Germany

Contact[email protected]

Full company details are listed in our imprint.

What we collect

We do not use any third-party analytics, advertising, or tracking services on this website, and we do not build profiles of visitors. We collect the following:

Request-access form

If you ask for early access, we collect your name, email address, and any optional message you write. We use this to respond to you and manage access to the product. Your submission is delivered to us by email through our email provider, Resend.

Theme preference

When you switch between light and dark mode, we store your choice in a functional cookie on your device so the site remembers it on your next visit. This cookie is not used for tracking.

Server logs

Our hosting provider automatically records standard technical data when you load a page — such as your IP address, the time of the request, and your browser type. These logs are used to operate the site securely and diagnose problems.

Account flows

A few pages (such as password reset and email confirmation) pass authentication data to our authentication provider, Supabase, to complete the requested action. See the app privacy policy for details on account data.

Legal bases

We handle request-access submissions to respond to your enquiry and on the basis of our legitimate interest in managing access to the product (Art. 6(1)(b) and (f) GDPR). We process server logs on the basis of our legitimate interest in operating and securing the website (Art. 6(1)(f) GDPR). The theme cookie is strictly functional and set to deliver the preference you actively chose. We do not set any non-essential cookies.

Hosting and processors

The website is hosted on DigitalOcean (servers located in Frankfurt, Germany). Supabase provides the authentication service used by our account-related pages. Resend delivers request-access form submissions to us by email. These providers process data on our behalf under data processing agreements.

International transfers

Our hosting and database are located in the EU. Our email provider (Resend) is based in the United States, so request-access submissions may be processed outside the EU. Where data is transferred outside the EU, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

Retention

We keep request-access correspondence for as long as needed to handle your enquiry and any resulting access, and delete it when it is no longer required. Technical server logs are kept for a limited period (typically up to 90 days) and then deleted.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, and port your personal data, and to object to certain processing. Where we rely on consent, you also have the right to withdraw it at any time, without affecting processing already carried out. To exercise any of these rights, email us at [email protected].

You also have the right to lodge a complaint with a data protection supervisory authority. For our company, the competent authority is the Bavarian State Office for Data Protection Supervision (BayLDA).

Changes to this policy

We may update this policy as the website evolves. The date at the top of this page reflects the most recent revision.

Request Access

Join the next chapter.