Legal

Privacy policy

Last updated: June 2026

1. Who we are

Lova Plus is a product of Lova, an AI-powered website building and managed care service. When this policy says "we," "us," or "our," it refers to Lova and the Lova Plus platform accessible at https://lova-plus.falling-cake-c5ea.workers.dev.

2. What data we collect

We collect the minimum data needed to deliver and improve our service:

Contact & lead data. When you submit a contact form, request a quote, or sign up for updates, we collect your name, email address, and any message you provide.
Account data. If you create an account, we store your email address, hashed password, and plan information.
Usage & analytics data. We use privacy-respecting analytics to understand aggregate page traffic, referral sources, and feature usage. This data is not linked to identifiable individuals.
Project data. Content you submit to generate or configure a website (text, images, preferences) is stored to deliver your project and improve the AI model with your permission.
Payment data. Payments are processed by our third-party payment processor (Stripe). We do not store full card numbers; we retain only a tokenized reference and billing address.
Technical data. IP addresses, browser type, and device type are collected automatically in server logs and retained for up to 90 days for security and debugging purposes.

3. Cookies and tracking

We use the following categories of cookies:

Strictly necessary. Session cookies that keep you logged in and maintain form state. These cannot be disabled without breaking the service.
Analytics. Aggregate, anonymized cookies that help us understand how visitors use the site. No cross-site tracking or fingerprinting.

We do not use advertising or third-party tracking cookies. You can clear cookies at any time through your browser settings.

4. How we use your data

To deliver, operate, and improve the Lova Plus service.
To respond to your inquiries and support requests.
To send transactional emails (order confirmations, invoices, health reports).
To send product updates and marketing emails — only with your explicit consent, with an unsubscribe link in every message.
To detect fraud, abuse, and security incidents.
To comply with applicable law.

We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

We share data only with the sub-processors required to operate the service (hosting infrastructure, payment processing, transactional email, and analytics). Each sub-processor is contractually bound to handle data securely and not use it for independent purposes. We do not disclose personal data to government bodies except as required by a valid legal order.

6. Data retention

Account and project data: retained for the life of your account and deleted within 30 days of a deletion request.
Lead and contact form submissions: retained for 2 years unless you request earlier deletion.
Server logs (technical data): 90 days.
Payment records: 7 years as required by US tax law.

7. Your rights

Depending on your jurisdiction you may have the right to:

Access a copy of the personal data we hold about you.
Correct inaccurate or incomplete data.
Request deletion of your data ("right to be forgotten").
Opt out of marketing communications at any time via the unsubscribe link or by contacting us directly.

To exercise any of these rights, email us at hello@lova.dev. We will respond within 30 days.

8. Security

We use HTTPS everywhere, encrypt data at rest, and limit data access to personnel who need it. No system is 100% secure; if you discover a vulnerability, please disclose it responsibly by emailing hello@lova.dev.

9. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced by email to active account holders at least 14 days before they take effect. The "last updated" date at the top always reflects the current version.

10. Contact

Questions or requests about this policy: hello@lova.dev