Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account info (email, profile)
• URLs submitted (Instagram Reel URLs)
• Payment (processed by Stripe — no card storage)
• Communications (support emails)

1.2 Information Collected Automatically

• Usage data (pages, features, time)
• Device/browser data (IP, browser type, OS, referrers)
• Analytics (Google Analytics GA4, Plausible Analytics)

1.3 Information We Do Not Collect

• We do NOT store transcript content or AI analysis unless explicitly saved. All transcription is real-time — purged immediately after session unless saved.
• We do NOT access or store Instagram content beyond what's needed to fulfill your request.

2. How We Use Your Information

We use collected information to:

• Provide, operate, and improve the Service
• Process transactions and manage subscriptions
• Send transactional emails (confirmations, billing)
• Send product updates and marketing (opt-out anytime)
• Monitor and analyze usage
• Detect and prevent abuse
• Comply with legal obligations

3. Data Retention

• Transcripts/analysis: Not retained after session unless explicitly saved
• Account data: Retained while account is active. Deleted within 30 days of account deletion request
• Analytics data: Retained in aggregate, anonymized form per analytics providers' standard retention policies
• Payment records: Retained for 7 years as required by applicable tax and financial regulations

4. Sharing of Information

We do not sell, trade, or rent personal information. Limited sharing occurs with:

• Service providers: Trusted vendors (cloud hosting, payment, analytics) contractually bound to protect data
• AI/ML processing: Transcript content processed by third-party AI models (Whisper-based) solely to provide the service — not used to train models
• Legal requirements: If required by law or regulation
• Business transfers: In case of merger/acquisition, with notice

5. Cookies and Tracking

6. Third-Party Services

• Instagram / Meta: Publicly accessible Reel content via URL. Not affiliated with Meta.
• Claude / Anthropic (MCP): MCP integration. Queries subject to Anthropic's Privacy Policy.
• Stripe: Payment processing.
• Google Analytics: Usage analytics.
• Plausible Analytics: Privacy-friendly analytics. No personal data transmitted.

7. Data Security

We employ industry-standard security measures: HTTPS encryption, secure cloud infrastructure with access controls, and regular security reviews. No method of transmission or storage is 100% secure.

8. Your Rights

Depending on your location, you may have the right to:

• Access: Request a copy of your data
• Correction: Correct inaccurate data
• Deletion: Right to be forgotten
• Portability: Receive data in a portable format
• Objection: Object to certain processing including marketing
• Withdrawal of consent: Where processing is based on consent

To exercise your rights, contact us at privacy@lomero.app. EEA, UK, and California users may have additional rights under GDPR, UK GDPR, or CCPA. We will respond within 30 days.

9. Children's Privacy

The Service is not directed to individuals under 16. If you believe a child has provided personal data, please contact us immediately.

10. International Data Transfers

Lomero is operated from Thailand, with infrastructure primarily in the United States. By using the Service, you consent to the transfer and processing of your data in these locations.

11. Changes to This Policy

Changes will be notified via the “Last Updated” date at the top of this policy. For significant changes, we will also notify you via email.

12. Contact Us

Lomero
Email: privacy@lomero.app
Website: https://lomero.app