lovemates

Privacy Policy

Last updated June 2, 2026

This Privacy Policy explains how Oraculum OÜ("we") collects, uses and shares personal data when you use LoveMates, in accordance with the EU General Data Protection Regulation (GDPR) and Estonian data-protection law.

Data controller. Oraculum OÜ (registry code 17515197), Uus-Sadama tn 21-207, Kesklinna linnaosa, 10120 Tallinn, Harju maakond, Estonia. For any privacy question or to exercise your rights, contact hello@lovemates.ai. We have not appointed a statutory Data Protection Officer; privacy requests are handled at that address.

1. Data we collect

  • Account data: your email address and a securely hashed password.
  • Uploaded images: photos you provide for photo-to-avatar generation.
  • Prompts & settings: the text and configuration choices you make.
  • Generated images: the avatars created for you.
  • Billing data: subscription status and history. Card details are handled directly by Stripe — we never receive or store full card numbers.
  • Usage & technical data: Energy ledger, generation history, IP address, device/browser information and security signals (e.g. captcha).

2. How we use your data

  • To provide the Service — authenticate you, generate avatars and maintain your gallery and Energy balance.
  • To process payments and manage subscriptions (via Stripe).
  • To secure the Service, prevent abuse and enforce our policies.
  • To communicate essential service messages and respond to support requests.
  • To comply with legal obligations.

3. Your photos & biometric clarification

We use the photos you upload solely to generate the avatars you request. We do not use facial-recognition technology to identify you, build a biometric profile, or sell or share your photos for advertising. Uploaded source images are used for processing and may be retained to provide your history; you can delete your creations at any time from your gallery, and deleting your account removes associated images.

4. Legal bases (GDPR/UK GDPR)

  • Contract: to provide the Service you sign up for.
  • Legitimate interests: to secure the Service and prevent abuse.
  • Legal obligation: to meet accounting, tax and compliance requirements.
  • Consent: where required, e.g. for any optional processing — you may withdraw consent at any time.

5. Sharing & subprocessors

We share data only with service providers that help us operate LoveMates:

  • AI model providers (via OpenRouter): receive your prompt and, in photo mode, your image to generate Output.
  • Stripe: processes payments and stores your billing details.
  • Google reCAPTCHA: provides captcha and security/anti-abuse.
  • Hosting & storage providers that run our application and store images.

We do not sell your personal data.

6. International transfers

Some of our processors (for example AI model providers, Stripe and Google) may process data outside the European Economic Area, including in the United States. Where this happens, we rely on appropriate safeguards under the GDPR — an adequacy decision (such as the EU–US Data Privacy Framework) or Standard Contractual Clauses — to protect your data.

7. Retention

We keep personal data for as long as your account is active or as needed to provide the Service, then delete or anonymize it, except where longer retention is required by law (e.g. financial records). You can delete generations at any time.

8. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, and the right to withdraw consent at any time. To exercise any right, email hello@lovemates.ai; we respond within one month.

If you believe we have not handled your data properly, you may lodge a complaint with our lead supervisory authority, the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), or with the data-protection authority in your EU country of residence. California residents have rights under the CCPA/CPRA, including the right to know and delete; we do not "sell" or "share" personal information as those terms are defined.

9. Security & data breaches

We use industry-standard measures including encrypted transport (HTTPS), hashed passwords, access controls, rate limiting and least-privilege infrastructure. No system is perfectly secure, but in the event of a personal-data breach that is likely to result in a risk to your rights, we will notify the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) within 72 hours where required, and affected users without undue delay, in line with Articles 33–34 GDPR.

10. Children

The Service is not intended for anyone under 18. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Cookies

We use essential cookies for authentication and security. See our Cookie Policy for details.

12. Changes & contact

We may update this Policy and will post the new date above. For any privacy question or request, contact hello@lovemates.ai.