Privacy Policy
Last updated: December 29, 2025
Who We Are
I am Francisca, an individual based in Luxembourg, operating Lemoria ('Lemoria,' 'us,' 'we' or 'our'). Lemoria is a platform that helps you create and print personalized books with AI-guided writing assistance. This Privacy Policy explains how we collect, use, and protect your information when you use our service.
What Information We Collect
We collect information you provide directly and information about how you use our service:
Account Information
- Name and email address
- Password (encrypted)
- Profile preferences
Order and Shipping Information
- Shipping address
- Billing information (processed securely by payment providers)
- Order history and preferences
Your Book Content
- Text and stories you write
- Photos and images you upload
- Conversations with our AI writing assistant
- Book customization preferences (cover design, layout)
Usage Information
- Device and browser information
- IP address and general location
- Pages visited and features used
- Error logs and crash reports
Cookies and Tracking
We use cookies for authentication, preferences, and analytics. Details are included in this Privacy Policy.
How We Use Your Information
We use your information for the following purposes:
| Purpose | What We Do | Legal Basis |
|---|---|---|
| Provide our service | Create your account, store your books, process AI writing assistance | Contract |
| Process orders | Print and ship your books, handle payments and refunds | Contract |
| Customer support | Respond to questions, troubleshoot issues, provide assistance | Contract |
| Improve our service | Analyze usage patterns, fix bugs, develop new features | Legitimate Interest |
| Security and fraud prevention | Protect against unauthorized access, spam, and abuse | Legitimate Interest |
| Marketing communications | Send newsletters and promotional emails (only with your consent) | Consent |
| Legal compliance | Comply with tax, accounting, and legal requirements | Legal Obligation |
AI Content Processing
We use AI technology to help you write your book. Here's what you should know:
- Your conversations and prompts are sent to AI service providers for processing
- AI providers do NOT use your content to train their models (verified via Data Processing Agreement)
- Your book content is temporarily processed (30-day retention by AI provider) then deleted
- You retain all rights to your content - we never claim ownership
- AI-generated suggestions are provided as-is - you're responsible for reviewing and editing
We use OpenAI (GPT-4) for AI writing assistance. OpenAI's privacy policy: https://openai.com/privacy
Automated Decision-Making and AI
GDPR requires us to inform you about automated decision-making and profiling. Here's our disclosure:
- We use AI (artificial intelligence) to assist with book writing, but the AI does NOT make automated decisions about you
- The AI does NOT create profiles of you or use your data for purposes beyond assisting your writing
- You maintain full control - the AI only provides suggestions when you choose to use it
- All AI suggestions are tools for you to accept, modify, or reject as you see fit
- No automated decisions are made that produce legal effects or similarly significantly affect you
In short: AI is a writing tool under your control, not a decision-making system about you.
How We Share Your Information
We do NOT sell your personal information. We share your information only with service providers necessary to operate Lemoria:
Cloud Hosting and Database
Purpose: Store your account, books, and data securely
Location: United States (EU-US Data Privacy Framework certified)
Examples: Database hosting, file storage, authentication
AI Processing Services
Purpose: Provide AI writing assistance
Location: United States (EU-US Data Privacy Framework certified)
Data Protection: Data Processing Agreement (DPA), no training on your data, 30-day retention
Payment Processors
Purpose: Process credit card payments and refunds securely
Location: European Union and United States
We never see or store your full credit card number
Print and Fulfillment Partners
Purpose: Print your books and ship them to you
Location: Various (closest to your shipping address)
Data Shared: Book content (PDF), shipping address, order details
Email Service Providers
Purpose: Send order confirmations, shipping updates, and support emails
Location: United States
Transactional emails only (no marketing without consent)
Error Tracking and Analytics
Purpose: Monitor bugs, crashes, and performance issues
Location: United States
Data Collected: Error logs, page load times, anonymized usage patterns
Authentication Providers (Optional)
Purpose: Enable 'Sign in with Google' if you choose
Location: United States
Only used if you select this sign-in method
We may also disclose your information if required by law, court order, or to protect our legal rights.
International Data Transfers
Lemoria is based in Luxembourg (EU), but some of our service providers are located outside the EU, primarily in the United States.
We ensure your data is protected through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-US Data Privacy Framework certification (for US-based providers)
- Data Processing Agreements (DPAs) with all processors
- Encryption in transit and at rest
Your EU privacy rights apply regardless of where your data is processed.
How Long We Keep Your Data
We retain your information only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Account and profile information | Until you delete your account |
| Book content and projects | Until you delete them or close your account |
| Order history and shipping details | 7 years (tax and legal compliance) |
| Payment information | We don't store payment details - handled by payment processor |
| AI conversation logs | Stored in your book project; deleted when book is deleted |
| Error logs and analytics | 90 days, then automatically deleted |
| Marketing consent records | Until you withdraw consent, then deleted within 30 days |
When you delete your account, we delete your personal data within 30 days, except where we must retain it for legal compliance (e.g., order records for tax purposes).
How We Protect Your Information
We take data security seriously and implement multiple layers of protection:
- Encryption of data in transit (HTTPS/TLS) and at rest (AES-256)
- Secure authentication with hashed passwords
- Regular security audits and vulnerability testing
- Limited employee access to personal data (need-to-know basis)
- Automatic session timeouts and secure token management
- Regular backups stored securely
While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our protections.
Your Privacy Rights
Under EU law (GDPR) and other privacy regulations, you have the following rights:
Access: Request a copy of all personal data we hold about you
Correction: Correct any inaccurate or incomplete information
Deletion ('Right to be Forgotten'): Request deletion of your personal data (with some exceptions for legal compliance)
Portability: Receive your data in a machine-readable format (JSON) to transfer to another service
Object: Object to processing based on legitimate interests (e.g., marketing)
Restrict Processing: Limit how we use your data while we verify its accuracy or your objection
Withdraw Consent: Withdraw consent for marketing emails or optional features at any time
Lodge a Complaint: File a complaint with your local data protection authority if you believe we've violated your rights
How to Exercise Your Rights
To exercise any of these rights:
- Email us at help@lemoria.co with your request
- We'll verify your identity (to protect your data from unauthorized access)
- We'll respond within 30 days with the requested information or action
- There is no fee unless your request is clearly unfounded or excessive
If you're in the EU and unhappy with how we handle your data, you can contact your national data protection authority. Luxembourg's authority: CNPD (cnpd.public.lu).
Children's Privacy
Lemoria is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at help@lemoria.co and we will delete it.
Cookies and Tracking Technologies
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences, keep you logged in, and provide insights into how the site is used.
Types of Cookies We Use
Strictly Necessary Cookies
Essential for the website to function. They cannot be disabled.
Supabase Authentication - keeps you logged in and manages your session. Without these cookies, you would not be able to log in or use your account. They do not track you across other websites.
Performance & Analytics Cookies
Help us understand how you use our service. You can opt out of these.
Sentry Error Tracking - monitors errors, performance issues, and user experience problems. This helps us identify and fix bugs, crashes, and performance issues to improve your experience. Personal information is minimized and used only for error tracking.
Third-Party Cookies
Set by third-party services when you use certain features.
Google OAuth - enables 'Sign in with Google' functionality. Google may set cookies during the authentication process. These cookies are governed by Google's privacy policy.
Managing Your Cookie Preferences
You can control cookies through your browser settings:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Cookies and data stored
Blocking strictly necessary cookies will prevent you from using your account.
Local Storage & Session Storage
In addition to cookies, we use browser storage technologies (localStorage and sessionStorage) to store preferences and temporary data during your session. These function similarly to cookies but are not sent to our servers with every request. They can be cleared through your browser settings.
Do Not Track: Some browsers have a 'Do Not Track' feature. While we respect privacy choices, the industry hasn't agreed on how to respond to Do Not Track signals. We recommend using your browser settings to control cookies.
Third-Party Services: The third-party services we use (Supabase, Sentry, Google) have their own privacy and cookie policies. We recommend reviewing these policies to understand how these services handle your data.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect:
- Changes to our service or business practices
- New legal requirements
- Improvements to clarity or transparency
If we make material changes, we'll notify you by:
- Email to your registered email address
- Prominent notice on our website
- Updating the 'Last updated' date at the top of this page
Continued use of Lemoria after changes means you accept the updated Privacy Policy. If you don't agree, you should stop using the service and may request account deletion.
Contact Us
Questions about this Privacy Policy or how we handle your data?
- Email: help@lemoria.co
- Contact form: Contact Form
We'll respond to privacy questions within 30 days.