DashboardLOOTR
LOOTRDashboard →

Privacy Policy

Last updated: April 7, 2026

LOOTR (operated by Navaltek Inc.) is an AI-powered opportunity discovery platform at app.lootr.io. This policy explains what data we collect, how we use it, and your rights. We keep it simple.

1. Data We Collect

  • Account Data: Email, display name, authentication provider.
  • Payment Info: Processed by LemonSqueezy. We never see or store your full card number.
  • Usage Data: Pages visited, features used, ideas viewed, search queries.
  • Submission Data: Ideas you submit, evaluation results, Deep Analysis reports.
  • Consent Records: When publishing ideas: IP address, browser user-agent, timestamp, and Terms of Service version at time of consent.
  • Location Data: Approximate country/city from your IP for service improvement.

2. What We Don't Collect

  • We don't use tracking cookies or third-party analytics that follow you around the web.
  • We don't run ads or share your data with advertisers.
  • We don't sell, rent, or trade your personal data to anyone. Period.

3. How We Use Your Data

  • To provide and improve LOOTR services.
  • To personalize your experience (recommended ideas, sector preferences).
  • To send service emails (weekly digest, onboarding, feature updates).
  • To maintain legal records of consent for published ideas.
  • To run your account — authenticate you, manage your subscription, send important updates.
  • To support you when you reach out to us.

4. Data Visibility

  • Private/Evaluation ideas: Visible only to you. Not shared with other users.
  • Public ideas: Visible to all LOOTR users. Your display name may be shown as the submitter.
  • Consent records: Never visible to other users. Stored securely for legal compliance.

5. Who We Share Data With

Only what's strictly necessary:

  • LemonSqueezy — payment and subscription processing.
  • OpenAI / AI Service Providers — AI analysis services for feature functionality.
  • Vercel / Railway — app hosting and backend infrastructure.
  • Google Analytics — usage tracking (privacy-friendly, anonymized).
  • Sentry — error monitoring.

That's it. No data brokers, no ad networks, no shady third parties.

6. Data Retention

  • Account data: Retained while your account is active.
  • Consent records: Retained permanently (legal requirement).
  • Usage analytics: Retained for 12 months.
  • Deleted accounts: Personal data deleted within 30 days of account deletion request.

Some anonymized, aggregated data (like "X users visited this page") may be retained for analytics — but it can never be traced back to you.

7. Your Rights (GDPR & Beyond)

Wherever you are in the world, you have the right to:

  • Access — request a copy of all data we have about you.
  • Correct — fix any inaccurate information.
  • Delete — ask us to permanently delete your account and all associated data.
  • Export — get your data in a portable format.
  • Object — opt out of any data processing you're not comfortable with.

Email us at support@lootr.io and we'll handle it within 30 days.

Note: Consent records are exempt from deletion requests due to legal obligations. These records contain only: user ID, idea ID, timestamp, IP address, and consent text — no personal content.

8. Cookies

We use essential cookies and local storage for authentication, session continuity, and security. We may also use privacy-friendly analytics identifiers when enabled. We use IP-based location detection for service improvement.

9. Security

We use encryption in transit (HTTPS everywhere), secure authentication, and follow industry best practices to protect your data. No system is 100% bulletproof, but we take security seriously and continuously improve our defenses.

10. Changes to This Policy

We may update this policy from time to time. If we make significant changes, we'll notify you by email or through the app. The "last updated" date at the top always reflects the latest version.

11. Contact

Questions? Concerns? Just want to say hi?

support@lootr.io

LOOTR is operated by Navaltek Inc.