1. Controller
- Controller
- Mike Roth, Breiter Weg 4h, 6800 Feldkirch, Austria
- Product
- Lociplace
- rothmike1997@gmail.com
2. Scope
This Privacy Policy explains how Lociplace processes personal data when you use the public website, the private web app, and the mobile companion app where available. Lociplace is a memory-system product for Palaces, Loci, scenes, Memory Items, Practice, and Review.
Product data can include account details, Palace structures, ordered Loci, rooms or areas, scenes, Memory Items, notes, uploaded images, Practice results, Review state, timestamps, and settings needed to operate the service.
3. Processing table
| Processing activity | Data involved | Purpose | Legal basis | Recipients / storage | Retention |
|---|---|---|---|---|---|
| Website and app delivery | IP address, browser or device information, request logs, security events, language and interface preferences. | Deliver pages and app screens, keep the service secure, diagnose errors, and prevent abuse. | Legitimate interests in operating a secure service; contract where needed for logged-in app use. | Hosting, logging, and security infrastructure such as Vercel or comparable providers. | Kept only as long as needed for operation, security, diagnostics, and ordinary log cycles. |
| Account and authentication | Email address, user id, authentication metadata, linked providers, password reset events, MFA and session security data. | Create accounts, sign users in, protect accounts, restore sessions, and manage security. | Contract performance; legitimate interests in account and platform security. | Supabase Auth and, if selected by you, Google OAuth or another configured sign-in provider. | For the life of the account and afterwards only where needed for security, legal, backup, or dispute purposes. |
| Lociplace product data | Palaces, rooms, Loci, route order, scenes, Memory Items, notes, uploaded images, Practice results, Review state, and timestamps. | Provide the core memory palace, active recall Practice, and scheduled Review workflows. | Contract performance. | Supabase database and Supabase Storage, with access controlled through account permissions and RLS. | Until you delete the content or account, subject to backup, security, and legal retention periods. |
| Support and contact | Name if provided, email address, message contents, and related communication metadata. | Answer questions, handle legal notices, process requests, and maintain a record of communication. | Pre-contractual steps, contract performance, legitimate interests, and legal obligations where applicable. | Email and communication providers used to receive and answer messages. | As long as needed to answer and document the request, then deleted or archived according to legal needs. |
| Analytics and product signals | Page views, event data, device context, product usage signals, and aggregate diagnostics where enabled. | Understand reliability, usage, and product quality without selling personal information. | Consent where required; otherwise legitimate interests for limited operational analytics. | The configured analytics provider or the built-in null analytics service when no provider is active. | According to the configured analytics provider and consent settings, or not stored when analytics are inactive. |
| Legal compliance | Records needed to prove requests, consent choices, account actions, legal correspondence, or security events. | Comply with law, protect rights, resolve disputes, and document legally relevant activity. | Legal obligation and legitimate interests. | Legal, hosting, email, and security systems where needed. | For the statutory limitation, documentation, or dispute period that applies to the record. |
4. Processors and international transfers
Lociplace uses third-party infrastructure for hosting, authentication, database storage, file storage, email delivery, and operational monitoring. Current architecture uses Supabase for authentication, database, storage, and related security features; Vercel or comparable hosting infrastructure for the web app; email infrastructure for transactional and contact emails; and Google when you choose Google OAuth sign-in.
Some providers may process data outside Austria or the European Economic Area. Where that happens, Lociplace relies on applicable safeguards such as adequacy decisions, standard contractual clauses, data-processing terms, and technical and organizational measures.
5. Retention
Lociplace keeps personal data only for as long as needed for the purposes described above. Account and product data are kept while your account exists or until you delete the relevant content. Backups, security logs, and legal records may remain for a limited period after deletion before they expire in the ordinary backup, security, or retention cycle.
6. Your rights
Under the GDPR, you may have rights to access, rectification, erasure, restriction, data portability, objection, and withdrawal of consent. You also have the right to lodge a complaint with the Austrian Data Protection Authority or another competent supervisory authority.
You can update or delete some product data inside your account where the app provides controls. For privacy requests, contact rothmike1997@gmail.com and include enough information to identify the account or request.
7. Children
Lociplace is not directed to children. If you believe a child has provided personal data without appropriate permission, contact rothmike1997@gmail.com so the information can be reviewed and deleted where required.
8. Contact
Questions about privacy or data handling can be sent to rothmike1997@gmail.com.