Last updated: March 6, 2026
Lore Haven ("we", "us", "our") is designed to keep your personal data private and under your control. This policy explains what we collect, why, and what rights you have.
The short version: We collect the minimum data needed to run the service. We never sell your data. We never use your content to train AI models. You can export or delete everything at any time.
When you sign up, we collect your name, email address, and a hashed password. We use this to authenticate you and communicate about the Service.
When you use the cloud sync features, we store your Lore document, vault file metadata, and version history on our servers. This data is encrypted in transit and at rest.
The desktop client stores your vault files locally on your device. The MCP server runs entirely on your device. Local data never leaves your device unless you explicitly use cloud sync.
We collect basic usage analytics: pages visited, features used, and error reports. This data is anonymized and used only to improve the Service. We do not track you across other websites.
If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your credit card number. Stripe's privacy policy governs their handling of your payment data.
We use the following third-party services to operate:
These services process data only as needed to provide their services to us and are bound by their own privacy policies.
We retain your data for as long as your account is active. Version history is retained indefinitely while your account exists. If you delete your account, all data is permanently deleted within 30 days. Backups containing your data are purged within 90 days.
You can export all of your data at any time from the dashboard or desktop client. Exports include your Lore, vault files, and complete version history in standard formats (Markdown, JSON).
You can delete your account at any time. Deletion is permanent and cannot be undone after the 30-day grace period.
We use essential cookies only — session tokens required for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
Depending on your location, you may have the right to:
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal information. We do not sell personal information. To make a CCPA request, email [email protected].
If you are in the European Economic Area, our legal basis for processing your data is: contract performance (providing the Service), legitimate interest (improving the Service and preventing abuse), and consent (where applicable). You may lodge a complaint with your local data protection authority.
The Service is not intended for children under 16. We do not knowingly collect data from children under 16. If we learn we have, we will delete it promptly.
We may update this policy from time to time. We will notify you of material changes by email at least 30 days before they take effect. The "last updated" date at the top reflects the most recent revision.
Questions about privacy? Email us at [email protected].