1. Who we are
Lovelace Logic ("we", "us") operates the salon at lovelacelogic.studio and is the data controller for the personal data processed through it. You can reach us at hello@lovelacelogic.studio.
2. What we collect
- Account data — your name, email address, and avatar URL as supplied by Google when you sign in.
- Session data — the transcript of your discourse with Ada (your words and hers), your cognitive capital ledger, puzzle answers, and timestamps.
- Voice — audio is streamed in real time to our voice processor for transcription and for Ada's spoken reply. Raw audio is not retained for training.
- Technical — basic browser, device, and IP metadata used for security, abuse prevention, and debugging.
3. Legal bases (EU/UK GDPR, Art. 6)
- Contract — running your salon session and managing your account.
- Legitimate interest — protecting the service against abuse, debugging, and improving reliability, balanced against your rights.
- Consent — for any optional, non-essential feature; you can withdraw it at any time.
4. Australian Privacy Principles
We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. In particular:
- APP 1 — this page is our open and transparent management statement.
- APP 3 — we collect only the personal data described in §2, and only by lawful, fair means.
- APP 6 — we use your data only for the purposes set out here, or for closely related secondary purposes you would reasonably expect.
- APP 8 — disclosures to overseas sub-processors are listed in §5 and protected by contract.
- APP 11 — we apply reasonable technical and organisational security: encrypted transport, scoped access, row-level database authorisation, and least-privilege keys.
- APP 12 & 13 — you may request access to, or correction of, the personal information we hold about you; we respond within 30 days.
5. Sub-processors
We use a small set of enterprise processors. Each operates under written terms that prohibit training general AI models on your data:
- Supabase (managed via Lovable Cloud) — auth, database, and file storage.
- ElevenLabs — real-time voice transcription and synthesis for Ada.
- OpenAI & Google (Gemini) — model inference for Ada's reasoning and for the parting puzzle. Inputs are not retained for model training under our API agreements.
- Google — OAuth identity provider for sign-in.
6. International transfers
Some of these processors are based outside the EEA, the UK, and Australia. Where personal data is transferred abroad we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where relevant), together with each provider's published technical and organisational safeguards. For Australian users, these arrangements are how we discharge our APP 8 obligations.
7. Retention & deletion
We keep your transcripts and account data while your account is active. If you ask us to close your account, we erase your personal data within 30 days, except where a shorter or longer period is required by law (for example, minimal records to evidence prior consents or to defend a legal claim).
8. Your rights
If you are in the EU, EEA, or UK, you have the right to:
- access the data we hold about you;
- have inaccurate data corrected;
- have your data erased;
- restrict or object to certain processing;
- receive your data in a portable format;
- withdraw any consent you previously gave;
- lodge a complaint with your national data-protection authority.
If you are in Australia, you may request access to and correction of your personal information under APPs 12 and 13, and you may complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au if you are not satisfied with our response.
Email hello@lovelacelogic.studio to exercise any of these rights; we respond within 30 days.
9. Cookies & local storage
- Strictly necessary — a session token (held in your browser's local storage) keeps you signed in. Without it the salon cannot function.
- Functional — small preferences such as your preferred salon room.
- No advertising cookies. No analytics cookies that identify you across other websites. No third-party trackers.
Because we use only strictly-necessary and functional storage, no consent banner is required under the EU ePrivacy Directive.
10. Security
We transport all data over TLS, store it in encrypted managed databases, scope every query through row-level security, and keep service-role credentials on the server only. No system is perfectly secure; if we ever suffer a personal-data breach that is likely to result in risk to you, we will notify you and the relevant authority within the time-frames required by GDPR Art. 33–34 and the Australian Notifiable Data Breaches scheme.
11. Children
Lovelace Logic is not intended for anyone under 16. We do not knowingly collect data from children.
12. Changes to this policy
If we materially change how we handle data we will update this page and revise the date above. We may also notify signed-in users directly for significant changes.