Privacy Policy
Last updated: 28 May 2026
This policy describes what Lofn collects, how we use it, and who else sees it. Plain language. If something is unclear, email [email protected] and we'll explain.
Who we are
Lofn is operated by the developer of the app (contact: [email protected]). When this policy says "we," that means the developer.
What we collect
From you, directly:
- Email address — your account identifier.
- Password — stored hashed (bcrypt). We can't read it.
- Birth year and country — birth year to enforce the 18+ minimum; country to route crisis safety helplines to the right region.
- Messages you send to AI characters — the entire conversation, used to generate replies and to power per-character memory.
- About-you self-introduction (optional) — a short text you can write in Settings. We inject it into every character's system prompt so they feel personal from message one.
Automatically:
- App interactions (server logs) — endpoint hits, timestamps, errors. Used for monitoring and debugging.
- Device push token — issued by Firebase Cloud Messaging, used to deliver re-engagement notifications and crisis follow-up check-ins.
- Advertising identifier — used by Google AdMob to show rewarded ads (the ones you watch in exchange for gems).
- Purchase history — what subscriptions you've activated. We don't see your card details; that's handled entirely by Google Play.
What we don't collect
- Your real name, address, phone, photos, or contacts.
- Location (we use country, which you self-declare at signup).
- Health data.
- Anything from outside the app.
Who else sees your data
To make the app work, we share specific data with these vendors:
- Anthropic (Claude) — receives the conversation content (your messages + the character's recent replies + the system prompt with your about-you) for premium-tier responses. Anthropic does not train on this data per their API terms.
- OpenRouter / Meta Llama 3.3 — same conversation content for free-tier responses, and for content safety classification.
- Google (Firebase Cloud Messaging) — receives the notification payload + your device token when we send a push.
- Google (AdMob) — receives the advertising identifier and basic device context for ad targeting / measurement.
- RevenueCat — receives your user ID + purchase events from Google Play so subscriptions sync across devices.
We don't sell your data to anyone. We don't share it for any other company's marketing.
How long we keep it
- Account + messages — until you ask us to delete your account.
- Server logs — rotated automatically after roughly 30 days.
- Memory facts (the things characters remember about you) — until you tap "Start fresh" in the character detail screen, or delete your account.
Your rights
You can:
- See what characters remember about you in the character detail screen, and wipe it with one tap.
- Edit your About-you at any time in Settings.
- Delete your entire account and all associated data — instructions at lofn.app/delete-account.
- Request a copy of your data — email [email protected].
- Withdraw consent for push notifications via Android's notification settings, and for ads by managing your Google ad preferences.
Security
Data in transit is encrypted (HTTPS). Passwords are hashed with bcrypt. The backend runs on a private server with limited access. We don't claim a SOC 2 audit or similar — this is an MVP. If we learn of a breach affecting you, we'll tell you.
Children
Lofn is 18+. We don't knowingly collect data from anyone under 18. If you believe a child has registered, email [email protected] and we'll delete the account.
International data
Lofn's backend and vendors (Anthropic, Google, OpenRouter, RevenueCat) may process your data in countries outside your own, including the United States. By using Lofn you agree to this.
Changes
If we change this policy in a way that meaningfully affects you, we'll update the "Last updated" date and notify you in-app the next time you sign in.
Contact
Email [email protected] with any privacy question, deletion request, or complaint.