that lovely box

Privacy Policy

Last updated: January 2025

1. Introduction

At That Lovely Box, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Information You Provide

  • Account Information: Email address, name, and password when you register
  • Box Content: Messages, photos, and videos you upload to gift boxes
  • Recipient Information: Email addresses of people you send boxes to
  • Payment Information: Processed securely by Lemon Squeezy (we do not store card details)

Information Collected Automatically

  • Usage Data: How you interact with our service
  • Device Information: Browser type, operating system
  • Cookies: See our Cookie Policy for details

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our service
  • Process transactions and send related information
  • Send administrative notifications and updates
  • Respond to customer service requests
  • Improve our service and user experience
  • Detect and prevent fraud or abuse

4. Information Sharing

We may share your information with:

  • Service Providers: Companies that help us operate (Supabase, Brevo, Lemon Squeezy)
  • Recipients: People you choose to send gift boxes to
  • Legal Requirements: When required by law or to protect rights

We do not sell your personal information to third parties.

5. Data Retention

We retain your information as follows:

  • Account Data: Until you delete your account
  • Box Content: 30 days after the recipient opens the box
  • Deleted Boxes: Permanently removed within 7 days
  • Draft Boxes: Removed after 30 days of inactivity

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure cloud infrastructure (Supabase, Vercel)
  • Regular security assessments
  • Limited access to personal data

7. Your Rights

Depending on your location, you may have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Delete your account and data
  • Export your data
  • Opt out of marketing communications
  • Withdraw consent

To exercise these rights, please contact us at privacy@thatlovelybox.com.

8. International Data Transfers

Your information may be processed in countries outside your residence. We ensure appropriate safeguards are in place for such transfers.

9. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us.

10. Third-Party Services

Our service uses the following third-party providers:

  • Supabase: Database and authentication
  • Brevo: Email delivery
  • Lemon Squeezy: Payment processing
  • Vercel: Hosting and infrastructure

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date and, for significant changes, via email.

12. Contact Us

For questions about this Privacy Policy, please contact us at:
privacy@thatlovelybox.com