Lorimitir

Lorimitir ("we," "our," or "us") operates the Lorimitir mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. By using the App, you agree to the practices described here.

1. Information We Collect

Account & Profile Information

• Email address and password (stored as a secure hash)
• Username (handle) and display name
• Profile photo and bio
• Optional linked TikTok URL

Content You Create

• Posts, including text (up to 500 characters), photos, and embedded TikTok videos
• Comments and likes on posts
• Venue tags and associated location data attached to your posts

Location Information

With your permission, we collect your device's precise location (latitude and longitude) while you use the App. We use this to show you a local feed of posts within a 30-mile radius and to let you tag venues on your posts. Location is only accessed while the App is in use ("when in use" permission) and is never collected in the background.

Social & Activity Data

• Users you follow and who follow you
• Posts you have liked
• Post view events (tracked once per user per day)

Device & Session Information

We generate an anonymous session identifier for users who interact with content before creating an account (e.g., for view counting). This session contains no personal information and is not linked to you after you sign up.

2. How We Use Your Information

• To create and manage your account
• To display your profile and content to other users
• To provide location-based feeds and venue discovery
• To send password reset emails via Amazon Simple Email Service (SES)
• To calculate engagement metrics (views, likes, comments) on posts
• To improve the App's features and performance

We do not sell your personal information to third parties.

3. Third-Party Services

The App integrates with the following third-party services, each with their own privacy practices:

• Google Maps Platform — used for venue search and place details. See Google's Privacy Policy.
• TikTok — used to embed TikTok videos in posts via the TikTok oEmbed API. See TikTok's Privacy Policy.
• Cloudflare R2 — used to store uploaded photos, avatars, and video thumbnails. See Cloudflare's Privacy Policy.
• Amazon Web Services (SES) — used to send transactional emails such as password resets. See AWS Privacy Policy.

4. Data Storage & Security

Your data is stored in a PostgreSQL database. Passwords are never stored in plain text — they are hashed using bcrypt before storage. Authentication tokens are stored securely on your device using the platform's secure keychain (via expo-secure-store).

Uploaded media (photos, avatars) is stored on Cloudflare R2. We take reasonable technical measures to protect your data, but no system is completely secure.

5. Your Privacy Controls

• Liked posts visibility — you can make your liked posts private in Settings.
• Hide tagged spots — you can hide your tagged venue locations from your profile.
• Location permissions — you can revoke location access at any time in your device Settings.
• Account deletion — to delete your account and associated data, contact us at the email below.

6. Children's Privacy

The App is not directed to children under 13 (or under 16 in applicable jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

8. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us at:
nvlnz@lorimitir.com