Privacy notice
How LoreBranch handles beta data.
This notice is written for the closed beta. It is a practical product notice, not a substitute for legal advice. It should be reviewed before public launch, before adding analytics or marketing, and before allowing under-18 users.
Who controls your data
LoreBranch is the controller for account, reading, authoring, feedback, moderation, and support data processed by the platform during beta. The beta operator is the contact point for privacy requests through the support channel provided with your invite.
What we collect
We process account identity data, profile fields, authentication provider identifiers, reading progress, signals, suggestions, follows, notifications, reports, moderation actions, author-created content, and technical/security records such as rate-limit buckets. If payments are enabled, Stripe handles payment and payout data and LoreBranch stores payment status metadata.
Why we use it
We use personal data to provide the service, authenticate users, preserve chapter/version history, deliver reader feedback, operate moderation and abuse prevention, communicate product notifications, debug beta issues, and meet accounting, safety, or legal obligations.
Lawful bases
Core account, reading, authoring, feedback, follows, and settings processing is generally necessary to provide the service. Safety, moderation, rate limits, security logging, and product debugging are generally based on legitimate interests. Payment and accounting records may be required for contract or legal obligations. Optional marketing emails, if introduced, require consent or another PECR-compliant basis.
Sharing and processors
We use service providers for hosting, database storage, authentication, email, and payments where enabled. Current expected providers include Vercel, Neon, Google, Stripe, and Resend or another email provider if email auth/notifications are enabled. These providers process data under their own security and data processing terms.
International transfers
Some providers may process data outside the UK or EEA. Where that happens, LoreBranch should rely on provider data processing terms and appropriate transfer safeguards such as adequacy decisions, SCCs, the UK IDTA, or the UK Addendum as applicable.
Retention
We keep data only as long as needed for the beta, product operation, safety, legal, accounting, and collaborative authoring purposes. Expired sessions, verification tokens, and rate-limit buckets may be removed by retention cleanup. Published story content, moderation records, and payment records may be kept after account deletion where necessary.
Your rights
You can request access, correction, export, deletion/anonymisation, restriction, or objection. Signed-in users can download an account export and request account deletion from profile settings. You can also contact the beta operator through the support channel. You may complain to the ICO if you believe your data has not been handled properly.
Children
LoreBranch is not ready for unrestricted use by children during beta. If under-18 users are allowed, the service needs stricter privacy defaults and Children’s Code review before broader launch.