Privacy Policy
How we handle your data.
Last updated: {{LAUNCH_DATE}}
This is Loftik's privacy policy, written in plain English to be readable rather than impenetrable.
1. Who we are
Loftik is operated by {{LEGAL_ENTITY_NAME}} ({{COMPANIES_HOUSE_NO}}), registered in the United Kingdom at {{REGISTERED_ADDRESS}}.
For privacy questions or to exercise your rights under the UK GDPR or EU GDPR, email privacy@loftik.namaasol.com.
We are the data controller for the personal data described in this policy.
2. What this policy covers
This policy covers personal data we collect when you:
- Visit loftik.namaasol.com
- Sign up to use Loftik
- Email us at any
@loftik.namaasol.comaddress - Interact with us on social media
3. What we collect, when, and why
Visiting our website
- Standard server log data (IP address, browser type, referrer, the pages you viewed, timestamp). Used to monitor service health and protect against abuse. Retained for 30 days then deleted.
- Anonymous usage analytics (cookie-less, no personal identifiers, aggregated only). Helps us understand which pages are popular. Retained for 12 months.
We do not use third-party advertising trackers, cross-site fingerprinting, or any cookies that require consent under UK/EU cookie law. No cookie banner.
Signing up
- Email address — to send Loftik updates and operational notifications.
- Product name and description — what you told us you want to build.
- Region and domain preferences (for paid customers).
We use this data to provision and operate your Loftik. We do not sell or share it. You can request deletion any time.
Paying customers
- Billing details — handled by Stripe (we never see your card number).
- Deployment metadata — region, VPS IP, domain, project ID. Used to operate the service.
- App data and customer data — stays on your dedicated VPS, encrypted at rest, accessible only to you.
4. Legal basis (UK GDPR / EU GDPR)
- Legitimate interest — server logs, security, abuse protection
- Contract necessity — fulfilling your Loftik subscription
- Consent — marketing emails (you can opt out any time)
- Legal obligation — tax records once we have revenue
5. Your rights
Under the UK GDPR and EU GDPR you have the right to:
- Access the personal data we hold about you — email privacy@loftik.namaasol.com, we'll respond within 30 days
- Correct inaccurate data
- Delete your data ("right to erasure") unless we have a legal obligation to keep it
- Object to processing
- Data portability — we'll send you a structured export
- Withdraw consent at any time
- Complain to the ICO (UK) or your local supervisory authority (EU)
6. Sub-processors
We use these third parties to deliver Loftik:
- Infomaniak (Switzerland) — hosts Loftik's marketing site, customer dashboard, and Atelo-internal services
- Hetzner, DigitalOcean, Vultr — VPS hosting for customer deployments (each customer picks their region)
- Cloudflare — DNS, CDN, security
- Stripe (USA, EU) — payments
- Resend (USA) — transactional email delivery
- Backblaze B2 — encrypted off-site backups
- Sentry (self-hosted by us) — error tracking
- OpenRouter (optional, if you enable AI passthrough) — AI provider gateway
We have written agreements with each that require them to protect your data and not use it for purposes other than providing the service to us.
We do not share your data with advertising networks, data brokers, or anyone for marketing purposes outside Loftik.
7. Where your data lives
Loftik's marketing site is hosted in Switzerland. Customer Loftik instances are hosted in the region you choose at signup — UK, Germany, Switzerland, US, Singapore, or one of the other supported regions.
Some sub-processors (Stripe, Resend) operate from the USA under Standard Contractual Clauses for UK/EU data transfers.
8. Security
- HTTPS for all traffic (TLS 1.2+)
- Encrypted-at-rest storage with all sub-processors
- Customer-specific encryption keys for backups
- Limited access to customer data — only when needed for support, only with the customer's consent
If we have a data breach we'll tell you within 72 hours per UK GDPR.
9. Children
Loftik is not designed for or intended to be used by anyone under 16.
10. Changes to this policy
We may update this policy as the product evolves. When we make a material change we'll email everyone with a Loftik account before it takes effect.
11. Contact
For anything privacy-related: privacy@loftik.namaasol.com.
For everything else: hello@loftik.namaasol.com.