Privacy Policy

1. Who we are

Looth ("we", "us", or "our") is a build and repair tracking service for luthiers and repair technicians, operated at looth.build. Questions about this policy can be directed to hello@looth.build.

2. Information we collect

We collect the following categories of information:

• Account information: Email address and password hash (or OAuth token if you sign in with Google or Apple).
• Build and repair records: Jobs you create — instrument details, stage notes, spec fields, materials logs, and photos you upload.
• Customer information: Customer names and email addresses you associate with jobs, used to send automated stage update emails on your behalf.
• Usage data: Login timestamps, feature interactions, and error logs used to operate and improve the service. No third-party analytics or advertising tracking is used.

3. How we use your information

Your information is used to:

• Provide, maintain, and improve the Looth service
• Send transactional emails (account confirmation, stage update notifications to your customers)
• Respond to support requests and feedback
• Detect and prevent abuse, fraud, or Terms of Service violations

We do not sell your personal information. We do not use your data to serve advertisements.

4. How your data is stored

Your data is stored in Supabase (PostgreSQL database and object storage), hosted on AWS infrastructure in the United States. Stage photos are stored in a private object storage bucket and served via public URLs only to pages that have been unlocked with the correct password. All data in transit is encrypted via TLS. Database data at rest is encrypted by the hosting provider.

5. Who we share data with

We share your data only with third-party service providers necessary to operate the service:

• Supabase — database, authentication, and file storage
• Resend — transactional email delivery
• Vercel — application hosting and serverless functions

We do not share your data with any other third parties. All providers are contractually bound to use your data only to provide their services to us.

6. Client build page visibility

Every build and repair job has a password-protected client page accessible at a unique URL. The page is protected by a password that is automatically generated and sent to your customer by email when you trigger a stage update. These pages are not indexed by search engines. Anyone with both the link and the password can view the page — you are responsible for keeping that information confidential and directing it only to the intended recipient.

7. Data retention

We retain your data for as long as your account is active. When your account is closed:

• Account deletion request: Account deletion can be initiated by contacting hello@looth.build. Your build and repair data (records and photos) is permanently deleted within 30 days; your authentication record is deleted immediately upon request.

8. Cookies and local storage

Looth uses browser cookies strictly for authentication session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We use browser local storage to save your UI preferences (e.g. view layout, collapsed sections).

9. Your rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request a data export by emailing us
• Objection: Object to processing of your personal data in certain circumstances

To exercise any of these rights, email hello@looth.build. We will respond within 30 days.

10. Children's privacy

Looth is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at hello@looth.build and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, send a notice to the email address on your account. Continued use of Looth after a policy update constitutes your acceptance of the revised policy.

12. Contact

Questions or concerns about this Privacy Policy should be directed to hello@looth.build.