LostbaeBack

Privacy Policy

Last updated: 1 June 2025

This Privacy Policy describes how Lostbae ("we", "our", or "us") collects, uses, and shares information when you use lostbae.com and related services. By using Lostbae you agree to the practices described here.

Information We Collect

  • Account information: When you register, we collect your name, email address, and password (stored as a secure hash).
  • OAuth data: If you sign in via Google, GitHub, or Discord, we receive your name, email, and profile photo from that provider.
  • Content you create: Documents, flashcards, notes, and any other material you add to Lostbae.
  • Usage data: Study session activity, review results, and feature interactions — used to power spaced-repetition scheduling.
  • Device data: Browser type, operating system, and IP address for security and diagnostics.

How We Use Your Information

  • To provide the service: Authenticate your account, sync your content, and schedule spaced-repetition reviews.
  • To improve Lostbae: Aggregate, anonymised usage analytics help us understand which features work best.
  • To communicate with you: Transactional emails (password reset, review reminders). We do not send marketing emails without your consent.
  • To keep the service secure: Detect abuse, enforce our Terms of Service, and protect user data.

Google OAuth & Google Data

  • Lostbae uses Google OAuth solely to authenticate your identity. We request access to your basic profile (name, email, avatar) and, when you use the Google Docs import feature, read-only access to the specific documents you select.
  • We do not access your Google Drive, Gmail, or any other Google service beyond what you explicitly authorise during a specific import action.
  • We do not sell, share, or use your Google data for advertising or profiling purposes.
  • You can revoke Lostbae's access at any time via your Google Account permissions page (myaccount.google.com/permissions).

Data Sharing

  • We do not sell your personal data.
  • We share data only with infrastructure providers necessary to operate the service (hosting, database, email delivery), all bound by data processing agreements.
  • We may disclose data if required by law or to protect the rights and safety of our users.

Data Retention

  • Your account data is retained for as long as your account is active.
  • You may delete your account at any time from Settings → Account. Deletion removes your personal data within 30 days, except where retention is required by law.

Cookies

  • We use a single session cookie (`rm_session`) to keep you logged in. We do not use advertising or tracking cookies.

Security

  • All data is transmitted over HTTPS. Passwords are hashed with bcrypt. We apply industry-standard security practices and review them regularly.
  • No method of transmission or storage is 100% secure. If you discover a security issue, please contact us at support@lostbae.com.

Children's Privacy

  • Lostbae is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe we have inadvertently done so, contact us and we will delete it promptly.

Changes to This Policy

  • We may update this policy periodically. We will notify you of material changes by email or by a notice within the app. Continued use of Lostbae after changes constitutes acceptance.

Contact Us

  • For privacy questions, data requests, or to exercise your rights (access, correction, deletion), email us at: support@lostbae.com