Legal
Privacy Policy
Last updated: 8 July 2026
1. Controller
The controller for personal data processed in connection with Loreon is Synapti AS, org. nr. 934 968 514, Alundamveien 54D, 0957 Oslo, Norway. Contact: support@loreon.ink.
2. What we process
- Account data — your name, email address, and passkey public keys. We never see or store passwords.
- Your content — the manuscripts, story-bible entries, outlines, and related material you create in the Service.
- Usage and billing records — metadata about agent runs (model used, token counts, credit cost), your credit balance, and credit transactions.
- Technical logs — IP address and user-agent data used for security and abuse prevention, kept briefly.
- Payment data — payments are handled by Paddle as merchant of record. We receive transaction identifiers, amounts, and status; we never receive your full payment-card details.
3. Why we process it
- Providing the Service (contract) — operating your account, storing your content, running the agents you invoke, and accounting for credits.
- Billing and bookkeeping (contract and legal obligation) — recording purchases and credit movements.
- Security and abuse prevention (legitimate interests) — protecting the Service and its users.
We do not run advertising, we do not sell personal data, and we use no third-party analytics or tracking on loreon.ink or app.loreon.ink.
4. AI processing
When you direct an agent to work on your material, the relevant content is sent through our infrastructure to our AI provider, Anthropic, to generate the requested output. Under our agreements, content submitted via the API is not used to train their models. We do not use your content to train AI models.
5. Processors and transfers
We use a small set of processors under data-processing agreements:
- Cloudflare — hosting, storage, and network infrastructure.
- Anthropic — AI model inference.
- Paddle — payment processing, as merchant of record.
Where processing takes place outside the EEA, transfers are protected by recognised safeguards such as the EU Standard Contractual Clauses or an adequacy decision (including the EU–US Data Privacy Framework where applicable).
6. Cookies
We use only strictly necessary cookies: the session cookie that keeps you signed in. There are no analytics, advertising, or third-party cookies.
7. Retention
- Account data — for as long as your account exists.
- Your content — until you delete it or delete your account, after which it is removed from production systems within a reasonable period.
- Billing records — retained as required by Norwegian bookkeeping law (generally five years).
- Technical logs — short-lived.
8. Your rights
Under the GDPR you can request access to, rectification or erasure of your personal data, restriction of processing, data portability, and you can object to processing based on legitimate interests. Write to support@loreon.ink and we will respond without undue delay. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local EEA supervisory authority.
9. Security
All traffic is encrypted in transit. Sign-in uses phishing-resistant passkeys — no passwords are stored. Your projects are isolated per tenant, and internal access follows least-privilege principles.
10. Changes
We will post updates to this policy here and give notice of material changes by email or in the app.