Legal

Privacy Policy

Last updated: May 15, 2026

1. Who we are

Loki (“Loki”, “we”, “us”) operates this marketing site and the associated waitlist for the upcoming Loki desktop application. The data controller responsible for personal data processed via this site can be contacted at privacy@loki.app.

2. What we collect

Email address— only when you voluntarily submit our waitlist form.
Consent record— timestamp and the fact that you ticked the marketing consent checkbox.
Technical request metadata— IP address (hashed), user-agent, and a Cloudflare Turnstile token used solely for anti-abuse rate-limiting; not stored beyond the rate-limit window (~1 hour).

We do not use analytics cookies, tracking pixels, or advertising scripts on the public marketing site at this time. Vercel preview deployments (URLs ending in .vercel.app) may set short-lived non-essential cookies (__vercel_*) used internally by the hosting platform; production traffic at our verified domain does not.

3. Lawful basis

We process your email and consent record under your explicit consent (GDPR Article 6(1)(a)). You may withdraw consent at any time using the unsubscribe link in any email we send, by visiting /unsubscribe, or by emailing privacy@loki.app.

4. Purpose

We use your email solely to notify you about Loki's launch, early access, and major product updates. We will not sell or rent your data to third parties.

5. Retention

We retain your email until you unsubscribe or until 24 months of inactivity, whichever comes first. After that, your record is permanently deleted from our active databases and backups during the next scheduled prune.

6. Sub-processors

We rely on the following processors who may handle limited data:

Resend— transactional and marketing email delivery (EU region).
Vercel— site hosting and edge delivery (EU regions where available).
Cloudflare Turnstile— bot protection for the waitlist form (no cookies; privacy-preserving by design).
Upstash— ephemeral rate-limit storage (Redis-compatible, EU region).

7. Your rights (EEA / UK)

Under the GDPR / UK GDPR you have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to lodge a complaint with a supervisory authority. Submit any request to privacy@loki.app; we respond within 30 days.

8. How to delete your data

Click the unsubscribe link in any Loki email, or visit /unsubscribe. Your contact is removed from our audience immediately. For full erasure (including consent record) email privacy@loki.app.

9. Security

Traffic is encrypted via TLS. Email and consent data are stored within our sub-processors' encrypted EU infrastructure. Access is limited to a small set of operators and rotated regularly.

10. Updates

If we materially change this policy, we update the date above and, when required, notify you by email before changes take effect.

2. What we collect

Email address— only when you voluntarily submit our waitlist form.

Consent record— timestamp and the fact that you ticked the marketing consent checkbox.

Technical request metadata— IP address (hashed), user-agent, and a Cloudflare Turnstile token used solely for anti-abuse rate-limiting; not stored beyond the rate-limit window (~1 hour).

6. Sub-processors

We rely on the following processors who may handle limited data:

Resend— transactional and marketing email delivery (EU region).

Vercel— site hosting and edge delivery (EU regions where available).

Cloudflare Turnstile— bot protection for the waitlist form (no cookies; privacy-preserving by design).

Upstash— ephemeral rate-limit storage (Redis-compatible, EU region).