Privacy Policy
Last updated: 16 May 2026
This explains what data Lerya collects and what we do with it. We follow the EU General Data Protection Regulation (GDPR).
Who we are
For data questions, contact privacy@lerya.app.
What we collect
Account data:
- Email address (to sign in and contact you about your account)
- Display name, username, optional bio, optional location, optional avatar
- Year of birth (asked once at signup to confirm you're 16 or older)
Content you create:
- Captures (photo, extracted palette, optional title, location, tag, note)
- Lists you make and people you follow
Technical data:
- A session token to keep you signed in
- Basic error logs, deleted after 30 days
We don't collect analytics, tracking pixels, advertising IDs, or third-party trackers. We don't sell or share your data with advertisers.
Why we process it
- To run the service you signed up for (legal basis: contract)
- To keep your account secure (legal basis: legitimate interest)
- To meet legal obligations if they arise (legal basis: legal obligation)
Where your data lives
Lerya runs on Supabase, hosted in the European Union. Public captures are visible to other users. Private captures are visible only to you.
How long we keep it
- Account and content: until you delete them
- After account deletion: backups may persist up to 30 days, then are erased
- Error logs: 30 days
Your rights
You can access, correct, delete, restrict, or export your data, withdraw consent, and lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). To exercise any right, write to privacy@lerya.app. We respond within 30 days.
Children
You must be 16 or older. If we learn an account belongs to someone younger, we close it.
Changes
We'll tell you in the app before a change to this policy that affects you takes effect.