Privacy Policy

Last updated: July 2026

Loshelf is built to be private. The desktop app is local-first: your photos, videos, and library data stay on your device and are never sent to us. The only personal data we hold about you is your email address, and only when you buy Loshelf Pro. This policy explains what we do with it.

1. Who we are

The data controller is Christopher Tweedie (“Loshelf”, “we”, “us”). For any privacy question or to exercise your rights, contact us at support@loshelf.com. Where this policy refers to the UK GDPR, the equivalent rights and obligations apply under the EU GDPR if you are in the EU or EEA.

2. What we collect — and what we deliberately don’t

When you purchase Loshelf Pro we collect and store:

  • Your email address — provided by PayPal at checkout. It is the key piece of personal data we hold.
  • A payment reference — the PayPal transaction ID, amount, currency, and date, so we can match a payment to a license. We never see or store your card or bank details.
  • Your license key and consent record — the key we generated (which contains your email address), and the date, version, and confirmation of the terms you agreed to at checkout.

Although PayPal may make more information available to us (such as your name), we deliberately take only your email address. We do not collect or store your name, postal address, phone number, or any profile about you — consistent with Loshelf being a privacy-focused product.

The desktop app sends us no telemetry and none of your media. It works fully offline; an internet connection is only needed to download an update.

Website analytics

On this website we keep limited, aggregated analytics that are not linked to you: (a) download events (platform, app version, approximate country derived from your connection, referring page, and a timestamp) and (b) privacy-friendly, cookieless visitor analytics via Vercel Web Analytics. We do not store your IP address and do not build advertising profiles.

When you contact us

If you email us or use the contact form, we process your email address and the contents of your message solely to handle your inquiry and reply to you. We don’t use it for marketing. Lawful basis: our legitimate interests in responding to you.

3. Why we use it, and our lawful bases (UK / EU GDPR)

  • To deliver and support your license — generate the key, email it to you, and help with activation. Lawful basis: performance of a contract.
  • To identify the purchaser and enforce the license — your email is embedded in the key so we can recognize a leaked or misused key and, if necessary, revoke it (see our Terms). Lawful basis: our legitimate interests in protecting our software and honest customers, and performance of a contract.
  • To prevent fraud and keep the service secure. Lawful basis: our legitimate interests.
  • To keep financial and tax records. Lawful basis: compliance with a legal obligation.
  • To understand and improve the website (aggregated analytics). Lawful basis: our legitimate interests.

4. Who we share it with

We do not sell your data. We share it only with the service providers that make the purchase work, acting on our behalf or as their own controllers:

  • PayPal — payment processing (provides us your email + transaction reference).
  • SMTP2GO — sending your license-key email.
  • MongoDB Atlas — secure database hosting for license records.
  • Vercel — website hosting and cookieless analytics.

Some of these providers are based outside the UK (for example, in the United States), so your email address and payment reference may be transferred and processed abroad. Where that happens, we rely on the safeguards required by data protection law — such as the UK’s adequacy regulations, the UK International Data Transfer Agreement, or Standard Contractual Clauses — and we only ever share the minimum data needed (your email address and a payment reference).

5. How long we keep it

Because your Pro license is lifetime, we keep your email address, license key, and consent record for as long as the license is valid, so we can support it and enforce it. We keep the associated financial records for as long as required by law (generally up to 6 years in the UK for tax and accounting). Website analytics are kept in aggregated/limited form only.

6. Your rights

Under UK GDPR you have the right to:

  • access the personal data we hold about you (your email and purchase record);
  • have inaccurate data corrected;
  • have your data erased;
  • restrict or object to our processing;
  • data portability;
  • withdraw any consent you have given.

We will always honour these rights, but note that if you ask us to erase your email address we may no longer be able to support or verify your license, and we may need to keep limited records where the law requires it (for example, tax records) or to enforce the license. To make a request, email support@loshelf.com.

You also have the right to complain to a data protection regulator. In the UK that is the Information Commissioner’s Office (ICO) at ico.org.uk; if you are in the EU or EEA you may complain to your local supervisory authority. We’d appreciate the chance to help first.

7. Cookies

This website does not set cookies for tracking or advertising, and our visitor analytics are cookieless. PayPal may set its own cookies when you use the checkout, which are necessary to process your payment.

8. Children

Loshelf is not directed at children, and we do not knowingly collect data from anyone under 16.

9. Changes

We may update this policy from time to time. We’ll change the “last updated” date above when we do.

10. Contact

Questions or requests? Email support@loshelf.com.