Privacy Policy

Last updated: March 2026

Laudica ("we," "us," or "our") is the data controller for your personal data and operates the Laudica platform, a social proof and testimonial management service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, application, and related services, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Information We Collect

We collect information that you provide directly and information generated automatically when you use Laudica:

  • Account Information — your name, email address, and password when you create an account. If you sign in via Google OAuth, we receive your name, email, and profile photo from Google.
  • Testimonial Content — text, images, ratings, and metadata associated with testimonials you collect, import, or create through the platform.
  • Analytics & View Counts — aggregated, non-personal statistics such as embed impressions and wall views. We record the referring URL but do not collect IP addresses, device fingerprints, or any personally identifiable information from embed viewers.
  • Usage Data — browser type, operating system, pages visited, and interactions within the app, collected automatically to improve our service.

Legal Bases for Processing

Under the GDPR, we process your personal data on the following legal bases:

  • Contract performance — processing necessary to provide you with the Laudica service, manage your account, display your testimonials, and fulfill our obligations under our Terms of Service.
  • Legitimate interest — processing necessary for our legitimate business interests, including improving the platform, preventing fraud, ensuring security, and generating aggregated analytics. We balance these interests against your rights and freedoms.
  • Consent — where required, we obtain your explicit consent before processing, such as for optional marketing communications. You may withdraw consent at any time.
  • Legal obligation — processing necessary to comply with applicable laws, such as tax and financial reporting requirements.

How We Use Your Information

  • To provide, operate, and maintain the Laudica platform.
  • To authenticate your identity and manage your account.
  • To generate analytics dashboards and performance metrics for your testimonial walls and embeds.
  • To communicate with you about service updates, security alerts, and support requests.
  • To detect, prevent, and address technical issues, fraud, or abuse.
  • To improve and personalize your experience based on usage patterns.

We do not sell your data. We do not serve ads. We do not share your information with third parties for marketing purposes.

Data Storage, Security & International Transfers

Your data is hosted on Supabase, which runs on AWS infrastructure. Data may be stored and processed in data centers located outside the European Economic Area (EEA), including in the United States.

Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on the service provider's participation in recognized data transfer frameworks.

We use Row Level Security (RLS) policies to ensure that your data is accessible only to you and authorized members of your team. We implement industry-standard security measures including encryption at rest and in transit via TLS, secure authentication tokens, and regular security reviews.

Cookies

Laudica uses only strictly necessary cookies required for authentication and session management. These cookies are exempt from consent requirements under the GDPR as they are essential for the service to function.

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies. Our embed widgets do not set any cookies on your visitors' browsers.

Third-Party Services (Sub-processors)

We use the following sub-processors to operate Laudica. Each processes data on our behalf and under our instructions:

  • Supabase (AWS) — database hosting, authentication, and file storage. Data may be stored in the US.
  • Vercel — application hosting and deployment. Edge locations worldwide.
  • Stripe — payment processing for paid plans. Your payment details are transmitted directly to Stripe and are never stored on our servers. Stripe is certified under PCI DSS Level 1.

We maintain Data Processing Agreements (DPAs) with our sub-processors that include Standard Contractual Clauses where required. Each provider operates under its own privacy policy.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data — retained for the lifetime of your account.
  • Testimonial content — retained until you delete individual testimonials or your project.
  • Analytics data — aggregated view counts are retained indefinitely. No personal data is included in analytics.
  • After account deletion — all personal data and testimonial content is permanently deleted within 30 days, except where retention is required by law (e.g., tax records, which may be retained for up to 7 years).

Your Rights Under the GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access — obtain a copy of the personal data we hold about you.
  • Right to rectification — correct inaccurate or incomplete personal data through your account settings or by contacting us.
  • Right to erasure — request deletion of your personal data. You can delete your project or account from the Settings page, or contact us.
  • Right to data portability — receive your data in a structured, commonly used, machine-readable format (CSV or JSON export available from your dashboard).
  • Right to restrict processing — request that we limit the processing of your personal data in certain circumstances.
  • Right to object — object to processing based on legitimate interest. We will cease processing unless we have compelling legitimate grounds.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at support@laudica.com. We will respond within 30 days as required by the GDPR.

You also have the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe your data protection rights have been violated.

Children's Privacy

Laudica is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we discover that a child under 16 has provided us with personal data, we will promptly delete it. If you believe a child has provided us with their information, please contact us at support@laudica.com.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, sending you a notification via email or an in-app alert. Your continued use of Laudica after such changes constitutes acceptance of the revised policy.

Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

support@laudica.com