GDPR Policy
Effective Date: March 29, 2026 | Last Updated: March 29, 2026
This policy applies to residents of the European Union (EU) and European Economic Area (EEA).
LovableTools ("I," "me," or "my"), operated by Raakkan (Sankar) in Tamil Nadu, India, is committed to protecting the privacy and rights of individuals in the European Union (EU) and European Economic Area (EEA) in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This GDPR Policy supplements my Privacy Policy and explains how I comply with the GDPR.
1. Data Controller
For the purposes of the GDPR, LovableTools acts as the Data Controller for personal data collected through my website (lovabletools.com). As a Data Controller, I determine the purposes and means of processing your personal data.
Controller: Raakkan (Sankar)
Location: Tamil Nadu, India
Contact: Via my contact form
Note: As a small independent operator, I are not required to appoint a formal Data Protection Officer (DPO) under Article 37 GDPR, as I do not engage in large-scale systematic processing of special categories of data.
2. Legal Basis for Processing
Under GDPR, I must have a legal basis for processing personal data. My legal bases are as follows:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| User account creation & management | Contract performance | Art. 6(1)(b) |
| Responding to contact form inquiries | Legitimate interest / Contract | Art. 6(1)(b)(f) |
| Security logging (IP address, user agent) | Legitimate interest (security) | Art. 6(1)(f) |
| Google Analytics (website analytics) | Legitimate interest | Art. 6(1)(f) |
| Google AdSense (advertising & personalization) | Consent | Art. 6(1)(a) |
| File processing (temporary upload storage) | Contract performance | Art. 6(1)(b) |
| Compliance with legal obligations | Legal obligation | Art. 6(1)(c) |
3. Personal Data I Process
I process the following categories of personal data of EU/EEA residents:
- Identity data: Name (provided during account registration or contact form submission).
- Contact data: Email address.
- Authentication data: Hashed password (I never store plain-text passwords).
- Technical data: IP address, browser type, device type, pages visited (via server logs and Google Analytics).
- Usage data: Tool usage patterns, session duration, referring websites.
- Communication data: Messages submitted through my contact form.
- User-generated content: Polls, collections, and other content you voluntarily create.
I do not process any special categories of personal data (Article 9 GDPR), such as health data, racial or ethnic origin, religious beliefs, or political opinions.
4. Your Rights Under GDPR
As an EU/EEA resident, you have the following rights under the GDPR:
π Right of Access (Art. 15)
You can request a copy of all personal data I hold about you.
βοΈ Right to Rectification (Art. 16)
You can request correction of inaccurate or incomplete personal data.
ποΈ Right to Erasure (Art. 17)
You can request deletion of your personal data ("right to be forgotten"), subject to legal exceptions.
βΈοΈ Right to Restriction (Art. 18)
You can request that I restrict processing of your data in certain circumstances.
π¦ Right to Data Portability (Art. 20)
You can request your data in a structured, machine-readable format for transfer to another service.
π« Right to Object (Art. 21)
You can object to processing based on legitimate interest or for direct marketing purposes.
π€ Automated Decision-Making (Art. 22)
You have the right not to be subject to decisions based solely on automated processing that significantly affects you. I do not engage in such processing.
β©οΈ Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time without affecting prior lawful processing.
To exercise any of these rights, please contact me. I will respond within 30 days of receiving your request, as required by GDPR. I may ask you to verify your identity before processing your request.
5. Data Retention Periods
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Account data (name, email) | Until account deletion requested | Art. 6(1)(b) |
| Contact form submissions | Up to 2 years | Art. 6(1)(f) |
| Server logs | Up to 90 days | Art. 6(1)(f) |
| Uploaded files (file tools) | Within 24 hours of processing | Art. 6(1)(b) |
| Analytics data (Google Analytics) | 14 months (Google default) | Art. 6(1)(f) |
6. International Data Transfers
I are based in India. When you use my services, your data may be transferred to and processed in countries outside the EU/EEA, including:
- India (my servers and operations). India does not currently have an EU Commission adequacy decision, so transfers are made on the basis of Standard Contractual Clauses (SCCs) or other appropriate safeguards where applicable.
- United States (Google Analytics, Google AdSense, and Groq AI API). Google participates in the EU-U.S. Data Privacy Framework. Groq uses SCCs for EU data transfers.
By using LovableTools, you consent to these international transfers as described in this policy.
7. Right to Lodge a Complaint
If you believe I have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with your local Data Protection Authority (DPA). You can find your relevant DPA through the European Data Protection Board. I would, however, appreciate the opportunity to address your concerns directly β please contact me first.
8. Changes to This GDPR Policy
I may update this GDPR Policy as my practices or applicable law changes. I will notify affected users of material changes where required by law.
9. Contact Me
For any GDPR-related requests, questions, or complaints, please contact me through my website. I will respond within 30 days.
Raakkan (Sankar)
AI-driven Full Stack Developer
Indie developer from Tamil Nadu building fast, privacy-first web tools. Creator of Lovable Tools β a growing collection of free utilities and AI-powered tools.