Skip to main content

Legal

Privacy Policy

Last updated: May 13, 2026

The short version

We collect the minimum data needed to run and improve the service. We don't sell your personal data. Your motifs are yours — keep them private or share them publicly.

Who we are

MotifLoom is operated by Alperen Eser ("we", "us", "our"). Our servers are located in Falkenstein, Germany (Hetzner Online GmbH, EU). For privacy-related inquiries:

What we collect and why

DataPurposeLegal basis (GDPR)
Email, username, hashed passwordAccount creation & authenticationContract performance (Art. 6(1)(b))
Motifs, nodes, edges, commentsProviding the serviceContract performance (Art. 6(1)(b))
Profile info (name, bio, avatar)Public profile display (optional)Consent (Art. 6(1)(a))
View counts, timestampsUsage statistics shown to creatorsLegitimate interest (Art. 6(1)(f))
IP address, user agentSecurity, rate limiting, abuse preventionLegitimate interest (Art. 6(1)(f))

What we don't do

  • No selling, renting, or sharing personal data with third parties for their own purposes.
  • No advertisements served to you on MotifLoom.
  • No reading or accessing your private motifs (except for legal compliance or abuse investigation).
  • No training AI models on your content.

Analytics

We use Microsoft Clarity to understand how the product is used so we can improve it. Clarity captures anonymized usage data — clicks, scrolls, page views, and aggregated session recordings (with sensitive content like form fields automatically masked). We use this exclusively to fix bugs and improve user experience. Clarity privacy policy.

Cookies and local storage

We use the following cookies and browser storage:

  • Authentication token (JWT): stored in localStorage to keep you signed in. Essential for the service to function.
  • Theme preference: stored in localStorage (light/dark mode choice).
  • Onboarding state: stored in localStorage to avoid showing the tour repeatedly.
  • Analytics (Microsoft Clarity): anonymous usage tracking to improve the product. Sensitive form fields are automatically masked.

Third-party services

We use a limited number of third-party services to operate MotifLoom:

  • Microsoft Clarity (analytics) — anonymous usage data and aggregated session recordings to help us improve the product. Sensitive content is automatically masked. Their terms.
  • Resend (email delivery) — receives your email address to send transactional emails (confirmation, password reset). Their privacy policy.
  • Hetzner Online GmbH (hosting) — our servers are in Germany (EU). Data does not leave the EU. Their privacy policy.
  • External metadata APIs (TMDB, RAWG, Open Library, ListenNotes) — when you search for books/films/games/podcasts, the search query is sent to these services. Your personal data or content is never shared with them.

International data transfers

Your data is stored on servers in Falkenstein, Germany (EU). We do not transfer personal data outside the European Economic Area (EEA) except when you explicitly use third-party integrations. Email delivery via Resend may involve US-based infrastructure; this is covered by their Data Processing Agreement and Standard Contractual Clauses.

Data retention

  • Account data: retained as long as your account exists.
  • Server logs (IP, user agent): automatically deleted after 30 days.
  • Deleted content: permanently removed from our systems within 30 days of deletion.
  • Account deletion: all associated data permanently removed within 30 days.

Your rights

Depending on your location, you have the following rights regarding your personal data:

For all users:

  • Access: view all data we hold about you (Settings → Export Data).
  • Correction: update your information anytime in Settings.
  • Deletion: delete your account and all data (Settings → Delete Account).
  • Portability: export all your data as JSON.

Additional rights under GDPR (EU/EEA/UK):

  • Right to object: object to processing based on legitimate interest.
  • Right to restrict processing: request limitation of processing.
  • Right to withdraw consent: where processing is based on consent.
  • Right to lodge a complaint: with your local data protection authority (supervisory authority).

Additional rights under CCPA (California):

  • Right to know: what personal information we collect and how it's used.
  • Right to delete: request deletion of your personal information.
  • Right to opt-out of sale: we do not sell personal information. Ever.
  • Non-discrimination: we will not discriminate against you for exercising your rights.

To exercise any of these rights, email privacy@motifloom.com or use the self-service options in your account settings. We respond within 30 days.

Children's privacy

MotifLoom is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.

Security

We implement appropriate technical and organizational measures to protect your data:

  • All connections encrypted via TLS/HTTPS.
  • Passwords hashed with bcrypt (never stored in plain text).
  • Server access restricted with SSH key authentication and firewall rules.
  • Rate limiting and brute-force protection on all endpoints.
  • Regular security updates applied automatically.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

Questions? Contact us at privacy@motifloom.com