LLogForMe
Get Started

Legal

Privacy Policy

Last updated: 2026-04-26

1. Who is the data controller

The controller is Ahmed Deghady, an individual service provider based in Cairo, Egypt, operating the LogForMe service. There is no formal Data Protection Officer (LogForMe is below the GDPR Art. 37 thresholds). Privacy contact: operations@logforme.com or logforme.com/contact.

2. What we collect

Account data

  • Email address.
  • Name.
  • Password, hashed (we never see or store the plaintext).
  • Email verification status.
  • Billing metadata (plan, renewal date, status) synced from LemonSqueezy.

Content you create

  • Projects, Time Frames, Entries, Taxes, Preferences.
  • Invoice metadata and the generated PDFs.

Voice recordings (AI feature, hosted only)

  • Audio is streamed to our backend and forwarded to a transcription provider (OpenAI Whisper or ElevenLabs).
  • Audio is deleted immediately after the transcription request completes — we don't retain it.

Product usage and telemetry

  • Aggregate page-view and feature-use metrics (PostHog, EU host) — opt-in.
  • Error reports and performance traces (Sentry).
  • Basic audit logs: IP, user agent, timestamps for security events (login, password reset, account deletion).

Marketing and ad attribution (opt-in only)

If you opt in to advertising cookies via the cookie banner, the ad platforms we're actively running campaigns on may set cookies and receive limited information about your visit so we can measure whether our ads work. If you don't opt in, no advertising scripts load and no advertising cookies are set. See the Cookie Policy for how this category works.

What we don't collect

  • Payment card or bank details (LemonSqueezy handles those directly).
  • Browser fingerprints for ad targeting.
  • Anything from your device beyond what you actively send to the service.

3. Lawful basis for processing (GDPR Art. 6)

  • Provide the service (account, content, billing) — Contract performance, Art. 6(1)(b).
  • Tax, billing, and audit-log retention — Legal obligation, Art. 6(1)(c).
  • Product analytics (PostHog) — Consent (opt-in via cookie banner), Art. 6(1)(a).
  • Advertising and ad attribution (third-party ad platforms) — Consent (opt-in via cookie banner), Art. 6(1)(a).
  • Error reporting (Sentry) — Legitimate interests (service reliability), Art. 6(1)(f).
  • Marketing email (Loops) — Consent, Art. 6(1)(a).
  • Transactional email (verification, password reset, billing notices) — Contract performance, Art. 6(1)(b).
  • Security and abuse prevention — Legitimate interests, Art. 6(1)(f).

4. Where your data is stored

  • Primary application + database hosting: within the European Union.
  • Frontend delivery: Cloudflare global edge CDN.
  • Backups: encrypted, stored within the EU.

EU residency means most personal data stays inside the EU at rest. Some subprocessors (see §5) operate outside the EU; for those we rely on Standard Contractual Clauses (SCCs) for international transfers under GDPR Chapter V.

5. Subprocessors

We use the following subprocessors. None of them are granted standing access to your content; data flows to them only as needed for a specific operation.

  • LemonSqueezy — payment processing, Merchant of Record, subscription billing. US / global. SCCs.
  • EU cloud hosting provider — application + database hosting. European Union. EU intra-region.
  • Cloudflare — frontend CDN, DDoS protection. Global edge. SCCs (where applicable).
  • Loops.so — transactional and marketing email. US. SCCs.
  • PostHog — product analytics (opt-in). EU host (eu.i.posthog.com). EU intra-region.
  • Sentry — error reporting and performance monitoring. US / EU. SCCs.
  • OpenAI — speech-to-text (Whisper) and LLM-based parsing. US. SCCs; API data not used for training (per OpenAI API terms).
  • ElevenLabs — secondary transcription provider. US. SCCs.
  • Anthropic — LLM-based parsing of transcribed text (Claude). US. SCCs; API data not used for training (per Anthropic API terms).
  • Advertising platforms (third-party ad networks we run campaigns on) — conversion tracking and ad-audience matching for ads we run — opt-in only. Varies by provider; mostly US / EU. SCCs where applicable.

Advertising platforms only receive data if you opt in to the advertising cookie category. Opt-out means their scripts never load. The specific platforms in use change as our campaigns change; we don't enumerate them here to avoid a list that goes stale, but we don't use this category for anything beyond measuring our own ads.

We do not sell your data, and we do not share it for advertising.

Subprocessor changes

When we add or change a subprocessor that processes personal data, we update this list before the change takes effect. We may also send an email or in-app notice when practical, but the live version of this page is the canonical record — check it if you want the current list.

6. Email senders

  • operations@logforme.com — primary support and account communication; replies go to a human.
  • Transactional and marketing email is sent via Loops.so on our behalf.
  • Client-bound invoice emails are sent from invoices@updates.logforme.com with your email as the reply-to so client replies go directly to you. This sender is send-only — don't email it for support.

7. Retention

  • Active account data — while your subscription is active.
  • After cancellation (no re-subscription) — up to 60 days, then deleted.
  • After explicit account deletion — 30 days, then deleted (lag is for backup age-out).
  • Voice audio — deleted immediately after each transcription request.
  • Audit / security logs — up to 12 months.
  • Billing records (invoices, tax records) — retained as required by tax law (typically 7+ years), held by LemonSqueezy and us.

8. Your rights

Because your data is hosted in the EU, GDPR applies regardless of where you live. CCPA applies if you're a California resident, and equivalent rights exist under most modern consumer-data regimes.

You have the right to:

  • Access — get a copy of what we store about you.
  • Rectify — correct anything that's wrong.
  • Erase — have your data deleted.
  • Restrict or object to certain processing (e.g., turn off analytics).
  • Port your data — export it in a machine-readable format (CSV, emailed to you).
  • Withdraw consent at any time for processing based on consent.
  • Lodge a complaint with your local data protection authority — for example, in Egypt the Personal Data Protection Center; in the EU, your country's DPA.

Most of the above is self-service in the app at Settings → Account. Anything else, contact us at logforme.com/contact or operations@logforme.com. We respond within 30 days.

9. Children

LogForMe is not intended for anyone under 16 years old. If you believe a minor has created an account, contact us and we'll remove it.

10. Security

  • TLS 1.2+ on all connections.
  • Passwords hashed.
  • Database backups, encrypted, kept within the EU region.
  • No third party can log in on your behalf.

We don't currently hold a SOC 2 audit. If your compliance requires one, the Community Edition lets you self-host on infrastructure you control.

11. Reporting a security issue

Email operations@logforme.com (a dedicated security@ alias may be added later) or use logforme.com/contact. Please don't post security details to public social media or GitHub Issues until we've had a chance to fix the issue. We appreciate responsible disclosure.

12. Changes to this Policy

The Last updated date at the top of this page reflects the current version — the live page is the canonical record. We update this page before any material change takes effect, and may also send an email or in-app notice for material changes when practical. Non-material changes (typos, link updates) are made silently.