Skip to content
NameLoreNameLore

NameLore Global Privacy Policy

Effective Date: November 27, 2025
Last Updated: November 27, 2025

NameLore ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, share, and protect your Personal Data when you use our website, mobile application, and name analysis services (collectively, the "Services").

1. Who We Are

Data Controller:

NameLore, Inc.

[Insert Company Address]

Email for Privacy Requests: privacy@namelore.com

We are the Data Controller responsible for the processing of your Personal Data described in this Policy.

2. The Data We Collect About You

We collect Personal Data, which is any information that relates to an identified or identifiable individual. We collect the following categories of data:

CategoryExamples of Data Collected
Identity & Contact DataYour name, email address, password (hashed), and registration date.
Authentication DataThird-party identifiers (e.g., Google ID) when you sign in using social login.
NameLore Query Data (AI Inputs)The names, contextual prompts, queries you submit, the analysis results, and generation history.
Transactional & Financial DataRecords of purchases, subscription status, credit usage history, and billing address.
Technical & Usage DataInternet Protocol (IP) address, device type, browser information, time zone setting, operating system, and security logs.

3. How We Collect Your Data

We use different methods to collect data from and about you, including:

  • Direct Interactions: You provide data when you create an account, purchase credits, submit name analysis queries, or contact support.
  • Automated Technologies: As you interact with our Services, we automatically collect Technical and Usage Data via server logs and similar tracking technologies (like cookies or pixels).
  • Third Parties or Publicly Available Sources: We receive basic Identity and Authentication Data from third-party authentication services (like Google OAuth) when you choose to use them to sign in.

4. How and Why We Use Your Data (Legal Basis)

We rely on specific legal grounds to process your Personal Data.

Purpose of ProcessingData Categories UsedGDPR Legal Basis
To Provide Core Service Delivery (Account, Query Processing, AI Analysis)Identity, Query, TechnicalPerformance of a Contract
To Manage Your Purchases and Billing (Subscriptions, credit usage)Identity, Financial, TransactionalPerformance of a Contract
To Comply with Legal Obligations (Financial audits, tax reporting)Financial, TransactionalLegal Obligation
For Security and Fraud Prevention (Abuse monitoring, securing the network)Identity, Technical, TransactionalLegitimate Interest
To Send Non-Essential Marketing (Newsletters, promotions)Identity, ContactConsent

Explanation of Legal Bases:

  • Performance of a Contract: We use this data because it is necessary to provide the NameLore service and fulfill our obligations under our Terms of Service.
  • Legal Obligation: We must retain certain data, particularly financial records, to comply with applicable laws (such as tax and financial reporting requirements).
  • Legitimate Interest: We process data where it is necessary for our own legitimate business interests (e.g., keeping our Services safe, developing new features), provided your fundamental rights do not override these interests.
  • Consent: We will only process certain types of data (e.g., for non-essential communications) if you have given us clear, explicit permission, which you can withdraw at any time.

5. AI, Profiling, and Automated Insights

NameLore utilizes Artificial Intelligence (AI) to generate deep name analyses and insights based on your queries. This process involves profiling—the automated processing of data to evaluate or analyze certain personal aspects (the submitted queries).

Profiling Limitations: Our AI profiling is used solely to deliver the specific, requested service (e.g., name compatibility analysis) for which you contracted. This automated processing does not produce decisions that have legal or similarly significant effects on you (e.g., determining eligibility for credit, insurance, or employment).

Data Used for AI Training: We commit that the NameLore Query Data you submit (your prompts and outputs) are not used to train or improve our AI models. This data is only processed for the security monitoring of the Services and the immediate delivery of your requested analysis.

6. Disclosures and Sharing of Your Personal Data

We share your Personal Data with the following categories of recipients for the purposes described below:

6.1. Third-Party Service Providers (Processors)

We engage third parties to perform services on our behalf. These service providers, acting as Data Processors, are contractually required to maintain confidentiality and security measures and are only authorized to use your Personal Data to perform the services we have instructed them to provide. These include:

  • Hosting Providers (e.g., cloud services for data storage).
  • Security and Abuse Monitoring Services.

6.2. Payment Processors (Joint Controllers)

We use PayPal to process payments and manage your credit ledger. PayPal collects and processes your Transactional Data and Technical Data.

PayPal's Role: PayPal acts both as a Service Provider (to handle our billing) and independently as a Data Controller for its own purposes, such as fraud detection, loss prevention, and authentication of transactions.

Transparency: For detailed information on how PayPal processes your data for its own Controller activities, please review PayPal's Privacy Policy directly. We maintain a mandatory Data Processing Agreement (DPA) with PayPal to ensure compliance.

6.3. International Data Transfers

As a global service, your Personal Data may be transferred and stored outside of your country of residence, including outside the European Economic Area (EEA), such as to the United States. When transferring data internationally, we rely on established legal frameworks, primarily the use of Standard Contractual Clauses (SCCs), to ensure your data receives adequate protection regardless of location.

7. Data Retention: How Long We Keep Your Data

We only retain Personal Data for as long as necessary to fulfill the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

The Seven-Year Financial Override

Due to legal obligations under financial and audit regulations (e.g., SEC and SOX rules), we must retain all records related to your financial transactions, credit usage history, and billing for a minimum of seven (7) years following the date of the transaction or the closure of your account. This mandatory retention overrides the Right to Erasure for that specific financial dataset.

General Data Retention

Upon deletion of your account, Identity, Query, and most Technical Data will be deleted or effectively anonymized within 90 days, except for the necessary Transactional Data which will be isolated and retained for the seven-year legal period. Technical logs used for security monitoring are typically retained for 12 to 24 months.

8. Your Data Protection Rights

Depending on your location, you have significant rights regarding your Personal Data. To exercise any of these rights, please submit your request through our dedicated web form or email us at privacy@namelore.com.

We are obligated to verify your identity before fulfilling certain requests. We will respond to your requests within the legally required timeframe (e.g., 30 or 45 days).

8.1. Rights Under GDPR (EEA Residents)

You have the following rights:

  • Right to be Informed: The right to be clearly informed about our data practices (as detailed in this Policy).
  • Right of Access: The right to request copies of your Personal Data.
  • Right to Rectification: The right to request that we correct any information you believe is inaccurate or incomplete.
  • Right to Erasure (Deletion): The right to request the deletion of your Personal Data, subject to our overriding legal obligations (see Section 7).
  • Right to Restrict Processing: The right to request that we limit the way we use your data.
  • Right to Data Portability: The right to request that we transfer the data we collected to another organization or directly to you, in a structured, machine-readable format.
  • Right to Object: The right to object to processing based on Legitimate Interest or for direct marketing purposes.
  • Rights in Relation to Automated Decision-Making and Profiling: The right to object to profiling that has a significant effect on you.

8.2. Rights Under CCPA/CPRA (California Residents)

You have the following rights:

  • Right to Know: The right to request specific pieces of Personal Data we have collected, used, disclosed, or sold/shared about you in the preceding 12 months.
  • Right to Delete: The right to request the deletion of your Personal Data, subject to certain exceptions.
  • Right to Correct: The right to request the correction of inaccurate Personal Data.
  • Right to Opt-Out of Sale or Sharing: The right to direct us not to sell or share your Personal Data.

The Right to Opt-Out of Sale or Sharing

While NameLore does not sell your Personal Data for monetary profit, we must still provide you with the right to opt-out of the "sharing" of your Personal Data (defined broadly to include transfers for cross-context behavioral advertising).

To exercise this right, please click the link below:

Do Not Sell or Share My Personal Information

You may submit an Opt-Out request using the interactive web form accessible via the link above or by sending an email to privacy@namelore.com.

9. Children's Privacy

The NameLore Services are not directed at, or intended for, children under the age of 13. We do not knowingly collect Personal Data from children under 13. If you believe we have unknowingly collected data from a child under this age, please contact us immediately at privacy@namelore.com, and we will take necessary steps to investigate and delete that information.

10. Data Security and Breach Notification

We implement reasonable technical and organizational security measures designed to protect your Personal Data from accidental loss, unauthorized access, alteration, or disclosure. These measures include encryption (in transit and at rest) and strict access controls.

In the event of a Personal Data breach, we will notify affected users and necessary supervisory authorities promptly, in accordance with applicable legal requirements.

11. Changes to This Privacy Policy

We may update this policy periodically to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date at the top of the policy. We are legally required to review and update this policy at least once every 12 months.

Works Cited

  1. SaaS Privacy Compliance Requirements: Complete 2025 Guide, accessed November 18, 2025, https://secureprivacy.ai/blog/saas-privacy-compliance-requirements-2025-guide
  2. SaaS Privacy Policy Explained: A Complete Guide for 2025 - Cookie Script, accessed November 18, 2025, https://cookie-script.com/guides/saas-privacy-policy
  3. Art. 6 GDPR – Lawfulness of processing - General Data Protection Regulation (GDPR), accessed November 18, 2025, https://gdpr-info.eu/art-6-gdpr/
  4. What is GDPR, the EU's new data protection law?, accessed November 18, 2025, https://gdpr.eu/what-is-gdpr/
  5. SOX Compliance Data Retention Requirements - Pathlock, accessed November 18, 2025, https://pathlock.com/learn/sox-data-retention-requirements/
  6. Additional usage policies | Gemini API - Google AI for Developers, accessed November 18, 2025, https://ai.google.dev/gemini-api/docs/usage-policies
  7. What does 'grounds of legitimate interest' mean? - European Commission, accessed November 18, 2025, https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/legal-grounds-processing-data/grounds-processing/what-does-grounds-legitimate-interest-mean_en
  8. Google API Services User Data Policy, accessed November 18, 2025, https://developers.google.com/terms/api-services-user-data-policy
  9. How state privacy laws regulate AI: 6 steps to compliance - PwC, accessed November 18, 2025, https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/tech-regulatory-policy-developments/privacy-laws.html
  10. Privacy considerations for Generative AI, accessed November 18, 2025, https://www.cybersecurity.illinois.edu/privacy-considerations-for-generative-ai/
  11. Generative AI Prohibited Use Policy, accessed November 18, 2025, https://policies.google.com/terms/generative-ai/use-policy
  12. Privacy Policy - PayPal, accessed November 18, 2025, https://www.paypal.com/us/webapps/mpp/ua/privacy-full
  13. PayPal Privacy Center, accessed November 18, 2025, https://www.paypal.com/us/webapps/mpp/ua/privacy-full
  14. OAuth 2.0 Policies - Google for Developers, accessed November 18, 2025, https://developers.google.com/identity/protocols/oauth2/policies
  15. Privacy Policy for Google OAuth - iubenda help, accessed November 18, 2025, https://www.iubenda.com/en/help/18852-privacy-policy-google-oauth
  16. Privacy policy - OpenAI, accessed November 18, 2025, https://openai.com/policies/row-privacy-policy/
  17. Respect individuals' rights | European Data Protection Board, accessed November 18, 2025, https://www.edpb.europa.eu/sme-data-protection-guide/respect-individuals-rights_en
  18. Compliant "Do Not Sell or Share My Personal Information" Page - Termly, accessed November 18, 2025, https://termly.io/resources/articles/do-not-sell-my-personal-information/
  19. What does "Do Not Sell My Personal Information" mean? - iubenda help, accessed November 18, 2025, https://www.iubenda.com/en/help/43843-do-not-sell-my-personal-information
  20. Books and Records | FINRA.org, accessed November 18, 2025, https://www.finra.org/rules-guidance/key-topics/books-records
  21. The Ultimate List of SaaS Log Data Retention Timelines - Turngate, accessed November 18, 2025, https://www.turngate.io/blog/saas-log-data-retention-timelines-list
  22. COPPA - Compliance - Google Cloud, accessed November 18, 2025, https://cloud.google.com/security/compliance/coppa