Privacy Policy
Last updated: July 13, 2026
Who we are
Lolik Trends (https://lolikai.com) is operated by PE STOCK SOLUTION S.R.L. (J23/8579/2022 · CUI 47346567 · VAT RO47506080), Str. Milano nr. 45, Buftea, Ilfov 070000, Romania — the data controller for the personal data described here. Questions or requests: contact@lolikai.eu.
The short version
We collect the minimum needed to run your account and meter usage. We do not sell or rent your data, we run no advertising or third-party analytics trackers, and the only cookies we set are the ones that keep you signed in.
What we collect
Account data. Your email address and, if you sign in with Google or GitHub, the basic identity those providers share (name, email, avatar). Passwords are handled by our authentication provider (Supabase); we never see or store them in plain text.
Product usage. Which features you use and when (first-party only), your credit balance and a ledger of credit transactions, your plan, and your API keys — stored exclusively as SHA-256 hashes, never in plain text.
Content you give us. Questions you ask the AI chat (kept 7 days, then deleted), drafts you submit for grading, alert configurations (including webhook URLs you provide), and feedback you send.
Technical data. Standard server logs (via our hosting provider) and, for the free no-login tools, a one-way hash of your IP address used only for rate limiting — we cannot reverse it back to your IP.
On your device. Saved reports and interface preferences live in your browser's localStorage. They stay on your device; we can't read them from our servers.
What we never do
No selling, renting or trading personal data. No advertising cookies or cross-site tracking. No third-party analytics scripts. No AI training on your private content — content sent to our AI provider is processed via API, which is contractually excluded from model training.
Why we process data (legal bases)
Performing our contract with you (account, credits, features you invoke) · our legitimate interest in keeping the service secure and abuse-free (rate limiting, logs, hashed keys) · your consent where required (e.g. the opt-in daily digest email — you can switch it off in Account at any time) · legal obligations (e.g. accounting records once payments launch).
Who processes data for us
We use a small set of processors, each only for what's listed: Supabase (database & authentication) · Vercel (hosting & server logs) · OpenAI (AI generation — receives the content being analyzed and your AI questions) · Resend (transactional email — confirmation, alerts, digest) · Upstash (rate limiting) · Cloudflare (DNS & network) · Stripe (payments, once billing launches — we never see your card number). Some processors are US-based; those transfers rely on the EU-approved safeguards they provide (Data Privacy Framework and/or Standard Contractual Clauses).
Data sources & YouTube
The trends we show come from public sources: the YouTube Data API, Google Trends, and public news/RSS feeds. Lolik uses YouTube API Services — by using the YouTube-powered parts of Lolik you also agree to the YouTube Terms of Service, and Google's handling of data is described in the Google Privacy Policy. We analyze public content from these sources; we don't access your accounts on those platforms.
How long we keep things
Account data: until you delete your account. AI chat history: 7 days. Cached AI analyses: ~30 days. Cached news metadata: ~7 days. Credit ledger: kept as long as required for accounting once payments launch. Hashed rate-limit entries: short-lived (minutes to days). Deleting your account removes your personal data; anonymous, aggregated product statistics (e.g. our public prediction log) contain no personal data and are kept.
Your rights (GDPR)
You can ask for access, correction, deletion, portability, restriction, or object to processing — email contact@lolikai.eu and we'll respond within 30 days. You can also complain to a supervisory authority; in Romania that is ANSPDCP (dataprotection.ro). Deleting your account is available on request at the same address.
Security
All traffic is encrypted in transit (TLS). API keys are stored only as SHA-256 hashes. Database access is protected with row-level security so each account can only reach its own data. Payment card data, once billing launches, is handled entirely by Stripe.
Children
Lolik Trends is not directed at children and requires users to be at least 16.
Changes & contact
If this policy changes in a way that matters, we'll update the date above and, for significant changes, notify you by email. Questions: contact@lolikai.eu. See also our Terms, Cookie Policy and Refund Policy.