Loverboy, Still — Legal

Privacy Policy

Last updated: February 16, 2026

1. Who we are

Joseph Green, operating as the author of Loverboy, Still (“we,” “us,” “our”) runs the website at loverboystill.com and associated digital experiences. This Policy explains what data we collect, why, and your choices.

2. Information we collect

  • Email address — when you subscribe to the newsletter, purchase the book/audiobook, contribute to the Mission, or use the Reader Q&A escalation feature.
  • Name — only if you provide one with a contribution or order (optional).
  • Order details — products purchased, amount, access codes generated, and Stripe session ID. We do not store full card numbers; Stripe handles all payment data.
  • Contribution details — amount, optional name for the supporter wall (only when you explicitly opt in), and associated email.
  • AI conversation transcripts — messages exchanged with “Talk to Nia” and the Reader Q&A widget, stored to improve the experience and so we can review escalated questions. Transcripts are tied to a session, not your real identity, unless you submit an email through the escalation form.
  • UTM parameters — captured from inbound links to understand which campaigns drive engagement (e.g. ?utm_source=instagram). No cross-site tracking.
  • Server logs — IP address, user-agent, request paths, and timestamps for security, abuse detection, and debugging. Retained up to 30 days.

3. How we use it

  • Deliver your book/audiobook and send access links.
  • Process Stripe payments and send receipts.
  • Send transactional email (order confirmations, access codes, contribution receipts, escalated Q&A replies).
  • Send marketing email (newsletter, project updates, milestone announcements) — only if you opt in. Every marketing email has a one-click unsubscribe.
  • Improve the AI companion features by reviewing anonymized conversation patterns.
  • Operate the Mission campaign supporter wall (only first-name + initial, only with opt-in, only after the contribution completes).
  • Detect abuse and maintain site security.

4. Third-party processors

We share the minimum data necessary with trusted vendors:
  • Stripe — payment processing (book sales and Mission contributions). Stripe receives card details directly; we never see them.
  • SendGrid (Twilio) — sending transactional and newsletter emails on our behalf.
  • ElevenLabs — generating audiobook narration audio.
  • Anthropic, OpenAI, Google (via the Emergent platform) — powering the AI features (Nia, Reader Q&A, Scout). Conversations are processed by these providers to produce responses. Providers do not train on data sent through the Emergent platform.
  • MongoDB Atlas — encrypted database hosting.
  • Substack — if you click through to subscribe to the Substack publication, Substack is the data controller for that subscription.
  • TikTok (planned) — when we enable TikTok content posting, we will use TikTok’s official Content Posting API to upload videos to Joseph’s TikTok account. No visitor data is shared with TikTok beyond what the platform collects from TikTok users themselves.
  • Emergent — hosts the application infrastructure and provides analytics on overall site usage.

5. Cookies & local storage

We use minimal local storage to (a) remember whether you’ve seen the Reader Q&A widget so it stops pulsing after first use, and (b) remember any UI preferences. We do not set advertising cookies, third-party tracking pixels, or cross-site identifiers.

6. How long we keep data

  • Orders & contributions: kept indefinitely for tax, accounting, and support purposes.
  • Email subscribers: kept until you unsubscribe; then suppressed (to prevent re-mailing).
  • AI transcripts: kept up to 24 months unless you request earlier deletion.
  • Server logs: 30 days, then purged.

7. Your rights

Depending on your jurisdiction (e.g. California / GDPR), you may have the right to access, correct, delete, port, or restrict the processing of your personal data, and to object to marketing. Contact Loverboygreg33@gmail.com and we’ll honor verified requests within 30 days. We will not charge you for exercising these rights and we will not retaliate.

8. Children

The Services are not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will promptly delete it.

9. Security

We use industry-standard encryption in transit (HTTPS) and at rest, access controls on the database, and least-privilege admin tokens for backend operations. No system is perfectly secure; if a breach occurs, we will notify affected users in line with applicable law.

10. International transfers

Data may be processed in the United States and in other countries where our processors operate. Where required, we rely on Standard Contractual Clauses or equivalent legal mechanisms for transfers out of the EEA / UK.

11. Changes

We may update this Policy from time to time. Material changes will be reflected by updating the “Last updated” date above and, where appropriate, by notice on the Services.

12. Contact

Privacy questions, deletion requests, and complaints can be sent to Loverboygreg33@gmail.com.