Privacy Policy
1. Data controller
The controller responsible for processing personal data is:
Muhamed Gaff
Aachenerstr. 1325
50859 Köln
Germany
Email: support@lomar.ai
2. What Lomar does
Lomar is an iOS app and web service for creating brand DNA profiles, product visuals, campaign drafts, and platform-ready advertising concepts. When you submit a URL, product link, image, prompt, or other material, Lomar processes it to provide the feature you requested.
Lomar may retrieve and analyze publicly reachable website and product information on your instruction. We do not ask you to submit private, login-only, confidential, sensitive, or unlawfully obtained material. We do not build a resale database of third-party website content, and we do not claim ownership over third-party brands or materials.
3. General principles
- We process personal data only where there is a lawful basis under Article 6 GDPR.
- We limit processing to what is needed to operate, secure, and improve Lomar and to provide requested features.
- Generated outputs are creative drafts. You are responsible for checking legal, brand, platform, and advertising compliance before publication.
- Do not submit special category data, confidential third-party data, private documents, or personal data that you are not allowed to use.
4. Purposes and legal bases
- App features and account-related services: performance of a contract or pre-contractual steps under Art. 6(1)(b) GDPR.
- Brand scans, URL analysis, product analysis, and AI-assisted generation requested by you: performance of the requested service under Art. 6(1)(b) GDPR where the data concerns you or your account; legitimate interests under Art. 6(1)(f) GDPR where limited public information is processed to provide the requested creative analysis and service functionality.
- Security, abuse prevention, debugging, fraud prevention, and service stability: legitimate interests under Art. 6(1)(f) GDPR.
- Billing, tax, accounting, and responses to lawful requests: legal obligations under Art. 6(1)(c) GDPR.
- Optional marketing, non-essential cookies, or optional analytics where used: consent under Art. 6(1)(a) GDPR, which you may withdraw with effect for the future.
5. Categories of personal data
- Account and contact data, such as email address and user identifiers, if account features are used.
- Support data, such as messages you send to support@lomar.ai.
- Submitted content, such as prompts, URLs, product links, uploaded images, product photos, and generated drafts.
- Public website or product information retrieved when you submit a URL for analysis, such as page text, metadata, brand colors, product descriptions, and publicly visible media references.
- Transaction-related data for subscriptions, credits, or in-app purchases. App Store payment processing is handled by Apple; we do not store full payment card numbers.
- Device, usage, and technical data, such as device type, operating system version, timestamps, error logs, and security logs.
6. AI processing and generated output
To generate brand profiles, ad drafts, and visuals, submitted materials may be processed by AI infrastructure or technical providers. Processing is limited to the feature you request, quality control, safety, security, and abuse prevention. Output may be inaccurate, similar to existing creative work, or unsuitable for a particular campaign. You must review output before use.
7. Publicly available information and third-party rights
Information being publicly accessible does not mean that all uses are unrestricted. Lomar is designed to create transformative creative drafts from public brand signals and user-provided material. You must not use Lomar to copy protected third-party assets, impersonate another brand, mislead users, bypass access restrictions, or violate intellectual property, privacy, publicity, platform, or advertising rules.
8. Processors and recipients
We may use service providers that process personal data on our behalf, for example hosting, database, authentication, analytics, crash reporting, AI processing, email support, and payment or App Store infrastructure. Where required, processors are bound by data processing agreements under Art. 28 GDPR. Apple may process App Store purchase and subscription data under Apple's own terms and privacy notices.
We otherwise share personal data only where necessary to provide the service, where you consent, where required by law, or where necessary to establish, exercise, or defend legal claims.
9. International transfers
Some providers may process data outside the European Economic Area. Where required, we use appropriate safeguards such as EU Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms.
10. Retention
We keep personal data only as long as needed for the purposes described above, unless longer retention is required by law. Account and submitted content may be kept while your account or project exists. Technical logs are generally kept for a limited period needed for security, debugging, and abuse prevention. Accounting and transaction records may be retained as required by commercial and tax law.
11. Your rights
Where the GDPR applies, you may have the right to request access, rectification, erasure, restriction of processing, data portability, and objection to processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time with effect for the future.
To exercise your rights, contact support@lomar.ai. We may need enough information to verify your identity and locate the relevant data.
12. Supervisory authority
You have the right to lodge a complaint with a data protection authority. Our establishment is in Germany; the competent authority for North Rhine-Westphalia is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW). A list of EU supervisory authorities is available from the European Data Protection Board.
13. Whether providing data is mandatory
Some data is required to provide Lomar's requested features. If you do not provide a URL, image, prompt, account detail, or transaction information that is necessary for a feature, we may not be able to provide that feature.
14. Automated decision-making
We do not use solely automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR, unless we introduce a separately disclosed mechanism in the future.
15. Changes
We may update this Privacy Policy when our practices, providers, features, or legal requirements change. The version published on this page is the current version.
This policy is written for the current Lomar landing page and app positioning. It should be updated if the backend providers, analytics, AI providers, subscription flow, storage behavior, or crawling behavior change.