Privacy

What we collect

We collect and store the following kinds of data, each with its own retention and legal basis:

• Account — Your sign-in identity is managed by Lotl Auth, our authentication service (auth.lotlsoft.com). Lotl Auth stores your email, your name if you provided one, and a hash of your password (argon2id). Sign-in issues a short-lived JWT access token (15 minutes) and a refresh token (30 days). Email verification and password resets go through transactional email (Resend).Stored on our server. Kept until you delete it. Legal basis: contract (needed to run the service). Removable when you delete your account. Shared with: Lotl Auth.
• Seeds, candidates, and boards — Seed words you enter, the explorer canvas state, generated candidate strings, and your boards (Kanban candidate collections with parked / shortlist / finalist / killed status and per-card notes).Stored on our server. Kept until you delete it. Legal basis: contract (needed to run the service). Removable when you delete your account.
• AI candidate generation — Seed words and context you submit to AI candidate generators (portmanteau, substitution, prefix-suffix, compound, coined) are sent to OpenAI gpt-4o-mini via Lotl AI. The same path handles poll-comment theme extraction.Stored on our server. Kept until you delete it. Generated candidates are stored against your boards / polls so you can re-open them. The third-party AI provider does not retain inference content under no-training API terms. Legal basis: contract (needed to run the service). Removable when you delete your account. Shared with: OpenAI gpt-4o-mini.
• Linguistic lookups — Word lookups (means-like, sounds-like, rhymes, triggers, definitions, IPA, syllables) sent to the Datamuse API. Cached locally for 30 days per word to avoid repeat calls.Stored on our server. Kept permanently. Cache entries are public lookup results, not user-identifying data; they roll on the 30-day TTL. Legal basis: contract (needed to run the service). Removable when you delete your account. Shared with: Datamuse.
• Feasibility lookups — Candidate names submitted to public availability APIs: RDAP (domains), npm (packages), GitHub / Bluesky / Reddit (handles), iTunes (apps), Urban Dictionary (content). Per-source cache (7 days for domains, 1 day for handles).Stored on our server. Kept permanently. Cache entries are public availability results, not user-identifying data; they roll on per-source TTL. Legal basis: contract (needed to run the service). Removable when you delete your account. Shared with: Public feasibility lookup APIs.
• Trademark search links — Pre-constructed click-through URLs to USPTO, IP Australia, and EUIPO TMview trademark search forms. The user follows the link in their browser; our server does not call these registries.Stored by a third-party processor. Held briefly during the request and discarded. Legal basis: contract (needed to run the service). Removable when you delete your account. Shared with: Public trademark registries.
• Sound Check polls and votes — Sound Check polls you create, per-segment invite tokens, the pairwise A/B votes anonymous responders submit, and optional free-text comments. Voters are not identified; we record only invite token, choice, comment, and IP for rate-limiting.Stored on our server. Kept until you delete it. Legal basis: contract (needed to run the service). Removable when you delete your account.
• Push notifications — Web push subscriptions you opt into so Moniker can ping you when a Sound Check poll reaches 10, 25, or 50 responses. Stored in Lotl Push.Stored on our server. Kept until you delete it. Legal basis: consent. Removable when you delete your account. Shared with: Lotl Push.
• Usage telemetry — Page views, click events, AI operation counts, and crash reports sent to Lotl Observe so we can see what works and what breaks. Does not include the contents of your seeds, candidates, poll comments, or feasibility queries.Stored on our server. Kept permanently. Legal basis: legitimate interests. Not individually deletable. Shared with: Lotl Observe.
• Feedback messages — Messages you send via the in-app feedback form. Visible to Moniker maintainers only.Stored on our server. Kept until you delete it. Legal basis: contract (needed to run the service). Removable when you delete your account.
• Passes and billing — Active pass tier (trial, sprint, long-haul), activation and expiry timestamps, and purchase history. Purchases go through Lotl Pay (Stripe holds the card data).Stored on our server. Kept permanently. Purchase records are kept for tax and dispute-resolution reasons even after account deletion. Legal basis: contract (needed to run the service). Not individually deletable. Shared with: payment processor.

What we don't collect

We deliberately don't collect or store any of these:

• Voter identity: Sound Check votes are anonymous; we record only the per-segment invite token, vote choice, optional comment, and IP for rate-limiting
• No third-party analytics, ad networks, session replay, or tracking pixels

Third parties

These external services receive some of your data:

• Australian government open-data services — Click-through link to IP Australia trademark search (search.ipaustralia.gov.au)
• Datamuse — Word lookups (means-like, sounds-like, rhymes, triggers) for the seed explorer and depth panel
• DigitalOcean — server hosting for the Moniker service
• OpenAI gpt-4o-mini — AI candidate generation and poll-comment theme extraction (via Lotl AI)
• Public feasibility lookup APIs — Domain (RDAP), package (npm), handle (GitHub, Bluesky, Reddit), and content (iTunes, Urban Dictionary) availability checks
• Public trademark registries — Click-through trademark search links (USPTO, IP Australia, TMDN); we do not call these APIs from the server

Your rights

You can export everything we hold about you, and delete your account at any time. Both options live in your account settings. Deletion is immediate and unrecoverable.

Last updated: 2026-05-27.