Privacy Policy
Last updated: July 10, 2026
Introduction
This Privacy Policy describes how The Loan Reminder (theloanreminder.com) collects, uses, discloses, and protects personal information when you use our website and services. We are committed to handling personal information responsibly and in line with applicable privacy laws, including Canadian privacy legislation such as PIPEDA and Alberta's PIPA where they apply.
Who we are
The Loan Reminder helps people track items they lend and send reminders to borrowers. If you have questions about this policy or want to exercise your privacy rights, contact us through our contact page.
Information about borrowers and other contacts
An account holder may provide personal information about another person, such as a borrower's name, email address, item borrowed, expected return date, and reminder details. We receive this information from the account holder rather than directly from the borrower or other contact.
We use that information to:
- Maintain the account holder's lending records and photos.
- Send reminder and related service emails requested by the account holder.
- Operate public borrow links, return requests, and unsubscribe preferences.
- Prevent misuse, enforce our terms, and respond to privacy requests.
Borrowers and other reminder recipients do not need to create an account to receive service emails or use token-based borrow pages. Reminder emails include an unsubscribe link. Recipients may unsubscribe from reminders for a specific item or from all reminders sent through The Loan Reminder. Unsubscribe preferences are honoured for future sends, although the account holder's private lending record may still contain the contact information they entered.
If you received a reminder and want to know what information we hold about you, or if you want correction or deletion, contact us through our contact page. We may need to verify your identity before responding.
Information we collect
The information we collect depends on how you use The Loan Reminder. This may include:
- Account information: name, email address, and profile details. Authentication credentials are processed by Supabase Auth; we do not receive or store your plaintext password.
- Lending records: item names, descriptions, private notes, photos, dates, reminder settings, status, and counterparty name and email.
- Email and communication data: reminder and transactional email content, delivery status, bounce or complaint information, open events reported by our email provider, unsubscribe and suppression records, and messages you send through our contact form.
- Billing information: subscription status, Stripe customer and subscription identifiers, and billing-related metadata. Payment card details are collected by Stripe during checkout and are not stored in our database.
- Moderation data: automated moderation results and flags for item text and photos, including outputs returned by our moderation providers.
- Technical and security data: session identifiers, authentication events, browser type, device information, error diagnostics, service logs, a hashed version of IP address for public contact-form rate limiting, cookie consent records, and signals processed by Cloudflare Turnstile when you submit the contact form.
Uploaded photos are resized and converted for storage. We strip embedded photo metadata such as EXIF data during processing before storage.
How we use information
We use personal information to:
- Create, authenticate, and secure user accounts.
- Store lending records, photos, and related history.
- Schedule, send, and manage reminder and transactional emails.
- Record unsubscribe, bounce, and delivery-block preferences.
- Process subscriptions and prevent payment fraud.
- Detect prohibited, fraudulent, or abusive content through automated moderation and admin review.
- Operate public borrow and return-confirmation flows.
- Respond to support requests and contact-form submissions.
- Troubleshoot errors, monitor reliability, and improve the service.
- Enforce our terms, protect users and the public, and comply with legal obligations.
Optional browser-based error monitoring through Sentry is enabled only if you accept optional analytics cookies in . Server-side error logging may still occur when Sentry is enabled in our environment to keep the service secure and reliable.
Automated content moderation
To reduce abuse, we may automatically review item names, descriptions, and uploaded photos before they are shown on public borrow pages or included in counterparty-facing emails. Text may be sent to OpenAI and photos to Google Cloud Vision for safe-content analysis. Automated moderation may approve, flag, or reject content and can delay or block counterparty emails until review is complete. If you believe moderation affected your content in error, contact us through our contact page.
Reminder emails
Service reminders are sent because an account holder created or maintains a lending record and configured reminders. Borrower reminders identify The Loan Reminder and include an unsubscribe mechanism. We do not include advertising or promotional content in borrower reminder emails.
If a recipient unsubscribes, we record that preference and stop sending further reminders covered by that unsubscribe choice, subject to operational and legal limits. A global reminder unsubscribe applies across reminder emails sent through The Loan Reminder. Recipients may also opt out of all optional emails (reminders and product tips).
Product tip emails
After you create an account, we may send occasional personal product emails from the founder (for example a welcome note, a check-in if you have not recorded a loan yet, or a request for feedback). These are not advertising or third-party marketing. Each such email includes an unsubscribe mechanism. You can also manage these preferences in account settings.
Cookies and similar technologies
We use cookies and browser storage to operate the site, keep you signed in, remember optional sign-in preferences, and store your cookie choices. Optional analytics technologies are used only with your consent. You can change your choices at any time via .
Cloudflare Turnstile on our contact form may process browser and challenge signals even when it does not place a long-lived advertising cookie in your browser.
Some browsers send "Do Not Track" signals. Because there is no universally accepted standard for responding to those signals, our site does not currently respond to them. You can control optional technologies through Cookie Settings.
| Name / storage | Type | Purpose | Required? |
|---|---|---|---|
| sb-*-auth-token | First-party cookie | Keeps you signed in (Supabase session) | Yes |
| cc_cookie | First-party cookie | Stores your cookie consent choices | Yes |
| tlr-sign-in-email | localStorage | Remembers your email on sign-in when you opt in | No |
| Sentry diagnostics | Cookie and/or similar technologies when enabled | Optional error monitoring in your browser | No — only with your consent |
If you withdraw consent for optional analytics, we stop browser-based Sentry monitoring and attempt to clear related cookies where applicable.
Service providers
We use service providers to help us operate The Loan Reminder. They process personal information on our instructions for the purposes below, except where a provider must also process information under its own legal obligations.
| Provider | Information disclosed | Purpose |
|---|---|---|
| Supabase | Account information, lending records, photos, email preferences, contact submissions, and technical data needed to operate the service | Authentication, database, file storage, and hosting |
| Stripe | Billing email, subscription and customer identifiers, and payment status (card details are handled by Stripe, not stored in our database) | Checkout, subscriptions, billing support, and fraud prevention |
| Resend | Recipient and sender addresses, email subject and body content, delivery metadata, and open/click events when reported by the email provider | Transactional and reminder email delivery |
| OpenAI | Item names and descriptions submitted on lending records | Automated text content moderation |
| Google Cloud Vision | Uploaded item photos (image bytes for safe-search analysis) | Automated image content moderation |
| Sentry | Browser, device, page, and diagnostic information from signed-in users who accept optional analytics cookies; server-side errors and request diagnostics may also be logged when enabled | Error monitoring and service reliability |
| Cloudflare Turnstile | Challenge token and browser-environment signals processed by Cloudflare when you use our contact form | Spam and bot prevention |
International processing
We and our service providers may process or store personal information in Canada, the United States, and other countries where our providers operate. Information processed outside Canada may be subject to the laws of those jurisdictions and may be accessible to courts, law-enforcement agencies, or national security authorities in accordance with applicable law.
Where required, we use contractual and organizational safeguards designed to protect personal information processed by our service providers.
How we share information
We do not sell or rent personal information. We do not use personal information for cross-context behavioural advertising.
We may disclose personal information:
- To the service providers listed above.
- To another person when an account holder uses the service to send reminders or share borrow information with a counterparty.
- To professional advisers, insurers, or auditors where reasonably necessary.
- To comply with law, regulation, legal process, or lawful government request.
- To investigate fraud, abuse, security incidents, or threats to safety.
- In connection with a financing, merger, acquisition, reorganization, or sale of assets, subject to appropriate protections.
- With your direction or consent.
Data retention
We retain personal information only as long as reasonably necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.
- Active accounts and lending records: retained while your account is active and the record remains in use. When you remove a lending record from your dashboard, it is hidden from normal use but may remain in our production systems as a deactivated record tied to your account.
- Photos: approved photos removed from a record may be retained in storage for record history; non-approved uploads may be deleted from storage when removed.
- Email logs and preferences: retained as needed to prove delivery, honour unsubscribe and bounce blocks, troubleshoot issues, and prevent unwanted re-contact.
- Billing records: retained as needed for subscription management, tax, accounting, fraud prevention, and legal compliance.
- Contact submissions and support requests: retained as needed to respond and maintain an audit trail of communications.
- Backups and logs: may persist for a limited period in backup, security, or diagnostic systems before being overwritten according to our providers' retention practices.
If you close your account or request deletion, contact us. We will delete or anonymize information where appropriate, subject to legal, billing, fraud-prevention, security, and dispute resolution needs.
Security
We use reasonable administrative, technical, and physical safeguards designed to protect personal information. These may include access controls, encryption in transit, restricted administrative access, logging, backups, and service-provider security measures, as applicable. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Your choices and rights
Depending on your location and the nature of the request, you may have the right to:
- Access personal information we hold about you.
- Ask us to correct inaccurate information.
- Request deletion where applicable, subject to legal and operational limits.
- Withdraw consent where processing is based on consent, such as optional analytics cookies.
- Unsubscribe from reminder emails using the link in those messages.
- Manage optional cookies via .
To make a privacy request, contact us through our contact page. We may need to verify your identity before completing a request. If we cannot fully grant a request, we will explain why, subject to legal restrictions.
You may also have the right to challenge our decision or complain to a privacy regulator, such as the Office of the Information and Privacy Commissioner of Alberta or the Office of the Privacy Commissioner of Canada, depending on your circumstances.
Children
The Loan Reminder is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information contrary to this policy, contact us and we will investigate and delete the information where appropriate.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last updated" date. If changes materially affect how we collect, use, or disclose personal information, we will provide additional notice, such as an email or in-app notice, before the changes take effect where required or appropriate.