Fove

Privacy

Privacy Policy

Last updated: 16 June 2026

1. Controller

The controller responsible for processing personal data on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:

Fabian Kleiser
Schillerstr. 6/5
71154 Nufringen
Germany
Email: privacy@fove.design

2. Scope

This privacy policy applies to the websites and services operated under fove.design, including the gradient editor, content pages, optional user accounts, and saved gradient collections. Terms such as "personal data", "processing", "controller", and "processor" have the meaning set out in Art. 4 GDPR.

You can use the public editor, gradient pages, palette pages, blog, and guide content without creating an account. Creating an account is optional and is currently used to save gradients and collections.

3. Hosting and application infrastructure

Fove is hosted and operated on Lovable Cloud, provided by Lovable Labs Incorporated ("Lovable"). Lovable processes technical hosting, deployment, database, authentication, storage, log, and security data on our behalf so that the website and account features can be delivered. Legal basis: Art. 6(1)(f) GDPR for operating a stable and secure website and Art. 6(1)(b) GDPR where processing is necessary to provide account features requested by you.

According to Lovable's public trust materials, customer applications and databases are hosted in the EU by default. Lovable lists Supabase as a subprocessor for customer databases and user authentication data, with EU processing by default. Lovable is our direct processor; Supabase and other infrastructure providers are subprocessors used by Lovable.

4. Server log files

The hosting infrastructure may automatically process server log data, including IP address, request URL, referrer, browser and device information, timestamps, and security or error events. This data is used for delivery, troubleshooting, abuse prevention, and security. Legal basis: Art. 6(1)(f) GDPR.

5. Error monitoring with Sentry

We use Sentry, an application monitoring service provided by Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA, to detect, diagnose, and fix technical errors in Fove.

When an error occurs, Sentry may receive technical diagnostic data such as the error message, stack trace, browser and device information, operating system, app version or build environment, request URL, timestamp, and IP address. We configure Sentry without session replay, profiling, behavioral analytics, default user information, or HTTP request bodies. We also remove cookies, request headers, request bodies, and user objects from Sentry events before they are sent.

Purpose and legal basis: maintaining security, reliability, and troubleshooting of the website under Art. 6(1)(f) GDPR. Sentry acts as our processor. Transfers to the United States may be based on Sentry's Data Privacy Framework certification and, where applicable, the EU Standard Contractual Clauses.

6. Optional accounts and saved collections

If you create an optional Fove account, we process account and profile data such as your email address, authentication identifiers, optional display name, avatar URL if provided by an OAuth provider, session data, and timestamps. If you save gradients, we process collection names, collection descriptions, gradient names, gradient settings, ownership and membership information, and related timestamps.

Purposes are account creation, sign-in, access control, saving and managing gradients and collections, preventing misuse, and providing support. Legal basis: Art. 6(1)(b) GDPR for account features and Art. 6(1)(f) GDPR for security, troubleshooting, and abuse prevention.

Account authentication and saved data are stored through Lovable Cloud infrastructure. Supabase is used by Lovable as an infrastructure subprocessor for customer databases and authentication data. If you sign in with Google, Google also processes the authentication data required for OAuth login under Google's own terms and privacy notices.

7. Local browser storage

Fove stores some information locally in your browser so the app works smoothly without requiring an account. This includes cookie-consent preferences, custom palettes saved locally, and authentication session data if you sign in. Local browser storage is necessary for requested functionality or consent management. Legal basis: Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR, and, where required, your consent.

8. Cookies and consent

We use cookies and similar technologies only where strictly necessary or where you have given consent. For non-essential technologies, including analytics, we ask for explicit, prior, informed consent through a cookie banner using Google Consent Mode v2. Until you consent, no analytics cookies are set and no data is sent to analytics providers.

Necessary technologies include local storage for consent choices and product functionality, authentication session storage when you sign in, and privacy-minimized error monitoring for security and reliability. These are not used for advertising or behavioral profiling.

You can change or withdraw your decision at any time: .

9. Google Analytics 4

Subject to your consent, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Purposes

Reach measurement, usage statistics, and improvement of our website.

Legal basis

Art. 6(1)(a) GDPR and, where applicable, § 25(1) TDDDG (consent). You may withdraw your consent at any time with effect for the future.

Data processed

  • Truncated or anonymized IP address (anonymize_ip enabled)
  • Device, browser, screen, language, and approximate location
  • Pages visited, referrer, interactions, and session duration
  • Pseudonymous client identifier stored in cookies after consent

Configuration

  • Measurement ID: G-FH44E2GP3R
  • IP anonymization: enabled
  • Google Signals: disabled
  • Ad personalization signals: disabled
  • Consent Mode v2 in strict mode (denied by default)

Transfers to third countries

Google may process data in the United States. Transfers may be based on the EU Standard Contractual Clauses and Google's certification under the EU-US Data Privacy Framework. Despite these safeguards, public authorities in third countries may, under certain conditions, gain access to such data.

Withdrawal and opt-out

10. Processors and subprocessors

We use processors where necessary to operate Fove. The key processor for hosting and account infrastructure is Lovable. Lovable's public trust center lists its own subprocessors, including Supabase for customer databases and authentication, Google Cloud Platform for customer applications and databases, Cloudflare for edge routing, DNS and Workers, and other operational providers. Sentry is used directly for error monitoring and diagnostics. We do not list every transitive Lovable or Sentry subprocessor as our direct provider because our contractual relationship is with the respective direct processor. We do identify Supabase here because it is material to Fove's account and database features.

11. Retention

We keep personal data only for as long as necessary for the purposes described above. Account and saved-collection data is retained while your account exists or until deletion is requested, subject to technical backup cycles and legal retention obligations. Log data is retained for operational and security purposes for a limited period determined by our infrastructure providers. Error-monitoring events are retained only as long as needed for diagnosis, security, and service improvement.

12. Your rights as a data subject

You have the following rights under the GDPR:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR)

To exercise these rights, contact us at privacy@fove.design.

13. Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR). The supervisory authority competent for the controller is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany

14. Contact

For questions about this privacy policy or the processing of your personal data, contact privacy@fove.design.

Back to home