Privacy Policy
Effective 30 May 2026 · v1
Most privacy policies are written in language that makes it impossible to know what is actually happening with your data. LORE's is written so you can read it once, in five minutes, and walk away understanding what we collect, why, who sees it, and what you can ask us to do about it.
1. Who This Covers
This Privacy Policy describes how LORE LLC handles personal information when you visit loreinc.global, purchase a LORE product or the Operator OS subscription through our Stripe checkout, or email us at mark@loreinc.global.
It does not cover how you operate your own copy of a LORE product — including the Operator OS, which is self-install — against your own customers' data. When you install a LORE product on your own infrastructure, you are the data controller for the data flowing through it. LORE is the tool vendor, not the data controller, and LORE does not host, log in to, or process the data in your installation.
2. What We Collect
LORE collects only what we need to operate the business honestly. We do not sell, rent, trade, or monetize personal data to third parties. Period.
Website visits — basic web analytics (page visited, referrer, approximate location from IP, browser type) using minimal first-party tooling. No third-party tracking pixels.
UTM attribution — when you arrive at LORE from a tagged link (a cold email, a partner placement, a social post), the link may carry standard utm_source, utm_medium, utm_campaign, utm_content, and utm_term parameters. We capture those values, store them in your browser's own localStorage with a 30-day expiration, and if you choose to buy, we append a client_reference_id to your Stripe checkout URL so we can attribute the sale to the channel that brought you. The values never leave your browser until you take a buy action, and they never reach any party outside Stripe and LORE. We do not load third-party trackers, fingerprint your device, or follow you across other websites.
Purchases — Stripe collects your name, billing address, email, and payment method (handled and stored by Stripe; LORE never receives or stores your card details). LORE receives from Stripe: name, email, billing address, product, amount, the Stripe charge identifier, and (when present) the UTM-derived client_reference_id from the link you arrived through.
Email — when you contact us, we receive your email address and the contents of your message.
Operator OS subscription — the same purchase data as any product (name, email, billing address, amount, Stripe charge identifier). Because the Operator OS is self-install and runs on infrastructure you own, LORE does not receive or process the operational data flowing through your installation.
3. Why We Collect It
To deliver the product you bought, to support you, to run the business honestly (tax filings, banking, reasonable audit), to improve the product (aggregate, anonymous patterns — never individual profiling), and to prevent fraud and abuse. That is the complete list.
4. Who Sees Your Data
A small, named list of trusted vendors handles parts of the operation. Each is contractually bound to handle data only as needed:
- Stripe — payments.
- Cloudflare — DNS and edge networking.
- Netlify — website hosting.
- Resend — transactional email delivery.
- Google Workspace — hosts mark@loreinc.global.
- DigitalOcean — infrastructure for LORE's internal automation.
- Anthropic — the AI system the LORE Hive runs on (we provide only the minimum data required for a given task).
LORE may share information when legally required, when necessary to protect rights or prevent serious harm, or as part of a business transition (with prior notice to existing customers). We do not sell or rent your personal information.
5. How Long We Keep It
Sales records: 7 years (standard U.S. tax record-keeping). Email correspondence: indefinitely unless you ask us to delete. Web analytics: aggregate within 90 days. Because LORE products — including the Operator OS — run on your own infrastructure, LORE holds none of your installation's operational data to retain.
6. How We Protect It
Payments by Stripe's PCI-DSS Level 1 infrastructure (LORE never sees card numbers). Email and documents by Google Workspace with mandatory 2FA. Infrastructure by SSH-key-only access, rotated credentials, and Cloudflare in front of every public endpoint. Production monitored continuously by LORE's Watchman.
If we ever experience a breach affecting your personal data, we will notify you promptly — within 72 hours of confirmed discovery — with a plain-language description of what happened, what data was exposed, what we are doing, and what you should do.
7. Your Rights
You have the right to access what we hold, correct anything wrong, delete data we are not legally required to keep, request portability, object to non-mandatory uses, and withdraw consent at any time. We honor these by policy everywhere, not just where the local law strictly requires it.
To exercise any right, email mark@loreinc.global. We will not require a form, charge you, or make you justify the request.
8. California Residents (CCPA / CPRA)
California residents have specific additional rights: to know what we have collected and shared, to delete, to correct, to opt out of sale or sharing (LORE does not sell or share for cross-context behavioral advertising — nothing to opt out of, but the right is recognized), to limit use of sensitive information, and to non-discrimination. We will not deny service, charge a different price, or provide a different level of quality because you exercised a CCPA right.
9. European, UK, and Swiss Residents (GDPR / UK GDPR)
Our legal bases are contract performance, legitimate interests, legal obligation, and consent (for anything outside those). You have the rights above plus the right to lodge a complaint with your local data protection authority. We rely on the EU-U.S. Data Privacy Framework, UK Extension where applicable, and Standard Contractual Clauses for international transfers.
10. CAN-SPAM
Every commercial email LORE sends identifies itself accurately, provides a valid physical postal address, contains a clear unsubscribe option, and honors unsubscribe requests promptly (we do same-day; CAN-SPAM allows ten business days). Transactional emails (receipts, product delivery, support replies) are not commercial email and do not carry unsubscribe links.
11. Children's Privacy
LORE's products are sold to businesses and business operators. We do not knowingly collect personal information from children under 13 (or, in the EEA and UK, under 16). If you believe a child has provided us information, write to mark@loreinc.global and we will delete it promptly.
12. Cookies
The LORE website uses strictly necessary cookies to make the site work. No third-party advertising cookies, retargeting pixels, or cross-site tracking. If we ever add a non-essential cookie, we will update this Policy, display a consent banner on first visit, and honor "decline" without functional penalty.
13. Automated Decision-Making
LORE uses AI extensively to operate the business. We do not make decisions that have a legal or similarly significant effect on individuals purely through automated means without human oversight. If you want a human to review an automated decision, write to mark@loreinc.global.
14. Changes
When we update this Policy, we update the "Effective" date, publish at the same URL, and notify customers of material changes by email. Continued use after the effective date constitutes acceptance for forward-looking processing.
15. Contact
LORE LLC · 30 N Gould Street, Suite N, Sheridan, WY 82801 · EIN 42–2306789