Last updated May 28, 2026
Privacy Policy
This Privacy Policy explains what information Liliths.art collects, how we use it, and the choices you have when you use the quiz, subscription checkout, registration flow, and account area.
1. Information we collect
We collect information you provide directly, including:
- name, email address, and account password;
- quiz responses and plan selection details;
- messages you send to support; and
- account activity related to registration and subscription status.
We also collect limited technical information such as IP address, browser type, device information, and basic usage logs.
2. Payment information
Payments are processed by Stripe-hosted Checkout. We do not store your full payment card number on our servers. Stripe provides us with limited payment and subscription data such as customer ID, session ID, subscription status, and payment outcome.
3. How we use your information
We use personal information to:
- generate your quiz results and personalized plan experience;
- create and manage your account;
- process subscriptions, renewals, cancellations, and refund requests;
- provide customer support and respond to questions;
- protect the service against fraud, abuse, and security incidents; and
- improve the reliability, performance, and usability of Liliths.art.
4. Legal bases and disclosures
We process information to perform our contract with you, to comply with legal obligations, and to pursue legitimate interests such as security, fraud prevention, product improvement, and support operations.
We may share data with trusted service providers that help us run Liliths.art, including:
- payment processors such as Stripe;
- hosting, infrastructure, and database providers;
- email and support tools; and
- professional advisers or authorities where required by law.
5. Marketing measurement and advertising data
We measure the effectiveness of advertising that drives users to Liliths.art so we can understand what works and decide where to invest. Conversion + product-engagement events flow through our self-hosted Server-side Tag Manager at sgtm.liliths.art, which forwards securely-hashed copies of identity data to our advertising partners (currently Meta and Google).
What we collect on landing-page visits, during checkout, and during product use:
- advertising click identifiers when present in the URL we receive (e.g.
fbclid,gclid,ttclid); - first-party cookies set by us, including the Meta-spec
_fbp/_fbcidentifiers and our own_lai_*click-id snapshots; - the URL you landed on and the referring website (if your browser sent one);
- your IP address, user-agent, and country (derived from IP at our edge);
- irreversibly hashed (sha256) copies of your email address (and phone number, if we ever collect one); and
- anonymised product-interaction events (page views, character card clicks, paywall views, menu navigation, plan selection) — these never include your messages, generated images, or account contents.
To collect browser-side product-interaction events we load Google Tag Manager (container GTM-MN36XGC5) on the site. The Tag Manager script is the only third-party JavaScript loaded for marketing purposes — it forwards events to our own Server-side Tag Manager, which fans out to ad platforms server-to-server. We do NOT load Meta Pixel, GA4 client tags, or Microsoft Clarity directly in the page for advertising. (We do use PostHog for product analytics — a separate tool, used only with your opt-in consent — described in section 6 below.)
What gets forwarded to Meta (Conversions API) and Google (Ads + GA4): the hashed identifiers above, the click-id and Meta browser-cookie values, your IP and user-agent, and the event itself (page view, lead capture, checkout start, purchase, subscription, renewal, refund, product clicks). We never forward the contents of your messages, your generated images, or any private account data.
We retain advertising-measurement data for as long as needed to support attribution and troubleshooting. You can request deletion of your marketing-related data at any time by contacting support; deletion of your account also clears the user-identifying portion of this data.
6. Product analytics
We use PostHog to understand how people use the product — which screens they visit, where they get stuck, and how features perform. This is separate from the advertising measurement in section 5: a different tool, a different data flow, and it is never shared with advertising partners.
PostHog records your product sessions — including page content, the actions you take, and session replays of your screen, which can include the content of your chats and your generated images. This is on by default. You can turn it off at any time from your account settings, which stops all further capture. We identify these sessions by an internal account identifier only — never your email, name, or phone number — and we do not capture payment card numbers. This analytics data is processed in the European Union.
7. Data retention
We keep information for as long as needed to provide the service, maintain your account, honor transactions, resolve disputes, enforce agreements, and comply with legal obligations.
When data is no longer required, we delete it or de-identify it within a reasonable period, unless a longer retention period is required by law.
8. Security
We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. No system is perfectly secure, so we cannot guarantee absolute security.
9. Your choices and rights
You may request access to, correction of, or deletion of your personal information by contacting [email protected].
If you want to close your account or request data deletion, contact support from the email address associated with the account so we can verify your request.
10. Children's privacy
Liliths.art is not intended for children under 18, and we do not knowingly collect personal information from children under 18.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will post the revised version here and update the “Last updated” date above.