Privacy Policy
Last updated: May 21, 2026
Scope
This Privacy Policy applies to both the Lodveri web service (www.lodveri.com) and the Lodveri Figma plugin (Plugin ID: 1639345695665347506).
1. What we collect
When you use Lodveri, we collect the following data:
- Account information — your email address and authentication credentials, provided when you sign up or connect via OAuth (Google, GitHub).
- Figma file data — the Lodveri plugin only accesses your Figma file content (design tokens, component structures, frame nodes) when you explicitly invoke the plugin and initiate a sync or review action. No Figma data is read or transmitted in the background without your awareness.
- Design tokens and library snapshots — token names, values, and metadata that you sync from your Figma files. This data is stored on your behalf to power governance and documentation features.
- Audited frame data — Figma frame node structures submitted through the plugin for automated design review. This is processed transiently and cached for up to 15 minutes.
- Website audit observations — design properties and style values (colors, spacing, typography, border radius, shadows) captured from URLs you configure for auditing, used solely to compare against your design tokens.
- Usage metadata — basic request logs (IP address, user-agent, timestamps) retained for security monitoring and debugging.
2. How we use your data
- To provide the Lodveri service: token sync, governance scoring, library snapshots, and public documentation pages.
- To run design audits and generate adherence reports for your team.
- To send transactional emails (invitation emails, session notifications) using your email address.
- To detect and investigate security incidents via audit logs.
- We do not use your data to train AI models or sell it to third parties.
3. Third parties
We share data with the following sub-processors to operate the service:
- Supabase — database and authentication infrastructure. Your account and token data is stored in Supabase-hosted PostgreSQL.
- Vercel — application hosting. Requests transit Vercel's edge network.
- Anthropic — AI analysis. Audit finding descriptions are generated using the Claude API. No personally identifiable information is sent; only anonymized style data and token metadata.
- Resend — transactional email delivery (invitation emails). Only the recipient email address and email content are shared.
- Figma — the Lodveri plugin accesses your Figma file data on your behalf, subject to Figma's own privacy policy.
We do not sell, rent, or share your data with any other third parties.
4. Data retention
Your data is retained for as long as your account is active. Audit results and token snapshots are kept until you delete the project or request account deletion. Usage logs are retained for up to 90 days.
5. Your rights
Depending on your location, you may have the following rights over your personal data:
- Access — request a copy of the data we hold about you.
- Portability — receive your data in a structured, machine-readable format. You can also export your token data directly from your project settings at any time.
- Correction — request correction of inaccurate or incomplete data.
- Restriction — request that we limit processing of your data in certain circumstances.
- Deletion — request deletion of your account and all associated data. We will process your request within 30 days.
- Objection — object to processing based on legitimate interests.
To exercise any of these rights, contact us at privacy@lodveri.com.
6. Security
We take reasonable measures to protect your data:
- All data in transit is encrypted via HTTPS/TLS.
- Database access is protected by Supabase Row-Level Security (RLS) — each user can only access data belonging to their organization.
- Plugin sessions use opaque tokens; Figma credentials are never stored on our servers.
- Security-relevant events (logins, failures, session revocations) are logged and monitored.
7. Cookies and plugin storage
The Lodveri web service uses browser cookies exclusively for session authentication. No advertising or tracking cookies are used.
The Lodveri Figma plugin uses Figma's clientStorage API to cache session state locally on your device. No browser tracking cookies are used within the plugin.
8. International data transfers
Lodveri is operated from Colombia. Our infrastructure sub-processors (Supabase, Vercel) store and process data in the United States and European Union. By using Lodveri, you acknowledge that your data may be transferred to and processed in these regions.
9. Children
Lodveri is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, contact us at privacy@lodveri.com and we will delete it promptly.
10. Contact
For privacy-related inquiries, data deletion requests, or any questions about this policy, contact us at:
privacy@lodveri.com
Lodveri is operated by Jairo Burbano. This policy may be updated periodically. For material changes, we will notify active users by email before the changes take effect. The date at the top of this page reflects the most recent revision.