Privacy Policy
Last updated: 14 June 2026
This Privacy Policy explains how Platter ("we", "us") collects, uses, and protects your personal data when you use the Platter app and website (the "Service"). Platter is a product operated by Lumetri Media Solutions LTD, a private limited company registered in Cyprus with the Department of the Registrar of Companies (company registration number HE 458548), registered address Gladstonos 1, Panayioteio Megaro, Floor 2, Office 205, 6023 Larnaca, Cyprus. Lumetri Media Solutions LTD is the data controller for the processing described here. You can reach us about privacy matters at bolinger@lumetri-media.com. We follow the EU General Data Protection Regulation (GDPR).
1. Data we process
| Category | Examples | Why |
|---|---|---|
| Account | Email, name, hashed password or Google sign-in identifier | Create and secure your account |
| Licence & billing | Plan, licence key, trial dates, Stripe customer/subscription IDs | Provide and manage your purchase |
| Devices | Device name, platform, last-seen time | Show your registered devices |
| Drive catalogue (Pro sync) | File/folder names, paths, sizes, types — metadata, not file contents | Offline search and cross-device access you opt into |
| AI context | Relevant catalogue metadata sent when you use AI features | Generate organisation suggestions |
| Technical | Basic logs needed to run the Service securely | Security, debugging, abuse prevention |
By default, your drive catalogue stays on your Mac. It is only uploaded to our backend if you enable Pro cloud sync. We do not read or upload the contents of your files.
2. Legal bases
We process data to perform our contract with you (providing the Service and your licence), to comply with legal obligations (e.g. tax/accounting for payments), and on the basis of our legitimate interests (security and improving the Service) — balanced against your rights. Where required, we rely on your consent (e.g. enabling cloud sync or AI features).
3. Processors we use
- Supabase — authentication, database and storage hosting.
- Stripe — payment processing. Stripe receives the payment data needed to complete your purchase; we receive only identifiers and status, not full card numbers.
- Netlify — website hosting.
- Anthropic — the AI provider that powers AI features, receiving the context needed to answer your request.
- Google — only if you choose "Sign in with Google".
These providers act as our processors (or independent controllers, for payments) under appropriate agreements. Some may process data outside the EU/EEA under suitable safeguards such as Standard Contractual Clauses.
4. Retention
We keep account and licence data for as long as your account exists and as required for legal/accounting purposes. You can delete your account, after which we delete or anonymise personal data except where retention is legally required.
5. Your rights
Under the GDPR you may request access, rectification, erasure, restriction, portability, and object to certain processing. You may withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority. To exercise any right, contact us below.
6. Security
We protect data with encryption in transit, row-level access controls so users can only access their own records, server-side secrets that are never shipped in the app, and signed, time-limited download links. No system is perfectly secure, but we take reasonable measures appropriate to the risk.
7. Children
The Service is not directed to children under 16, and we do not knowingly collect their data.
8. Changes & contact
We may update this Policy and will notify you of material changes. For privacy questions or requests, contact bolinger@lumetri-media.com.