GDPR Notice

CLOVERA GDPR NOTICE
Last updated: May 17, 2026
Contact: kitteniverseclovera@gmail.com

1. Applicability
This section is intended to support Clovera's privacy disclosures for users in the European Economic Area and similar jurisdictions.

2. Controller
For purposes of applicable data protection law, Clovera acts as the controller of personal data processed in connection with the service.

3. Lawful Bases
Clovera may rely on contract necessity, legitimate interests, consent, and legal obligations, depending on the processing involved.

4. Login IP Logging — Processing Details (GDPR Article 13/14 Notice)
Each successful login event causes Clovera to record a one-way SHA-256 hash of the connecting IP address together with the associated user account identifier and the login timestamp.

The following information is provided in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR):

  (a) Data processed: A SHA-256 cryptographic digest (hash) of the user's IP address, the associated user account identifier, and the date and time of the login. The raw IP address is not stored.

  (b) Purpose and legal basis: The purpose of this processing is to support account security, detection of unauthorized or suspicious access, abuse prevention, and enforcement of platform rules. The legal basis is legitimate interests (Article 6(1)(f) GDPR). Clovera has assessed that users have a reasonable expectation that login activity is monitored for security, and that this processing does not override users' fundamental rights given the pseudonymous nature of the data (hashed IP, no raw address).

  (c) Retention: Login records are retained for as long as reasonably necessary for the security and enforcement purposes described above and are deleted upon account deletion.

  (d) No automated profiling: This processing does not involve automated decision-making or profiling within the meaning of Article 22 GDPR.

  (e) No third-party disclosure: Login records are not shared with, disclosed to, or accessible by any third party except where required by law or necessary to investigate a serious safety or legal matter.

  (f) Security: The IP hash is derived using a cryptographically secure one-way function, making reconstruction of the original IP address computationally infeasible.

  (g) Right to object: Users have the right to object to processing based on legitimate interests under Article 21 GDPR. Objection requests may be sent to kitteniverseclovera@gmail.com. Clovera may decline to cease processing where it can demonstrate compelling legitimate grounds, such as ongoing security investigations.

5. IP-Based Persistent Session — Processing Details (GDPR Article 13/14 Notice)
Clovera offers users an optional "Keep me signed in on this network" feature. When a user explicitly opts in to this feature at the time of login, Clovera processes a one-way SHA-256 hash of the user's IP address for the purpose of restoring the authenticated session on subsequent visits from the same network, without requiring the user to re-enter credentials.

The following information is provided in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR):

  (a) Data processed: A SHA-256 cryptographic digest (hash) of the user's IP address and the associated user account identifier. The raw IP address is not stored.

  (b) Purpose and legal basis: The sole purpose of this processing is session continuity at the user's explicit request. The legal basis is consent (Article 6(1)(a) GDPR), expressed through the voluntary selection of the "Keep me signed in on this network" option. Users who do not select this option are not subject to this processing.

  (c) Retention: The IP hash and associated session record are retained indefinitely for as long as the user account exists and the user has not explicitly logged out from that network. Upon logout, the token bound to that IP address is immediately and permanently deleted. Tokens are also removed upon account deletion.

  (d) Right to withdraw consent: Users may withdraw consent at any time by logging out. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

  (e) No automated profiling: This processing does not involve automated decision-making or profiling within the meaning of Article 22 GDPR.

  (f) No third-party disclosure: The hashed IP address and session token are not shared with, disclosed to, or accessible by any third party.

  (g) Security: The IP hash is derived using a cryptographically secure one-way function, making reconstruction of the original IP address computationally infeasible.

6. Rights
Subject to applicable law, users may request access, correction, deletion, restriction, objection, or portability. Users may also lodge a complaint with a competent supervisory authority.

7. Contact
Data protection requests may be sent to kitteniverseclovera@gmail.com.

8. Limits
Some rights are subject to exceptions, including where retention is necessary for security, fraud prevention, legal compliance, defense of legal claims, or protection of other users.