Privacy.

Photos are uploaded to a short-lived buffer on our cloud storage provider. The image is sent to our AI partner for vibe classification, then deleted from our buffer immediately after analysis completes. We do not train models on your photos.

If you choose to save your decode, the photo is re-uploaded to a persistent blob URL so the resulting /d/[slug]page can render. Saves default to public (visible on the LARP feed and at the public URL). You can keep a save private from the publish modal, in which case the page is unlisted — anyone with the link can see it, but it's not in the feed or sitemap. Persistent blobs are deleted when you delete your account or remove the save.

The decoded result is held in your browser's sessionStorage so you can reload without re-running the analysis. It is not stored on our servers and is cleared when you close the tab.

Photos sent to our AI partner are processed under their contractual no-training policy for API requests.

Every photo goes through an automated content-safety check before we run vibe analysis. The check refuses to process photos that contain: sexual or nude content, graphic violence or gore, hate symbols or extremist imagery, identifiable children that could be sexualized or exploited, or content that is clearly not a fashion photo (memes, screenshots, plain text, unrelated subjects). When a photo is refused, you receive a generic error and nothing about the upload is retained beyond the short-lived buffer described above.

If you opt to publish a save to the public feed, the photo is screened a second time by an automated safety pass before it becomes publicly visible. Borderline results are published but flagged for human review; clearly unsafe results are kept as a private, unlisted page only you can reach by URL.

After publishing, public decodes can be reported by anyone using the report menu on the page. Reports feed an internal queue; three independent reports auto-hide the decode pending human review. Owners can also flip a published decode back to private at any time from the decode's page.

Accounts are optional. You can use larp anonymously — decode fits, share decoded URLs, scroll vibes — without ever signing in. If you choose to sign in, we use Google OAuth and store only the fields Google returns to us: your name, email address, and profile image URL. We do not request or store any other Google data.

Signed-in state lives in an httpOnly, secure-in-production session cookie. Internal administrative tools are gated by a separate cookie that is never set on user browsers. We also set a larp_anon_idcookie on your first visit — a 365-day httpOnly, signed random identifier used to attribute likes, personal saves, and reports before you sign in (so your activity isn't lost between sessions and so duplicate likes/reports can't be inflated). It carries no personal data and is never shared with third parties. If you sign in, the activity tied to your larp_anon_idis merged into your account and the cookie continues to identify you anonymously across devices that haven't signed in. We also set an lrp_sididentifier cookie when you submit a content report — this is so duplicate reports from the same browser don't inflate the auto-hide threshold. It carries no personal data; it's a random opaque value tied only to reports you've filed. No tracking cookies, no third-party advertising pixels.

What we associate with your account: vibes you save (the named vibe, no payment data) and decoded fits you save (linked by their public slug). You can delete your account at any time from the /profile page — the wipe is immediate and removes your user row, OAuth account link, saved vibes, and decoded-link associations. Decoded fits you opted to make public stay live at their /d/[slug] URL after the wipe; the link to your account is severed but the shareable page itself remains so any URLs already shared keep working.

We use cookieless analytics to count visits and measure page performance. The tools we rely on do not collect personally-identifying information; they aggregate anonymous traffic patterns and Core Web Vitals timings.

Some shop links on larp may pass through an affiliate network, which means we may earn a commission if you purchase something via one of our links. The price you pay is unaffected. Whether a link is wrapped does not influence the products we surface — the taxonomy is editorial, not pay-for-placement.

Our hosting provider keeps short-lived request logs for operational purposes (debugging, abuse mitigation). These include IP address, request path, and a user-agent string. We do not export them, build profiles from them, or share them.

larp shares limited data with a small set of third-party processors strictly to run the service. We disclose categories here in lieu of vendor identities; a more granular processor register is maintained internally and is available on reasonable request to data subjects exercising their rights under applicable law.

• AI partner — receives the photo for vibe classification and the content-safety check, under a contractual no-training policy for API requests.
• Cloud hosting + storage provider — hosts the site, stores uploaded photos (short-lived buffer + a permanent path for saves), and runs request logs and analytics.
• Managed database provider — hosts the database that stores accounts, saves, and decoded payloads.
• Search-API partner — used to find product alternatives. Receives item names + vibe context, not your photo.
• Affiliate redirector (where configured) — used on outbound shop links. Sees the click event and the destination URL.
• OAuth identity provider — handles sign-in. Sees the sign-in event and returns your name, email, and profile image to us.

We do not sell your personal data. We do not share it with anyone outside the categories above.

Wherever you are, you can:

• Delete your account from /profile. The wipe is immediate and removes your user row, OAuth account link, saved vibes, and decoded-link associations.
• Make a saved decode private from its /d/[slug] page (owner-only control).
• Request a takedown of a public decode that depicts you without consent — write to abuse@uselarp.com.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you also have rights of access, correction, erasure, restriction, portability, and objection under the GDPR. If you are in California, you have rights of access, deletion, correction, and the right to opt out of certain sharing under the CCPA. We don't sell personal information and do not engage in cross-context behavioural advertising. To exercise any of these rights, write to founders@uselarp.com with enough detail for us to identify the records you mean. We will respond within the timeframe your local law requires (30 days for GDPR, 45 days for CCPA, sooner if practical).

larp is operated from the United States and our service providers run primarily in the United States. If you use the service from outside the US, your information will be transferred to and processed in the US under the standard terms of the providers listed above.

larp is not directed at children under 13 and we don't knowingly collect data from them. Account creation requires you to be at least 13 in the United States and at least 16 in the European Economic Area, the United Kingdom, or Switzerland. If you believe a child has used the service or provided us data, write to founders@uselarp.com and we will delete it.

If we change how the system handles your data, we'll update the date at the top of this page. Material changes will be called out in the product surface, not buried here.

Questions, takedown requests, or anything else: founders@uselarp.com.