LolliPOP← Home

Privacy Policy

Last updated: April 27, 2026

The short version

Lollipop is a video-email tool. We collect only what we need to deliver your videos, run your account, and improve the product. We never sell your data, never run third-party ad tracking inside the app, and you can delete everything any time at Account → Billing → Delete.

1. What we collect

  • Account info: email address, password (hashed), name, company, phone (optional), profile photo (optional).
  • Content you create: video recordings, thumbnails, captions, music selections, custom branding, contact lists you upload.
  • Usage data: what videos you sent, who viewed them, when, watch duration, replies — used to power your analytics dashboard.
  • Billing info: handled entirely by Stripe. We never see or store full credit-card numbers — only Stripe customer IDs and last-4 digits.

2. How we use it

  • To deliver the videos you record to the recipients you choose (via email or SMS).
  • To show you accurate analytics about who watched, replied, or clicked.
  • To bill you for the plan you selected.
  • To support you when you contact us at hello@thelollipopapp.com.
  • To improve the product (aggregate, de-identified usage trends only).

3. Outlook Add-in specifics

When you install the Lollipop Outlook Add-in, Microsoft Outlook gives Lollipop limited permission to read and write the body of the email message you are currently composing — only while you're using the add-in pane. We use this strictly to insert the video thumbnail + tracked link into your email. We do not read other emails, your calendar, your contacts, or any mailbox folders. The same authentication credentials you use at thelollipopapp.com apply inside Outlook — your password never leaves Microsoft's secure sign-in flow.

4. Who we share data with

Only the third-party services we need to run Lollipop, listed here so you know who's involved:

  • Stripe — payment processing.
  • Resend — email delivery.
  • Twilio — SMS delivery (only if you send via SMS).
  • OpenAI — automatic captions (Whisper). Audio is sent for transcription, not stored by OpenAI under our zero-retention agreement.
  • MongoDB Atlas / cloud hosting providers — secure storage of your account + content.

We never sell, rent, or trade your personal data with anyone.

5. Data retention

We keep your account data and your videos for as long as your account is active. If you cancel, we keep things for 30 days (so you can re-activate easily) and then delete them unless you've requested otherwise. You can delete your account at any time fromAccount → Billing.

6. Your rights (GDPR / CCPA)

You can request access to, correction of, or deletion of your data at any time by emailinghello@thelollipopapp.com. We respond within 30 days.

7. Security

All traffic to Lollipop is over HTTPS/TLS 1.2+. Passwords are hashed with bcrypt. Sessions use signed JSON Web Tokens. Backups are encrypted at rest. Only authorized engineers can access production data, and access is audited.

8. Cookies

We use essential cookies (your sign-in session) and basic functional cookies (UI preferences). We don't run third-party advertising or tracking pixels inside the authenticated app.

9. Children

Lollipop is not intended for users under 16. If you believe a minor has created an account, email us and we'll delete it.

10. Changes to this policy

If we materially change this policy, we'll email you and post a notice in-app at least 14 days before the change takes effect. The "Last updated" date at the top will reflect the most recent revision.

11. Contact

Lollipop, c/o Anthony Valentino
Email: hello@thelollipopapp.com
Web: thelollipopapp.com