Privacy Policy
Looking Forward To (lookingforwardto.com, short link lf.to) is a public catalog of upcoming releases with optional accounts, reminders, public sharing, comments, and premium memberships. This page explains the data that passes through our servers and how we handle it.
1. Who we are
The Service is operated by Slowdown Digital LLC (“we”, “us”). You can reach us at [email protected].
2. What we collect
If you create an account, we collect the details needed to provide it:
- Your name, username, email address, verification status, and hashed password when using email signup
- Google or Apple account identifiers and basic profile information if you choose third-party sign-in
- The events you follow, onboarding choices, custom countdowns, ordering, notes, preferences, lists, comments, reactions, reports, blocks, and public profile settings saved to your account
- Session tokens used to keep you signed in
- Notification preferences and Apple Push Notification service tokens if you enable iOS notifications
- Images you choose to upload for profiles, shared countdowns, or events
- Apple App Store transaction identifiers, product IDs, status, expiration, refund, and revocation data used to unlock paid memberships
Premium memberships purchased in the iOS app are processed by Apple In-App Purchase. We do not receive your full payment card details from Apple. If you buy a web membership, payment is processed by Stripe and we store only the customer, subscription, plan, and limited payment-method details needed to manage the membership.
The iOS app may also store followed-event summaries and premium status on your device and in the app group shared with Looking Forward To widgets so Home Screen and Lock Screen widgets can render without opening the app. That local widget data stays on your device unless it is already part of your account data.
We do not collect your contacts, calendar contents, health data, precise GPS location, microphone data, or full payment card number. The app may ask for photo-library access only so you can choose an image to upload or save a generated sharing image.
3. What stays in your browser
You can still use some personal features without an account. Browser-only follows, local countdowns, and display preferences are powered by your browser's localStorage until you publish or save them to an account.
lft_follows— the IDs of events you've followedlft_countdowns— countdowns you've created locallylft_prefs— display preferences (countdown format, hidden categories, etc.)
You can wipe all of this at any time by clearing site data for lookingforwardto.com in your browser settings, or by using the Clear local data action in the My List page.
4. What reaches our servers
a) Standard request logs
Like every website, our servers and our CDN (Cloudflare) record the technical metadata your browser sends with each request: IP address, user agent, requested URL, referrer, timestamp, and HTTP status. We use this for security, abuse prevention, error monitoring, and capacity planning. Logs are retained for up to 30 days and then deleted.
b) “Follow” popularity signal
When you follow or unfollow a public event on a device, your browser tells our API to increment or decrement that event's public popularity counter. The request is anonymous: no identifier links one boost to another, and we do not store who pressed the button. We rate-limit these requests by IP.
c) Shared countdowns, account lists & public profiles (opt-in)
If you choose to create a shareable link, make your profile public, or save public list items to your account, you publish that item to our database so anyone with the link can view it. We store:
- The title, description, target date, link, category, and image you provided
- An 8-character random share ID or a public username URL such as
lf.to/<username> - A hashed, truncated form of the IP address that created the item, used only for rate-limiting and abuse prevention; it cannot be reversed back to your IP
- The creation timestamp
Shared local items may expire automatically. Account lists remain available until you delete the item, make it private, delete your account, or ask us to remove it.
d) Public comments and discussions
If you post a comment on an event page, the comment text and display name you provide are public. We also store hashed browser, IP address, and user-agent signals for rate limiting, spam prevention, reaction deduplication, report handling, blocking, and moderation. These hashes are not shown publicly and are not used for advertising or cross-site tracking.
e) Premium memberships
When you buy or restore an iOS membership, Apple sends us signed transaction data so we can verify the purchase and unlock premium features on your account. We store Apple transaction identifiers, product IDs, account tokens, environment, status, expiration dates for renewable subscriptions, and refund or revocation signals. Lifetime App Store purchases do not have a renewal date.
f) Notifications
If you opt in to iOS push notifications, we store your device push token, notification preferences, and recent notification metadata so reminders and release-date updates can be delivered and managed.
g) Image uploads (optional)
If you upload an image for a profile, shared countdown, or event, the file is stored on DigitalOcean Spaces (S3-compatible storage) and served through their CDN. Public images may be visible to other users if attached to public content. Images attached only to private account content are used to provide that account feature.
h) Third-party sign-in
If you choose Sign in with Apple or Google Sign-In, Apple or Google processes the sign-in request and sends us the identity information needed to create or access your account. Google's iOS sign-in SDK may also process or collect data described in its own privacy disclosures, including account identifiers, device identifiers, coarse location, and usage data. We use sign-in data for account access and security, not advertising or tracking.
i) Contacting us
If you email us, we keep your message and reply for as long as reasonably needed to address your request, then delete the thread.
5. Cookies
Looking Forward To does not set tracking cookies. The only cookies you may see are those Cloudflare places for security and bot mitigation (e.g. __cf_bm, cf_clearance) and any Plausible Analytics cookies — and Plausible is a cookie-less, privacy-first analytics product that stores no personal data. There is no advertising tracker on this site.
6. Analytics
We use Plausible Analytics, a privacy-focused, GDPR-compliant analytics tool that measures aggregate, anonymized traffic — page views, referrers, country, browser. It does not use cookies, does not collect personal data, and does not build a profile of any visitor. You can read their data policy at plausible.io/data-policy.
7. Service providers
The Service runs on infrastructure provided by the following companies. Each receives only the data necessary to operate that piece of the stack:
- Cloudflare — DNS, CDN, DDoS protection, TLS termination
- DigitalOcean — application hosting and image storage (Spaces)
- MongoDB Atlas — database for accounts, shared countdowns, shared playlists, and the public events catalog
- Apple — Sign in with Apple, App Store payments, purchase validation, refunds, and iOS push delivery
- Google — Google sign-in if you choose to use it
- Stripe — web membership payment processing
- Mailgun or another email provider — transactional emails such as verification codes, password reset messages, and account notices
- Plausible Analytics — anonymous traffic measurement
- TMDB, IGDB, and similar public APIs — sources of upcoming-release metadata; we are not affiliated with them
We require service providers that process user data for us to protect that data and use it only to provide their services to Looking Forward To. We do not sell personal information and we do not share app data for cross-app advertising tracking.
8. Children
The Service is not directed at children under 13, and we do not knowingly collect any data from them. If you believe a child has submitted personal information through one of our forms, contact us and we will delete it.
9. Your rights
You can delete your account from profile settings. You can also clear browser-only data by clearing site data for lookingforwardto.com. For shared countdowns, public lists, or contact emails, you can request deletion at any time by writing to [email protected]. EU/UK (GDPR) and California (CCPA/CPRA) residents have the same rights to access, correction, deletion, and portability under their local laws — same email applies. Deleting your account removes our account records and anonymizes comments, but Apple App Store purchases, cancellations, and refund history are managed by Apple. Push tokens are removed when you sign out, disable notifications where supported, or delete your account.
10. Security
All traffic is served over HTTPS (HSTS preload). Server-to-server connections use TLS. IPs that touch the create-shared-item endpoint are stored only as truncated SHA-256 hashes. We don't store plaintext passwords; email-account passwords are stored as hashes.
11. Changes to this policy
If we materially change how we handle data we'll update the “Last updated” date at the top of this page and, when warranted, post a notice on the home page. Continued use of the Service after a change means you accept the revised policy.
12. Contact
Questions about this policy or about a specific shared item, please email [email protected].