Skip to main content

Privacy Policy

Last updated: March 25, 2026

1. Information We Collect

We collect information you provide directly when creating an account and using the Service:

  • Account data: email address, full name, and authentication credentials (password hash managed by Supabase; we never store plaintext passwords).
  • Billing data: payment information is collected and processed directly by Stripe. We store only your Stripe customer ID and subscription status — we never see or store your card number.
  • Usage data: alert configurations, feature preferences, and interaction patterns with the platform.
  • Technical data: IP address, browser type, and device information collected automatically through server logs.

2. How We Use Your Information

  • To provide and maintain the Service, including processing your alert configurations and delivering notifications.
  • To process payments and manage your subscription through Stripe.
  • To send transactional emails (account verification, password reset, alert notifications) through Resend.
  • To improve the Service through aggregated, anonymized usage analytics.
  • To communicate important updates about the Service or changes to these policies.

3. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We share data only with the following service providers who are necessary to operate the platform:

  • Supabase: authentication and database hosting.
  • Stripe: payment processing and subscription management.
  • Resend: email delivery for alerts and transactional emails.
  • Vercel: application hosting and serverless function execution.

We may also disclose information when required by law or to protect our rights and safety.

4. Data Retention and Deletion

We retain your account data for as long as your account is active. Alert history and sent notification logs are retained for 90 days for deduplication purposes. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., billing records for tax compliance). You can request account deletion by contacting us at privacy@ledion.io.

5. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data.
  • Export: Request an export of your data in a machine-readable format.
  • Opt-out: Unsubscribe from non-essential communications at any time.

To exercise any of these rights, contact privacy@ledion.io. We will respond within 30 days.

6. Cookies and Tracking

We use essential cookies to maintain your authentication session and preferences. These are strictly necessary for the Service to function and cannot be disabled. We do not use advertising cookies or third-party tracking pixels. If we introduce analytics cookies in the future, we will update this policy and provide an opt-out mechanism.

7. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), row-level security on database tables, and secure handling of API keys. Payment data is processed entirely by Stripe and never touches our servers. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: (a) know what personal information is collected about you; (b) request deletion of your personal information; (c) opt-out of the sale of your personal information (we do not sell personal information); (d) not be discriminated against for exercising your privacy rights.

9. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under the GDPR, including the right to data portability, the right to restrict processing, and the right to object to processing. Our legal basis for processing your data is: (a) contract performance (to provide the Service); (b) legitimate interest (to improve the Service); (c) consent (for optional communications). You may contact your local data protection authority if you have concerns about our data practices.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of material changes via email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11. Contact

For questions about this privacy policy or your data, contact us at privacy@ledion.io.