Legal
Privacy Policy
Effective date: March 30, 2026
Lyzard (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Lyzard web application and related services (the “Service”). By using the Service, you consent to the practices described in this policy.
1. Information We Collect
1.1 Account Information
When you sign in with Google OAuth, we receive and store your name, email address, and profile photo. This information is used to authenticate you and manage your account.
1.2 Document Data
When you upload a PDF, the document is sent to our servers for parsing and AI processing. Document sessions (parsed content, paraphrased text, chat history, and annotations) are stored locally in your browser using IndexedDB. We do not permanently store your uploaded PDFs or session data on our servers.
1.3 AI Processing Data
When you use AI features (paraphrasing, chat, parsing), portions of your document content are sent to third-party AI providers (Anthropic) for processing. These providers process data according to their own privacy policies and do not use your data to train their models.
1.4 Usage Data
We automatically collect certain technical information when you use the Service, including your IP address, browser type, device type, operating system, and interaction timestamps. This data helps us monitor performance, enforce rate limits, and improve the Service.
2. How We Use Your Information
- Provide the Service: Authenticate your identity, process documents with AI, and deliver paraphrasing, chat, and annotation features.
- Manage Subscriptions: Process payments, enforce usage limits, and manage your billing through Stripe.
- Improve the Service: Analyze usage patterns to enhance performance, fix bugs, and develop new features.
- Communicate: Send transactional emails related to your account, such as billing receipts and important service updates.
3. Data Sharing & Disclosure
We do not sell, rent, or trade your personal information to third parties. We may share information only in the following circumstances:
- AI Processing: Document content is sent to Anthropic for AI processing. This data is used solely to generate responses and is not retained by the provider for training purposes.
- Service Providers: We use third-party services for hosting (Vercel), authentication (Google OAuth via Supabase), and payments (Stripe). These providers process data on our behalf under strict confidentiality obligations.
- Legal Obligation: We may disclose information if required by law, subpoena, court order, or governmental regulation.
- Business Transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.
4. Data Storage & Retention
Your document sessions are stored locally in your browser. We store minimal data on our servers:
| Data Type | Storage |
|---|---|
| Account info (name, email) | Supabase — until account deletion |
| Document sessions | Your browser (IndexedDB) — you control deletion |
| AI request content | Not retained after processing |
| Usage / analytics data | 24 months from collection |
5. Data Security
We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.2+), Supabase row-level security for authentication data, and rate limiting on API endpoints. However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Deletion: Delete your account and all associated data from the Settings page, or email us.
- Local Data: Clear all document sessions from your browser via Settings > Data & Storage.
- Export: Export your documents as PDF or HTML at any time through the Service.
- Revoke Consent: Revoke Google OAuth access at any time through your Google account settings.
To exercise any of these rights, email us at getlyzard.app@gmail.com. We will respond within thirty (30) days.
7. Cookies & Local Storage
We use essential cookies to maintain your authentication session. We use browser local storage for your theme preference and AI settings, and IndexedDB for document sessions. We do not use third-party advertising cookies or cross-site tracking.
8. Children’s Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal data, please contact us at getlyzard.app@gmail.com.
9. International Data Transfers
The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice within the Service at least fourteen (14) days before the changes take effect.
11. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or your data, contact us at: