LeanSpark Privacy Policy

Your privacy matters to us. This Privacy Policy describes how LEANSTACK, Inc. ("we," "us," or "LEANSTACK") collects, uses, and protects your information when you use LeanSpark.

1. Information We Collect

1.1 Customer Data

You control this data. You own it.

Business model canvases (Lean Canvas, customer segments, value propositions)
AI coaching chat transcripts and session history
Validation plans and experiment designs
Assessment results and scorecards
Customer interview notes and insights

1.2 Account Information

Name, email address, and organization name
Password (stored as encrypted hash)
Profile information (photo, job title, if provided)

1.3 Billing Information

Payment processing is handled by Stripe. We do not store your full credit card details. Stripe is our source of truth for billing records.

1.4 Usage Information

Credits consumed and remaining balance
Features and tools accessed
Session duration and frequency
AI interactions (prompts sent, responses received)

1.5 Technical Data

IP address and approximate geolocation
Browser type and version
Device information (operating system, screen size)
Referral source (how you found LeanSpark)

2. How We Use Your Information

We use collected information to:

Provide the Service: Deliver AI coaching, store your canvases, process credit usage
Process Payments: Manage subscriptions and billing through Stripe
Improve LeanSpark: Analyze usage patterns to enhance coaching quality
Communicate: Send service updates, feature announcements, and marketing (you can opt out)
Security: Prevent fraud, abuse, and unauthorized access
Legal Compliance: Respond to legal requests and enforce our Terms

3. Information Sharing

We share information with:

3.1 Service Providers

AI Providers: AI processing - Your prompts and canvases may be sent to third-party AI providers for coaching responses
Stripe: Payment processing and subscription management
Analytics Providers: Anonymized usage data for service improvement

AI Data Processing: When you use LeanSpark, your prompts and canvas data may be sent to third-party AI providers for processing. These providers process data according to their respective privacy policies. We do not use your Customer Data to train AI models.

3.2 Legal Requirements

We may disclose information if required by law, subpoena, or to protect our rights or others' safety.

3.3 Business Transfers

If LEANSTACK is involved in a merger, acquisition, or sale of assets, your information may be transferred. We'll notify you before your information is transferred and becomes subject to a different privacy policy.

4. Data Retention

Active Accounts: We retain your data as long as your account is active and as needed to provide services.

Deleted Accounts: After you delete your account, we retain data for up to 90 days for recovery purposes, then permanently delete it.

Billing Records: We retain billing and payment records for 7 years to comply with tax and accounting regulations.

Legal Holds: We may retain information longer if required by law or ongoing legal matters.

5. Your Privacy Rights

You have the right to:

Access: Request a copy of your personal information
Correct: Update inaccurate information through account settings
Delete: Request deletion of your personal information (subject to legal retention requirements)
Export: Download your canvases and coaching transcripts
Opt Out: Unsubscribe from marketing emails (service emails still required)
Restrict: Request we limit how we process your data

To exercise these rights, contact us at team@leanstack.com

5.1 GDPR Rights (EEA Residents)

If you're in the European Economic Area, you have additional rights under GDPR:

Right to data portability
Right to object to processing
Right to lodge complaints with supervisory authorities

LEANSTACK is the data controller. You can contact our Data Protection Officer at team@leanstack.com

5.2 CCPA Rights (California Residents)

California residents have the right to:

Know what personal information is collected
Know if personal information is sold or disclosed (we do not sell data)
Request deletion of personal information
Not be discriminated against for exercising these rights

6. Data Security

We implement industry-standard security measures to protect your information:

Encryption in transit (TLS/SSL)
Encryption at rest for sensitive data
Secure data centers with physical and network security
Regular security audits and vulnerability assessments
Access controls and authentication (password hashing)

However: No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We comply with applicable data transfer requirements:

EU-US Data Privacy Framework: For transfers from the EEA to the US
Standard Contractual Clauses: Available upon request for EU customers
Adequate Protections: We ensure appropriate safeguards are in place

8. Cookies & Tracking

LeanSpark uses cookies and similar technologies:

8.1 Essential Cookies

Required for authentication, session management, and core functionality. Cannot be disabled.

8.2 Analytics Cookies

Help us understand how LeanSpark is used to improve the service. You can disable through browser settings.

8.3 Marketing Cookies

Track campaign effectiveness. You can opt out through browser settings or Do Not Track signals.

Managing Cookies: Most browsers allow you to control cookies through settings. Note that disabling cookies may limit functionality.

9. AI & Privacy Considerations

How AI Processes Your Data:

LeanSpark uses third-party AI services to provide coaching. When you interact with the AI coach:

Your prompts and canvas data may be sent to AI provider APIs
AI providers process this data to generate coaching responses
We do not use your Customer Data to train AI models
AI provider data processing is governed by their respective privacy policies

What We Store: Your coaching chat history is stored in your account for your reference. You can delete sessions at any time.

What We Don't Store: We do not record or analyze your coaching conversations for purposes other than service delivery and improvement.

10. Children's Privacy

LeanSpark is not directed to individuals under 13 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us immediately.

11. Third-Party Services

LeanSpark may integrate with third-party services (calendars, project management tools, etc.). Your use of those services is governed by their privacy policies, not ours.

We are not responsible for third-party privacy practices.

12. Do Not Track Signals

LeanSpark responds to Do Not Track (DNT) browser signals by disabling non-essential tracking. Essential cookies required for authentication remain active.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we'll notify you via:

Email to your account address
Prominent notice in LeanSpark
Updated "Effective Date" at the top of this policy

We'll provide at least 30 days' notice before material changes take effect.

14. Your Choices

Email Preferences: You can opt out of marketing emails using the unsubscribe link in any email. Service-related emails (password resets, billing notices) cannot be disabled.

Data Export: Export your canvases and validation plans anytime through account settings.

Account Deletion: You can delete your account through settings. This will permanently delete your Customer Data after 90 days.

15. Contact Us

Questions about this Privacy Policy or your data?

Email: team@leanstack.com

Company: LEANSTACK, Inc.

Data Protection Officer: team@leanstack.com

16. Regulatory Compliance

GDPR (EU): EU Standard Contractual Clauses available upon request

CCPA (California): We do not sell personal information

CAN-SPAM: All marketing emails include clear sender info and unsubscribe options

COPPA: Services not directed to children under 13