Lyonite

Privacy Policy

Last updated: February 16, 2026

Who We Are

Lyonite is operated by 102040291 Saskatchewan Ltd., a company registered in Saskatchewan, Canada.

Lyonite is a privacy-first PDF toolkit. Throughout this Privacy Policy, “we,” “us,” “our,” or “Lyonite” refers to 102040291 Saskatchewan Ltd.

Contact:
Privacy inquiries: privacy@lyonite.com
General support: hello@lyonite.com

What You Need to Know

Lyonite is built on a simple principle: we make PDF tools, not money from your data. Here’s what that means in practice:

  • PDFs you process: Handled entirely in your browser using WebAssembly. They never touch our servers.
  • Your personal info: Only your email if you sign up. That’s it.
  • Tracking: We count page views to know which tools are popular. No cross-site tracking, no ad networks.
  • Revenue model: Token purchases, not data mining. We literally can’t afford to be creepy.
  • Payment info: Handled entirely by Paddle. We never see your card number.

How Our PDF Tools Actually Work

When you use a tool:

  1. You upload a PDF file in your browser
  2. The file is processed entirely in your browser using WebAssembly
  3. No file data is sent to our servers — processing happens locally on your device
  4. The processed file is generated in your browser
  5. You download the result directly from your browser

This applies to all our PDF tools:

  • Compress PDF
  • Merge PDFs
  • PDF to Word
  • Split PDF
  • Delete PDF Pages
  • Rotate PDF
  • View PDF Metadata
  • Edit PDF Metadata
  • Clean PDF Metadata

Why this matters:

We physically cannot store, analyze, or sell your PDFs. They literally never leave your device. This isn’t a policy choice — it’s how the infrastructure is built. Your files are processed in your browser’s memory and never transmitted to our servers.

What We Collect (The Complete List)

1. Usage Logs (Everyone, No Account Needed)

What we log:

  • IP address (used for rate limiting and abuse prevention)
  • Timestamp of request
  • Which tool you used (e.g., “Compress PDF” or “Merge PDFs”)
  • User agent (browser/device type)
  • HTTP status codes (success/failure)
  • Response time (for performance monitoring)

What we DON’T log:

  • File names or contents of the PDFs you process
  • Text, images, or data inside your documents
  • Metadata you view, edit, or remove
  • Anything that identifies the specific documents you work with

Retention:

30 days, then automatically deleted. We keep aggregated stats (like “500 compressions on Tuesday”) indefinitely, but no IP addresses.

2. Analytics (Everyone)

What we track:

  • Page views (which pages you visit)
  • Referrer (how you found us — Google, direct link, etc.)
  • Device type (mobile vs desktop)
  • Approximate location (city/country from IP, not GPS)
  • Session duration (how long you stay)

Tool we use:

Plausible Analytics — privacy-focused, GDPR-compliant, no cookies, no cross-site tracking. It’s literally designed to not be creepy.

3. Account Data (Only If You Sign Up)

What we store:

  • Email address (for login, password reset, notifications)
  • Password (hashed with bcrypt — we can’t see it)
  • Account creation date
  • Last login
  • Token balance (how many tokens you have)
  • Token purchase history (date, amount, tokens purchased)

What we DON’T store:

  • Name, address, phone number (we don’t ask for them)
  • Social media profiles
  • Your detailed tool usage history
  • Any PDFs or document content you process through our tools

4. Payment Information

What WE store:

  • Paddle transaction ID
  • Token purchase details (amount paid, tokens purchased)
  • Purchase date
  • Current token balance

What Paddle stores (not us):

  • Credit card number, CVV, expiry
  • Billing address
  • Full payment history

We never see or touch your card details. They don’t pass through our servers.

5. Cookies

Essential cookies:

  • sb-auth-token — Session cookie, keeps you logged in (7 days)
  • rate-limit — Prevents abuse (24 hours)

What we DON’T use:

  • Google Analytics cookies
  • Facebook Pixel
  • Any ad network tracking
  • Third-party marketing cookies

What We Absolutely Don’t Do

  • Sell data to advertisers or data brokers. Our business model is token sales for PDF tools.
  • Track you across other websites. No pixels, no fingerprinting.
  • Store PDFs you process. Files are processed in your browser and never leave your device.
  • Upload your documents to our servers. All PDF processing happens client-side via WebAssembly.
  • Share your info with third parties except Paddle (payments) and Vercel (hosting).
  • Send marketing emails unless you explicitly opted in.
  • Train AI on your data without explicit consent.

Security Measures

Infrastructure Security:

  • Encryption in transit: TLS 1.3
  • Encryption at rest: AES-256
  • Password hashing: bcrypt with per-user salt
  • Rate limiting: Prevents brute-force attacks
  • DDoS protection: Cloudflare
  • Client-side processing: PDFs never leave your browser

Third-Party Services

Paddle (Payment Processing)

Purpose: Handle all payment processing for token purchases

Data shared: Email, token purchase details

Privacy Policy: paddle.com/legal/privacy

Vercel (Hosting)

Purpose: Host our website and PDF tools

Data they see: Server access logs

Privacy Policy: vercel.com/legal/privacy-policy

Supabase (Database & Auth)

Purpose: Store account data, handle authentication

Data stored: Emails, hashed passwords, token balances

Privacy Policy: supabase.com/privacy

Plausible Analytics

Purpose: Privacy-focused analytics

Data collected: No cookies, no personal data, GDPR compliant

Privacy Policy: plausible.io/privacy

Your Rights (GDPR, CCPA, etc.)

1. Right to Access

Email hello@lyonite.com and we’ll send you everything we have about you.

2. Right to Delete

Delete your account from settings, or email us. We’ll delete everything within 30 days.

3. Right to Correct

Update your email in account settings anytime.

4. Right to Export

Request a machine-readable copy of your data.

5. Right to Object

You can object to processing of your personal data for marketing purposes.

Contact & Questions

Legal Entity:

102040291 Saskatchewan Ltd.
Saskatchewan, Canada

Privacy questions:

privacy@lyonite.com

General support:

hello@lyonite.com

Security issues:

security@lyonite.com

Why This Policy Is So Long

Most privacy policies are vague on purpose. We wrote this to be explicit. You deserve to know exactly what data we collect, why we collect it, how long we keep it, and who we share it with.

The short version: We’re not in the data business. We build PDF tools. We collect the minimum needed to make those tools work. That’s it.

This Privacy Policy is governed by the laws of Saskatchewan, Canada. By using Lyonite, you agree to this Privacy Policy.