Lyonite

Privacy Policy

Last updated: December 14, 2024

What You Need to Know

Lyonite is built on a simple principle: we make tools, not money from your data. Here's what that means in practice:

  • Files you process: Handled in RAM, never written to disk, deleted within seconds
  • Your personal info: Only your email if you sign up. That's it.
  • Tracking: We count page views to know which tools are popular. No cross-site tracking, no ad networks.
  • Revenue model: Subscriptions, not data mining. We literally can't afford to be creepy.
  • Payment info: Handled entirely by Paddle. We never see your card number.

How Our Tools Actually Work

When you use a tool:

  1. You paste a URL or upload a file
  2. Our server fetches or processes it in RAM (not saved to disk)
  3. We convert/optimize/download as requested
  4. File is sent to your browser
  5. RAM is cleared, file is gone from our servers (typically within 30 seconds)

Why this matters:

We physically cannot store, analyze, or sell your files. They literally don't exist on our servers after processing. This isn't a policy choice—it's how the infrastructure is built.

What We Collect (The Complete List)

1. Usage Logs (Everyone, No Account Needed)

What we log:

  • IP address (used for rate limiting and abuse prevention)
  • Timestamp of request
  • Which tool you used (e.g., "BeatStars downloader")
  • User agent (browser/device type)
  • HTTP status codes (success/failure)
  • Response time (for performance monitoring)

What we DON'T log:

  • URLs you submit to tools
  • File names or contents
  • Search queries or input text
  • Anything that identifies specific media you process

Retention:

30 days, then automatically deleted. We keep aggregated stats (like "500 downloads on Tuesday") indefinitely, but no IP addresses.

2. Analytics (Everyone)

What we track:

  • Page views (which pages you visit)
  • Referrer (how you found us - Google, direct link, etc.)
  • Device type (mobile vs desktop)
  • Approximate location (city/country from IP, not GPS)
  • Session duration (how long you stay)

Tool we use:

Plausible Analytics - privacy-focused, GDPR-compliant, no cookies, no cross-site tracking. It's literally designed to not be creepy.

3. Account Data (Only If You Sign Up)

What we store:

  • Email address (for login, password reset, notifications)
  • Password (hashed with bcrypt - we can't see it)
  • Account creation date
  • Last login
  • Subscription status (Free vs Premium, expiry date)

What we DON'T store:

  • Name, address, phone number (we don't ask for them)
  • Social media profiles
  • Your tool usage history
  • Any content you process through tools

4. Payment Information

What WE store:

  • Paddle subscription ID
  • Subscription status
  • Next billing date
  • Amount charged

What Paddle stores (not us):

  • Credit card number, CVV, expiry
  • Billing address
  • Full payment history

We never see or touch your card details. They don't pass through our servers.

5. Cookies

Essential cookies:

  • sb-auth-token - Session cookie, keeps you logged in (7 days)
  • rate-limit - Prevents abuse (24 hours)

What we DON'T use:

  • Google Analytics cookies
  • Facebook Pixel
  • Any ad network tracking
  • Third-party marketing cookies

What We Absolutely Don't Do

  • Sell data to advertisers or data brokers. Our business model is subscriptions.
  • Track you across other websites. No pixels, no fingerprinting.
  • Store files you process. Files exist in RAM for seconds, then they're gone.
  • Share your info with third parties except Paddle (payments) and AWS (hosting).
  • Send marketing emails unless you explicitly opted in.
  • Train AI on your data without explicit consent.

Security Measures

Infrastructure Security:

  • Encryption in transit: TLS 1.3
  • Encryption at rest: AES-256
  • Password hashing: bcrypt with per-user salt
  • Rate limiting: Prevents brute-force attacks
  • DDoS protection: Cloudflare

Third-Party Services

Paddle (Payment Processing)

Purpose: Handle all payment processing

Data shared: Email, subscription status

Vercel (Hosting)

Purpose: Host our website and tools

Data they see: Server access logs

Supabase (Database & Auth)

Purpose: Store account data, handle authentication

Data stored: Emails, hashed passwords, subscription status

Plausible Analytics

Purpose: Privacy-focused analytics

Data collected: No cookies, no personal data, GDPR compliant

Your Rights (GDPR, CCPA, etc.)

1. Right to Access

Email hello@lyonite.com and we'll send you everything we have about you.

2. Right to Delete

Delete your account from settings, or email us. We'll delete everything within 30 days.

3. Right to Correct

Update your email in account settings anytime.

4. Right to Export

Request a machine-readable copy of your data.

Contact & Questions

Privacy questions:

privacy@lyonite.com

General support:

hello@lyonite.com

Security issues:

security@lyonite.com

Why This Policy Is So Long

Most privacy policies are vague on purpose. We wrote this to be explicit. You deserve to know exactly what data we collect, why we collect it, how long we keep it, and who we share it with.

The short version: We're not in the data business. We build tools. We collect the minimum needed to make those tools work. That's it.