Lyonite

Privacy Policy

Last updated: December 24, 2024

Who We Are

Lyonite is operated by 102040291 Saskatchewan Ltd., a company registered in Saskatchewan, Canada.

Throughout this Privacy Policy, "we," "us," "our," or "Lyonite" refers to 102040291 Saskatchewan Ltd.

Contact:
Privacy inquiries: privacy@lyonite.com
General support: hello@lyonite.com

What You Need to Know

Lyonite is built on a simple principle: we make tools, not money from your data. Here's what that means in practice:

  • Files you process: Handled entirely in your browser using WebAssembly. They never touch our servers.
  • Your personal info: Only your email if you sign up. That's it.
  • Tracking: We count page views to know which tools are popular. No cross-site tracking, no ad networks.
  • Revenue model: Token purchases, not data mining. We literally can't afford to be creepy.
  • Payment info: Handled entirely by Paddle. We never see your card number.

How Our Tools Actually Work

When you use a tool:

  1. You upload a PDF file or paste content in your browser
  2. The file is processed entirely in your browser using WebAssembly
  3. No file data is sent to our servers - processing happens locally on your device
  4. The processed file is generated in your browser
  5. You download the result directly from your browser

Why this matters:

We physically cannot store, analyze, or sell your files. They literally never leave your device. This isn't a policy choice—it's how the infrastructure is built. Your files are processed in your browser's memory and never transmitted to our servers.

What We Collect (The Complete List)

1. Usage Logs (Everyone, No Account Needed)

What we log:

  • IP address (used for rate limiting and abuse prevention)
  • Timestamp of request
  • Which tool you used (e.g., "PDF metadata editor")
  • User agent (browser/device type)
  • HTTP status codes (success/failure)
  • Response time (for performance monitoring)

What we DON'T log:

  • File names or contents you process
  • Text you input into tools
  • Metadata you view or edit
  • Anything that identifies specific documents you work with

Retention:

30 days, then automatically deleted. We keep aggregated stats (like "500 processes on Tuesday") indefinitely, but no IP addresses.

2. Analytics (Everyone)

What we track:

  • Page views (which pages you visit)
  • Referrer (how you found us - Google, direct link, etc.)
  • Device type (mobile vs desktop)
  • Approximate location (city/country from IP, not GPS)
  • Session duration (how long you stay)

Tool we use:

Plausible Analytics - privacy-focused, GDPR-compliant, no cookies, no cross-site tracking. It's literally designed to not be creepy.

3. Account Data (Only If You Sign Up)

What we store:

  • Email address (for login, password reset, notifications)
  • Password (hashed with bcrypt - we can't see it)
  • Account creation date
  • Last login
  • Token balance (how many tokens you have)
  • Token purchase history (date, amount, tokens purchased)

What we DON'T store:

  • Name, address, phone number (we don't ask for them)
  • Social media profiles
  • Your detailed tool usage history
  • Any content you process through tools

4. Payment Information

What WE store:

  • Paddle transaction ID
  • Token purchase details (amount paid, tokens purchased)
  • Purchase date
  • Current token balance

What Paddle stores (not us):

  • Credit card number, CVV, expiry
  • Billing address
  • Full payment history

We never see or touch your card details. They don't pass through our servers.

5. Cookies

Essential cookies:

  • sb-auth-token - Session cookie, keeps you logged in (7 days)
  • rate-limit - Prevents abuse (24 hours)

What we DON'T use:

  • Google Analytics cookies
  • Facebook Pixel
  • Any ad network tracking
  • Third-party marketing cookies

What We Absolutely Don't Do

  • Sell data to advertisers or data brokers. Our business model is token sales.
  • Track you across other websites. No pixels, no fingerprinting.
  • Store files you process. Files are processed in your browser and never leave your device.
  • Share your info with third parties except Paddle (payments) and Vercel (hosting).
  • Send marketing emails unless you explicitly opted in.
  • Train AI on your data without explicit consent.

Security Measures

Infrastructure Security:

  • Encryption in transit: TLS 1.3
  • Encryption at rest: AES-256
  • Password hashing: bcrypt with per-user salt
  • Rate limiting: Prevents brute-force attacks
  • DDoS protection: Cloudflare
  • Client-side processing: Files never leave your browser

Third-Party Services

Paddle (Payment Processing)

Purpose: Handle all payment processing

Data shared: Email, token purchase details

Privacy Policy: paddle.com/legal/privacy

Vercel (Hosting)

Purpose: Host our website and tools

Data they see: Server access logs

Privacy Policy: vercel.com/legal/privacy-policy

Supabase (Database & Auth)

Purpose: Store account data, handle authentication

Data stored: Emails, hashed passwords, token balances

Privacy Policy: supabase.com/privacy

Plausible Analytics

Purpose: Privacy-focused analytics

Data collected: No cookies, no personal data, GDPR compliant

Privacy Policy: plausible.io/privacy

Your Rights (GDPR, CCPA, etc.)

1. Right to Access

Email hello@lyonite.com and we'll send you everything we have about you.

2. Right to Delete

Delete your account from settings, or email us. We'll delete everything within 30 days.

3. Right to Correct

Update your email in account settings anytime.

4. Right to Export

Request a machine-readable copy of your data.

5. Right to Object

You can object to processing of your personal data for marketing purposes.

Contact & Questions

Legal Entity:

102040291 Saskatchewan Ltd.
Saskatchewan, Canada

Privacy questions:

privacy@lyonite.com

General support:

hello@lyonite.com

Security issues:

security@lyonite.com

Why This Policy Is So Long

Most privacy policies are vague on purpose. We wrote this to be explicit. You deserve to know exactly what data we collect, why we collect it, how long we keep it, and who we share it with.

The short version: We're not in the data business. We build tools. We collect the minimum needed to make those tools work. That's it.

This Privacy Policy is governed by the laws of Saskatchewan, Canada. By using Lyonite, you agree to this Privacy Policy.