Privacy Policy

For purposes of this Policy, “personal data” (also called “personal information” under applicable data protection laws) means any information that relates to an identified or identifiable natural person, as defined under the EU General Data Protection Regulation (GDPR), the French Data Protection Act (Loi Informatique et Libertés), and other applicable privacy laws. Personal data may include your name, business email address, postal address, telephone number, username, unique device or browser identifiers, IP address, authentication tokens, usage logs, or other information generated through your use of our Services.

Lyna does not intentionally collect special-category or sensitive personal data, such as biometric identifiers, health information, or precise geolocation, and instructs customers not to upload such information.

Information You Provide Directly

When you create an account, purchase a subscription, open a support ticket, or otherwise use our Services, you may supply personal data such as your name, business-email address, phone number, and payment information (processed via Stripe; see Stripe's privacy policy for details). We do not store full payment card details. You may also provide project artefacts such as natural-language prompts, code snippets, or deployment configurations. These artifacts are used only to serve your workspace and, once anonymized or aggregated, to improve our platform. They are never used to train general-purpose AI models that benefit other customers without your permission.

Information Collected Automatically

When you interact with the Services, we automatically collect technical data such as IP address, browser type, operating system, device identifiers, pages visited, timestamps, and error logs. We also record how you engage with key features (e.g., prompts submitted, code generated, build and deployment events, integration usage).

Data Handling with Third-Party Providers

Lyna integrates with third-party services including Supabase (for database, authentication, and storage), GitHub (for code sync), and AI providers such as Anthropic, OpenAI, and models via OpenRouter. When using AI features, your inputs (e.g., prompts, queries) and related data are transmitted to these providers for processing. These transmissions occur on a pass-through basis; we do not store raw prompts or responses unless you explicitly save them in your workspace. By using these features, you consent to such transfers under the privacy policies of Supabase, OpenRouter, OpenAI, and Anthropic.

Children's Data

Lyna's Services are not intended for individuals under the age of eighteen (18), and we do not knowingly collect personal data from anyone under this age. If we discover that we have collected personal data from a minor without verifiable parental consent, we will promptly delete that information.

Lyna processes personal data only where a valid legal ground applies under the GDPR and other applicable privacy frameworks:

• Performance of a Contract: We process your data to provide, maintain, and support the Services you have requested under our Terms of Service.
• Legitimate Interests: We use personal data to secure the platform, detect fraud, generate aggregate analytics, and improve AI features where these interests are not outweighed by your privacy rights.
• Consent: We rely on your opt-in consent for non-essential cookies, marketing emails, and any other processing that requires consent. You may withdraw consent at any time.
• Legal Obligations: We retain and disclose information as necessary to comply with French and EU legal obligations, court orders, or other legal duties.
• Protection of Vital Interests: In rare cases, we may process data to protect an individual's vital interests.

• To provide, operate, and maintain the Services, including storing code, generating suggestions, and deploying applications.
• To personalize your experience and tune AI-driven features for your workspace.
• To analyze usage patterns and improve performance, functionality, and reliability.
• To detect, prevent, and investigate fraud, abuse, or security incidents.
• To deliver product updates and measure the effectiveness of our communications.
• To process payments and transactions you authorize.
• To comply with legal, regulatory, and tax obligations in France and the EU.
• To meet record-keeping, accounting, and audit requirements.

Lyna does not engage in automated decision-making that produces legal or similarly significant effects on individuals (GDPR Art. 22).

We engage third-party sub-processors to support our Services, including:

• Supabase — Database, authentication, storage, and real-time features.
• Stripe — Payment processing and billing.
• GitHub — Code synchronization and version control.
• Anthropic, OpenAI, OpenRouter — AI model providers for code generation and assistance.
• Resend — Transactional email delivery.

All sub-processors are bound by contractual obligations ensuring compliance with applicable data protection laws. We do not sell your personal data to any third party.

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where some of our sub-processors are located. Lyna safeguards these transfers through the following legally recognized mechanisms:

• EU Standard Contractual Clauses (SCCs) per Commission Decision 2021/914.
• EU-US Data Privacy Framework (DPF) where the receiving party is DPF-certified.
• Adequacy decisions by the European Commission where applicable.

Lyna uses cookies, pixels, and similar technologies to operate, secure, and analyze our Services:

• Strictly Necessary Cookies — Support core functions such as sign-in, session routing, and fraud prevention. These do not require consent.
• Analytics & Performance Cookies — Measure feature adoption, diagnose errors, and improve service performance. We obtain prior consent for these cookies in the EEA.
• Functional Cookies — Remember your preferences (language, theme, layout).

You can manage or withdraw your cookie preferences at any time via your browser settings. Disabling non-essential cookies will not affect core functionality. Cookie-derived identifiers are retained for no longer than thirteen (13) months.

Lyna is committed to protecting your personal information. We implement industry-standard safeguards, including:

• Encryption of data in transit (TLS) and at rest.
• Role-based access controls and multi-factor authentication.
• Continuous backups with disaster recovery procedures.
• Real-time security monitoring and centralized logging.
• Confidentiality agreements and security training for all team members.
• Incident response procedures with notification within 72 hours of confirming any notifiable breach, in accordance with GDPR Article 33.

Please keep your account credentials confidential and enable multi-factor authentication where available.

We retain personal information only as long as necessary to fulfill the purposes outlined in this Policy or as required by applicable law. Log data is retained for up to ninety (90) days. Upon account deletion, we will remove your personal data within 30 days, except for data required for legal compliance, fraud prevention, or dispute resolution. Backups may retain data for up to 90 additional days before full deletion.

Under the GDPR and French data protection law, you have the following rights regarding your personal data:

• Right of Access — Request a copy of the personal data we hold about you.
• Right to Rectification — Request correction of inaccurate personal data.
• Right to Erasure — Request deletion of your personal data, subject to legal exceptions.
• Right to Restrict Processing — Request limitation of processing in certain circumstances.
• Right to Data Portability — Receive your data in a structured, machine-readable format.
• Right to Object — Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent — Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond to verified requests within thirty (30) days. If you believe your rights have not been adequately addressed, you may lodge a complaint with the French data protection authority (CNIL) at www.cnil.fr.

Our Services may include links or integrations (for example, GitHub, Supabase, Stripe, or CI/CD tools) that are not controlled by Lyna. Your interactions with those third-party services are governed by their own privacy policies and terms. We encourage you to review those policies before providing personal data, as Lyna is not responsible for the privacy or security practices of external sites.

By using the Services, you consent to receive transactional or administrative electronic communications from Lyna, such as account alerts, security notifications, and billing messages. You may opt out of non-essential marketing emails at any time via the “unsubscribe” link or your account settings; this will not affect core service communications.

This Policy is governed by and construed in accordance with the laws of France and the European Union, in particular the GDPR and the French Data Protection Act (Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés). Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the Tribunal judiciaire de Versailles, France, unless otherwise required by applicable mandatory law. If you are located in a jurisdiction that grants you mandatory consumer protection rights, those provisions will take precedence to the extent they conflict with this Policy.

Our Services provide AI-assisted tools that can generate or suggest code, but they are not a substitute for professional software engineering judgment. You remain responsible for reviewing, testing, and validating any code or configuration produced by the platform. Reliance on generated output is at your own risk. Intellectual-property ownership, license terms, and usage restrictions are detailed in our Terms of Service.

Lyna reserves the right to update or revise this Privacy Policy to reflect changes in our practices, legal requirements, or the Services themselves. We will post any revised Policy at https://lyna-it.com/privacy-policy and indicate the “Last Updated” date at the top. For material changes that reduce your rights or expand our processing purposes, we will provide at least thirty (30) days advance notice by email or in-product banner. Your continued use of the Services after the new Policy takes effect constitutes acceptance of the revised terms.

If you have questions, concerns, or wish to exercise your privacy rights, please contact us:

We aim to respond to verified data-subject requests within thirty (30) days. If you believe your inquiry has not been satisfactorily resolved, you may lodge a complaint with the CNIL or your local supervisory authority.

If any provision of this Policy is found to be unlawful, void, or unenforceable under applicable law, that provision will be deemed severed, and the remaining provisions will remain in full force and effect.

This Policy, together with the Terms of Service and any applicable Data Processing Agreement (DPA), constitutes the entire agreement between you and Lyna regarding privacy and data protection in connection with the Services. In the event of a conflict, the DPA will control with respect to Customer Personal Data, followed by this Privacy Policy, then the Terms of Service.