Privacy Policy
Responsible party
Brandfusion Burlet (lynox AI)
Neue Jonastrasse 71, 8640 Rapperswil SG, Switzerland
[email protected]
EU Representative (Art. 27 GDPR)
We have appointed Prighter Group with its local partners as our privacy representative and your point of contact for the European Union (EU).
Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative or make use of your data subject rights, please visit:
https://app.prighter.com/portal/13646667120
Summary
We believe in transparency. Here's the short version:
- lynox the product (@lynox-ai/core) collects no user data. It runs on your infrastructure. We don't access your data in normal operations.
- lynox.ai the website uses privacy-friendly analytics (Plausible) and, with your consent, ad measurement cookies for Google Ads.
- lynox Managed Hosting requires an email address and payment via Stripe. We store only what's needed to run your instance and process billing.
- We don't sell your data. We don't share it with third parties beyond what's described below.
1. Website analytics (no consent required)
We use Plausible Analytics to understand how visitors use this website. Plausible:
- Sets no cookies
- Collects no personal data
- Does not track you across websites
- Is designed to operate without requiring cookie consent under GDPR, PECR, and CCPA
Data collected: page views, referrer, country (from IP, not stored), device type, browser. All data is aggregated — no individual visitors can be identified.
2. Ad measurement (consent required)
If you accept marketing cookies via our consent banner, we enable:
- Google Consent Mode v2 — signals your consent state to Google. When denied, Google receives anonymous, cookieless pings for statistical modeling only.
- Google Analytics 4 (server-side via Measurement Protocol) — helps us understand which marketing channels lead to signups. Data is processed through our own server (
t.lynox.ai) before reaching Google. - Google Ads conversion tracking — measures whether ad clicks lead to meaningful actions (e.g., copying the install command, subscribing to the newsletter, completing a purchase).
Cookies that may be set with consent: _gcl_*, _ga_*, _gid.
3. Consent management
We use Klaro (open source, self-hosted) as our consent manager. Your consent choice is stored in a first-party cookie (lynox_consent) for 365 days. You can change your choice at any time by clearing your cookies or clicking "Settings" in the consent banner.
4. Data we collect
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Page views (anonymous) | Website analytics | Legitimate interest | Aggregated, no personal data |
| Consent choice | Remember your preference | Legitimate interest | 365 days (cookie) |
| Google click ID (gclid) | Ad conversion tracking | Consent | Session only |
| UTM parameters | Marketing attribution | Consent | Session only |
| GA4 events | Marketing analytics | Consent | 14 months (GA4) |
| Email address (newsletter) | Product updates & announcements | Consent | Until unsubscribe |
| Name, company (Managed Hosting) | Account identity, invoicing, legal correspondence | Contract | Duration of subscription + 120 days (see DPA) |
| Email address (Managed Hosting) | Authentication, billing notifications, support | Contract | Duration of subscription + 120 days (see DPA) |
| Billing address (Managed Hosting) | Invoicing, VAT compliance, jurisdiction | Contract / Legal obligation | Duration of subscription + 120 days (see DPA) |
| AI token usage (aggregate) | Fair use enforcement (Managed tier) | Contract | Duration of subscription + 120 days (see DPA) |
| Payment information | Subscription billing | Contract | Managed by Stripe (see their privacy policy) |
| Chat content & attached files (Managed Hosting) | AI conversation, agent reasoning, attached document/image analysis | Contract | Per thread retention setting (default: until customer deletes; configurable per-thread retention with 90-day default on the roadmap) |
| OAuth-connected mailbox content (IMAP) | Email triage, reply drafting, conversation context | Contract | Transient (current conversation turn only); local mail-state.db persists message-ID + folder metadata to avoid re-fetching |
| Google Calendar entries | Scheduling, time-aware agent context | Contract | Transient (read per request, not persisted) |
Knowledge-graph / memory_store derived entities | Long-term agent memory, cross-thread recall, semantic search | Contract | Persists until customer issues memory_delete; ONNX embeddings are included in the delete |
| Agent action logs / activity events | Audit trail for tool calls (send email, modify CRM, call third-party API, etc.) | Contract / Legal obligation | 365 days |
5. Third-party services
| Service | Purpose | Data location | Requires consent |
|---|---|---|---|
| Cloudflare | Hosting, CDN, DNS, server-side event routing | Global (edge network) | No (essential) |
| Plausible Analytics | Anonymous website analytics | EU | No |
| Google Analytics 4 | Marketing analytics | US (Google LLC) | Yes |
| Google Ads | Conversion tracking | US (Google LLC) | Yes |
| Stripe | Payment processing & subscription billing | US (Stripe Inc) | No (essential for billing) |
| Hetzner | Managed Hosting server infrastructure | EU (Germany) | No (essential for hosting) |
| Anthropic, PBC | Primary AI model inference (Claude family — direct API) | United States | No (essential for AI inference) |
| Mistral AI | AI model inference for secondary and background tasks, and as fallback provider (Mistral Large family — direct API) | France (EU) | No (essential for AI inference) |
| Brevo (Sendinblue) | Email delivery (SMTP relay) and contact list management | EU (France/Germany) | No (essential for delivery) |
| Bugsink (self-hosted) | Error reporting (always active, legitimate interest) | EU (self-hosted on lynox infrastructure) | No (always active — Art. 6(1)(f) legitimate interest) |
6. Managed Hosting
If you purchase lynox Managed Hosting, additional data processing applies:
- Account data — your name, email address, company (if provided), and billing address are collected during checkout. Used for authentication (OTP verification), invoicing, billing notifications, legal correspondence, and support. Stored in our database on Hetzner (EU).
- Payment processing — handled entirely by Stripe. We never see or store your card number. Stripe collects payment details, billing address, and transaction history under their own privacy policy.
- Instance provisioning — your instance runs in an isolated container with its own encrypted vault and database, on a shared tenant host at Hetzner Cloud (Germany). Instance metadata (IP, tenant host, status) is stored in our control plane database. A dedicated single-tenant VPS is available as an Enterprise upgrade on request.
- Transactional emails — verification codes, onboarding, and billing notifications are sent via Brevo (SMTP relay, EU). Only your email address is shared with Brevo for delivery purposes.
- AI usage metering (Managed tier only) — we track aggregate token counts (total input and output tokens) per billing period to enforce the Fair Use Policy. Only numeric usage data is transmitted from your instance to our control plane.
- AI inference providers — conversation content is sent for inference to Anthropic (primary, Claude family) and Mistral AI (secondary and background tasks, fallback). Both providers run via their native direct APIs. Neither provider uses customer data to train or improve their models under their API terms. See the DPA for the current sub-processor list.
- Content & safety — conversation data on your managed instance is stored unencrypted to enable safety monitoring. We may access conversation content solely in response to abuse reports, legal requests, or automated safety alerts. We do not routinely monitor, analyze, or read your conversations. API keys and credentials are encrypted in a dedicated vault.
- Conversion measurement — when your instance is ready, we send a
purchaseevent to our tracking endpoint (subject to your consent choice). No personal data is included — only an anonymous event with a conversion value.
Legal basis: contract performance (Art. 6(1)(b) GDPR). After your subscription ends, you have 30 days to export your data. After the export period, all data is permanently deleted within 90 days. See our Data Processing Agreement for details.
Automated decision-making (Art. 22 GDPR)
lynox may execute actions on your behalf (sending emails, modifying CRM entries, scheduling tasks, calling third-party APIs). These actions are taken on your explicit configuration and remain under your control; we do not perform solely automated decisions with legal or similarly significant effects on data subjects within the meaning of Art. 22 GDPR without your active configuration and review. You remain the controller for all agent-initiated actions.
International transfers
Transfers to the United States (e.g. Anthropic, Stripe, Google Analytics, Google Ads) are based on the EU Commission's adequacy decision under the EU-US Data Privacy Framework where the recipient is certified, and on Standard Contractual Clauses (Module 2/3, 2021/914) plus supplementary measures (TLS 1.3 in transit, AES-256-GCM at rest, no-training contractual commitments with Anthropic and Mistral) where it is not. A copy is available on request from [email protected].
For Swiss data subjects, US transfers to Anthropic and (where the customer opts into the BYOK provider) OpenAI or Google rely on the Swiss-US Data Privacy Framework or SCCs (Annex IIa). The current sub-processor list is published at /subprocessors.
7. Newsletter
If you subscribe to our newsletter, we collect your email address and language preference. This data is stored by Brevo (French company, EU servers) for newsletter delivery and contact management. Legal basis: consent (Art. 6(1)(a) GDPR).
- You can unsubscribe at any time via the link in every email.
- Upon unsubscribe, your contact is marked as unsubscribed. To request full deletion, contact [email protected].
- We do not share your email with third parties for marketing purposes.
8. Your rights
Under GDPR (EU) and the Swiss Federal Act on Data Protection (nDSG), you have the right to:
- Access — request what data we hold about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your data
- Portability — receive your data in a structured format
- Withdraw consent — at any time, by clearing cookies or using the consent banner
- Lodge a complaint — with your local data protection authority
To exercise any of these rights, contact [email protected].
9. lynox the product
The lynox software (@lynox-ai/core) runs entirely on your own infrastructure. We have no access to your data, conversations, knowledge graph, or API keys. The software makes direct API calls to your configured AI provider — no data passes through our servers.
10. Changes
We may update this policy. Significant changes will be noted with an updated "Last updated" date. Continued use of the website constitutes acceptance of the updated policy.