Plain English version
We collect what we need to run the product and nothing more. We do not sell your data. We do not run third-party advertising trackers. We encrypt everything in transit. If you delete your account, your data is gone within 30 days.
What we collect
- Account info: email, hashed password, the brands and prompts you create.
- Usage data: which pages you visit and which scans you run, so we can size capacity and fix bugs.
- Billing data: handled entirely by Creem. We see only your plan, status, and a billing reference, never your card number.
- AI engine answers: the verbatim text each engine returns when we run a prompt. Stored against the prompt, not against you, so we can share cached answers across the customer base.
What we do NOT collect
- No advertising IDs.
- No third-party trackers in production.
- No keystroke logging or session replay.
Cookies
One cookie: lr_session. It's an HTTP-only, Secure, SameSite=Lax JWT used to keep you logged in. No tracking cookies, no marketing cookies.
Subprocessors
- OpenRouter — routes prompts to the 6 AI engines.
- Creem — billing and subscription management.
- Resend — transactional email (alerts, password reset).
- Cloud hosting provider — runs the app servers and Postgres.
Data retention
Active accounts: data is retained for the life of the account. Cancelled or deleted accounts: scrubbed within 30 days. Cached AI answers (which contain no personal data) are kept for up to 25 hours and then evicted.
Your rights
You can export, correct, or delete your data at any time from Account settings. EU/UK users have the full set of GDPR rights; California users have CCPA rights. To exercise them, email privacy@lifetimeradar.com.
Security
TLS in transit, at-rest encryption on the database, bcrypt-hashed passwords, scoped JWT sessions. Disclosures: security@lifetimeradar.com.
Changes
Material changes will be announced via email and posted to the changelog at least 14 days before they take effect.