Privacy Policy

When you use Lance, we may collect:

• Account information: Your name, email address, and profile photo provided by Google OAuth during sign-in
• Invoice data: Business details, client information, line items, and payment details you enter into invoices
• Usage data: Pages visited, features used, and general interaction patterns (no keystroke logging)

Your information is used to:

• Provide and maintain the Service
• Process brief text through AI extraction (OpenAI) to generate structured invoice data
• Store your invoices securely in the cloud (for authenticated users)
• Improve the extraction engine and user experience

When you submit a project brief for extraction, the text is sent to OpenAI's API for processing. OpenAI processes this data in accordance with their API data usage policies. As of their current policy, API inputs and outputs are not used for training their models.

Local storage:Draft invoices are saved in your browser's localStorage for convenience. This data remains on your device and is not transmitted to our servers unless you explicitly save to the cloud.

Cloud storage: When you are logged in and save an invoice, it is stored in our Supabase PostgreSQL database. Each invoice is associated with your user account and protected by Row-Level Security (RLS), meaning only you can access your data.

We do not sell, rent, or share your personal information with third parties for marketing purposes. Data is shared only with:

• OpenAI: For AI-powered brief extraction (transient processing only)
• Supabase: For authentication and data storage
• Vercel: For application hosting and delivery

Your invoice data is retained for as long as your account is active. You may delete individual invoices at any time from the Invoice History page. If you wish to delete your entire account and all associated data, please contact us.

We implement industry-standard security measures including:

• HTTPS encryption for all data in transit
• Row-Level Security (RLS) ensuring users can only access their own invoices
• OAuth-based authentication (no passwords stored by Lance)
• Server-side API key management (OpenAI keys never exposed to the client)

You have the right to:

• Access your stored invoice data
• Delete your invoices at any time
• Export your invoices as PDF
• Request account deletion

Lance uses essential cookies for authentication session management. We do not use advertising cookies or third-party tracking cookies. Analytics, if implemented, use privacy-respecting, cookie-free methods.

Lance is not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance.

For privacy-related questions or data requests, please reach out via the contact information provided on the platform.