LeanSpark Privacy Policy

Effective: January 2, 2026

Your privacy matters to us. This Privacy Policy describes how LEANSTACK, Inc. ("we," "us," or "LEANSTACK") collects, uses, and protects your information when you use LeanSpark.

1. Information We Collect

1.1 Customer Data

You control this data. You own it.

• Business model canvases (Lean Canvas, customer segments, value propositions)
• AI coaching chat transcripts and session history
• Validation plans and experiment designs
• Assessment results and scorecards
• Customer interview notes and insights

1.2 Account Information

• Name, email address, and organization name
• Password (stored as encrypted hash)
• Profile information (photo, job title, if provided)

1.3 Billing Information

Payment processing is handled by Stripe. We do not store your full credit card details. Stripe is our source of truth for billing records.

1.4 Usage Information

• Credits consumed and remaining balance
• Features and tools accessed
• Session duration and frequency
• AI interactions (prompts sent, responses received)

1.5 Technical Data

• IP address and approximate geolocation
• Browser type and version
• Device information (operating system, screen size)
• Referral source (how you found LeanSpark)

2. How We Use Your Information

We use collected information to:

• Provide the Service: Deliver AI coaching, store your canvases, process credit usage
• Process Payments: Manage subscriptions and billing through Stripe
• Improve LeanSpark: Analyze usage patterns to enhance coaching quality
• Communicate: Send service updates, feature announcements, and marketing (you can opt out)
• Security: Prevent fraud, abuse, and unauthorized access
• Legal Compliance: Respond to legal requests and enforce our Terms

3. Information Sharing

We share information with:

3.1 Service Providers

• AI Providers: AI processing - Your prompts and canvases may be sent to third-party AI providers for coaching responses
• Stripe: Payment processing and subscription management
• Analytics Providers: Anonymized usage data for service improvement

3.2 Legal Requirements

We may disclose information if required by law, subpoena, or to protect our rights or others' safety.

3.3 Business Transfers

If LEANSTACK is involved in a merger, acquisition, or sale of assets, your information may be transferred. We'll notify you before your information is transferred and becomes subject to a different privacy policy.

4. Data Retention

Active Accounts: We retain your data as long as your account is active and as needed to provide services.

Deleted Accounts: After you delete your account, we retain data for up to 90 days for recovery purposes, then permanently delete it.

Billing Records: We retain billing and payment records for 7 years to comply with tax and accounting regulations.

Legal Holds: We may retain information longer if required by law or ongoing legal matters.

5. Your Privacy Rights

You have the right to:

• Access: Request a copy of your personal information
• Correct: Update inaccurate information through account settings
• Delete: Request deletion of your personal information (subject to legal retention requirements)
• Export: Download your canvases and coaching transcripts
• Opt Out: Unsubscribe from marketing emails (service emails still required)
• Restrict: Request we limit how we process your data

To exercise these rights, contact us at team@leanstack.com

5.1 GDPR Rights (EEA Residents)

If you're in the European Economic Area, you have additional rights under GDPR:

• Right to data portability
• Right to object to processing
• Right to lodge complaints with supervisory authorities

LEANSTACK is the data controller. You can contact our Data Protection Officer at team@leanstack.com

5.2 CCPA Rights (California Residents)

California residents have the right to:

• Know what personal information is collected
• Know if personal information is sold or disclosed (we do not sell data)
• Request deletion of personal information
• Not be discriminated against for exercising these rights

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS/SSL)
• Encryption at rest for sensitive data
• Secure data centers with physical and network security
• Regular security audits and vulnerability assessments
• Access controls and authentication (password hashing)

However: No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We comply with applicable data transfer requirements:

• EU-US Data Privacy Framework: For transfers from the EEA to the US
• Standard Contractual Clauses: Available upon request for EU customers
• Adequate Protections: We ensure appropriate safeguards are in place

8. Cookies & Tracking

LeanSpark uses cookies and similar technologies:

8.1 Essential Cookies

Required for authentication, session management, and core functionality. Cannot be disabled.

8.2 Analytics Cookies

Help us understand how LeanSpark is used to improve the service. You can disable through browser settings.

8.3 Marketing Cookies

Track campaign effectiveness. You can opt out through browser settings or Do Not Track signals.

Managing Cookies: Most browsers allow you to control cookies through settings. Note that disabling cookies may limit functionality.

9. AI & Privacy Considerations

What We Store: Your coaching chat history is stored in your account for your reference. You can delete sessions at any time.

What We Don't Store: We do not record or analyze your coaching conversations for purposes other than service delivery and improvement.

10. Children's Privacy

LeanSpark is not directed to individuals under 13 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal information, contact us immediately.

11. Third-Party Services

LeanSpark may integrate with third-party services (calendars, project management tools, etc.). Your use of those services is governed by their privacy policies, not ours.

We are not responsible for third-party privacy practices.

12. Do Not Track Signals

LeanSpark responds to Do Not Track (DNT) browser signals by disabling non-essential tracking. Essential cookies required for authentication remain active.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we'll notify you via:

• Email to your account address
• Prominent notice in LeanSpark
• Updated "Effective Date" at the top of this policy

We'll provide at least 30 days' notice before material changes take effect.

14. Your Choices

Email Preferences: You can opt out of marketing emails using the unsubscribe link in any email. Service-related emails (password resets, billing notices) cannot be disabled.

Data Export: Export your canvases and validation plans anytime through account settings.

Account Deletion: You can delete your account through settings. This will permanently delete your Customer Data after 90 days.

15. Contact Us

Questions about this Privacy Policy or your data?

Email: team@leanstack.com

Company: LEANSTACK, Inc.

Data Protection Officer: team@leanstack.com

16. Regulatory Compliance

GDPR (EU): EU Standard Contractual Clauses available upon request

CCPA (California): We do not sell personal information

CAN-SPAM: All marketing emails include clear sender info and unsubscribe options

COPPA: Services not directed to children under 13

© 2026 LEANSTACK, Inc. All rights reserved.