Privacy Policy
Version 1 — Effective 19 March 2026
1. Who We Are
LightStack Solutions Ltd (“LightStack”, “we”, “us”) operates Retainer AI. This policy explains how we collect, use, store, and protect your personal data when you use the Retainer AI mobile app and website (the “Service”).
2. Data We Collect
Information you provide
- Account data:Email address and authentication tokens (via Supabase / Google OAuth)
- Documents: Files you upload for AI-powered processing
- Conversations: Messages you send and AI responses you receive
Information collected automatically
- Usage data: Feature interactions and API calls for service improvement and billing
- Device tokens: Push notification tokens to deliver alerts
We do not use cookies or tracking pixels in the mobile app or on this website.
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Provide the Service (parse, index, chat) | Contractual necessity |
| Send push notifications | Contractual necessity |
| Enforce usage limits and prevent abuse | Legitimate interest |
| Improve the Service | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We will never use your documents or conversations for advertising, model training, or any purpose beyond operating the Service for you.
4. Third-Party Services
We share data with the following providers solely to operate the Service:
| Provider | Role | Data shared |
|---|---|---|
| Supabase | Authentication | Email, auth tokens |
| AWS (S3, Fargate, Lambda) | Infrastructure & storage | Documents, conversations |
| Anthropic (Claude) | AI chat responses | Document chunks, messages |
| LlamaIndex Cloud | Document parsing | Raw document files |
| Voyage AI | Embeddings | Document chunks |
| Qdrant Cloud | Vector search | Embedding vectors |
| Expo | Push notifications | Device tokens |
| RevenueCat | Subscription management | Purchase receipts |
Each provider processes data under their own privacy policy and data processing terms.
5. Data Storage & Security
Documents are stored encrypted at rest in AWS S3 (US region). All connections use TLS. API endpoints require authenticated JWT tokens. We implement rate limiting, input validation, access controls, and WAF protection.
International transfers: Your data may be transferred to and processed in the United States. We rely on appropriate safeguards including encryption in transit and at rest and contractual protections with our service providers.
6. Data Retention
We retain your data for as long as your account is active. Anonymised usage records may be retained for billing and audit purposes after account deletion.
7. Your Rights
Under the UK GDPR and EU GDPR you have the right to:
- Access: Export all your data from Settings → Export data
- Erasure: Delete all your data from Settings → Delete data
- Portability: Exported data is provided as a ZIP file with JSON
- Rectification: Contact us to correct inaccurate data
- Restriction & objection: Contact us to restrict or object to processing
When you delete your data, we remove all documents from storage, all vectors from our search index, all conversations, and all account information. This action is irreversible.
You may also lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
8. AI & Automated Processing
The Service uses AI (Anthropic Claude) to generate responses based on your document content. We do not use your data to train or fine-tune AI models. Our AI provider does not use API data for model training.
9. Children's Privacy
The Service is not intended for anyone under 16. We do not knowingly collect data from children under 16. If you believe a child has provided personal data, contact us and we will delete it promptly.
10. Changes
We may update this policy. We will notify you of material changes through the app or email. Changes become effective 30 days after notification unless immediate implementation is required for legal compliance.
11. Contact
For privacy inquiries, contact us at contact@lightstacksolutions.com. We will respond within 30 days.