Privacy Policy
Last updated June 9, 2026
Plain-English summary
LionLoop is an AI personal assistant that holds the things in your head — captures, calendar context, and reminders — and helps you act on them. To do that, we store the text you type, the calendar data you choose to connect, and the small amount of account info needed to keep you signed in. We do not sell your data, share it with advertisers, or train any model on your content. Your captures and calendar data are yours; you can export them and delete them at any time.
What we collect
- Account information. Your email address, collected via Google Sign-In or a magic-link email. If you sign in with Google, we also receive your name and profile photo, used only to display your account inside the app. Used to authenticate you and contact you if needed (rare; we don't send marketing email).
- Captures. Every note, task, event, and list you save through the capture box. Stored as text in our database, indexed for search and AI classification.
- Calendar data. When you connect Google Calendar, we sync events (title, time, location, attendees, description) into our database every 15 minutes. This is opt-in; disconnect any time in Settings.
- OAuth tokens. Encrypted at rest with AES-256-GCM (the encryption key is held outside the database, so a database leak alone wouldn't expose your calendar). Used solely to keep your calendar sync alive.
- Voice transcripts. When you tap the mic button, audio streams directly from your browser to AssemblyAI for real-time transcription. The audio is not stored. The resulting text is saved as a normal capture.
- Home and work addresses. Optional. Used to compute drive-time estimates and route planning. Stored as coordinates plus the formatted address you saved.
- Browser geolocation. Used ONLY when you tap “Where I am now” in the day planner. Coordinates pass through the route-calculation step and are then dropped — they are never persisted, never logged, and never tracked in the background. See “Location data” below for the explicit contract.
- Push subscription endpoints. If you opt into push notifications, the browser-generated subscription token is stored so we can send notifications. Tokens are device-specific; revoke any time via your browser's site permissions or by disabling push in Settings.
- Settings and preferences. Timezone, theme, reminder preferences, plan tier, opt-in flags. Stored per user; not shared.
- Operational logs. We log when LLM and Maps API calls happen (per-user counts, model, timestamp, cost in cents) for budget tracking. These logs do not contain the content of your captures or location coordinates.
How we use your data
- To run the product: rendering your homepage, classifying captures with AI, generating the morning brief, planning errand routes, sending push reminders.
- To improve reliability: aggregate counts of API calls and error rates for capacity planning. Aggregates only, not individual content.
- To respond if you reach out for support.
We do not sell your data, share it with advertisers, train any AI model on your captures, or use your data to target ads. LionLoop has no ads and no third-party analytics SDKs.
Sub-processors — who else sees your data
Running LionLoop requires a handful of trusted services. Each is named below with the specific data type it sees.
- Supabase (database, authentication, file storage). Holds your captures, calendar mirror, encrypted OAuth tokens, and account info. US-region.
- Vercel (web hosting, serverless functions). Runs the LionLoop app code. Processes request data in transit; does not persist captures.
- Anthropic (Claude AI). Receives the text of individual captures to classify them (extract dates, places, entities), generate your morning brief, propose time slots, and clean voice transcripts. Anthropic's API policy: data is not used for training.
- Google (Calendar API, Maps Routes API, Places API, OAuth). Calendar data flows in both directions with your explicit OAuth grant. Place names and addresses flow to Places for resolution. Lat/lng pairs flow to Routes for drive-time calculations.
- AssemblyAI (real-time speech-to-text). Receives streaming audio when you use the mic button. Returns transcribed text. Audio is not stored beyond the streaming session.
- Open-Meteo (weather forecast). Receives your home coordinates to fetch today's forecast for your morning brief. Free, no account, no tracking; their API does not log per-request identifiers.
- Web Push services (FCM for Chrome, APNs for Safari, Mozilla Push for Firefox). Routes push notifications to your device. Sees the notification payload (title + body) but not your account.
Location data — explicit contract
LionLoop treats location data more carefully than the rest because getting this wrong destroys trust. Here is exactly what happens:
- Location reminders (geofences). If you turn on location reminders in the app, LionLoop registers geofences — the coordinates of places tied to your captures — with your device's operating system, which requires background- location permission. Your device monitors your location and notifies LionLoop only when you arrive at or leave one of those specific saved places. LionLoop never receives or stores your continuous location and never tracks where you go in the background — only the arrival/departure event for a place you saved. Revoke background-location permission any time in your device settings; reminders simply stop firing. (In the browser, with no native geofencing, location is used only when you tap “Where I am now” in the day planner.)
- No persistence. When you do tap “Where I am now,” your coordinates pass through the route calculation and are then discarded. They are not written to our database, not written to any log, and not retained in any form.
- One request out. The coordinates are sent once to Google's Routes API as the origin point for the matrix calculation. Google sees that single request.
- Permission revocable any time. Use your browser or device settings to revoke geolocation permission for LionLoop. The day-planner falls back gracefully to your saved home or work address.
- Saved addresses are different. Your home and work addresses (entered manually in Settings) are stored permanently as coordinates so they can serve as origins for route calculations without repeatedly asking for location permission. Delete them at any time.
Encryption and security
- All traffic is HTTPS / TLS. There is no insecure transport path.
- Calendar OAuth tokens are encrypted at rest with AES-256-GCM using a master key held outside the database. A database leak alone does not expose your calendar access.
- Row-Level Security on the database limits every read and write to the authenticated user's own data. Service- role bypass is used only for system tasks (cron jobs, scheduled syncs), never for user-initiated requests.
- Authentication tokens use Supabase's standard JWT- cookie flow. Sign out from Settings to invalidate the current session.
Cookies and local storage
LionLoop uses only the cookies and browser storage it needs to run — to keep you signed in and to secure the account- connection flows. There are no advertising, analytics, or cross-site tracking cookies, which is why you won't see a cookie-consent banner: there is nothing non-essential to opt out of.
- Session cookies (authentication). Set when you sign in, to keep you signed in. They are
HttpOnlyandSecure— unreadable by page scripts and only ever sent over HTTPS. Cleared when you sign out from Settings. - Connection-security cookie. A short-lived (10-minute) cookie set only while you connect Google or Microsoft Calendar or Gmail, to protect that hand-off against cross-site request forgery. It is deleted the moment the connection completes.
- Local storage on your device. A few small preferences kept in your browser and never sent to us — whether you've dismissed the “enable notifications” banner, and a couple of admin-dashboard view toggles. Clearing your browser data removes them.
We use no third-party advertising or analytics cookies — no Google Analytics, no advertising pixels, no cross-site trackers. Our error-monitoring tool (Sentry) is configured to not record session replays and not capture your IP address. If we ever introduce analytics, we will update this page and add a consent control for visitors in regions that require one.
Data retention
We keep your data as long as your account is active. When you delete your account or specific captures:
- Captures are soft-deleted first, then hard-deleted within 30 days. Anything referencing the capture (entities, push history, plan history) is deleted via cascading foreign keys.
- Disconnecting Google Calendar revokes the OAuth token with Google and deletes the encrypted token from our database. Synced calendar event mirrors are deleted on the next sync tick.
- Delete your account any time from Settings (or email privacy@lionloop.ai with subject “Delete my account”). This removes all your data within 7 days, subject only to the rolling 30-day backup retention windows maintained by Supabase and Vercel for disaster recovery. Backup retention is configured at the sub-processor level and is not user-tunable.
Your rights
- Access. Everything LionLoop knows about you is visible in the app. You can read every capture, every setting, every connected service from Settings.
- Export. Email us for a JSON export of your captures, settings, and calendar mirror.
- Correction. Edit any capture in place. Edit settings any time.
- Deletion. Delete individual captures from the homepage. Delete your entire account from Settings, or by emailing us.
- Portability. Captures export as JSON; calendar data is already in your Google Calendar (we are a mirror, not the source of truth).
Residents of the EU, UK, California, and other jurisdictions with specific data-protection rights have those rights with respect to LionLoop. Email us to exercise them; we respond within 30 days.
Children
LionLoop is not intended for users under 16 and we do not knowingly collect data from anyone under 16. If you believe a child has provided data to LionLoop, email us and we will delete it.
Changes to this policy
We will update this page when our practices change in material ways (a new sub-processor, a new data category collected, a change in retention). The “Last updated” date at the top reflects the most recent revision. If a change affects how we handle data you have already provided, we will email you before it takes effect.
Contact
For privacy questions, data requests, or account deletion, email privacy@lionloop.ai.