Privacy Notice

Lodestar is operated by Lamb & Company Ventures, LLC ("we", "us"). We act as the data controller for personal data processed through the Lodestar service.

• Account data: email address, optional display name, hashed password or OAuth identifier.
• Conversation content: the messages you send to the coach and the coach's replies.
• Usage data: counts of messages, timestamps, and aggregate analytics.
• Device and technical data: IP address, browser type, device identifiers, error logs.
• Support correspondence: messages you send us by email.

• To create and maintain your account (legal basis: contract performance).
• To deliver the coaching service and persist your conversation history (contract performance).
• To detect crisis language and surface safety guidance (legitimate interest in user safety).
• To enforce fair-use limits and prevent abuse (legitimate interest, contract performance).
• To improve the product and debug issues (legitimate interest).
• To respond to support requests (contract performance).
• To comply with legal obligations.

Your messages are sent to large-language-model providers via the Lovable AI Gateway in order to generate coach replies. These providers process your messages on our behalf as subprocessors and do not use them to train their models under our configuration.

• Paddle — our Merchant of Record for all sales. Paddle handles checkout, subscription management, payment processing, tax compliance, invoicing, and refunds. Paddle's privacy notice: paddle.com/legal/privacy.
• Hosting and infrastructure providers (Lovable Cloud, Supabase, Cloudflare) — for hosting the application, database, and edge runtime.
• AI model providers — via the Lovable AI Gateway, for generating coach replies.
• Authentication providers — Google (if you choose to sign in with Google).
• Professional advisers (legal, accounting) where reasonably required.
• Authorities where required by law.

We retain account data for as long as your account is active. Conversation history is retained until you clear it or delete your account. Backups may persist for up to 30 days after deletion. Aggregate usage data may be retained indefinitely in de-identified form.

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal data, to object to processing, and to withdraw consent. You may also lodge a complaint with your local data protection authority. To exercise these rights, email lambconsultingservices@gmail.com. We will respond within one month.

We use industry-standard technical and organisational measures including encryption in transit (TLS) and at rest, access controls, and audit logging. No system is perfectly secure; we cannot guarantee absolute security.

Your data may be processed outside your country of residence, including in the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

Lodestar uses essential cookies and similar local-storage technology to keep you signed in. We do not currently use third-party advertising or marketing cookies.

For privacy questions, email lambconsultingservices@gmail.com.