← Back to Lynor AI

Privacy Policy

Last updated: March 7, 2026

1. Introduction

Lynor AI ("we," "us," or "our") operates the Lynor AI financial planning platform (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal and financial information when you use our Service.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you register, we collect your email address and full name. If you sign in with Google, we receive your name and email from Google; we do not store your Google password.

2.2 Financial Data

You may manually enter income sources, recurring expenses, stock options, tax documents, and other financial details to receive personalized financial advice.

2.3 AI Interactions

We store your chat messages and AI-generated responses to provide continuity across sessions and to generate financial plans.

2.4 Billing Information

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers or payment credentials.

2.5 Usage Data

We collect feature usage metrics (e.g., number of AI queries, plan generations) and activity logs (e.g., account linked, password changed) to operate and improve the Service.

3. How We Use Your Information

  • To provide AI-powered financial advice and planning
  • To aggregate and display your financial data
  • To perform tax calculations and generate financial plans
  • To process subscription payments
  • To send transactional emails (verification, password reset, billing notifications)
  • To enforce usage limits based on your subscription tier
  • To improve and maintain the Service

We do not sell, rent, or share your personal or financial data with third parties for marketing purposes.

4. Data Encryption & Security

All sensitive financial data is encrypted at rest using AES-256-GCM encryption with per-user key derivation. This includes account balances, transaction details, investment holdings, income sources, chat messages, and financial plans.

All data transmitted between your browser and our servers is encrypted in transit using TLS/HTTPS. Passwords are hashed using bcrypt and are never stored in plaintext.

5. Third-Party Services

We use the following third-party services to operate the platform. Each service receives only the minimum data necessary for its function:

Stripe, Inc. — Subscription billing and payment processing. We share your email and subscription details with Stripe. Stripe Privacy Policy
AI Providers — We use third-party AI services (such as Anthropic and OpenRouter) to generate financial advice. Aggregated financial context is sent with your queries to generate responses. We select providers that do not retain your data beyond processing the request.
Google OAuth — Optional social sign-in. We receive your name and email from Google upon authentication. Google Privacy Policy
Loops.so — Transactional email delivery (verification, password reset, billing notifications). We share your email and first name.
Amazon Web Services (AWS S3) — Secure document storage. Uploaded tax documents and financial files are stored in AWS S3 with AES-256 server-side encryption. Files are scoped to your account and are permanently deleted when you delete your account.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated personal and financial data is permanently deleted from our systems. Anonymized, aggregated analytics data that cannot be linked back to you may be retained indefinitely.

7. Your Rights

You have the right to:

  • Access your personal and financial data through the Service
  • Delete your account and all associated data by contacting us
  • Export your financial data through the Service
  • Opt out of non-essential communications

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to request deletion. If you are in the European Economic Area, you have rights under the General Data Protection Regulation (GDPR), including the right to data portability and the right to restrict processing.

8. Cookies & Tracking

We use essential cookies and local storage to maintain your authentication session. We do not use third-party advertising trackers or sell data to advertisers.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice at least 30 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us at legal@lynorai.com.

© 2026 Lynor AI. All rights reserved.