Privacy Policy

1. Introduction

Lynor AI ("we," "us," or "our") operates the Lynor AI financial planning platform (the "Service"). This Privacy Policy explains how we collect, use, store, and protect your personal and financial information when you use our Service.

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you register, we collect your email address and full name. If you sign in with Google, we receive your name and email from Google; we do not store your Google password.

2.2 Financial Data

You may manually enter income sources, recurring expenses, stock options, tax documents, and other financial details to receive personalized financial advice.

2.3 AI Interactions

We store your chat messages and AI-generated responses to provide continuity across sessions and to generate financial plans.

2.4 Billing Information

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers or payment credentials.

2.5 Usage Data

We collect feature usage metrics (e.g., number of AI queries, plan generations) and activity logs (e.g., account linked, password changed) to operate and improve the Service.

3. How We Use Your Information

• To provide AI-powered financial advice and planning
• To aggregate and display your financial data
• To perform tax calculations and generate financial plans
• To process subscription payments
• To send transactional emails (verification, password reset, billing notifications)
• To enforce usage limits based on your subscription tier
• To improve and maintain the Service

We do not sell, rent, or share your personal or financial data with third parties for marketing purposes.

4. Data Encryption & Security

All sensitive financial data is encrypted at rest using AES-256-GCM encryption with per-user key derivation. This includes account balances, transaction details, investment holdings, income sources, chat messages, and financial plans.

All data transmitted between your browser and our servers is encrypted in transit using TLS/HTTPS. Passwords are hashed using bcrypt and are never stored in plaintext.

5. Third-Party Services

We use the following third-party services to operate the platform. Each service receives only the minimum data necessary for its function:

5a. AI Data Processing & Third-Party Sharing

This section provides specific detail about how your data is processed by third-party AI services, as required by applicable privacy regulations.

What Data Is Sent to AI Providers

When you use AI-powered features (the AI financial advisor, document extraction, financial plan generation, or tax estimation), the following categories of personal and financial data may be transmitted to a third-party AI provider:

• Your name and financial profile information
• Account balances, types, and institution names
• Investment holdings, ticker symbols, cost basis, and market values
• Income sources, employer names, and compensation amounts
• Recurring expenses, spending categories, and amounts
• Stock option and equity compensation details (grant types, strike prices, vesting schedules)
• Tax documents (uploaded PDFs or images), tax calculations, and filing information
• Recent transaction descriptions, merchant names, and amounts (up to 90 days)
• Financial goals, risk tolerance, and planning preferences
• Your chat messages and full conversation history with the AI advisor
• Spouse or household member names and financial details (if provided)

Who Receives Your Data

Your data is sent to the AI provider currently configured for the Service. Lynor AI uses the following third-party AI providers:

• Anthropic, PBC — Provider of Claude AI models. Anthropic Privacy Policy
• OpenRouter, Inc. — AI model routing service. OpenRouter Privacy Policy

The specific provider and AI model used depend on your subscription tier and our current service configuration. The active AI provider and model are displayed in the AI advisor interface.

Why Your Data Is Shared

Your data is shared with AI providers solely to deliver the following features:

• Generating personalized financial advice through the AI advisor
• Extracting structured data from uploaded tax documents
• Producing comprehensive financial plans
• Performing AI-enhanced tax estimations
• Generating benchmark and peer comparison insights

AI providers process your data on our behalf and do not use it for their own purposes, including training AI models.

How Your Data Is Protected

• All data sent to AI providers is encrypted in transit via TLS/HTTPS
• We select AI providers that contractually prohibit using customer data for model training
• Your data is not shared with AI providers for advertising, profiling, or marketing
• AI providers do not retain your data beyond processing the request

Your Consent

By accepting our Terms & Conditions and using AI-powered features, you explicitly consent to the data sharing described in this section. You may stop using AI-powered features at any time. If you delete your account, all stored conversation history and AI-generated content is permanently deleted from our systems.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated personal and financial data is permanently deleted from our systems. Anonymized, aggregated analytics data that cannot be linked back to you may be retained indefinitely.

7. Your Rights

All users have the right to:

• Access your personal and financial data through the Service
• Delete your account and all associated data by contacting us
• Export your financial data through the Service
• Opt out of non-essential communications

7.1 Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

• Right to Know — You may request the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes, and the third parties with whom we share it.
• Right to Delete — You may request deletion of your personal information, subject to certain legal exceptions.
• Right to Correct — You may request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing — Lynor AI does not sell your personal information, nor do we share it for cross-context behavioral advertising. Because we do not engage in these activities, there is no need to opt out. If our practices change, we will update this policy and provide a mechanism to opt out.
• Right to Non-Discrimination — We will not discriminate against you for exercising any CCPA/CPRA rights.

To submit a request, email privacy@lynor.ai. We may verify your identity before processing your request. We will respond within 45 days.

8. Cookies & Tracking

We use essential cookies and local storage to maintain your authentication session. We do not use third-party advertising trackers or sell data to advertisers.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notice at least 7 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact us at legal@lynor.ai.