Mylancy.
Sign inGet started

Privacy Policy

Last updated June 11, 2026

This policy explains what personal data Mylancy collects, why, who processes it, and the rights you have over it. It is written to be understood without a lawyer.

1. Who is responsible

The controller for the personal data described in this policy is [Your legal entity name], registration number [Company/org number], [Registered business address], [Country]. You can reach us at support@mylancy.co.

2. What we collect

  • Account data. Your name, email address and a hashed password. We store only the hash — we cannot read your password.
  • Workspace content. What you put into the product: clients, projects, time entries, invoices, messages, contracts and files. This includes personal data about your clients — names, emails, what you charge them.
  • Technical data. IP address, browser type and security logs, used to keep accounts safe and stop abuse.
  • Payment data. Payments are handled by Stripe. We keep your subscription status; we never store card numbers.

3. Two hats: your data and your clients’ data

For your own account data, we are the controller and this policy applies directly.

For the data you store about your clients, you are the controller and we process it on your behalf, only on your instructions, to run the service. You are responsible for having the right to store that data. Data processing terms covering this relationship are available on request at support@mylancy.co.

4. Why we use data, and the legal basis

PurposeData usedLegal basis
Run the service: accounts, workspaces, billing, supportAccount data, workspace content, payment statusContract
Security and abuse prevention: login protection, rate limits, logsTechnical data, security logsLegitimate interest
Emails about your account: receipts, sign-in links, important noticesName, email addressContract
Product emails: reminders and digests you can switch offName, email address, workspace activityConsent / legitimate interest, opt-out in Settings → Email
Marketing measurement on the marketing site (Meta Pixel)Browser identifiers (_fbp, _fbc), pages visitedConsent only

5. Who processes data for us

We use a small set of providers to run Mylancy. Each one only receives what it needs for its job.

ProviderRoleWhat they handle
VercelHostingRuns the application and serves all pages.
SupabaseDatabaseStores account data and workspace content.
ResendEmailDelivers the emails we send you.
StripePaymentsProcesses subscription payments. Card numbers go to Stripe directly and never reach us.
AnthropicAI processingWhen you ask Lancy a question, facts from your workspace are sent to Anthropic to generate the answer. Under their API terms this data is not used to train their models.
Meta PlatformsAnalytics and adsMeta Pixel on the marketing site only, and only after you consent. We and Meta are joint controllers for that collection.

The Meta Pixel never runs inside the app, and it never fires before you choose “Accept all” in the cookie banner. What Meta does with the data it collects is described in Meta’s privacy policy.

6. International transfers

Some providers process data outside your country, including in the United States. Where data leaves the EU or UK, we rely on safeguards such as Standard Contractual Clauses or the EU–US Data Privacy Framework, depending on the provider.

7. How long we keep data

  • Account data and workspace content: while your account is active, then up to 90 days after deletion so backups can cycle out.
  • Invoices and similar records: as long as bookkeeping and tax law require, even after account deletion.
  • Security logs: a short rolling window, then deleted.

8. Your rights

  • Access and rectification. See the data we hold about you and correct it. Most of it is directly editable in the product.
  • Erasure.Delete your account yourself in Settings → Profile, or ask us to do it.
  • Portability. Ask for an export of your data at support@mylancy.co.
  • Objection. Object to processing based on legitimate interest.
  • Withdraw consent.Change your cookie choice anytime via Cookie settings in the footer, and switch off product emails in Settings → Email.
  • Complain. You can complain to the data protection authority where you live. We would rather hear from you first, but that is your right either way.

9. Children

Mylancy is not for people under 18, and we do not knowingly collect their data.

10. Security

Data is encrypted in transit, passwords are stored only as bcrypt hashes, accounts lock after repeated failed sign-ins, and access to data is scoped to your workspace. No system is perfectly secure, which is why we keep what we store to what the service needs.

11. Changes to this policy

If we change this policy in a way that matters, we email you before the change takes effect. The date at the top always tells you when it was last revised.

12. Contact

Cookies are covered separately in our Cookie Policy.

Questions? Write to support@mylancy.co.