Privacy Policy

This Privacy Policy describes how Lancely (“we,” “our,” or “us”) collects, uses, and protects information when you use the Lancely web application and related services available at lance-ly.com (the “Service”).

1. Information we collect

Account data: When you register, we collect your name, business name (optional), email address, and a hashed password. We never store your password in plain text.

Business data you create: Information you enter into Lancely — clients, projects, invoices, quotations, expenses, payments, and any associated notes or attachments. This data is yours, full stop.

Usage data: Basic technical information such as device type, browser, IP address (used only for security and abuse-prevention), and pages visited.

Payment data: If you subscribe to a paid plan, payment is processed by Stripe via RevenueCat. We never see or store your full card number; we only retain a subscription identifier and billing status.

2. How we use information

• To provide, maintain, and improve the Service.
• To send transactional emails (invoice notifications, payment reminders, security alerts).
• To process payments and manage subscriptions via RevenueCat and Stripe.
• To detect, prevent, and respond to fraud, abuse, or security incidents.
• To comply with applicable laws and respond to lawful requests.

3. AI features

Pro features use AI providers (currently via the Emergent integrations layer wrapping OpenAI, Google, and Anthropic models) to parse invoice descriptions, draft client emails, and categorise expenses. We send only the minimum necessary content (e.g., the description text you type) and never your full client list or financial history. AI providers may temporarily process this content according to their own policies. We do not allow third-party providers to train models on your data.

4. Sharing

We do not sell or rent your personal data. We share data only with:

• Service providers we rely on to operate Lancely (MongoDB Atlas for storage, Resend for transactional email, RevenueCat & Stripe for billing, AI providers as described above).
• Legal authorities, if required by valid legal process.
• An acquirer, in the unlikely event of a merger, sale, or restructuring — with notice to you.

5. Security

We encrypt data in transit (HTTPS/TLS) and at rest. Passwords are hashed with bcrypt. Authentication uses signed JWTs with reasonable expiry. No system is perfectly secure, but we work hard to follow industry best practices and notify you promptly of any incident affecting your data.

6. Your rights

You can access, export, correct, or delete your data at any time from Settings or by emailing support@lance-ly.com. We honour deletion requests within 30 days, save for data we are legally required to retain (e.g., tax records).

7. Data retention

We keep your account data while your account is active. After deletion, business records may be retained in encrypted backups for up to 90 days, then permanently purged. Anonymised aggregate analytics may be retained indefinitely.

8. International transfers

Lancely is operated from the UAE but uses globally-distributed infrastructure (Emergent Cloud, MongoDB Atlas). By using the Service you consent to cross-border data transfers as needed to operate the Service.

9. Children

Lancely is not directed to children under 16. We do not knowingly collect personal data from children.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be highlighted in-app and/or emailed to you. The “Last updated” date above always reflects the current version.

11. Contact

Questions, concerns, or requests? Email support@lance-ly.com.