Privacy Policy

1. Information We Collect

1.1 Personal Information

• Name
• Email address
• Payment details (processed by Stripe)
• Account information
• Communications and support messages

1.2 Technical & Usage Data

• IP address
• Device information
• Browser details
• Pages visited, timestamps, and interactions
• Error logs and analytics data

1.3 Uploaded Data (CSV Files, Maintenance Logs, etc.)

You may upload:

• CSV exports
• Work orders
• Maintenance histories
• Operational data
• Asset data
• Any similar files

By uploading this data, you grant us a perpetual, irrevocable, worldwide licence to use, store, process, modify, analyse, aggregate, and commercialise anonymised versions of your data for any purpose.

This includes product improvement, benchmarking, analytics, model training, and development of new features.

2. How We Use Information

We use personal and uploaded data to:

• operate and improve the Service
• generate reports and analytics
• enhance product features
• train and refine AI models
• develop aggregated datasets
• detect misuse or security issues
• manage billing and subscriptions
• comply with legal obligations

We do not sell identifiable personal data.

We may commercialise anonymised or aggregated datasets.

3. Legal Basis (International Users)

If applicable (e.g., EU/UK users), processing is based on:

• contract necessity
• legitimate interests
• consent (where required)
• legal compliance

4. Data Storage & Security

We use industry-standard security measures, including encryption, access controls, and secure hosting providers (Supabase, Vercel, Stripe, etc.).

However, no system is completely secure.

5. Sharing of Information

We share data with trusted providers:

• Stripe (payments)
• Supabase (hosting, authentication, database)
• OpenAI / Anthropic (AI processing)
• Vercel (website hosting)
• Resend (email delivery)

We do not share identifiable personal information for third-party marketing.

We may share anonymised or aggregated datasets for research, analytics, or commercial purposes.

6. International Transfers

Data may be processed in countries outside New Zealand.

We take reasonable steps to ensure adequate protection.

7. Retention

We retain data as long as required for:

• providing the Service
• legal obligations
• resolving disputes
• improving product performance

Anonymised or aggregated data may be retained indefinitely.

8. Cookies

We use cookies for:

• authentication
• analytics
• performance
• security

You can disable cookies, but parts of the site may not function correctly.

9. Marketing

We may send product updates or educational content.

You can unsubscribe at any time.

Transactional emails cannot be opted out of.

10. Your Rights

You may request:

• access
• correction
• deletion
• export of your data (where feasible)

Contact contact@leanreport.io to exercise these rights.

11. Data From Uploaded CSV Files

By uploading data, you acknowledge:

Ownership & Licence

You retain ownership of the raw data, but grant us a perpetual, irrevocable licence to use it for any purpose described in this Policy.

Use

We use User Data to improve features, train models, benchmark performance, and enhance the Service for all users.

Anonymisation

We will take reasonable steps to remove direct identifiers before using data for improvement or commercial analysis.

No Confidentiality

Uploaded data is not treated as confidential.

Upload only data you have the right to share.

Commercial Use

We may create, use, and commercialise anonymised or aggregated datasets without restriction.

12. Children's Privacy

Not for users under 18.

We do not knowingly collect children's data.

13. Changes to This Policy

We may update this Policy at any time.

Updates are effective when posted.

14. Contact

For privacy questions: contact@leanreport.io