Lyrian

Legal

Privacy Policy

Last updated: June 2026

Draft pending legal review. This policy describes our current practices in good faith but has not yet been reviewed by counsel. If you have questions before then, email privacy@lyrian.ai.

1. Who we are

Lyrian (“Lyrian”, “we”, “us”) provides an AI-native project and portfolio management platform. This policy explains how we handle personal data when you use our website and product. For data your organization puts into Lyrian, your organization is the data controller and Lyrian acts as a data processor on its behalf.

2. Data we collect

  • Account data — name, work email, role, and organization, used to authenticate you and operate the workspace.
  • Workspace content — the projects, plans, RAID items, documents, status reports, and meeting minutes you create.
  • Usage data — basic, security-oriented logs (sign-ins, admin actions) used to operate and protect the service.
  • Optional integrations — if you connect Microsoft 365, calendar/meeting data is read within your own tenant to power the notetaker.

We do not sell personal data, and we do not set advertising or cross-site tracking cookies.

3. How we use data

We process data to provide and secure the service, to deliver the features you use (including AI assistance), to communicate about your account, and to comply with legal obligations. We rely on your organization's instructions and our legitimate interest in operating a secure product.

4. AI processing

AI features use Anthropic's Claude via its commercial API. Only the specific text needed for a given task is sent. Under Anthropic's commercial terms, your data is not used to train models. Workspaces that require it can disable AI entirely (manual mode). See our Security & Trust page.

5. Sub-processors & sharing

We use a deliberately small set of sub-processors to run the service: application hosting (Vercel), database/auth/storage (Supabase on AWS), AI (Anthropic), email (Resend), and — only if you opt in — Microsoft Graph. The full list with what each receives is published on our Security & Trust page. We share data with them only as needed to provide the service.

6. Storage, security & retention

Data is encrypted in transit (TLS) and at rest, and is isolated per organization using database row-level security. We retain workspace content for as long as your organization's account is active; admins can configure retention for sensitive items such as meeting transcripts. On account closure we delete or anonymize data within a reasonable period, subject to legal requirements.

7. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. As most data is controlled by your organization, please direct requests to your workspace administrator; we will assist them. You can also contact us at privacy@lyrian.ai.

8. International transfers

Our sub-processors may process data in regions including the United States and the EU. Where required, transfers are protected by appropriate safeguards such as Standard Contractual Clauses.

9. Changes & contact

We'll update this policy as the product evolves and note the date above. Questions? Email privacy@lyrian.ai. See also our Terms of Service.