Information you provide directly
When you create a Lyfsy account or use our services, we collect information you provide directly to us, including:
- Account details such as your name, email address, and password when you register.
- Profile information such as your role (student, professional, freelancer), timezone, and preferences you configure during onboarding.
- Content you create within the platform, including tasks, goals, habits, journal entries, financial records, and health logs.
- Communications you send to us, such as support requests, feedback, or bug reports.
- Payment information processed securely through our third-party payment provider (Stripe) when you upgrade to a paid plan.
Information collected automatically
When you use Lyfsy, we automatically collect certain technical information to provide, maintain, and improve our services:
- Log data including your IP address, browser type and version, operating system, pages visited, time and date of visits, and referring URLs.
- Device information such as hardware model, unique device identifiers, and mobile network information.
- Usage data including feature interactions, session duration, click patterns, and in-app navigation flows.
- Performance data to detect errors, crashes, and latency issues that affect your experience.
Information from third-party integrations
If you choose to connect Lyfsy with third-party services (such as Google Calendar or Apple Health), we receive data from those services only to the extent necessary to provide the integration features you've enabled. You can revoke these permissions at any time from your account settings.
We use the information we collect for the following purposes, always in alignment with your expectations and applicable privacy laws:
| Purpose | Legal Basis | Details |
|---|---|---|
| Providing services | Contract performance | Operating your account, storing your data, and delivering all features you use. |
| AI personalisation | Contract performance | Analysing your goals, tasks, and habits to power personalised AI coaching and recommendations. |
| Product improvement | Legitimate interest | Understanding how features are used to improve design, performance, and reliability. |
| Communications | Consent / Contract | Sending transactional emails (account activity, billing) and, with your consent, product updates. |
| Security & fraud | Legitimate interest | Detecting and preventing unauthorised access, abuse, and fraudulent activity. |
| Legal compliance | Legal obligation | Meeting obligations under applicable laws, regulations, and lawful orders. |
We do not use your personal data to train machine learning models for any purpose beyond improving your own Lyfsy experience, and we never use your content to train models for third parties.
We do not sell, rent, or trade your personal information to third parties — ever. We share your data only in the following limited circumstances:
- Service providers: We work with carefully vetted third-party vendors who process data on our behalf under strict data processing agreements. These include cloud hosting providers, payment processors (Stripe), email delivery services, and analytics tools. They process your data solely to support our services.
- Business transfers: If Lyfsy is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you in advance and you will have the option to delete your account.
- Legal requirements: We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of Lyfsy, our users, or others.
- With your consent: We share information with third parties when you explicitly authorise us to do so, such as when connecting a third-party integration.
Lyfsy takes security seriously. We implement industry-standard measures to protect your data both in transit and at rest:
- All data transmitted between your device and our servers is encrypted using TLS 1.3.
- Data stored on our servers is encrypted at rest using AES-256 encryption.
- Passwords are hashed using bcrypt with a suitable cost factor and are never stored in plaintext.
- We conduct regular security audits and vulnerability assessments.
- Access to production systems and user data is restricted to authorised personnel only, governed by strict access control policies.
- We maintain an incident response plan. In the event of a data breach, we will notify affected users within 72 hours where required by law.
Your data is stored on servers located in the European Union (Ireland) and the United States. We use Amazon Web Services (AWS) for cloud infrastructure.
To the fullest extent permitted by applicable law, Lyfsy disclaims any liability for unauthorised access, data breaches, or loss of data resulting from factors beyond our reasonable control, including but not limited to cyberattacks, infrastructure failures, or third-party service disruptions.
We use cookies and similar tracking technologies to maintain sessions, personalise your experience, and understand how Lyfsy is used. Here's a breakdown of the cookies we use:
| Category | Purpose | Opt-out |
|---|---|---|
| Essential | Authentication, session management, security. Required for the service to function. | Not available — required |
| Functional | Remembering your preferences such as language, theme, and layout settings. | Via cookie settings |
| Analytics | Understanding usage patterns to improve the product. Data is aggregated and anonymised. | Via cookie settings |
| Marketing | We do not use marketing or advertising cookies on Lyfsy. | N/A — not used |
You can manage your cookie preferences at any time through your browser settings or via the cookie preferences panel accessible from the footer of our website.
Depending on your location, you may have the following rights regarding your personal data. We honour these rights for all users regardless of jurisdiction:
- Right of access: You can request a copy of all personal data we hold about you at any time. We will provide this within 30 days.
- Right to rectification: You can update or correct inaccurate personal data through your account settings or by contacting us.
- Right to erasure: You can request permanent deletion of your account and all associated data. We will process deletion within 30 days, subject to legal retention requirements.
- Right to data portability: You can export all your Lyfsy data (tasks, goals, journals, habits, finance data) in machine-readable format (JSON or CSV) from your account settings.
- Right to object: You can object to processing based on legitimate interests, including profiling used for AI personalisation.
- Right to restrict processing: You can request that we limit how we use your data in certain circumstances.
- Right to withdraw consent: Where processing is based on your consent (e.g., marketing emails), you can withdraw it at any time without affecting prior processing.
To exercise any of these rights, visit your Account Settings → Privacy, or email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
We retain your personal data for as long as your account is active or as needed to provide you with our services. More specifically:
- Active accounts: All account data is retained while your account remains active.
- After deletion: When you delete your account, we permanently delete your personal data within 30 days, except where retention is required by law.
- Backup retention: Encrypted backups may retain deleted data for up to 90 days before being fully purged from all systems.
- Financial records: Transaction and billing records are retained for 7 years to comply with tax and accounting requirements.
- Legal holds: If required by law or active litigation, certain data may be retained beyond the above periods.
Lyfsy is not directed to individuals under the age of 16, and we do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected]. We will promptly investigate and delete any such data.
If we learn that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that data from our systems.
Lyfsy operates globally. Your data may be transferred to and processed in countries other than your country of residence, including the United States and the European Union. When we transfer personal data internationally, we ensure adequate safeguards are in place:
- For transfers from the EEA to third countries, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
- We only transfer data to countries or organisations that provide an adequate level of data protection.
- All our third-party processors are required to meet equivalent data protection standards through data processing agreements.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send an email notification to all registered users at least 14 days before the changes take effect.
- Display a prominent notice within the Lyfsy application.
Your continued use of Lyfsy after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you may delete your account before the new policy takes effect.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out through any of the following channels:
Support: [email protected]
Response time: We aim to respond to all privacy-related enquiries within 5 business days.
Data Protection Officer: [email protected]
For users in the European Union, you also have the right to lodge a complaint with your national data protection supervisory authority if you believe your rights have been violated.
To the maximum extent permitted by law, Lyfsy, its founders, employees, affiliates, and partners shall not be liable for any indirect, incidental, consequential, special, exemplary, or punitive damages arising from or related to the use of the Service, including but not limited to loss of data, loss of profits, business interruption, or service interruptions.
Your use of the Service is at your own risk, and you are responsible for maintaining the security of your account credentials and evaluating whether the Service is suitable for your particular needs.
Lyfsy may use automated systems, including artificial intelligence, to provide recommendations, insights, prioritisation, and personalised experiences within the Service.
These systems are designed to assist you and not replace human judgment. Lyfsy does not guarantee the accuracy, completeness, reliability, or suitability of AI-generated outputs for legal, medical, financial, or other high-stakes decisions.
Users remain solely responsible for decisions, actions, and outcomes arising from reliance on AI-generated suggestions, automations, or insights made available through the Service.