Privacy Policy for LemonData

Last Updated: January 2, 2026

Thank you for visiting LemonData ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your personal and non-personal information when you use our website at https://lemondata.cc (the "Website") and our API services (the "Services").

By accessing or using our Website or Services, you agree to the terms of this Privacy Policy. If you do not agree with the practices described herein, please do not use our Website or Services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:
- Name: To personalize your experience and communicate with you
- Email Address: For account management, notifications, and important updates
- Password: Stored securely using industry-standard hashing algorithms

1.2 Payment Information

We collect payment details to process purchases. However, we do not store your full credit card information on our servers. All payment processing is handled by trusted third-party processors:
- Stripe (for credit/debit card payments)
- Additional regional payment providers may be used in certain areas

1.3 API Usage Data

We automatically collect information about your API usage, including:
- API request metadata (timestamps, model names, token counts)
- Response status codes and error messages
- IP addresses from which API calls are made
- Rate limiting and quota information

Note: We do not store the content of your prompts or AI-generated responses beyond what is necessary for real-time processing. Your prompts are forwarded to upstream AI providers and are subject to their respective privacy policies.

1.4 Website Usage Data

We collect non-personal information through cookies and similar technologies:
- IP address and geolocation (country/region level)
- Browser type and version
- Device information (operating system, screen resolution)
- Pages visited and time spent on our Website
- Referral sources

2. How We Use Your Information

We use collected information for the following purposes:
- Providing, operating, and maintaining our Services
- Processing payments and managing your account balance
- Sending transactional emails (receipts, API key changes, balance alerts)
- Improving and optimizing our Services
- Detecting, preventing, and addressing fraud, abuse, or technical issues
- Complying with legal obligations
- Communicating with you about updates, security alerts, and support

3. Data Sharing and Disclosure

We do not sell your personal data. We may share data with:

3.1 Service Providers
- Payment processors (Stripe) for secure transaction handling
- Cloud infrastructure providers (for hosting and data storage)
- Analytics services (for Website usage analysis)

3.2 Advertising Partners (Facebook/Meta)
If you consent to marketing cookies, we share conversion data with Facebook/Meta through their Conversions API (CAPI) for advertising measurement and optimization. This includes:
- Hashed email address (SHA-256, not readable by Facebook)
- Hashed user ID (SHA-256, for deduplication)
- Purchase amounts (for conversion value optimization)
- IP address and browser information (for attribution)

This data helps us measure ad effectiveness and optimize campaigns. You can opt out at any time by disabling marketing cookies in our Cookie Settings. Facebook's data handling is governed by their Data Processing Terms and Privacy Policy.

3.3 AI Model Providers
Your API requests (prompts and parameters) are forwarded to upstream AI providers (OpenAI, Anthropic, Google, etc.) to fulfill your requests. Please review their privacy policies for details on data handling.

3.4 Legal Requirements
We may disclose information if required by law, legal process, or government request, or to protect the rights, property, or safety of LemonData, our users, or others.

4. Data Security

We implement industry-standard security measures to protect your data:
- Encryption in transit (TLS/HTTPS)
- Encryption at rest for sensitive data
- API key hashing (we never store plaintext API keys)
- Regular security audits and monitoring

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

- Account Data: Retained for as long as your account is active
- API Usage Logs: Retained for 90 days for billing and debugging
- Payment Records: Retained as required by financial regulations
- Deleted Accounts: Personal data is removed within 30 days upon account deletion request

6. Your Rights

Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Request your data in a portable format
- Objection: Object to certain processing of your data

To exercise these rights, contact us at [email protected].

7. Cookies and Tracking Technologies

7.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our Website. They help us provide a better user experience and understand how our Website is used.

7.2 Types of Cookies We Use

We categorize cookies into the following types:

STRICTLY NECESSARY COOKIES
These cookies are essential for the Website to function properly. They cannot be disabled.
- Session Cookie (NextAuth): Maintains your login session
- Language Preference (NEXT_LOCALE): Remembers your language choice
- Theme Preference (localStorage): Remembers your light/dark mode preference

ANALYTICS COOKIES
We use Umami, a privacy-friendly analytics tool that does NOT use cookies. Umami collects anonymous, aggregated data about page views and does not track individual users across websites.

MARKETING COOKIES (Requires Your Consent)
- Referral Tracking Cookie (lemondata_ref): Used to track referral program attribution. This cookie is only set if you consent to marketing cookies. It expires after 30 days.
- Facebook Click ID (_fbc): Set by Facebook Pixel to track ad click attribution. Used to measure advertising effectiveness.
- Facebook Browser ID (_fbp): Set by Facebook Pixel to identify browsers for conversion tracking.

Note: We also use Facebook Conversions API (server-side) to send conversion events. This is tied to your marketing cookie consent - if you disable marketing cookies, no data is shared with Facebook.

7.3 Managing Your Cookie Preferences

You can manage your cookie preferences at any time:
- Click "Cookie Settings" in the website footer to change your preferences
- Use the cookie consent banner when you first visit our Website
- Disable cookies through your browser settings (note: this may affect functionality)

7.4 Do Not Track
We respect browser Do Not Track (DNT) signals. When DNT is enabled, we will not set marketing cookies.

7.5 Third-Party Cookies
If you consent to marketing cookies, Facebook Pixel may set cookies (_fbc, _fbp) on your device for ad attribution. Our analytics (Umami) is self-hosted and privacy-focused, using no cookies.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place for international transfers.

9. Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or through the Website. The "Last Updated" date at the top indicates the latest revision.

11. Contact Us

For questions, concerns, or requests regarding this Privacy Policy:

Email: [email protected]

By using LemonData, you acknowledge that you have read and understood this Privacy Policy.