Privacy Policy

This Privacy Policy (“Policy”) explains how LilyPadLabs LLC (“we,” “us,” or “our”) collects, uses, stores, and protects your information when you use YourPond. This Policy applies to the YourPond web application at yourpond.io and the YourPond iOS app distributed through the Apple App Store. By using YourPond on any platform, you agree to the practices described in this Policy. If you have questions about this Policy, contact us at hello@yourpond.io.

1. Who We Are

YourPond is operated by LilyPadLabs LLC. When this Policy refers to “we,” “us,” or “our,” it means LilyPadLabs LLC.

2. Data We Collect

2a. Account Data

When you create a YourPond account, authentication is handled by Clerk. You can sign in with Google or email. We collect and store the following account data through Clerk:

• Your name
• Your email address
• Your profile photo
• A unique identifier assigned by Clerk

If you sign in with Google, we receive these fields from Google via Clerk's OAuth integration. We do not receive or store your Google password.

2b. Contact Data (Data You Enter)

YourPond is a personal relationship management tool. The core of the service is the contact data you choose to enter about the people in your life. This may include:

• Names and maiden names
• Gender
• Birthdays
• Email addresses, phone numbers, and physical addresses
• Locations (cities, states, countries)
• Jobs and employers
• Relationships between contacts and closeness ratings
• How you met, who introduced you, and related notes
• Events and notes
• Reminders
• Lists and groups
• Social media URLs and handles
• Profile photos

You decide what information to store. You are the data controller for the contact data you enter into YourPond. We are the data processor, storing and displaying your data on your behalf.

2c. Data from Connected Email Accounts

YourPond allows you to optionally connect your Gmail or Microsoft Outlook account to import contacts. When you connect an email account, we access your contact data (names, email addresses) through Google's or Microsoft's OAuth flow. We do not read, access, or store the content of your emails. You may disconnect your email account at any time from your account settings.

2d. Data from Device Contacts (iOS)

The YourPond iOS app allows you to import contacts from your device's address book. This feature requires your explicit permission via the iOS Contacts permission prompt. When you grant permission, we access the following data from your device contacts:

• Names
• Phone numbers
• Email addresses
• Physical addresses
• Companies
• Birthdays

Imported contact data is sent to YourPond's servers and stored in your account. You may revoke contact access at any time through your device's Settings app.

2e. Subscription and Payment Data

Web (Stripe)

When you subscribe to YourPond Pro through the web application, payment is processed by Stripe. We receive and store:

• The last 4 digits of your card number
• Your billing address
• Your subscription status

We do not receive or store your full card number. Stripe handles all payment processing in accordance with PCI-DSS standards.

iOS (Apple)

When you subscribe to YourPond Pro through the iOS app, payment is processed by Apple through In-App Purchase. We receive your subscription status via Apple's App Store Server Notifications. We do not receive any payment card information from Apple.

2f. Push Notification Data (iOS)

If you enable push notifications in the YourPond iOS app, we receive an Apple Push Notification service (APNs) device token. This token is used solely to deliver push notifications to your device. The token does not contain personal information. You may disable push notifications at any time through your device's Settings app or within the YourPond app settings.

2g. Usage Data

We collect usage data to understand how YourPond is used and to improve the service. This includes:

• Pages visited and features used
• Device type and operating system
• Browser or app version
• Approximate location (derived from IP address)
• Referral source
• Error and crash data

Web

On the web, we use Vercel Analytics, which is cookieless and does not track individual users across sessions. We use Sentry for error monitoring and crash reporting.

iOS

On iOS, we receive standard Apple crash data through Xcode and App Store Connect. We do not use any third-party analytics SDKs in the iOS app.

3. How We Use Your Data

We use the data we collect for the following purposes:

• To operate and provide the YourPond service across all platforms
• To process natural language input using Anthropic's Claude API
• To import contacts from connected email accounts or device contacts
• To process payments through Stripe (web) and Apple (iOS)
• To send transactional emails (account confirmation, billing receipts, security alerts)
• To send push notifications on iOS (reminders, digests, updates)
• To diagnose bugs and improve reliability
• To understand usage patterns and improve the service
• To enforce our Terms of Service and Acceptable Use Policy

We do not use your data for advertising. We do not use your data to train AI models. We do not sell your data to anyone.

4. AI Processing

YourPond uses Anthropic's Claude API to power natural language contact entry and other AI-assisted features. When you use these features, your text is sent to Anthropic's API for processing. Anthropic does not use API data to train its models. Your data is processed and discarded — Anthropic does not retain it. No contacts are automatically created without your explicit review and approval.

5. Third-Party Services (Subprocessors)

We use the following third-party services to operate YourPond:

We will update this list if we add or change subprocessors. Material changes to our subprocessors will be communicated through updates to this Policy.

6. Data Isolation

Your data is private to your account. We do not cross-link, share, or merge data between different YourPond accounts. Each user's contact data is completely isolated from every other user's data. This applies to both the web application and the iOS app.

7. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Railway, with servers located in the United States. We protect your data using the following measures:

• All data transmitted between your browser or iOS device and our servers is encrypted via HTTPS
• Database connections are encrypted
• Access to production systems is restricted to authorized personnel
• Regular encrypted backups are maintained for disaster recovery
• Data transmitted between the iOS app and our servers uses the same encryption standards as the web application

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify you as soon as practicable and in accordance with applicable law. Notification will include:

• The nature of the breach
• The types of data affected
• The steps we are taking in response

9. Data Retention

We retain your data as follows:

• Account data: Retained while your account is active
• Contact data: Retained while your account is active or until you delete it
• Payment data: Retained in accordance with Stripe's, Apple's, and applicable tax and accounting regulations
• Push notification tokens: Retained while push notifications are enabled
• Usage data: Vercel Analytics data is aggregated and does not identify individual users
• Error data: Retained in accordance with Sentry's data retention policies
• Avatar photos: Stored in Cloudflare R2 and deleted when the photo is removed, the contact is deleted, or the account is deleted

Deletion

When you delete your account, all your data is removed from the production database immediately. Your data may persist in encrypted backups for up to 30 days, after which it is permanently destroyed. Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely.

10. Your Rights

You have the right to:

• Access your data — you can view all your data within the YourPond app
• Correct your data — you can edit any contact or account information at any time
• Delete your data — you can delete individual contacts, or delete your entire account from your account settings or by emailing hello@yourpond.io
• Export your data — Pro subscribers can export their contact data in CSV format from the web application
• Object to processing — you may contact us to object to specific data processing activities

We will respond to all data rights requests within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA).

Categories of Personal Information We Collect

• Identifiers (name, email address, unique account identifier)
• Contact information (email, phone number, physical address)
• Professional or employment-related information (job titles, employers)
• Internet or electronic network activity (pages visited, device information, browser or app version)
• Commercial information (subscription status, payment history)
• Geolocation data (approximate location derived from IP address)
• Photos (profile photos and contact avatar photos)

How We Use Personal Information

We use personal information for the purposes described in Section 3 of this Policy.

Sale of Personal Information

We have never sold your personal information. We will never sell your personal information. We do not share your personal information with third parties for their marketing purposes.

Your CCPA Rights

As a California resident, you have the right to:

• Know what personal information we collect, use, and disclose about you
• Delete your personal information
• Non-discrimination — we will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, you may email us at hello@yourpond.io or use the account settings within the app. We will respond to verifiable requests within 45 days.

12. Data About Other People

YourPond allows you to store information about other people — people who have not created YourPond accounts and have not consented to having their information stored in YourPond. You are the data controller for any personal data about other people that you enter. We are the data processor, acting only on your instructions.

If a person whose information you have stored in YourPond contacts us to request access to, correction of, or deletion of their data, we will:

• Notify you of the request
• Work with you to determine the appropriate response
• Where we are legally required to do so, honor the request directly

Please do not store sensitive categories of personal data (such as health information, political opinions, or religious beliefs) about other people unless you have a specific personal reason for doing so.

13. Law Enforcement and Legal Requests

We may disclose your data if required to do so by law or in response to valid legal process (such as a subpoena, court order, or government request). We will comply only to the extent required by law, and we will notify you of such requests where we are legally permitted to do so.

14. Children's Privacy

YourPond is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a user under 16, we will terminate their account and delete their data.

Note: YourPond users may store information about children in their personal network (for example, a user storing their niece's birthday). This information is entered by the adult user and is not collected from the children themselves.

15. Cookies

For information about how we use cookies on the YourPond web application, please see our Cookie Policy. The YourPond iOS app does not use cookies.

16. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will notify you via email or in-app notification at least 7 days before the changes take effect. Continued use of YourPond after the effective date of an updated Policy constitutes acceptance of those changes.

17. Contact

Questions about this Privacy Policy? Contact us at hello@yourpond.io.