Lynceus
Book a call

Privacy

What we hold of yours, and why.

Last updated 19 May 2026. If anything below changes, we update this page and date it.

What we collect

Lynceus collects four pieces of information from you, and only when you ask us to do something with each one:

  • Your email address — when you run a free AI visibility check, request the sample report, book a call, or buy an audit or engagement. We use it to send results, deliver receipts, and (if you opted in) write to you occasionally with relevant updates.
  • A domain you submit — when you run the free AI visibility check, we record the brand domain you asked about. We log the outcome so we can give you a recap, and so we can prevent abuse of the free tier.
  • Payment details, if you buy something — handled entirely by our payments processor. Lynceus never sees your card number, expiry, or CVC. We receive a billing email, an amount, and a session ID.
  • Booking details, if you book a call — handled entirely by our scheduling provider. Lynceus receives the email you booked with and the time you picked.

We do not ask for your name, phone number, address, job title, employer, or anything else. We run no third-party analytics that profile you across the web — no Google Analytics, no Meta Pixel, no LinkedIn Insight Tag, no advertising trackers. Our edge platform keeps short-lived request logs (IP, user agent, timestamp) for abuse prevention; we don't read those in the ordinary course of work.

A note on the free visibility-check tool. We require an email there for one reason: AI search queries cost real money to run against the major models. The email lets us prevent abuse, send you a clean recap, and contact you if we find something important about your brand later. It does not subscribe you to a newsletter.

Why we hold it

Each piece of data is held for one specific reason:

  • To deliver the thing you asked for — the visibility report, the audit, the engagement, the call confirmation.
  • To run the business — fulfilling paid work, sending receipts, responding to support questions.
  • To prevent abuse — rate-limiting the free tool, blocking disposable-mailbox signups, capping per-IP spend on third-party APIs.

That is the complete purpose. We do not sell your data, rent it, share it with advertising networks, or use it to build a cross-site profile of you.

How we hold it

Your data lives in a small set of reputable sub-processors:

  • Edge platform — the cloud provider that runs this site holds your email and your visibility-check history in an encrypted, edge-replicated key-value store.
  • Transactional email provider — delivers reports, receipts, and the occasional update. They see the recipient address and message contents in order to send them.
  • Payments processor — handles every aspect of the purchase, including PCI-scope card data. We hold only the receipt metadata they return.
  • Scheduling provider — handles the booking flow end-to-end when you reserve a call.
  • AI-visibility data provider — receives only the domain you asked about, never your email.

No CRM, no ad platform, no data warehouse, no analytics product, no shared customer-data ecosystem.

Cookies

The marketing site sets nothing. The booking and payment flows are run in embedded widgets by their respective providers — those widgets set their own first-party cookies for the booking session and the checkout session, scoped to those providers' domains. We do not run an analytics cookie, an advertising cookie, or any third-party tracker on the marketing pages.

Retention

  • Lead and lookup records — held for as long as your relationship with us is active and for up to twenty-four months after your last interaction. After that, we delete the record on the next quarterly clean-up.
  • Receipts and invoice records — retained for the period required by tax and accounting law in our jurisdiction (currently seven years).
  • Email logs at our delivery provider — retained per that provider's defaults (typically 30 days for sent message content).

Your rights

You can ask us to do any of the following from the email address you signed up with:

  • Send you a copy of every record we hold of you.
  • Delete every record we hold of you.
  • Correct anything that's wrong.
  • Stop sending you any further messages.

Write to privacy@lynceus.app. We act on the request within seven days and confirm in writing when it is done.

If you live in the EU, UK, or California, the same rights apply under the GDPR, UK GDPR, and CCPA respectively — access, rectification, erasure, restriction, portability, objection. The single email above is the route for all of them. If you believe we have mishandled your data, you have the right to lodge a complaint with your local data-protection authority; we'd appreciate the chance to make it right first.

Security

The site is HTTPS-only, served behind a major edge platform. Internal APIs are gated by cross-origin checks and rate limits. Admin endpoints are bearer-token authenticated. Sub-processor secrets are stored encrypted at rest and only injected at runtime. We do not log raw request bodies, payment details, or anything else that would be sensitive in a breach.

Children

Lynceus is a B2B tool for operators of brands and websites. It is not directed at children under sixteen and we do not knowingly collect data from them. If you believe a child has submitted information to us, write to privacy@lynceus.app and we will delete the record.

Changes

If we ever start collecting something new, or work with a new sub-processor that handles your data, we update this page and put a dated note at the top. Substantive changes get an email to active customers at least seven days before they take effect.

Who's behind this

Lynceus is operated by the founder out of a small studio. Correspondence on this page should go to privacy@lynceus.app. General questions are best sent to hello@lynceus.app.

Book a 20-minute call