Privacy Policy for LionPost

1. Introduction

Welcome to LionPost ("we," "us," "our"). We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, and share your information when you use our website and services at lionpost.com ("Service").

This policy is designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Data Controller: LionPost
Email: hello@lionpost.com

2. Information We Collect

2.1 Information You Provide Directly

Category	Data Collected	Purpose
Account Information	Email address	Authentication (magic link login), account identification
Card Content	Text messages, images, themes, font styles, audio recordings	Creating and displaying your greeting cards
Recipient	Phone numbers (for SMS sharing)	Delivering cards to recipients via SMS
Contact	Name, email address, subject, message	Responding to your inquiries
Occasion	Recipient name, your email, reminder dates	Sending you email reminders for upcoming occasions

2.2 Information Collected Automatically

Category	Data Collected	Purpose
IP Address	Your IP address (contact form submissions only)	Rate limiting to prevent abuse; deleted after 24 hours
Session Data	Authentication tokens	Maintaining your logged-in session
Usage Statistics	Card creation count, shares used, SMS count	Enforcing plan limits and displaying your usage

2.3 Payment Information

When you subscribe to our Premium plan, payment processing is handled entirely by Stripe. We do NOT store your full credit card number, CVV, or billing address on our servers. We only receive and store:

Stripe Customer ID
Stripe Subscription ID
Subscription status and period dates

3. How We Use Your Information

We process your personal data based on the following legal bases under GDPR:

Purpose	Legal Basis
Providing the Service	Performance of contract
Processing payments	Performance of contract
Sending magic link emails	Performance of contract
SMS card delivery	Performance of contract (with your explicit action)
Occasion reminder emails	Consent (you choose to set reminders)
Responding to support inquiries	Legitimate interest
Preventing fraud and abuse	Legitimate interest
Complying with legal obligations	Legal obligation

We do NOT use your data for:

Selling to third parties
Marketing without consent
Automated decision-making or profiling
Training AI models on your card content

4. Cookies and Local Storage

4.1 Essential Storage

Type	Name/Key	Purpose	Retention
LocalStorage	sb-auth-token	Maintains your authentication session	Until logout
LocalStorage	subscription-cache	Caches subscription details for performance	7 days
Cookie	sidebar-state	Remembers sidebar open/closed preference	7 days

4.2 Analytics and Tracking

We do NOT use any analytics tools, tracking pixels, or advertising cookies. LionPost does not track your browsing behavior.

5. Third-Party Services

We use the following third-party services that may process your data:

Stripe (Payment Processing)

Handles all payment transactions. Stripe Privacy Policy: https://stripe.com/privacy

Twilio (SMS Delivery)

Sends SMS messages to card recipients. Twilio Privacy Policy: https://www.twilio.com/legal/privacy

Resend (Email Delivery)

Sends magic link emails and reminders. Resend Privacy Policy: https://resend.com/legal/privacy-policy

Supabase (Database and Authentication)

Hosts our database and authentication system. Supabase Privacy Policy: https://supabase.com/privacy

6. Data Retention

Data Type	Retention Period
Account and Profile Data	Until account deletion
Card Content	Until you delete the card or your account
Contact Form IP Addresses	24 hours
Payment Records	7 years (legal requirement)
Occasion Reminders	Until you delete them or your account

7. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

Right to Access: Request a copy of all personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your data (subject to legal obligations)
Right to Data Portability: Receive your data in a machine-readable format
Right to Restrict Processing: Limit how we use your data
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time (e.g., for reminder emails)

To exercise any of these rights, email us at hello@lionpost.com. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit (HTTPS/TLS)
Encrypted database storage
Regular security audits
Access controls and authentication
Secure password hashing

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

9. International Data Transfers

Our servers are located in the United States and Europe. If you are located outside these regions, your data will be transferred internationally. We ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) approved by the European Commission
GDPR-compliant data processing agreements with all third-party services

10. Children's Privacy

LionPost is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at hello@lionpost.com, and we will delete the information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email.

Last Updated: November 25, 2025

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Email: hello@lionpost.com
Company: Lion Labs Media Limited