Lodestar
PricingLog inStart trial

Privacy Policy

Last updated: 22 May 2026

This document explains what data we hold about you in Lodestar, why we hold it, and how we handle it. We've tried to write it without legal fluff — the way we'd say it to you in person.

1. Who we are

Lodestar is operated by KONGERA s.r.o., the controller of your personal data under the GDPR. Got a question? Write to us at privacy@lodestar.app.

2. What data we hold

  • Account: your email and a hashed password (managed by Supabase Auth).
  • Profile: your name and settings (timezone, push opt-in).
  • Content: organizations, projects, tasks, vision (text and images), AI briefing.
  • Subscription: subscription status (trial / active / cancelled), Stripe customer ID and subscription ID — no card numbers (those stay with Stripe).
  • AI usage: the number of AI calls per month (for the fair-use limit) — function type and time; no prompt content.
  • Push tokens: the Expo push token of your devices (if you allow notifications).

3. Why we hold it

To provide the service — the legal basis here is performance of a contract (Art. 6(1)(b) GDPR). We keep security logs on the basis of our legitimate interest (Art. 6(1)(f)). The AI advisor runs as part of your subscription — Anthropic is a sub-processor of KONGERA (prompts contain your content and are routed via our API account).

Providing an email is a contractual requirement for creating an account — without it we can't provide the service to you.

4. Who we share it with

The following sub-processors process data on our behalf. We don't sell your data to any other vendor or ad network.

  • Supabase (Frankfurt, EU) — database, auth, file storage.
  • Vercel (USA) — web and edge function hosting.
  • Anthropic (USA) — the AI advisor sends your content to api.anthropic.com as part of providing the service.
  • Stripe (USA/Ireland) — processing payments and invoices for your subscription. It receives your name, email, billing address (if you provide one) and payment metadata; it has no access to your content.
  • Expo (USA) — push notifications (if you allow them).

For transfers of personal data to the USA (Vercel, Anthropic, Stripe, Expo) we use Standard Contractual Clauses (Art. 46(2)(c) GDPR), or the transfer takes place under the Data Privacy Framework where applicable.

5. How long we hold it

As long as your account exists. After you delete it, everything is gone within 30 days — including backups.

6. Your rights

You have the right to access, rectification, erasure, portability, objection and restriction of processing (Art. 15–21 GDPR). Here's how you exercise them:

  • Access: you can see your data directly in the app.
  • Rectification: edit your data directly in the app.
  • Portability: download a JSON export in Settings.
  • Erasure: delete your account in Settings.
  • Objection / restriction: write to privacy@lodestar.app.

7. Automated decision-making

The AI advisor in Lodestar gives you suggestions and ideas — it doesn't make binding decisions that have a legal or similarly significant effect on you. So this isn't automated decision-making within the meaning of Art. 22 GDPR.

8. Cookies

We use only essential cookies: a session cookie (Supabase Auth) and pb_active_org (which remembers your active organization). No marketing or analytics cookies.

9. Age

Lodestar isn't intended for people under 16. If you're younger, please don't register.

10. Complaint

Think we're handling your data badly? Write to us — we'll be glad to put it right. You can also contact the Slovak Data Protection Authority directly at uoou.sk.

11. Fair-use AI

To keep Lodestar available and stable, the AI advisor has a fair limit of 500 calls per month per user. For our records we store metadata (call count, time, function type) — we store nothing beyond the data we already hold for you.

12. Changes to this policy

For any material changes we'll notify you by email at least 14 days in advance.

Lodestar
PricingPrivacyTermsLog inStart trial
by KONGERA