home

Privacy Policy

Effective June 17, 2026

1 · What we collect

Account info · your email, an encrypted (bcrypt-hashed) password if you signed up with email/password, your display name, and the date you joined. If you sign in with Google, your Google profile email + name.

Your notes and study data · every note, topic, subject, flashcard, study session, exam attempt, calendar event, and cram plan you create. We store these to sync them across your devices.

Billing info · Stripe collects your payment details · we receive only the Stripe customer id, subscription status, and tier. We never see or store your full card number.

Usage telemetry · privacy-safe events like “note created”, “AI tutor opened”, “exam completed” to help us understand what to improve. This is off by default and only turns on if you opt in from Settings. Events may include your account id and plan tier, but never note text, file names, subject names, prompts, or your email.

2 · Where it goes

Supabase · primary database. Your account record and the gzip-compressed sync blob of your workspace.

Stripe · billing and subscription management. They handle PCI compliance · we never see your raw card data.

Anthropic (Claude) · we send the note content + your query to Claude when you use AI features (auto-sort, tutor, practice, podcast, lens, etc.). Anthropic does not train models on this data per their API terms.

OpenAI · we send your voice audio to Whisper for transcription when you dictate, and your text to TTS when you ask LanderOS to read something aloud. OpenAI does not train models on API data.

Vercel · hosts the app. They see request logs (IP, user agent) typical of any web service. We also use Vercel's privacy-friendly Web Analytics · it counts page views and visitors in aggregate, sets no cookies, and does not track you across other sites or build a profile of you.

PostHog / telemetry collector · if you opt into privacy-safe usage analytics, we send explicit product events such as feature use and error counts. We disable autocapture and session recording so note content and typed text are not recorded.

Sentry · production error monitoring. It helps us see crashes and server errors without waiting for a support email. Session replay is disabled.

3 · What we don't do

  • We don't sell your data to anyone.
  • We don't share your notes with advertisers.
  • We don't train AI models on your notes (and we don't let our AI vendors train on your notes either).
  • We don't track you across other websites · no third-party ad pixels, no Facebook pixel, no Google Analytics on the workspace.

4 · Your rights

You can export your full workspace at any time from Settings → Workspace → Export. The export is a plain-text format you can read with any tool.

You can delete your account at any time from Settings → Account → Delete. We delete your data within 30 days of account deletion. Some logs may persist longer for legal / fraud-prevention reasons.

EU and California residents can also request a copy of their data or its deletion by emailing orlando@lander-os.com · we respond within 30 days.

5 · Cookies

We use a single first-party cookie for your sign-in session (NextAuth JWT). We don't use third-party cookies for tracking or advertising.

6 · Children

LanderOS is not designed for children under 13. We don't knowingly collect data from anyone under 13. If you believe we have, contact us and we'll delete it.

7 · Changes

If we update this policy in a material way we'll notify you in the app or by email before the change takes effect.

8 · Contact

Questions about your data, this policy, or anything else · orlando@lander-os.com.