Policy version 2026-07-16·Effective date July 16, 2026

Privacy Policy

This Policy explains what we collect, why, where it lives, and your rights. Short version: we collect what a B2B billing relationship needs, we host it with vetted infrastructure providers, we sell nothing, and we show no ads.

1. What we collect

Account data: name, business name, work email, locale, authentication records (managed by our auth provider; we never see your password).

Billing state: subscriptions, plans, invoices, payment status per client. While online billing is off, no card or payment-instrument data exists in the Service at all. When Stripe is activated, card data will be collected and processed by Stripe directly — it never touches our servers.

Leads: if you use the contact-sales form we store what you submit (name, organization, email, message, the product and plan you were looking at).

Technical data: server logs (IP address, user agent, timestamps) for security and abuse prevention, and bot-protection signals from Cloudflare Turnstile on public forms. We do not use advertising trackers or third-party analytics cookies; the only cookies are those needed to sign you in.

2. Why we process it (legal bases)

To perform the contract with you (operate accounts, subscriptions, invoices, support). For legitimate interests: securing the Service, preventing fraud and abuse, improving reliability. To comply with legal obligations: tax and accounting retention, responding to lawful requests. With your consent where required — which you can withdraw.

3. Where it lives (sub-processors)

Cloudflare, Inc. — edge hosting, DNS, DDoS/bot protection (global edge network). Supabase (on AWS) — database and authentication. Stripe, Inc. — payment processing, only once billing is activated. Dun & Bradstreet — business verification when we verify your organization's identity.

These providers process data on our instructions under their own security and data-processing terms. We will update this list before adding a sub-processor that handles personal data.

4. The vertical products and the sync channel

Your operational data (patients, guests, orders) lives in the vertical product's own database, not in the Service. What crosses between them is entitlement state — which tenant, which plan, active or not — over a signed, audited channel. Each transfer is logged. The Service holds a registry of verticals (name, endpoint, plan mapping) but never a vertical's end-customer data.

5. What we never do

We do not sell personal data. We do not share it for advertising. We show no ads. We do not train AI models on your data. Access inside Lazward is role-restricted: client data is readable only by the account that owns it and by studio administrators under audit.

6. Retention

Account and lead data: kept while the relationship is active, purged within 90 days of account deletion except where law requires longer. Billing, invoice, and tax records: retained for up to 7 years as required by tax and accounting law, then deleted. Security logs: up to 12 months. Audit trails of the sync channel: retained as append-only records for the life of the affected subscription plus 2 years.

7. Your rights

You can access and export your account data, correct it, or delete your account (see Account deletion). Where data-protection law grants you rights (access, rectification, erasure, portability, restriction, objection), we honor them regardless of where you are. To exercise any right: legal@lazward.com. We verify requests and respond within 30 days.

8. International transfers

Our infrastructure providers operate globally; data may be processed in the United States and other countries. Where transfer safeguards are legally required, we rely on our providers' standard contractual clauses and equivalent mechanisms. If you are in Iraq or the wider region: your data is protected by the same technical and contractual measures regardless of location.

9. Security

Row-level security on every table, forced — a client account can only ever read its own rows. All traffic is TLS. Cross-database entitlement writes are HMAC-signed and replay-protected. Secrets live in isolated worker/database vaults, never in code. Public forms are rate-limited and bot-protected. We log administrative actions to an append-only audit trail.

No system is perfectly secure. If a breach affects your data we will notify you without undue delay and within any legally mandated window.

10. Changes

We version this Policy (see the version stamp above). Material changes are re-consented in the portal: you will be asked to accept the new version before continuing.

Contact

Questions about any of these documents: legal@lazward.com. We answer within 5 business days.

These documents reflect our real practices and industry standard terms. They have been prepared carefully but have not yet been reviewed by outside counsel; a review is planned before billing activation.