Your privacy is fundamental to our business
We believe that trust is built through transparency. This policy explains how we collect, use, and protect your personal information when you use LH42.
Information We Collect
Account Information
When you create an account, we collect your name, email address, company name, and billing information. This information is necessary to provide our services and process payments.
Usage Data
We automatically collect information about how you interact with our services, including pages visited, features used, search queries, and documents uploaded. This helps us improve our platform and provide better recommendations.
Device Information
We collect information about the devices you use to access LH42, including IP address, browser type, operating system, and device identifiers. This helps us ensure security and optimize performance.
Document Content
When you upload documents to LH42, we process and store the content to enable search, retrieval, and AI-powered features. Your document content is never shared with other customers or used to train our models.
How We Use Your Information
Service Delivery
We use your information to provide, maintain, and improve our knowledge management services, including document processing, search functionality, and AI-powered features.
Communication
We use your contact information to send important service updates, security alerts, and respond to your inquiries. Marketing communications are only sent with your consent.
Analytics and Improvement
We analyze usage patterns to improve our services, develop new features, and ensure the reliability and security of our platform.
Legal Compliance
We may use your information to comply with applicable laws, regulations, legal processes, or governmental requests.
GDPR Compliance
Legal Basis for Processing
We process personal data based on: (a) your consent, (b) performance of our contract with you, (c) compliance with legal obligations, and (d) our legitimate business interests, balanced against your rights and freedoms.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our data protection practices. You can contact our DPO at dpo@lakehouse42.com for any privacy-related concerns.
International Transfers
When we transfer data outside the European Economic Area, we use Standard Contractual Clauses approved by the European Commission to ensure adequate protection of your personal data.
Data Processing Agreements
Enterprise customers can request a Data Processing Agreement (DPA) that complies with GDPR requirements. Contact our sales team for more information.
Your Rights
Right to Access
You can request a copy of all personal data we hold about you. We will provide this information within 30 days of your request.
Right to Rectification
You can update or correct any inaccurate personal data through your account settings or by contacting our support team.
Right to Erasure
You can request deletion of your personal data. We will comply with such requests unless we have a legal obligation to retain certain information.
Right to Data Portability
You can request your data in a structured, commonly used, machine-readable format. We provide data export functionality in your account settings.
Right to Object
You can object to processing of your personal data for direct marketing purposes or based on our legitimate interests.
Data Security
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Encryption keys are managed through hardware security modules (HSMs).
Access Controls
We implement strict access controls, ensuring only authorized personnel can access customer data, and only when necessary for support or service delivery.
Security Audits
We undergo regular security audits and penetration testing. Our SOC 2 compliance demonstrates our commitment to security best practices.
Data Retention
Account Data
We retain your account information for as long as your account is active. After account deletion, we retain certain data for up to 90 days for backup purposes.
Document Content
Your documents and associated data are retained for the duration of your subscription. Upon termination, you can export your data, after which it will be permanently deleted within 30 days.
Audit Logs
We retain audit logs for security and compliance purposes for up to 7 years, as required by various regulatory frameworks.
Data Processors
Payment Processing - Stripe
We use Stripe, Inc. (USA) to process payments and manage subscriptions. Stripe processes your payment information, billing address, and transaction history. Stripe is certified under the EU-US Data Privacy Framework. Learn more at stripe.com/privacy.
Communications - Twilio
We use Twilio, Inc. (USA) for email delivery, SMS notifications, and voice communications. Twilio processes your contact information and message content. Twilio complies with GDPR through Standard Contractual Clauses. Learn more at twilio.com/legal/privacy.
Cloud Hosting - Railway
Our application is hosted on Railway Corporation (USA). Railway processes all data stored and transmitted through our platform. Railway maintains SOC 2 Type II certification and uses AWS infrastructure with appropriate security measures. Learn more at railway.app/legal/privacy.
Object Storage - Cloudflare R2
We use Cloudflare, Inc. (USA) R2 storage for document storage. Cloudflare processes your uploaded documents and files. Cloudflare is certified under the EU-US Data Privacy Framework. Learn more at cloudflare.com/privacypolicy.
AI/LLM Processing - OpenAI & Anthropic
We use OpenAI, L.L.C. (USA) and Anthropic PBC (USA) for AI-powered features including document analysis and question answering. These providers process document content and queries on a zero-retention basis - your data is not used to train their models. OpenAI: openai.com/policies/privacy-policy. Anthropic: anthropic.com/privacy.
Data Storage - Apache Iceberg
We use Apache Iceberg v3 open table format for all document storage, including embeddings stored directly in tables. Data is stored in your preferred cloud storage (S3, R2, GCS, ADLS) with full ACID transactions and time-travel capability. Apache Iceberg is an open standard with no vendor lock-in.
Realtime Analytics - ClickHouse
We use ClickHouse, Inc. (USA/Netherlands) ClickHouse for real-time search and analytics functionality. ClickHouse processes indexed content for sub-second query performance. Learn more at clickhouse.com/legal/privacy-policy.
Contact Us
Privacy Inquiries
For any privacy-related questions or to exercise your rights, please contact us at privacy@lakehouse42.com or through our support portal.
Data Protection Officer
You can reach our Data Protection Officer directly at dpo@lakehouse42.com for GDPR-related inquiries.
Data Subject Access Requests
To submit a request regarding your personal data (access, deletion, correction, or portability), please visit our DSAR portal at lakehouse42.com/privacy/request or email dsar@lakehouse42.com.
Mailing Address
Lakehouse42 AB, Birger Jarlsgatan 57, 113 56 Stockholm, Sweden.
Have questions about your data?
Our team is here to help with any privacy-related inquiries.