Pallas by Lonia AI

LEGAL

Privacy Policy

Last updated: March 2026

This Privacy Policy describes how Grapevine Connections, LLC ("Company", "we", "us") collects, uses, and protects information through Pallas by Lonia AI ("Service").

1. Information We Collect

1.1 Account Information

When you create an account via OAuth, we receive your name, email address, and profile photo from your authentication provider (Google or Microsoft). We do not store passwords.

1.2 Usage Data

We collect information about how you use the Service: scans initiated, findings created, reports generated, and features accessed. This data is used to provide the Service and improve the product.

1.3 Uploaded Content

You may upload website URLs and documents (PDFs, DOCX files) for accessibility analysis. Uploaded documents are analyzed and discarded by default. URLs are stored as asset records. Scan results and findings derived from analysis are stored for the duration of your subscription.

2. How We Use Your Information

We use your information to: provide and maintain the Service; process scans and generate accessibility reports; manage your account and subscription; send transactional emails (account notifications, billing receipts); improve the Service based on aggregate usage patterns. We do not use your data to train AI models. We do not sell your data.

3. Data Retention

Uploaded source documents: analyzed and discarded by default. Organizations can configure custom retention policies. Scan results and findings: retained for the duration of your subscription plus 30 days post-cancellation. Account information: retained for the duration of your subscription plus 30 days post-cancellation. Audit trail entries: retained in accordance with your organization's configured retention policies.

4. Data Security

We implement the following security measures: OAuth-only authentication (no password storage); TLS encryption for all data in transit; database-level encryption for data at rest; row-level security (RLS) ensuring organization-level data isolation; regular security reviews and dependency updates.

5. Third-Party Services

We use the following third-party services to operate: Supabase (database and authentication); Stripe (payment processing); Cloudflare (hosting and CDN); Resend (transactional email). These services process data only as necessary to provide their specific function. We do not share your data with third parties for advertising or marketing purposes.

6. Your Rights

You have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data (subject to legal and contractual retention requirements); export your data (findings, reports, audit trail) via CSV and PDF export features; withdraw consent for optional data processing.

7. International Data

The Service is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States.

8. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect information from children under 18.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 30 days before they take effect.

10. Contact

Questions about this Privacy Policy should be directed to admin@lonia.ai.

For accessibility-related concerns: support@lonia.ai.