Privacy Policy
Last Updated: May 19, 2026 · Version 2026-05-19-draft
One-sentence summary
We store the minimum we need to run the service. Local projects never leave your computer. your device, your wallet keys are user-controlled via Privy, and we do not sell data.
1. What we collect and why
| Category | Source | Purpose |
|---|---|---|
| Account identity | Clerk (email, name, profile image) | Authentication, billing |
| Wallet address | Privy (Ethereum address; signing keys are user-held) | Creator vault + donations |
| Cloud content | Your uploads | The product itself |
| Activity logs | API requests, project edits, sync heartbeats | Abuse detection, billing reconciliation |
| Content review metadata | LLM classifications, AWS Rekognition labels | Safety, strike accumulation |
| Donation history | On-chain USDC transfers + Stripe receipts | Vault display, tax reporting |
| Device + browser info | Request headers, FSA usage | Debugging, rate-limit attribution |
Local-first mode is excluded. If you use Lyra Story without signing in, or in browser-local / SDK-linked storage modes, none of the categories above apply to files that stay on your device. We have no access to local content.
2. Sub-processors
We rely on the following third-party services to operate Lyra Story. Each is listed with its purpose, jurisdiction, and a link to its own privacy policy.
- Clerk (USA) — authentication and user identity. clerk.com/legal/privacy
- Privy (USA) — embedded wallet provisioning. Keys are user-held. privy.io/privacy
- Cloudflare R2 (global) — cloud asset storage for cloud-mode projects. cloudflare.com/privacypolicy
- AWS (global) — Rekognition (NSFW/violence classification), Lambda (moderation pipeline), and supporting infrastructure. aws.amazon.com/privacy
- Anthropic (USA) — Claude API for content review (per the Acceptable Use Policy). Inputs are not used to train Anthropic's models, per their commercial terms. anthropic.com/privacy
- Stripe (global) — Cloud Plan subscription billing. We never see your card details; Stripe holds them. stripe.com/privacy
- Coinbase Smart Wallet (on-chain) — your creator vault is a public ERC-4337 smart account on Base. On-chain data is public by nature of the blockchain. coinbase.com/legal/privacy
- Vercel (USA) — hosting and CDN for the dashboard and API. vercel.com/legal/privacy-policy
- Transactional email provider (TBD — likely Resend) for receipts, strike notifications, and digests.
3. LLM content review (P3)
Content you upload to cloud or public modes may be analyzed by Anthropic's Claude vision API to classify it against the Acceptable Use Policy in our Terms. AWS Rekognition is used in parallel for NSFW and violence labeling.
Classifications and the snippets used for moderation are retained for up to 180 days (the strike accumulation window). Anthropic does not train on our API inputs (commercial terms guarantee). Reviewed content is not shared publicly except as required by law.
4. Data retention
| Data | Retention | Justification |
|---|---|---|
| Active account data | For account lifetime | Service operation |
| Deleted account data | 30 days soft-delete, then purge | Recovery window |
| Audit logs | 1 year | Abuse investigation |
| Content-review classifications | 180 days (strike window) | Safety system |
| Strike records | 180 days post-expiry | Appeals + repeat-offender detection |
| Stripe financial records | 7 years | Tax / legal obligations |
| Anti-abuse blocklist hashes | Indefinite | Prevent re-abuse |
| Anonymous (no-account) projects & accounts | 180 days after last activity (or creation if no projects) | Free service with rate-limit abuse prevention; we do not retain inactive anon data indefinitely |
| Public on-chain data (vault, donations) | Permanent | Nature of blockchain |
5. Your rights
You have the rights described below regardless of where you are; some are derived from specific regulations (GDPR for EEA users, CCPA for California users) and the individual mechanics may vary.
- Access — request a copy of your data. Cloud-mode users can export their project tree as a
tree.ymlfile from the dashboard at any time. - Rectification — correct inaccurate data. Most fields are editable in the dashboard; email privacy@lyrastory.ai for anything else.
- Erasure — delete your account. We honor erasure requests within 30 days. Note the two exceptions below.
- Portability — local projects live on your computer by design (full export + folder ownership). Cloud projects can be migrated to local. your
tree.yml+ images can be opened by any tool. - Restriction / objection — pause processing while a request is under review.
- Opt-out of sale (CCPA) — we do not sell personal information.
- Non-discrimination — exercising any right above does not affect service availability.
Two exceptions to erasure
- Embedded wallet keys are held by you via Privy. We can disable our dashboard's view of your wallet but we cannot delete the keys themselves — that's between you and Privy.
- On-chain vault state (your Coinbase Smart Wallet and donations) lives on public blockchains and cannot be deleted by anyone, including us. This is fundamental to how blockchains work.
Email privacy@lyrastory.ai to exercise any right. We respond within 30 days.
6. International transfers
Our sub-processors operate globally. EEA users' data may be processed in the United States or other jurisdictions. We rely on the EU Standard Contractual Clauses (SCCs) via our vendor agreements where applicable. [Counsel to confirm SCC coverage and any additional safeguards required for non-EU/UK/Swiss users — see legal-gaps.md.]
7. Cookies and analytics
Lyra Story uses cookies set by:
- Clerk — session cookies for authentication.
- Privy — embedded-wallet session.
- Stripe — Cloud Plan checkout sessions.
- Our own — feature-flag preferences, dashboard mode toggles.
Anonymous usage: We collect only the minimum data required to prevent abuse (best-effort client IP used transiently for per-IP rate limiting on anonymous account creation, default max 3 per 24h per IP). These IPs are not stored long-term on user records and are not used for marketing or profiling.
We are evaluating cookieless, privacy-first analytics (e.g. Fathom). Until such tools are added, we do not set marketing or cross-site tracking cookies for anonymous visitors. Clerk-authenticated accounts involve additional personal data (email, profile fields, etc.) and are subject to the full policy.
Placeholder for future consent banner language if/when we add any non-essential analytics.
8. Children
Minimum age to create a Clerk account is 13 in the United States and 16 in the European Economic Area. We do not knowingly collect data from users below these thresholds; if we learn of an account held by a younger user, we will delete it.
9. Contact
Privacy questions: privacy@lyrastory.ai
Data Protection Officer: [to be designated — see legal-gaps.md]
10. Changes to this policy
Material changes will be announced by email and in-app notification at least 30 days before they take effect. The current version is 2026-05-19-draft.