Lamdis Privacy Policy

We collect information in three main ways: (A) you provide it; (B) it’s collected automatically; or (C) it comes from third parties you connect.

A. Information you provide (Account/Service data)

Account & profile: name, email, company, role, password hashes/MFA settings.

Workspace settings & manifests: action schemas/specs (e.g., MCP/OpenAPI), configuration files, allowed domains, routing rules.

Connector credentials: OAuth tokens, API keys, webhooks you authorize us to store/use on your behalf.

Content you process: prompts, requests, messages, files, logs, run results, and metadata generated by your use of Hosted Runtimes.

Support & feedback: tickets, recordings (if you consent), chat transcripts, survey responses.

Billing: plan details, seats, usage, and limited payment info (card and ACH handled by our payment processor; we don’t store full card numbers).

B. Information collected automatically (Usage/Telemetry)

Device & app data: IP address, device/OS/browser, language, time zone.

Service telemetry: timestamps, request IDs, API endpoints, response times, bytes transferred, concurrency counts, error codes/crash traces.

Cookies/SDKs: session cookies, analytics, and preference storage (see “Cookies & ads” below).

C. Third-party sources you connect

Integrations you enable: If you connect third-party services (e.g., Slack, QuickBooks, Google, model providers), we receive the minimum data/scopes you approve so the feature works (e.g., channel IDs, file metadata, message content where required, spreadsheet ranges, etc.).

Service providers & partners: limited business contact data (B2B) to reach potential customers, subject to applicable law.

We do not knowingly collect information from children under 16, and the Service is not directed to them.

Provide and secure the Service – authenticate users; host MCP/A2A; run jobs; store manifests, logs, and outputs; prevent abuse/fraud; and keep the Service reliable and performant.

Operate Hosted Runtimes – execute your manifests/actions, route messages, enforce limits, and deliver outputs to your configured destinations.

Measure and improve – analyze aggregated Service telemetry to fix bugs, plan capacity, enhance UX, and develop new features.

Support & communications – send transactional emails (invites, notices, security alerts), respond to tickets, and share product updates.

Billing & account management – calculate usage/overages, invoice, and manage subscriptions.

Sales & marketing (B2B) – with your consent or where permitted by law, send product news, webinars, or offers; you can opt out anytime.

Legal compliance – comply with law, enforce Terms, and protect rights, safety, and property.

AI/model providers

When you choose to route content to model providers, Lamdis transmits Customer Content and returns Output at your direction.

We do not permit third-party model providers to train on your Customer Content through Lamdis, unless you explicitly opt in with that provider.

Lamdis may use aggregated, de-identified Service telemetry to improve our systems. We do not use your Customer Content to train third-party foundation models.

Where GDPR/UK GDPR/Swiss law applies, we process Personal Information based on:

• Contract necessity (to provide the Service you requested),

• Legitimate interests (security, product improvement, B2B marketing with safeguards, fraud prevention),

• Consent (cookies/marketing where required), and

• Legal obligations (tax, accounting, compliance).

You can object to processing based on legitimate interests or withdraw consent where applicable.

We share information only as described below: Service providers (processors): hosting, compute, storage, email, analytics, crash reporting, support tooling, payment processing. They may access Personal Information only to perform services for us and must protect it.

Integrations you enable: if you connect a third-party product, we share the data necessary to provide that feature per your configuration and that provider’s terms.

Affiliates/corporate transactions: with our affiliates or as part of a merger, acquisition, financing, or sale of assets (your data remains protected by this Policy or a successor policy with materially similar protections).

Legal/safety: to comply with law, lawful requests, or to protect rights, safety, and the Service.

Aggregated/de-identified data: we may share statistics that do not identify you.

We do not sell Personal Information and we do not “share” Personal Information for cross-context behavioral advertising as defined by the CPRA.

We use cookies and similar tech for login sessions, preferences, analytics (e.g., performance metrics), and product improvement. We currently do not run third-party interest-based advertising on our app surfaces. Where required, we display a consent banner that lets you manage non-essential cookies.

Browser DNT signals are not yet consistently honored across the ecosystem; we honor consent choices made in our banner and applicable platform settings.

Customer Content & logs: retained for your term and any configurable retention you set (where available), then deleted or anonymized per our data lifecycle routines.

Account/billing: retained as needed for the relationship and legal/accounting obligations.

Telemetry: retained for operational and security purposes for a limited period, then aggregated or deleted.

You may request deletion; we’ll comply unless we must retain certain data (e.g., for legal obligations or to maintain suppression records).

We implement commercially reasonable technical and organizational measures (segmented infrastructure, encryption in transit and at rest for core stores, access controls, least privilege, MFA for internal systems, monitoring, and routine backups). No system is 100% secure. You are responsible for strong passwords, MFA, timely de-provisioning, and device hygiene.

Security issues? Email security@lamdis.ai. If a breach affecting you occurs, we’ll notify you as required by law.

Depending on your location, you may have rights to access, correct, delete, port, or restrict/object to certain processing, and to opt out of sales/sharing (we don’t sell/share as defined) and certain profiling. You can also:

• Access & export your data via product tools (where available) or by request.

• Delete content or close your account (contact support).

• Marketing opt-out: unsubscribe links in emails or email privacy@lamdis.ai.

Authorized agents (CA): we will verify requests consistent with law.

If we process Personal Information as a processor on behalf of a Customer (e.g., your employer), we will direct your request to that Customer.

Complaints (EEA/UK/Swiss): you may contact your supervisory authority. We encourage you to email privacy@lamdis.ai first so we can help.

We are headquartered and host primarily in the United States. When Personal Information is transferred internationally, we use recognized safeguards (e.g., EU/UK Standard Contractual Clauses and transfer risk assessments). If our transfer mechanism changes, we will update this Policy.

Note: We do not claim participation in the Data Privacy Framework unless and until we are certified; if certification occurs, we will update this section.

Lamdis’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Data we access (examples): your Google account email for auth; spreadsheet ranges/metadata you explicitly import; file permissions needed for features you enable.

Use: solely to provide the features you choose; we do not use Google user data to train AI models, add to any public datasets, or for advertising.

Sharing: we do not sell Google user data or share it with third parties for their independent use.

Security: we apply appropriate safeguards to protect Google data.

The Service is not intended for individuals under 16. We do not knowingly collect Personal Information from children under 16.

We may update this Policy to reflect changes in laws or our practices. We’ll post the updated Policy with a new “Last Updated” date. Material changes will be highlighted or otherwise notified where required.

Privacy inquiries / rights requests:

Email: privacy@lamdis.ai

Address: MarketPay Inc. d/b/a Lamdis, 1306 Kent Rd., Ortonville, MI 48462, USA

Security: security@lamdis.ai

General support: support@lamdis.ai

If you are in the EEA/UK/Switzerland and need to contact a representative or lodge a complaint with a supervisory authority, email privacy@lamdis.ai and we’ll provide the appropriate details and assist with your request.

Lamdis acts as a controller for Personal Information it collects for its own purposes (e.g., account, billing, telemetry, marketing) and as a processor (service provider) for Customer Content processed under your or your organization’s instructions. Where we act as a processor, our Data Processing Addendum (DPA) governs; in case of conflict between this Policy and the DPA for processing on your behalf, the DPA controls.

California (CPRA): you have rights to know/access, correct, delete, portability, and opt out of sales/sharing (Lamdis does not sell or share Personal Information for cross-context behavioral advertising). We honor authorized agent requests consistent with law and verify requestors before fulfilling.

Colorado/Connecticut/Virginia/Utah: similar rights may apply (access, delete, correct, portability, appeal). Submit via privacy@lamdis.ai.

EEA/UK/Swiss: see Sections 3 and 8 for legal bases and rights.