§legal
Privacy Policy
This policy explains what personal data LazyConMan collects, why, and the choices and rights you have.
01Who we are
LazyConMan is operated by [Legal Entity Name] ("we", "us"), the data controller for personal data described here. For data you process about your own systems and users through the Service, you are the controller and we act as your processor under our Terms and any applicable data processing addendum.
02Data we collect
Account & organization data
Your name, email address, hashed password, multi-factor authentication settings, your organization name and role, and member invitations.
Verification data
Email and, where used, phone number for verification and optional SMS-based two-factor authentication.
Billing data
Subscription plan, billing status, and the customer/subscription identifiers from our payment processor. We do not store full card numbers — payments are handled by Stripe.
Service & audit data
Configuration you create (connectors, targets), and audit records of sessions — who connected to which target, when, and for how long. Target credentials are encrypted and are injected server-side; they are never sent to the browser.
Technical data
Log data such as IP address, timestamps, browser/user-agent, and security events, used to operate and protect the Service.
03How we use it
- To provide, maintain, and secure the Service and broker your sessions;
- To authenticate users and enforce multi-factor authentication and authorization;
- To process subscriptions, trials, and billing;
- To send transactional messages (verification, invites, billing and security notices);
- To monitor for, investigate, and prevent fraud, abuse, and security incidents;
- To comply with legal obligations and enforce our Terms.
We do not sell personal data, and we do not use third-party advertising or tracking on this website.
04Legal bases (where GDPR applies)
- Contract — to provide the Service you have signed up for;
- Legitimate interests — to secure, operate, and improve the Service;
- Legal obligation — to meet accounting, tax, and security duties;
- Consent — where required, for example optional communications.
07International transfers
Where data is transferred outside your region, we rely on appropriate safeguards such as Standard Contractual Clauses or an adequacy decision. Contact us for details about specific transfers.
08Retention
We keep personal data for as long as your account is active and as needed to provide the Service, then for a limited period to meet legal, accounting, and security needs. Audit logs are retained per your plan. On account closure we delete or anonymize data in line with this policy, subject to legal holds.
09Security
We apply technical and organizational measures including encryption in transit and at rest, per-organization credential encryption, server-side credential injection, mandatory MFA, least-privilege access, row-level tenant isolation, and audit logging. To report a vulnerability, see our Vulnerability Disclosure Policy.
10Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, to object to certain processing, and to withdraw consent. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact [email protected]; we will respond within the timeframes required by applicable law.
11Children
The Service is for business use and is not directed to children under 16. We do not knowingly collect their personal data.
12Changes
We may update this policy. Material changes will be notified by email or in-product notice, and the "last updated" date above will change.
13Contact
Privacy enquiries: [email protected]. Postal: [Legal Entity Name, registered address]. If you are in the EU/UK and we are required to designate a representative or DPO, their details will be listed here.