Privacy policy.

Lyrenth is operated by Aleksma AI Inc., a Delaware corporation registered at:

Aleksma AI Inc.
1111B S Governors Ave # 97667
Dover, DE 19904
USA

For the processing described in this policy, Aleksma AI Inc. is the data controller.

Lyrenth provides AIDocument infrastructure for the AI-readable web: APIs, dashboards, and tooling for developers and AI systems. This Privacy Policy explains what information we collect, how we use it, the legal bases we rely on, and the rights you have regarding your data.

Lyrenth is the reference commercial implementation of the open AIWebIndex spec (AIDocument format + verification mechanics). This privacy policy applies to the Lyrenth service operated by Aleksma AI Inc.; it does not constrain other implementations of the AIWebIndex spec that may exist.

Our approach is simple: collect as little personal data as possible while operating a reliable infrastructure platform.

We collect your email address when you create an account or authenticate using magic-link login via Resend. If you sign in with GitHub or Google, we receive the account identifier, email address, and basic profile information those providers return for authentication.

To operate and secure the service, we store operational request logs, including:

• IP address
• User agent
• Timestamp
• Requested endpoint
• Submitted URL or domain where relevant to the request
• Response status
• Render mode
• Cache-hit information
• Response time
• API key or account identifier associated with authenticated use

These logs are stored in our requests infrastructure tables for operational analytics, abuse prevention, debugging, and service reliability.

When you request an AIDocument, the submitted URL and resulting AIDocument metadata may be cached, indexed, and associated with your account usage so we can enforce quotas, prevent abuse, debug extraction failures, and avoid unnecessary repeat origin fetches.

Paid subscriptions are processed by Stripe. We store Stripe customer, subscription, price, invoice, and event identifiers needed to keep your plan, quota, invoices, taxes, and billing portal in sync. Stripe stores and processes payment method details; Lyrenth does not store full card numbers.

When a site owner verifies ownership of a domain, we store verification records associated with that domain.

If a verified owner grants Verified Index rights under our Terms, we record that consent in an append-only consent ledger: the account that opted in, the domain, the timestamp, and the IP address from which consent was given. This ledger exists so that both the publisher and Lyrenth can verify and prove the historical consent state of any domain at any time, including in the context of corpus licensing. Because it serves as evidence of consent, ledger entries are retained even after a domain is removed from the Verified Index or an account is deleted, on the legal basis of establishing, exercising, and defending legal claims.

For verified domains, we compute per-page AI Readiness audits over content we've already extracted into our public index. The audits derive purely from the HTML, markdown, and structured-data blocks of those pages (signals such as render mode, structured-data presence, semantic markup, content-to-noise ratio, paywall markers). We do not fetch additional pages beyond what the public index already contains. Audit results are stored for at most 90 days before recomputation.

Standard infrastructure logs may be generated by:

• Vercel: frontend hosting
• Hetzner: backend infrastructure
• Reverse proxies and application services

These may include access logs, IP addresses, request metadata, and diagnostic information.

We intentionally avoid collecting unnecessary personal information.

• Full credit card numbers or raw payment credentials
• Advertising identifiers
• Social media tracking data
• Third-party marketing pixels
• Behavioral advertising profiles
• Personal information beyond your email address unless explicitly provided by you

We do not sell the personal data of our users or customers. Our index contains publicly available web content as published by third parties, which may incidentally include personal data; that processing is described in “Personal data in indexed web content” below.

We use collected information to:

• Authenticate users and provide account access
• Deliver API functionality and dashboards
• Operate caching and AIDocument resolution infrastructure
• Monitor reliability, abuse, and service health
• Maintain the consent ledger for Verified Index domains
• Generate aggregate and anonymized statistics
• Send transactional emails and important service notifications
• Notify users about platform launches, product updates, or operational changes

Where GDPR or similar laws apply, we rely on the following legal bases:

We may publish anonymized platform metrics and public counters that cannot identify individual users.

Lyrenth crawls and indexes publicly accessible web pages and resolves them into AIDocuments. Publicly accessible pages can contain personal data published by third parties: for example, names, bylines, email addresses, phone numbers, and authored content. Lyrenth does not create or control that source content; we process it as published by site operators.

For this processing, Aleksma AI Inc. acts as data controller, on the legal basis of legitimate interests (Art. 6(1)(f)): providing canonical, machine-readable access to content that is already publicly available, in a manner that reduces redundant crawling load on the open web and honors publisher access controls (robots.txt, AI/TDM reservations, and removal requests, as described in our Crawler policy).

Because this data is collected from public sources rather than from the individuals themselves, and because individually notifying every person named on the public web would be impossible at index scale, we rely on the disproportionate-effort exemption (Art. 14(5)(b)) and provide this section as the public notice required by it.

Your rights over indexed content. If you believe a Lyrenth AIDocument or indexed URL contains personal data about you that should be removed, email hello@lyrenth.com identifying the URL(s). We will suppress the content from our API, search, and future corpus deliveries. Site operators can additionally exclude entire domains via robots.txt or a machine-readable AI/TDM reservation, which we honor worldwide and which excludes the domain from corpus licensing entirely.

Limits of removal. Removal applies going forward. It does not remove the content from the original website, third-party caches, search engines, datasets already delivered to a licensee, or models already trained on it. For removal at the source, contact the operator of the original website.

We only share information with infrastructure providers necessary to operate the service. Current providers include:

• Vercel: frontend hosting and edge delivery (EU/Frankfurt deployment)
• Hetzner: backend infrastructure, self-hosted Postgres, object storage, crawler, renderer, Redis, and operational systems (Germany)
• Resend: transactional email delivery
• Stripe: checkout, subscription billing, tax calculation, invoices, and payment processing
• GitHub and Google: OAuth sign-in, if you choose those providers

We do not share personal information with:

• Advertising networks
• Analytics resellers
• Data brokers
• Social media tracking providers

Corpus licensing under separate enterprise agreements covers our index of publicly available web content and our AIDocument transformations, not the account, billing, or request-log data of our users.

Lyrenth is operated by a United States corporation while production infrastructure is primarily hosted in the European Union. Your information may be processed in:

• Germany
• Other EU infrastructure regions
• The United States, where our providers or our own operations require it

Where personal data is transferred from the EU/EEA, UK, or Switzerland to the United States or other third countries, we rely on appropriate safeguards: Standard Contractual Clauses included in our providers' data processing agreements and, where the provider is certified, the EU-US Data Privacy Framework (including its UK and Swiss extensions). Copies of the relevant safeguards can be requested at hello@lyrenth.com.

Depending on your jurisdiction, including under GDPR and CCPA, you may have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your data
• Request portability of your data
• Object to certain processing activities, including processing based on legitimate interests
• Restrict processing while a request is being assessed
• Opt out of marketing communications

To exercise any privacy right, contact hello@lyrenth.com. We respond within one month, extendable where applicable law allows for complex requests. We may need to verify your identity before acting on a request.

If you are in the EU/EEA or UK, you also have the right to lodge a complaint with your local data protection supervisory authority. We would appreciate the chance to address your concern first, but you may contact your authority at any time.

We retain data only as long as reasonably necessary.

Retained while your account remains active and for up to 30 days after a deletion request, except where longer retention is required by law or for the consent ledger described above.

Stored for up to 12 months for analytics, reliability, and abuse prevention. After that period, identifying information is removed or aggregated.

Billing, subscription, invoice, tax, and payment-event records may be retained as long as needed for accounting, tax, fraud prevention, dispute handling, and legal compliance.

Retained indefinitely as evidence of Verified Index consent, including after domain removal or account deletion, for the establishment, exercise, and defense of legal claims.

Publicly accessible crawled content may be retained indefinitely for caching, indexing, and canonical AIDocument resolution, and may be licensed, as our independently maintained index, for retrieval, research, and AI training under separate enterprise agreements, subject to the removal and reservation mechanisms described in “Personal data in indexed web content.”

Lyrenth sets only the cookies strictly necessary to keep you signed in and to protect authentication flows against CSRF attacks. No advertising or behavioral tracking cookies are used; no third-party scripts (Google Analytics, Plausible, PostHog, Hotjar, Mixpanel, social-media pixels, etc.) are loaded anywhere on the site.

These cookies are HTTP-only, first-party authentication cookies. In production they are scoped so sign-in works across lyrenth.com and api.lyrenth.com.

A handful of UX-state values are stored in your browser via the localStorageand sessionStorageAPIs. These are not cookies, do not leave your device, and are not transmitted to Lyrenth servers.

You can clear browser storage at any time from your browser's settings; doing so signs you out and resets the values above.

Because every cookie listed above is strictly necessary to deliver the service you explicitly requested (sign-in, account access), no consent prompt is required under the EU ePrivacy Directive or GDPR Article 6(1)(b)/(f). If we ever add analytics or third-party embeds, a proper opt-in banner will appear here first, and those scripts will not load before you consent.

The service is not intended for:

• users under 16 years old in the European Union, or
• users under 13 years old in the United States.

We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us immediately.

We implement reasonable technical and organizational measures designed to protect platform data and infrastructure, including encryption in transit, access controls, and isolation of production systems. No internet-based service can guarantee absolute security; if we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by applicable law.

We may update this Privacy Policy periodically. Material changes will be communicated via email where appropriate. Minor updates may be posted directly on this page with an updated revision date.

Continued use of the service after updates constitutes acceptance of the revised policy.

For privacy questions or requests: hello@lyrenth.com

Aleksma AI Inc.
1111B S Governors Ave # 97667
Dover, DE 19904
USA