Last updated on 29th of September, 2025
Your privacy is important to us. This Privacy Policy (“Policy”) applies to services provided by Lyse Labs, SAS (“we”, “us”, or “Lyse”) and our website (the “Site”), product pages, integrations, plugins, or other digital products that link to or reference this Policy (collectively, the “Services”). It explains what information we collect from users of our Services (a “user”, “you”, or “your”), including information that may be used to personally identify you (“Personal Information”), and how we use it.
We encourage you to read the details below. This Policy applies to any visitor to or user of our Services. Any capitalized terms used herein but not defined shall have the meaning set forth in our Terms of Service, available at getlyse.com/terms.
We reserve the right to change this Policy at any time. We will notify you of any changes to this Policy by posting a new version to this page and/or by sending notice to the primary email address specified in your account. You are responsible for ensuring we have an up-to-date and deliverable email address for you, and for periodically reviewing this Policy to check for any changes. Changes to this Policy are effective when they are posted on this page. You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Policy means that the collection, use, and sharing of your Personal Information is subject to the updated Policy.
Scope and Applicability
This Policy applies to your information when you visit our website or otherwise use the Services. Please note that this Policy does not apply to the extent that we process Personal Information in the role of a processor (or a comparable role such as a “service provider” in certain jurisdictions) on behalf of our Customers, including where we collect Customer Data on their behalf, or where our Customers otherwise collect, use, share or process Personal Information via our Services.
Each of our Customers, not Lyse, controls what information about you is collected by the Services on behalf of such Customer. For detailed privacy information applicable to situations where a Customer who uses the Services is the controller, please reach out to the respective customer directly. We are not responsible for the privacy or data security practices of our Customers, which may differ from those set forth in this Privacy Policy. If not stated otherwise either in this Privacy Policy or in a separate disclosure, we process such Personal Information in the role of a processor or service provider on behalf of a Customer (and/or its affiliates), who is the responsible controller of the applicable Personal Information.
This Privacy Policy also does not apply to any third-party applications or services that are used in connection with our Services, or any other products, services or accounts provided by other entities under their own terms of service and privacy policy (collectively, “Third-Party Services”). For example, a Customer may connect, directly or through another application, Figma, GitHub, Linear, Jira, GitLab or other third-party platforms to Lyse. These Third-Party Services are not part of our Services and are provided by independent third parties under their own policies and terms.
Lastly, the Site or Services may contain links to other websites. We have no control over these websites and they are subject to their own terms of use and privacy policies.
What Information Do We Collect?
Information You Provide to Us
Account Information. To create an account for the Services or to enable certain features, we may require that you provide us with professional account details such as your name, company name, and professional email address.
Authentication Information. When you connect external services (Figma, GitHub, Jira, GitLab, Linear), we collect authentication credentials (such as OAuth tokens or access keys) strictly for the purpose of enabling the integration. These tokens are never stored server-side by Lyse; they are held locally in your browser.
Support and Communication. If you contact us for support, participate in research studies, or otherwise interact with our team, we may collect the information you choose to provide, such as your name, email, and the content of your message.
Payment Information. If you subscribe to a paid version of the Services, our payment processor (currently Stripe) may collect and store billing details such as your credit card information, banking information, and billing address. Lyse itself does not store your full financial information, only limited metadata (e.g., card type, last four digits, expiration date) to facilitate transaction records.
Information We Collect Automatically
When you visit, use, and interact with the Services, we may collect the following (“Technical Information”):
Log Data. Information that your browser or client automatically sends whenever you use our Services, including IP address, browser type, date and time of access, and interactions with the Services.
Usage Data. Information about how you use the Services, such as the types of changes detected in your design system, the features you access, and the actions you take.
Device Information. Includes the name of your device, operating system, browser, and technical identifiers used to maintain secure sessions.
Analytics. We may use third-party analytics tools (e.g., PostHog) to help us understand usage patterns and improve our Services.
We use cookies or similar tracking technologies strictly for service functionality (e.g., session maintenance, authentication). We do not use advertising or marketing trackers.
Information We Receive from Third Partie
Third-Party Authentication. If you log into our Services via providers such as Google, GitHub, or Figma, we collect authentication information made available to us by those providers to allow you to log in.
Service Providers. We may receive limited information from service providers that help us operate our business (e.g., hosting, email, infrastructure).
Other Sources. We may obtain publicly available information (such as professional contact details from LinkedIn or company websites) to support business development and customer relations.
How Do We Use the Information We Collect?
We use the information we collect for the following purposes:
To Provide and Maintain the Services.
We use your information to operate, maintain, and provide you with access to the Services, including detecting design changes, generating smart tasks, and syncing them with your chosen tools such as Figma, GitHub, Linear, Jira, or GitLab.
To Improve and Develop the Services.
We analyze usage and technical data to understand how the Services are used, to diagnose problems, and to identify opportunities for improvements and new features. This includes monitoring system performance, testing enhancements, and developing new capabilities.
To Communicate with You.
We use your contact information to respond to your requests, provide customer support, and send you transactional communications related to your account or the Services. With your consent, we may also send you updates about new features, betas, or product announcements.
For Security and Compliance.
We process information to protect the security and integrity of our Services, including monitoring for fraudulent or unauthorized activity, verifying accounts, and ensuring compliance with legal obligations such as GDPR and other applicable regulations.
For Business Operations.
We use information as necessary to support internal business operations, such as billing, auditing, usage reporting, and research.
We do not sell your personal information.
Do We Share Your Personal Information?
We do not sell, rent, or trade your Personal Information. We only share information as described in this Policy and in the following limited circumstances:
Supabase (Paris, France) – database hosting.
Railway (Amsterdam, Netherlands) – server orchestration.
Resend (Europe) – transactional email delivery.
Brevo (France/OVH) – communication email delivery.
Mistral AI (France) – API calls for language generation, without data storage.
Stripe – secure payment processing.
All such service providers are contractually bound to protect your information and only process it according to our instructions.
With Integrations You Authorize.
If you choose to connect third-party tools such as Figma, GitHub, Linear, Jira, or GitLab, Lyse will access and process data from those services strictly as necessary to provide the integration. We do not control the privacy policies of these third-party services, and we encourage you to review them.
For Legal Reasons.
We may disclose your information if required to do so by law or in response to valid legal requests (e.g., subpoenas, court orders, or legal processes), or if we believe in good faith that disclosure is reasonably necessary to protect our rights, investigate fraud, enforce our agreements, or ensure the safety of our users.
In Business Transfers.
If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction, subject to the commitments of this Policy.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies only as strictly necessary to provide and secure our Services. These technologies help us maintain sessions, enable authentication, and ensure proper functionality.
No Advertising Cookies.
Lyse does not use advertising cookies, marketing trackers, or any third-party ad networks.
Functional Cookies.
We use functional cookies to remember your preferences, maintain your session while you are logged in, and ensure integrations with services such as Figma, GitHub, Jira, GitLab, or Linear work properly.
Analytics.
We may use privacy-friendly analytics tools (such as PostHog) to collect aggregated, non-identifiable usage data. This helps us understand how the Services are used and improve performance, without tracking individual browsing behavior across sites.
Your Choices.
You can configure your browser to block or alert you about cookies. Please note that if you disable cookies, certain features of the Services may not function properly.
How Do We Secure Your Information?
We take the security of your Personal Information seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction.
Authentication and Access Control.
Access to your account is protected by secure authentication methods (passwords or OAuth tokens). Internal access to data is restricted to authorized members of Lyse Labs who require it to operate the Services.
Hosting and Infrastructure.
Our infrastructure is hosted on providers with recognized security certifications (e.g., ISO 27001, SOC 2). Databases are hosted with Supabase (Paris, France) and servers with Railway (Amsterdam, Netherlands).
No Server-Side Storage of Tokens.
API tokens from integrations such as Figma, GitHub, Linear, Jira, or GitLab are never stored on Lyse’s servers. They remain in your browser’s local storage, ensuring that no persistent sensitive credentials are retained by Lyse.
Monitoring and Logging.
We maintain secure logs of access and operations to help detect and prevent unauthorized activity.
Incident Response.
If we become aware of any security breach that may affect your Personal Information, we will promptly investigate and notify you in accordance with applicable legal requirements.
How Long Do We Retain Your Information?
We retain Personal Information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.
Account Data.
Information associated with your user account is retained for the duration of your access to the Services. If your account remains inactive for more than 12 months, it will be automatically deleted. You may also request deletion of your account and associated data at any time by contacting us at privacy@getlyse.com.
Technical Logs.
Connection logs and related technical information are retained for a maximum of 1 month for security and operational purposes, after which they are automatically deleted.
API Tokens.
Access tokens for integrations (Figma, GitHub, Linear, Jira, GitLab) are never stored server-side by Lyse. Tokens remain only in your browser’s local storage and are therefore outside our retention scope.
Backups and Legal Obligations.
We may retain limited information in secure backups for disaster recovery or to comply with legal obligations. When retention is no longer necessary, we securely delete or anonymize the data.
What Are Your Rights?
You have rights under applicable data protection laws, including the General Data Protection Regulation (GDPR). These rights may include:
Right of Access. You have the right to request access to the Personal Information we hold about you.
Right to Rectification. You have the right to request correction of inaccurate or incomplete information.
Right to Erasure. You may request deletion of your Personal Information, subject to certain legal or contractual obligations.
Right to Restrict Processing. You may request that we limit the processing of your information in certain circumstances.
Right to Object. You may object to the processing of your Personal Information, particularly where processing is based on legitimate interests.
Right to Data Portability. You may request to receive your Personal Information in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
You can exercise these rights at any time by contacting us at privacy@getlyse.com. We will respond within a maximum of 30 days, in accordance with legal requirements. If there is reasonable doubt as to your identity, we may request additional information to verify your request.
If you are not satisfied with our response, you also have the right to lodge a complaint with your local supervisory authority. In France, this is the CNIL (Commission Nationale de l’Informatique et des Libertés) – www.cnil.fr.
Region-Specific Disclosures
Depending on where you are located, you may have additional rights or disclosures under applicable local privacy laws.
European Union / European Economic Area (EU/EEA).
Lyse Labs, SAS is established in France and complies with the General Data Protection Regulation (GDPR). We process Personal Information on the basis of lawful grounds including:
Contractual necessity (to provide and operate the Services you request).
Legitimate interests (to improve, secure, and operate our Services).
Legal obligations (to comply with applicable laws, such as tax or accounting rules).
Consent (where explicitly required, such as for certain optional communications).
You may exercise your GDPR rights (access, rectification, erasure, restriction, objection, portability) by contacting us at privacy@getlyse.com. You also have the right to lodge a complaint with the CNIL (www.cnil.fr) or with your local supervisory authority.
United Kingdom.
We adhere to the UK GDPR and the Data Protection Act 2018. Users in the UK have the same rights as described under GDPR. The Information Commissioner’s Office (ICO) is the relevant supervisory authority (www.ico.org.uk).
California (CCPA/CPRA).
If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what categories of Personal Information we collect, the right to delete certain information, and the right to opt out of “sales” or “sharing” of Personal Information. Lyse does not sell or share your Personal Information in the sense defined by the CCPA/CPRA. You may also request that we disclose the categories of third parties with whom we share information, and request access to your Personal Information, by contacting privacy@getlyse.com.
Other Jurisdictions.
If you are located outside the EU/EEA, UK, or California, you may still have similar rights under your local data protection laws. We will honor such rights to the extent required by applicable law.
Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or the way we handle your Personal Information, please contact us at:
Lyse Labs, SAS
60 Rue François Ier
75008 Paris, France
Email: privacy@getlyse.com
General inquiries: contact@getlyse.com
We will respond to your request in accordance with applicable data protection laws.