Privacy Policy

1. Who We Are

Lyra Germany GmbH i.G. (in formation) operating as Lyra is the data controller (Art. 4(7) GDPR) for the data processing described in this policy. We are a limited liability company being incorporated under the laws of the Federal Republic of Germany. Registration with the commercial register at the Amtsgericht München has been applied for; this policy will be updated upon entry.

Managing Directors: Benedikt Thomas, Jose Raul Mena Garcia

Contact Information:

• Email: hello@lyraengine.site
• Address: Konrad-Adenauer-Straße 17, 85221 Dachau, Germany
• Commercial register: registration applied for (Amtsgericht München)
• VAT-ID: pending

Privacy contact / data subject requests: Benedikt Thomas — hello@lyraengine.site

2. Data We Collect

We collect information necessary to provide our services and improve your experience:

• Contact Information: Name, email address, phone number, company name, and other details you provide when contacting us or engaging our services.
• Service Usage Data: Information about how you interact with our website and services, including pages visited, time spent, and features used.
• Payment Data: Payment and invoice information is processed only as needed for manual invoicing and bank transfer. We do not store full payment details ourselves.
• Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your experience, manage preferences, and analyze usage patterns (see our Cookie Policy).
• Communication Data: Records of emails, messages, and inquiries you send to us.

3. Legal Basis for Processing (GDPR Article 6)

We process your data based on the following legal grounds under GDPR:

• Consent (Art. 6(1)(a)): For marketing communications, analytics, and non-essential cookies — only with your explicit consent.
• Contract (Art. 6(1)(b)): To fulfill our consulting and service delivery obligations to you.
• Legitimate Interests (Art. 6(1)(f)): To operate our business, improve services, prevent fraud, and comply with legal obligations.
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws and regulatory requirements.

4. How We Use Your Data

We use your information for the following purposes:

• Delivering consulting services and fulfilling service agreements
• Processing payments and managing billing
• Communicating with you about your engagement, updates, and support
• Analytics and improving our website and services (with consent)
• Marketing and promotional communications (with consent only)
• Compliance with legal obligations and regulatory requirements
• Detecting, preventing, and addressing fraud or security issues

5. Data Sharing

We share your data only with the following processors (Art. 28 GDPR) where necessary to provide our services:

• Supabase Inc. — backend-as-a-service (Postgres, Auth, Edge Functions). Located in EU/US under GDPR Standard Contractual Clauses (DPA available on request).
• Resend Inc. — transactional email (magic links, notifications). Located in EU/US under GDPR Standard Contractual Clauses (DPA available on request).
• Anthropic PBC — Claude API for humanizer / AI content. Located in US under GDPR Standard Contractual Clauses, zero-data-retention configured (DPA: anthropic.com/legal/dpa).
• Vercel Inc. — CDN / static hosting. Located in EU/US under GDPR Standard Contractual Clauses (DPA available on request).
• Wise Europe SA — international bank transfers (if used). Payment processing EU (if used).

We do not sell your personal data to third parties. We will never monetize your information through data sales or broker arrangements.

6. International Data Transfers

Lyra Germany GmbH is established in the EU. Some of our processors are located outside the European Economic Area (EEA), e.g. in the United States. For such transfers we rely on:

• EU Standard Contractual Clauses (SCCs) under Art. 46(2)(c) GDPR;
• where applicable, the EU-US Data Privacy Framework adequacy decision;
• additional technical and organisational safeguards consistent with GDPR requirements.
• You have the right to request further information about transfer mechanisms by contacting our privacy contact.

7. Data Retention

We retain your personal data for as long as necessary to:

• Maintain our business relationship with you
• Fulfill our contractual and legal obligations
• Resolve disputes and enforce agreements
• Comply with applicable laws (e.g., tax and accounting records — typically 7 years)

Once your relationship ends, we retain data only as required by law or legitimate business needs. You can request deletion of your data (subject to legal requirements) by contacting our DPO.

8. Your Privacy Rights

Under GDPR, you have the following rights:

• Right of Access (Art. 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your data (subject to legal exceptions).
• Right to Data Portability (Art. 20): Receive your data in a portable, machine-readable format.
• Right to Restrict Processing (Art. 18): Limit how we use your data in certain circumstances.
• Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw consent for processing at any time without affecting prior processing.

To exercise these rights, contact our DPO at hello@lyraengine.site. We will respond within 30 days of your request.

9. Supervisory Authority and Complaints

If you believe we have violated your data protection rights, you have the right to lodge a complaint with your local data protection authority (e.g., your country's DPA). You do not need to exhaust your remedies with us before contacting a supervisory authority.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information about the cookies we use, categories, and how to manage them, please see our Cookie Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Effective" date. Your continued use of our services constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: hello@lyraengine.site
• Privacy contact: Benedikt Thomas — hello@lyraengine.site
• Phone: TODO[D-122]: phone number
• Address: TODO[D-122]: Lyra Germany GmbH, registered office (see Impressum)