Privacy Notice - Lindra Blog

Privacy Notice

1. General Information1.1 Lindra.ai, a company incorporated under the laws of Lithuania with registry code 307418005, and its affiliated entities (“Lindra.ai”, “we”, “our” or “us”) provide software-as-a-service (SaaS) solutions that enable organisations and individuals (“Users”, “you”, “your”) to access and utilise various digital tools and integrations through our website https://lindra.ai (the “Lindra.ai Platform”).1.2 This Privacy Notice (“Notice”) explains how we collect, use, store, share, transfer, and protect your personal data, including data obtained via Google services if you sign in or connect using a Google account, when you interact with the Lindra.ai Platform—such as through platform usage, integrations (including Google API or Google Sign-In), customer support, account creation, workspace management, marketing activities, and other services provided by us. This Notice applies to all Users globally. Lindra.ai is committed to complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and other relevant privacy laws.1.3 When you use the Lindra.ai Platform in an organisational context, your Workspace Administrator or Account Owner may act as the data controller for certain personal data processed via the Platform; Lindra.ai may act as joint controller or processor according to the configuration.1.4 Definitions:

  • Lindra.ai Platform: The web-based application and associated services provided by Lindra.ai enabling Users to manage projects, collaborate, integrate tools (including Google services if enabled), and perform related operations.

  • Users: Individuals who use the Lindra.ai Platform, either for themselves or on behalf of their organisation.

  • Workspace Administrators / Account Owners: Individuals or entities who create and manage accounts on the Lindra.ai Platform for organisational use, configure access, and determine data processing within their workspace.1.5 If you provide personal data about third parties (e.g., team members or collaborators) via the Lindra.ai Platform, you must ensure that you have the authority to provide such data and that the third parties are aware of this Notice and how their data may be used.

2. Controllers and Responsibilities2.1 When processing activities involve both Lindra.ai and Workspace Administrators jointly determining purposes and means (for example analytics across workspaces), Lindra.ai acts as a joint controller; otherwise Lindra.ai acts as processor. Workspace Administrators are responsible for organisation-specific user requests; Lindra.ai handles platform-wide operations and privacy queries.2.2 For account or workspace-specific inquiries, you should contact your Workspace Administrator; for platform-wide privacy inquiries you may email privacy@lindra.ai.

3. Categories and Sources of Personal Data (including Google User Data)3.1 We may collect or receive the following categories of personal data:

  • Identity Data: Name, email address, contact details, date of birth (when provided), and any identification data supplied during account registration or workspace onboarding.

  • Payment Data: Information related to payments and transactions (e.g., payment card details, transaction history) collected via third-party payment processors.

  • Verification Data: Professional licence, company registration information, results of verification procedures.

  • Usage & Interaction Data: Data generated through your use of the Platform—such as login/logout times, feature usage, navigation behaviour, API call logs, workspace configuration data.

  • Communication Data: Records of your communications with us or Workspace Administrators including support inquiries, chat transcripts or email exchanges.

  • Technical Data: IP address, browser type, device information, session duration, operating system, error logs, cookies (if any), tracking identifiers.

  • Log Data: Automatically collected system and event data used for security, auditing, debugging, monitoring.

  • Marketing Data: Preferences and consents, campaign engagement, survey participation, publicly-available information such as LinkedIn profiles.

3.2 Google User Data (if you sign-in or integrate via Google services): In the event you use Google Sign-In or connect your Google account or Google APIs, we may request or receive user data from your Google account such as your Google account identifier, name, email address, profile picture, and other Google API-permitted information (collectively “Google User Data”). We will only request the minimum Google User Data necessary to provide the requested service or integration, and we will clearly disclose what data is requested in-product at the time of access.

3.3 Sources: We collect data directly from you, from your interactions with the Lindra.ai Platform (including integrations), from your Workspace Administrator, from third-party service providers (e.g., payment gateways, identity verification providers), and from publicly-available sources as permitted by law.

4. Legal Bases and Purposes of Processing4.1 We rely on the following legal bases for processing your personal data:

  • Performance of a Contract: To enable Platform features, manage accounts, provide integrations, process payments.

  • Legitimate Interests: To improve our Platform, perform diagnostics and troubleshooting, maintain security, detect fraud, analyse usage trends (provided your interests do not override our purposes).

  • Legal Obligations: To comply with applicable laws, respond to legal process or regulatory requirements.

  • Consent: Where you have given specific permission (for example, for direct marketing, optional features, or connecting third-party services such as Google).

4.2 Purposes: We process your personal data for:

  • Provision of the Platform services you have subscribed to or elected to use;

  • Integration and synchronisation with third-party services including Google-based authentication or APIs;

  • Management of accounts, billing, payments;

  • Support and customer service;

  • Security, fraud detection, Platform integrity;

  • Platform analytics and improvement;

  • Marketing, including communications about new features, events, surveys (when you have consented);

  • Compliance with legal and regulatory obligations.

4.3 When we access Google User Data, we use it only to authenticate you (via Google Sign-In) or synchronise relevant Google account information for the integration you requested. Unless otherwise disclosed at the point of connection, we will not use Google User Data for advertising-profiling, selling to third parties, or purposes beyond those disclosed.

5. Sharing, Disclosure, Transfer of Personal Data (including Google User Data)5.1 We may share your personal data with:

  • Workspace Administrators (when acting within your organisation’s environment) who manage user accounts within the workspace;

  • Service Providers: third-party vendors who perform services on our behalf (such as payment processors, identity verification providers, analytics and marketing services);

  • Affiliated Entities: within the Lindra.ai corporate group;

  • Legal Authorities: to comply with law enforcement, regulatory, or other legal obligations;

  • Marketing & Analytics Partners: when you have consented to such sharing;

  • Business Successors: in case of a merger, acquisition, reorganisation or sale of assets, consistent with this Notice.

5.2 Google User Data: If you connect your Google account or we use Google APIs, we may disclose the minimal Google User Data to our service providers or affiliates as necessary to enable the requested service or integration. We will not transfer, sell or use Google User Data in ways inconsistent with the disclosures given at the time of consents or this Notice.5.3 When transferring personal data (including Google User Data) outside the European Economic Area (EEA), we rely on approved transfer mechanisms such as Standard Contractual Clauses (SCCs) and implement supplementary safeguarding measures, consistent with EU data-protection law.5.4 Our service providers are bound by confidentiality and data-processing agreements, and are required to implement appropriate technical and organisational safeguards (including encryption, access controls, and audit rights). We perform regular assessments of their compliance and may terminate contracts if they fail to meet our standards.

6. Data Retention6.1 We retain personal data only for as long as necessary to fulfil the purposes described in Section 4, unless a longer retention period is required or permitted by law. For example, account and billing data may be retained for tax and audit purposes for the statutory period required in your jurisdiction.6.2 Google User Data: Any Google User Data we receive through a Google account connection will be retained only for as long as your account remains active and the integration is in use; once you disconnect the integration (or delete your account), we will promptly delete or anonymise the Google User Data, unless we are required to retain it under applicable law (in which case we will notify you).6.3 Once retention periods expire or data is no longer needed for the purposes described in Section 4, it is securely deleted or anonymised.

7. Security Measures7.1 We implement appropriate technical and organisational safeguards to protect your personal data, including: encryption in transit and at rest, role-based access controls, audit logging, intrusion detection and monitoring, secure software development practices and regular security reviews.7.2 Our service providers must meet equivalent security standards and our processor agreements require them to implement the same or stronger protections.7.3 In the event of a personal-data breach, we have an incident-response plan, and where required we will notify you or your supervisory authority in accordance with applicable law.

8. Your Rights as a Data Subject8.1 You have the right to:

  • Access your personal data and receive a copy;

  • Correct inaccurate or incomplete data;

  • Request erasure of your personal data when processing is no longer necessary or lawful;

  • Request restriction of processing in specific cases;

  • Receive your personal data in a structured, commonly-used, machine-readable format and transmit it to another controller (“portability”);

  • Object to processing based on legitimate interests;

  • Withdraw your consent at any time (where relevant) without affecting the lawfulness of processing before consent withdrawal.8.2 If you wish to exercise any of these rights, please contact your Workspace Administrator (for organisational accounts) or email us at privacy@lindra.ai. We will respond in accordance with applicable law.8.3 If you believe we have not complied with applicable data-protection law, you may lodge a complaint with the competent supervisory authority in Lithuania (or in your country as applicable).

9. Cookies and Tracking9.1 The Lindra.ai Platform does not use third-party cookies for advertising purposes. (If you do use any analytics/tracking cookies, please clearly list them here and give users choices.)9.2 If you enable Google integrations or Google Sign-In, Google may set cookies or tracking identifiers in accordance with their policy; our use of such identifiers is limited to providing the integration and as described in this Notice.

10. Changes to This Privacy Notice10.1 We may update this Notice from time to time to reflect changes in our operations, legal/regulatory requirements, technologies, or business structure. We will publish the new version at https://lindra.ai/privacy-policy (or other clearly labelled URL).10.2 If the revised version includes material changes to the way we process Google User Data or your rights, we will notify you by email or via an in-product notification, and where required by law obtain your consent for the new processing.10.3 This Notice is governed by Lithuanian law and, to the extent applicable, EU law. Disputes fall under the jurisdiction of the Vilnius District Court unless mandatory local law says otherwise.

11. Contact DetailsIf you have questions about this Notice or your personal data, please contact us at:privacy@lindra.ai