Privacy Policy
Lab Grimoire — Privacy Policy
Version: 2026-05-11 · Effective: 2026-05-11
1. Plain-language summary
- We do not see your images. Image analysis runs in your browser via WebAssembly. Pixel data never leaves your device.
- We collect the minimum needed to run the service: email + password hash for accounts, daily quota counters, IP-based rate limit, audit log of downloads and engine loads.
- We do not sell, rent, or share data with third parties for advertising. Stripe / Lemon Squeezy receives only the billing identifiers necessary to process subscriptions.
- You can delete your account at any time. Audit-log entries persist for 18 months in pseudonymised form.
2. Data we collect
| Category | Examples | Purpose | Retention |
|---|---|---|---|
| Account | email, password hash (PBKDF2 600 000 iterations), display name, locale | Authenticate and personalise | Until account deletion |
| Tier and subscription | tier, Lemon Squeezy customer & subscription IDs, period dates | Gate paid features and bill correctly | Until account deletion + 7 years for tax / audit |
| Quota counters | day-bucketed download / API counts keyed by userId (auth) or hash(IP) (anonymous) |
Enforce per-tier and per-IP limits | 48 hours rolling |
| Audit logs | download_log, engine_load_log rows (timestamp, tool, format, fingerprint, IP, User-Agent, tier) |
Detect leaks, fraud, regression | 18 months, then purged |
| Activity log | admin-side actions and cron events | Operational diagnosis | 90 days |
| Telemetry | aggregate counts of feature usage (no payload content) | Product improvement | 365 days |
We do not collect:
- Image pixel data, ROI coordinates, or quantification results from your sessions.
- Health information, identifiable subject data, or any data subject to special-category treatment under PDPA, GDPR, or HIPAA.
- Browser fingerprinting beyond IP + User-Agent.
3. Cookies and local storage
- Session: a cryptographically signed JWT in
localStorageafter login. Cleared on logout. - Preferences:
localStoragekeys for language, theme, and feature toggles (e.g.lg.webrVerify.enabled). - Analytics: a single first-party session identifier (no cross-site tracking).
We do not set third-party tracking cookies.
4. How we use your data
- Provide the Service: serve gated WebAssembly assets, count quota, sign download tokens, validate subscriptions.
- Communicate: account-related transactional email (verification, password reset, payment notices). We do not send marketing email without separate opt-in.
- Comply with law: respond to lawful requests from competent authorities, with notice to you when permitted.
- Protect the Service: investigate fraud, abuse, and breaches of the Terms of Service.
5. Sharing with third parties
| Recipient | Purpose | Data shared |
|---|---|---|
| Cloudflare | Hosting, edge compute, D1 database, KV, R2 storage | All Service data is stored on Cloudflare infrastructure under our account |
| Lemon Squeezy | Payment processing, invoicing | Billing email, subscription status; no card data passes through us |
| Email provider (transactional) | Send verification and notification emails | Email address and message content |
We never share data with advertisers or data brokers.
6. Where data lives
Cloudflare's global edge network. Your D1 row may be served from regional replicas; we do not control replica geography precisely. If you require data residency in a specific jurisdiction, contact cyuh0817@gmail.com before subscribing.
7. Your rights
If you are in Taiwan, the EU/UK, or any jurisdiction with comparable rules, you have at minimum the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your account and associated personal data (subject to retention obligations under tax and audit law).
- Export your account data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
Email cyuh0817@gmail.com to exercise any right. We will respond within 30 days.
8. Audit logs and the embedded fingerprint
Every CSV / PNG / report you download from a paid feature carries a fingerprint string of the form lg_<tier>_<hash> (anonymous downloads use lg_anon_<hash>). The fingerprint is a keyed hash of your account ID (or IP, for anonymous) and a timestamp. It is not reversible to your raw IP without our server-side secret.
We use the fingerprint to:
- Trace a leaked file back to its originating session if necessary.
- Detect coordinated abuse (e.g., one fingerprint appearing on dozens of unauthorised mirrors).
If you object to the fingerprint, please do not use the export feature.
9. Security
- Passwords stored as PBKDF2-SHA256 with 600 000 iterations and per-user salt.
- HTTPS-only with HSTS preload.
- Content-Security-Policy with strict directive set; admin surface behind Cloudflare Access (zero-trust).
- Database encrypted at rest by Cloudflare.
- WebAssembly engine served only over an authenticated channel; symbols stripped to limit reverse-engineering surface.
We disclose breaches affecting personal data to affected users without undue delay, and to competent authorities within statutory windows.
10. Children
The Service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has registered, contact us and we will delete the account.
11. Changes
This Policy may be revised; the version string in the front-matter changes when we do. Material changes will be announced via email and on the changelog at least 30 days before they take effect, except when a faster change is required to address a security or legal issue.
12. Contact
cyuh0817@gmail.com for any data-related question.
Lab Grimoire is a personal project operated by CYHsieh, not affiliated with any company. This document is provided as-is and is not legal advice.