Skip to main content
Lab Grimoire
TW EN
Coffee

Lab Grimoire — Privacy Policy

Version: 2026-05-11 · Effective: 2026-05-11

1. Plain-language summary

2. Data we collect

Category Examples Purpose Retention
Account email, password hash (PBKDF2 600 000 iterations), display name, locale Authenticate and personalise Until account deletion
Tier and subscription tier, Lemon Squeezy customer & subscription IDs, period dates Gate paid features and bill correctly Until account deletion + 7 years for tax / audit
Quota counters day-bucketed download / API counts keyed by userId (auth) or hash(IP) (anonymous) Enforce per-tier and per-IP limits 48 hours rolling
Audit logs download_log, engine_load_log rows (timestamp, tool, format, fingerprint, IP, User-Agent, tier) Detect leaks, fraud, regression 18 months, then purged
Activity log admin-side actions and cron events Operational diagnosis 90 days
Telemetry aggregate counts of feature usage (no payload content) Product improvement 365 days

We do not collect:

3. Cookies and local storage

We do not set third-party tracking cookies.

4. How we use your data

5. Sharing with third parties

Recipient Purpose Data shared
Cloudflare Hosting, edge compute, D1 database, KV, R2 storage All Service data is stored on Cloudflare infrastructure under our account
Lemon Squeezy Payment processing, invoicing Billing email, subscription status; no card data passes through us
Email provider (transactional) Send verification and notification emails Email address and message content

We never share data with advertisers or data brokers.

6. Where data lives

Cloudflare's global edge network. Your D1 row may be served from regional replicas; we do not control replica geography precisely. If you require data residency in a specific jurisdiction, contact cyuh0817@gmail.com before subscribing.

7. Your rights

If you are in Taiwan, the EU/UK, or any jurisdiction with comparable rules, you have at minimum the right to:

Email cyuh0817@gmail.com to exercise any right. We will respond within 30 days.

8. Audit logs and the embedded fingerprint

Every CSV / PNG / report you download from a paid feature carries a fingerprint string of the form lg_<tier>_<hash> (anonymous downloads use lg_anon_<hash>). The fingerprint is a keyed hash of your account ID (or IP, for anonymous) and a timestamp. It is not reversible to your raw IP without our server-side secret.

We use the fingerprint to:

If you object to the fingerprint, please do not use the export feature.

9. Security

We disclose breaches affecting personal data to affected users without undue delay, and to competent authorities within statutory windows.

10. Children

The Service is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has registered, contact us and we will delete the account.

11. Changes

This Policy may be revised; the version string in the front-matter changes when we do. Material changes will be announced via email and on the changelog at least 30 days before they take effect, except when a faster change is required to address a security or legal issue.

12. Contact

cyuh0817@gmail.com for any data-related question.


Lab Grimoire is a personal project operated by CYHsieh, not affiliated with any company. This document is provided as-is and is not legal advice.