Privacy Policy

LanceFlow ("we", "our", "us") is a freelance business management platform built for Indian freelancers. We help you create proposals, collect payments, manage projects, and generate GST-compliant invoices.

Contact: harishviswanath017@gmail.com

• To provide and operate the LanceFlow service
• To send transactional emails (proposal links, OTP codes, payment confirmations)
• To process payments via Razorpay on your behalf
• To generate GST-compliant invoices and documents
• To improve the product based on usage patterns
• To contact you about your account or service updates

We do not sell your data to third parties. We do not use your data for advertising.

We share your data only with the following service providers who help us operate the platform:

• Supabase — database and authentication hosting (servers in India)
• Razorpay — payment processing (RBI-regulated, India)
• Resend — transactional email delivery
• Vercel — application hosting

Each provider is bound by their own privacy policies and data processing agreements. We do not share data beyond what is necessary to operate the service.

When you add client information (name, email, company), you are responsible for having a lawful basis to process that data. By using LanceFlow, you confirm that your clients have consented to receive communications from you.

Client emails are used only to send proposal links and OTP verification codes on your behalf.

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or tax compliance purposes.

We use industry-standard security practices including:

• HTTPS encryption for all data in transit
• Passwords hashed using bcrypt via Supabase Auth
• Row-level security on the database
• API keys stored encrypted, never in plain text logs

We use only functional cookies required for authentication (session tokens). We do not use advertising or tracking cookies.

Under the Digital Personal Data Protection Act, 2023 (India) and the EU GDPR (where applicable) you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate or incomplete data
• Request deletion (erasure) of your account and data
• Export / portability of your data in a machine-readable format
• Withdraw consent at any time (where consent is the lawful basis)
• Object to processing for specific purposes
• Lodge a complaint with the Data Protection Board of India, or your local EU supervisory authority if you are an EU resident

To exercise any of these rights, email us at harishviswanath017@gmail.com. We will respond within 30 days.

LanceFlow uses artificial intelligence to assist freelancers in drafting proposals. Specifically:

• The "AI Proposal Generator" feature uses Anthropic Claude (claude-sonnet-4) to draft proposal sections (overview, scope, timeline) based on the freelancer's project description.
• AI-generated content is always reviewed and editable by the freelancer before being sent. The freelancer is the final author and is responsible for the proposal content sent to clients.
• We do not use AI to make automated decisions that produce legal or similarly significant effects on you (DPDP Act Section 9 / GDPR Article 22). No automated profiling.
• The data sent to the AI provider includes: project type, budget range, timeline, tone preference, and project description supplied by the freelancer. It does not include client personal data unless the freelancer explicitly types it into the input.
• Anthropic processes this data per their Privacy Policy and does not use it to train models when accessed via API.

This system is classified as limited-risk under the EU AI Act (assistive content generation). Recipients of AI-assisted proposals are informed of AI involvement via this policy.

Some service providers we use may store or process data outside India:

• Supabase database — region: AP-South-1 (Mumbai, India)
• Vercel application hosting — global edge with primary region selectable
• Resend email — US data centres
• Anthropic API — US data centres

Where data is transferred outside India or the EU, the recipient is either located in a jurisdiction with adequate data protection or is bound by contractual data protection clauses (DPA / SCCs).

In compliance with the Information Technology Rules, 2011 and the DPDP Act, 2023, our Grievance Officer is:

Name: Harish Viswanath
Email: harishviswanath017@gmail.com
Address: [To be added before production launch]

We will acknowledge grievances within 24 hours and resolve them within 15 days.

We may update this policy from time to time. If we make material changes, we will notify you via email or a notice on the platform. Continued use of LanceFlow after changes means you accept the updated policy.

Questions about this privacy policy? Email us at harishviswanath017@gmail.com.