Legal
Privacy Policy
Last updated: 2026-06-03
Lorinks ("the Service") is an AI-assisted client-intelligence platform. This Privacy Policy explains what personal data the Service processes, why, and the choices available to data subjects.
Controllers
Lorinks is the data controller for account data and Customer Content. Paddle.com Inc. and Paddle.com Market Ltd., as Merchant of Record, are independent data controllers for payment and billing data. Sub-processors listed below process personal data on the relevant controller's instructions.
Data processed
- Account data — name, email, password hash, time zone.
- Customer Content — meeting transcripts and client records that the user uploads or enters. Customer Content may contain personal information about meeting participants and the user's business clients.
- Usage and technical data — IP address, browser, in-product actions, error logs.
Payment and billing data — including cardholder details, billing address, IP address used at checkout, and customer email — are collected and processed by Paddle (Paddle.com Inc. and Paddle.com Market Ltd.) as Merchant of Record for the purposes of payment processing, fraud prevention, and tax remittance. Lorinks does not see or store payment instruments.
Purposes and legal bases
Personal data is processed to perform the contract with the user (account, billing through Paddle, AI outputs); under legitimate interest for security, fraud prevention, and aggregated product analytics; with consent for optional features; and as required by law. Customer Content is not used to train any AI model, by Lorinks or by any of our sub-processors. Lorinks does not sell personal information.
Sub-processors
| Provider | Purpose | Region |
|---|---|---|
| Paddle (Paddle.com Inc. / Paddle.com Market Ltd.) | Merchant of Record — checkout, billing, tax remittance, dispute handling — privacy notice | USA / UK / EU |
| Anthropic, Google, Voyage AI | AI processing of text inputs to generate notes, summaries, and search embeddings | USA |
| Amazon Web Services | Compute, database, file storage, CDN, DNS, transactional email | USA |
| Resend | Transactional email delivery | USA |
International transfers to US providers rely on each provider's published Standard Contractual Clauses under GDPR Article 46 and on contractual safeguards permitted by India's Digital Personal Data Protection Act, 2023. For Paddle specifically, EEA / UK / Swiss data subjects may rely on the Paddle Data Processing Addendum.
Retention
Account data is retained while the account is active. Customer Content and derived notes are retained for the active period plus 90 days after cancellation, providing a grace window for accidental cancellations and data recovery. Subscription and invoice records are retained for 8 years pursuant to Indian Income Tax Act §44AA; Paddle retains its billing records separately. Operational and error logs are retained for 180 days. Deletion requests are processed within 30 days.
Rights
Subject to applicable law (GDPR, UK GDPR, CCPA / CPRA, India DPDP Act), data subjects may have rights to access, correct, delete, port, restrict, or object to processing of their personal data. Rights are exercised in-app at Settings → Privacy, by writing to hello@lorinks.ai, or by post to Lorinks, Tushar Sharma (proprietor), Plot 17, Flat C3, Shalimar Garden Ext-1, Sahibabad, District Ghaziabad, Uttar Pradesh 201005, India. For telephone enquiries: +91 78380 22133 (Mon–Fri, 04:30–13:30 UTC). Rights against billing data held by Paddle as Merchant of Record are exercised directly with Paddle.
Children
The Service is not directed to or intended for use by anyone under 18 years of age, and Lorinks does not knowingly collect personal data from children. A parent or guardian who believes a child has provided personal data through the Service may write to hello@lorinks.ai to request deletion.
Security
Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed using scrypt. Authentication uses signed JWTs (EdDSA) backed by a JWKS. Encrypted database backups are retained for 30 days. Authentication and administrative actions are logged. Lorinks will notify affected users without undue delay of a personal-data breach.
Analytics
To understand aggregate website traffic — for example, daily visitor and page-view counts — the Service uses Cloudflare Web Analytics, a privacy-first measurement tool that uses no cookies, does not fingerprint visitors, and does not track individuals across sites or over time. It processes limited, non-identifying technical signals to produce aggregated statistics only. See Cloudflare's privacy policy.
Cookies
The Service uses essential cookies only. See the Cookie Notice.
Changes
Material changes to this policy are notified at least 30 days in advance.