← Back to Lem

Privacy Policy

How Lem handles your data — plain English, no legalese.

1. What data we process

When you use Lem you explicitly connect your own Telegram and/or WhatsApp account and choose specific groups or chats for Lem to monitor. Only messages from those selected sources pass through our pipeline.

For each monitored message we process:

• Message text and attached media metadata (not media files themselves)
• Author username / phone number (so we can show you who posted)
• Timestamp and source identifier
• AI-extracted structured fields based on the schema you configured

2. What data we don't touch

• We do not read chats or groups you didn't explicitly add as sources
• We do not read your direct messages (1-on-1 chats)
• We do not send, post, or modify anything on your behalf
• We do not share your data with third parties except the AI provider (see §4)

3. Account credentials

To read your groups from your own account (which is the core of Lem's no-bot privilege), we store your Telegram session string or WhatsApp pairing data. These credentials are encrypted at rest with AES-256-GCM before being written to the database.

You can disconnect any account at any time from Settings → Sources. Disconnecting immediately revokes the session and deletes it from our storage.

4. AI processing (OpenAI)

We use OpenAI's GPT-4o-mini model to extract structured fields from your messages according to the schema you define. Each message text is sent to OpenAI's API via an encrypted connection. OpenAI's data retention and API policy apply to that transit (openai.com/privacy).

We do not use any third-party analytics in the cabinet that receive your message content.

5. Where the data lives

• Database: PostgreSQL on Railway (EU region)
• Cache / queue: Redis on Railway (EU region)
• Front-end: Cloudflare Pages (global edge)

All data in transit is encrypted with TLS 1.2+. Database backups are encrypted and retained for 7 days.

6. Your rights

You can at any time:

• Export your data — contact support (see §9)
• Delete any individual extracted item via the UI (/items)
• Delete any source — this also removes all items extracted from that source
• Delete your entire account — contact support and we will permanently remove it within 7 days

7. Beta caveats

Lem is in public beta. While we apply production-grade security practices, by using Lem during beta you accept:

• Data may be inspected by our engineering team for debugging purposes (we do not use it for any other purpose)
• Service level may fluctuate; availability targets don't apply in beta
• Features may change or be removed without notice

8. Cookies

The cabinet (app.lem.in.ua) uses localStorage (not cookies) to persist your login JWT, selected language, and onboarding flag. The landing (lem.in.ua) uses no cookies or analytics.

9. Contact

Questions, data exports, or deletion requests: @ivvi_1 on Telegram.