CPG Canary

Privacy Policy

Effective Date: January 20, 2026

Last Updated: January 17, 2026

Lloyd Labs LLC ("Company," "we," "us," or "our") operates CPG Canary, including the marketing site (https://cpgcanary.ai) and the application (https://app.cpgcanary.ai). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using CPG Canary, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

Account Information:

  • Name

  • Email address

  • Password (stored encrypted)

  • Company/organization name (optional)

Payment Information:

  • Billing details are processed by Stripe. We do not store your full credit card number. See Stripe's privacy policy at https://stripe.com/privacy.

Product Concepts and Queries:

  • Product descriptions, names, pricing, and specifications you submit for analysis

  • Competitor information you provide

  • Questions and conversations in the strategy chat

  • Goals and stage selections

1.2 Information Collected Automatically

Usage Data:

  • Features used and analyses generated

  • Time spent on the Service

  • Device type, browser, and operating system

  • IP address

  • Referring website

Cookies and Similar Technologies:

  • Session cookies (required for the Service to function)

  • Authentication cookies (to keep you logged in)

1.3 Information from Third Parties

We may receive information from:

  • Stripe (payment status, subscription details)

  • Authentication providers (if you sign in via third-party services)

2. How We Use Your Information

We use collected information to:

  • Provide the Service: Process your product analyses, generate reports, and power the strategy chat

  • Manage Your Account: Create and maintain your account, process payments, and communicate with you

  • Improve the Service: Analyze usage patterns to enhance features and fix issues

  • Customer Support: Respond to your questions and requests

  • Security: Detect and prevent fraud, abuse, and security threats

  • Legal Compliance: Meet legal obligations and enforce our Terms of Service

  • Communications: Send service updates, security alerts, and (with your consent) product announcements

3. How We Protect Your Data

3.1 Data Sovereignty — Local-First Architecture

We prioritize your data sovereignty:

  • Your concepts are never used to train AI models. Your product ideas remain yours. Our AI provider (Anthropic) does not use API inputs for model training.

  • Local-first storage. Your deep project history lives in your local JSON export, not in a centralized cloud database. This eliminates the risk of server-side data breaches because we don't hoard your long-term strategy files.

  • We can't leak what we don't hold. Your exported project files contain your full analysis and chat history — we don't retain this data on our servers after your session.

3.2 Session Data

Live submissions during active sessions may be temporarily processed to deliver the Service. This data may be viewed by administrators solely for quality assurance and safety monitoring.

3.3 Security Measures

We implement industry-standard security measures including:

  • Encryption in transit (HTTPS/TLS)

  • Encrypted password storage

  • Secure authentication through Supabase

  • Regular security reviews

3.4 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

4. How We Share Your Information

We do not sell your personal information.

We may share information with:

4.1 Service Providers

Third parties that help us operate the Service:

Provider Purpose Privacy Policy Supabase Database and authentication https://supabase.com/privacy Stripe Payment processing https://stripe.com/privacy Anthropic AI analysis processing https://www.anthropic.com/privacy Perplexity Market research and trends https://www.perplexity.ai/privacy Tavily Web search for competitive intelligence https://tavily.com/privacy Railway Application hosting https://railway.app/legal/privacy Streamlit Application platform https://streamlit.io/privacy-policy

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, safety, or property.

4.3 Business Transfers

If Lloyd Labs LLC is acquired, merged, or sells assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4.4 With Your Consent

We may share information for other purposes with your explicit consent.

5. Data Retention

  • Account data: Retained while your account is active and for up to 12 months after account closure for legal and business purposes

  • Payment records: Retained as required by law (typically 7 years) and for dispute resolution

  • Analysis session data: Not retained long-term — your project history lives in your local export

  • Usage analytics: Retained in aggregated, anonymized form to improve the Service

You may request deletion of your account and associated data at any time by contacting us.

6. Your Rights and Choices

6.1 Access and Correction

You may access and update your account information at any time through your account settings.

6.2 Data Export

You can export your full project history (analysis, variables, chat history) as a JSON file at any time through the Service.

6.3 Account Deletion

You may request deletion of your account by contacting us at info@cpgcanary.ai. We will delete your data within 30 days, except as required by law.

6.4 Marketing Communications

You may opt out of marketing emails by clicking "unsubscribe" in any marketing message or contacting us directly.

7. Cookies

We use minimal cookies necessary to operate the Service:

Cookie Type Purpose Required Session Keeps you logged in Yes Authentication Secure login Yes

We do not use advertising or tracking cookies.

Do Not Track: We do not track users across third-party websites and do not respond to browser "Do Not Track" signals because we do not engage in cross-site tracking.

8. Children's Privacy

CPG Canary is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

9. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers and service providers are located. By using the Service, you consent to this transfer.

For users in the European Economic Area (EEA), UK, or other regions with data protection laws, we rely on standard contractual clauses or other lawful transfer mechanisms.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it's used

  • Request deletion of your personal information

  • Opt out of the sale of personal information (we do not sell your data)

  • Non-discrimination for exercising your rights

To exercise these rights, contact us at info@cpgcanary.ai.

11. European Privacy Rights (GDPR)

If you are in the EEA or UK, you have additional rights including:

  • Access to your personal data

  • Rectification of inaccurate data

  • Erasure ("right to be forgotten")

  • Data portability

  • Objection to certain processing

  • Restriction of processing

To exercise these rights, contact us at info@cpgcanary.ai.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a notice on the Service at least 30 days before taking effect. Your continued use after changes constitutes acceptance.

13. Contact Us

For questions, concerns, or requests regarding this Privacy Policy, contact us at:

Lloyd Labs LLC
Email: info@cpgcanary.ai
Website: https://cpgcanary.ai

By using CPG Canary, you acknowledge that you have read and understood this Privacy Policy.