Privacy Policy

Effective Date: [2/27/2026] | Last Updated: February 27, 2026

Lloyd Labs LLC ("Company," "we," "us," or "our") operates CPG Canary, including the marketing site (https://cpgcanary.ai) and the application (https://app.cpgcanary.ai). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using CPG Canary, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide

Account Information: Name, email address, password (stored encrypted), and company/organization name (optional).

Payment Information: Billing details are processed by Stripe. We do not store your full credit card number. See Stripe's privacy policy at https://stripe.com/privacy.

Product Concepts and Queries: Product descriptions, names, pricing, and specifications you submit for analysis; competitor information you provide; questions and conversations in the strategy chat; goals, company stage, and other context selections.

1.2 Information Collected Automatically

Usage Data: Features used and analyses generated, time spent on the Service, device type, browser, operating system, IP address, and referring website.

Cookies and Similar Technologies: Session cookies (required for the Service to function) and authentication cookies (to keep you logged in).

✨ 1.3 Machine Learning Feature Data

When you submit a product for analysis, CPG Canary automatically extracts numerical features from your analysis results. These include approximately 50 numerical data points per analysis — risk scores, pricing metrics, category indicators, and competitive density measures — derived from your analysis outputs and stored as numerical vectors. The platform also generates ML metadata (timestamps, model version, extraction parameters). Outcome labels (whether a product type historically succeeded or failed) are independently sourced from public market data, trade publications, and industry reports — not from information you provide. See Section 7 for full details.

1.4 Information from Third Parties

We may receive information from Stripe (payment status, subscription details) and authentication providers (if you sign in via third-party services).

⚠ 2. How We Use Your Information

We use collected information to:

• Provide the Service: Process your product analyses, generate reports, and power the strategy chat

• Manage Your Account: Create and maintain your account, process payments, and communicate with you

• Improve the Service: Analyze usage patterns to enhance features and fix issues

• ✨ Improve Predictive Accuracy: Extract numerical features from analysis results to train and improve risk assessment models, as described in Section 7

• Customer Support: Respond to your questions and requests

• Security: Detect and prevent fraud, abuse, and security threats

• Legal Compliance: Meet legal obligations and enforce our Terms of Service

• Communications: Send service updates, security alerts, and (with your consent) product announcements

  
  

⚠ 3. How We Protect Your Data

3.1 Your Data, Your Concepts

We prioritize your data sovereignty:

⚠ Your original concept text is never shared. Your product names, brand names, proprietary formulations, and free-text descriptions are never used for model training and are never shared with other users. Numerical features are extracted from your analysis results to improve platform accuracy, but these cannot be reverse-engineered to reconstruct your original concept. See Section 7 for full details.

Your data is stored securely. Your analyses, chat history, and account data are stored in our database (hosted by Supabase) to provide features such as saved analysis history, strategy chat continuity, and professional report exports.

Your data is isolated. Each user's data is scoped to their account. Other users cannot access your analyses, chat history, or product concepts.

3.2 Administrative Access

Stored analyses and chat submissions may be viewed by administrators solely for quality assurance, safety monitoring, and customer support. We do not access your data for any other purpose.

3.3 Security Measures

We implement industry-standard security measures including encryption in transit (HTTPS/TLS), encrypted password storage, secure authentication through Supabase, and regular security reviews.

3.4 Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.

4. How We Share Your Information

We do not sell your personal information.

We may share information with:

4.1 Service Providers

Third parties that help us operate the Service:

• Supabase — Database and authentication (https://supabase.com/privacy)

• Stripe — Payment processing (https://stripe.com/privacy)

• Anthropic — AI analysis processing (https://www.anthropic.com/privacy)

• Perplexity — Market research and trends (https://www.perplexity.ai/privacy)

• Tavily — Web search for competitive intelligence (https://tavily.com/privacy)

• Railway — Application hosting (https://railway.app/legal/privacy)

• Kroger — Retail shelf pricing data (https://www.kroger.com/i/privacy-policy)

  
  

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, safety, or property.

4.3 Business Transfers

If Lloyd Labs LLC is acquired, merged, or sells assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4.4 With Your Consent

We may share information for other purposes with your explicit consent.

⚠ 5. Data Retention

• Account data: Retained while your account is active and for up to 12 months after account closure for legal and business purposes.

• Payment records: Retained as required by law (typically 7 years) and for dispute resolution.

• Analyses and chat history: Retained while your account is active to provide the Service. Deleted upon account deletion request, except as required by law.

• ⚠ Trial data: Analysis data generated during a free trial is retained under the same terms as paid subscriber data, including ML feature extraction.

• ✨ ML feature vectors: Retained while your account is active and for up to 12 months after account closure or deletion request. Deletion of feature vectors may not remove their influence from models already trained, but they will be excluded from all future training runs.

• Usage analytics: Retained in aggregated, anonymized form to improve the Service.

  
  

You may request deletion of your account and associated data at any time by contacting us.

⚠ 6. Your Rights and Choices

6.1 Access and Correction

You may access and update your account information at any time through your account settings.

6.2 Data Export

Paid subscribers can export their analyses as professional DOCX reports or JSON files through the Service. You may also request a full export of your stored data by contacting us.

6.3 Account Deletion

You may request deletion of your account by contacting us at info@cpgcanary.ai. We will delete your data within 30 days, except as required by law.

6.4 Marketing Communications

You may opt out of marketing emails by clicking "unsubscribe" in any marketing message or contacting us directly.

✨ 6.5 Machine Learning Data Rights

You have the following rights regarding your machine learning data:

• Access: Request a copy of feature vectors associated with your analyses. Email info@cpgcanary.ai.

• Deletion: Request deletion of your feature vectors from the training dataset. Email info@cpgcanary.ai.

• Opt-Out: Request that future analyses not be included in feature extraction. Email info@cpgcanary.ai.

• Explanation: Request a general explanation of how your data contributes to model training. Email info@cpgcanary.ai.

  
  

Deletion requests will be processed within 30 days. Opting out of feature extraction may limit the accuracy of certain predictive features in your reports.

✨ 7. Machine Learning Pipeline Disclosure

CPG Canary uses machine learning to improve the accuracy of risk assessments and viability scores for all platform users. This section describes how that works.

7.1 Feature Extraction

When you submit a product concept for analysis, CPG Canary automatically extracts approximately 50 numerical features from your analysis results. These features are statistical representations — risk scores, pricing metrics, category indicators, and competitive density measures — stored as numerical vectors.

What is extracted: Numerical derivatives of your analysis outputs — scores, ratios, classifications, and statistical measures.

What is NOT extracted: Your original product concept text, brand names, proprietary formulations, trade secrets, or any free-text content you submitted. Feature vectors cannot be reverse-engineered to reconstruct your original concept.

7.2 Outcome Labeling

CPG Canary independently sources outcome data (e.g., whether a product type historically succeeded or failed) from public market data, trade publications, and industry reports. This outcome data is combined with extracted feature vectors to train predictive models. Outcome labels are sourced independently by CPG Canary — not from information you provide.

7.3 Model Training

Extracted feature vectors, combined with independently sourced outcome data, are used to train and improve predictive models. These models improve risk assessment accuracy for all platform users.

• Trained models are used exclusively within the CPG Canary platform

• We do not sell, license, or share your feature data or derivative models with third parties

• We do not send your data to Anthropic, Perplexity, or any third-party AI provider for their model training

  
  

7.4 Automated Decision-Making Disclosure

CPG Canary's machine learning models contribute to risk and viability assessments. These assessments are probabilistic tools provided for informational purposes only. They do not constitute professional advice and are subject to the limitation of liability provisions in our Terms of Service.

8. Cookies

We use minimal cookies necessary to operate the Service:

• Session cookies — Keeps you logged in (required)

• Authentication cookies — Secure login (required)

  
  

We do not use advertising or tracking cookies.

Do Not Track: We do not track users across third-party websites and do not respond to browser "Do Not Track" signals because we do not engage in cross-site tracking.

9. Children's Privacy

CPG Canary is not intended for users under 18 years of age. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers and service providers are located. By using the Service, you consent to this transfer.

For users in the European Economic Area (EEA), UK, or other regions with data protection laws, we rely on standard contractual clauses or other lawful transfer mechanisms.

⚠ 11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it's used

• Request deletion of your personal information

• Opt out of the sale of personal information (we do not sell your data)

• Non-discrimination for exercising your rights

  
  

⚠ Feature Vectors under CCPA: Numerical feature vectors derived from your analysis results may constitute "inferences drawn from information" under the CCPA. You have the right to know about, access, and request deletion of these inferences, as described in Section 6.5.

To exercise these rights, contact us at info@cpgcanary.ai.

⚠ 12. European Privacy Rights (GDPR)

If you are in the EEA or UK, you have additional rights including:

• Access to your personal data

• Rectification of inaccurate data

• Erasure ("right to be forgotten")

• Data portability

• Objection to certain processing

• Restriction of processing

  
  

⚠ Legal Basis for ML Processing: We process feature vector data for machine learning model training under the legitimate interest legal basis (Article 6(1)(f) GDPR). Our legitimate interest is improving the accuracy and quality of risk assessments for all platform users. You have the right to object to this processing, as described in Section 6.5. We have conducted a balancing test and determined that this processing does not override your rights because: (a) only numerical derivatives are used, not your original concept text; (b) feature vectors cannot be reverse-engineered to reconstruct your original concept; and (c) you can opt out at any time.

To exercise these rights, contact us at info@cpgcanary.ai.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a notice on the Service at least 30 days before taking effect. Your continued use after changes constitutes acceptance.

14. Contact Us

For questions, concerns, or requests regarding this Privacy Policy, contact us at:

Lloyd Labs LLC Email: info@cpgcanary.ai Website: https://cpgcanary.ai

By using CPG Canary, you acknowledge that you have read and understood this Privacy Policy.