Privacy Policy

At Skywood AI, Inc., the company behind Lyrio, we are committed to making your experience better while prioritizing your privacy and security. As we continue to grow our products and services, new AI-powered features, and expanded business tools, we are updating our policies to keep pace and ensure they accurately reflect how our platform works for you. These updates are designed to give you clear, up-to-date information about our practices and your choices.

Lyrio.ai ("Lyrio," "we," or "us") respects your privacy and is committed to being transparent about our privacy practices. This Privacy Policy describes the types of information we may collect from you when you visit our website at https://lyrio.ai, any subdomains thereof or any related mobile or desktop applications, including any content or functionality offered on or through any of the foregoing (collectively, the "Site"), or when you access or use the online services, including, without limitation, our AI-powered platform, known as "Lyrio.ai," that we make available through the Site (collectively, the "Service"). This Privacy Policy also describes our practices for collecting, using, maintaining, protecting, and disclosing such information.

This Privacy Policy applies to information we collect on the Site, in email, text, or other electronic messages between you and the Site, and through your access to or use of the Service. Except as otherwise expressly set forth herein, it does not apply to information collected by us offline or through any other means, including on any other website operated by us or any third party, nor to information collected by any other third party, including through any application or content (including advertising) that may link to or be accessible from or on the Site or the Service.

Please read this Privacy Policy carefully before you start to use the Site or the Service to understand our policies and practices regarding how we treat your information. By accessing or using the Site or the Service in any manner, you accept and agree to be bound by this Privacy Policy. If you do not agree with any terms of this Privacy Policy, you may not access or use the Site or the Service for any purpose.

This Privacy Policy may change from time to time (see Updates to Our Privacy Policy, below). Your continued use of the Site or the Service after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Privacy of Children

The Site and the Service are not intended for or directed to children. No one under age 16 may provide any information to or on the Site or the Service. We do not knowingly collect or solicit personal information from children under age 16. If you are younger than 16 years of age, do not use or provide any information on the Site or through the Service or any of its features, register on, or make purchases through, or use any of the interactive features of the Site or the Service, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name, user name, or any other identifier you may use. If we learn we have collected or received personal information from a child under age 16, we will delete that information. If you believe we might have any information from a child younger than 16 years of age, please contact us at info@lyrio.ai.

Information We Collect

When you access the Site or use the Service, we collect certain information about you. This may include information by which you may be personally identified, such as your name, email address, and mailing address, as well as information that is about you but may not specifically identify you, such as information about your internet connection, the device you use to access the Site or the Service, and usage details, IP addresses, and other information collected through certain tracking technologies (collectively "personal information").

Information You Provide Us

We collect personal information from various sources, such as directly from you when you access or use the Site or the Service. This may include:

• information that you provide by filling in forms on the Site or through the Service. This includes information provided at the time of registering to use the Service or requesting further information or services.
• we do not collect or store any financial information or details of transactions conducted through the Site or the Service. All payment processing, including the acquisition of any Service subscription or access to Service offerings, is securely managed by Stripe. Stripe assumes sole responsibility for the storage and processing of your financial and transaction details.
• information you provide for processing and content generation purposes through the Service.
• information you provide when you report a problem with the Site or the Service.
• information that you provide when you enter a promotion sponsored by us.
• information that you provide when seeking customer or technical support or when providing feedback or suggestions with respect to the Service.
• records and copies of your correspondence (including email addresses), if you contact us.
• your responses to surveys that we might ask you to complete for research and evaluation purposes.

Information We Collect by Automatic Means

When you navigate through and interact with the Site and/or the Service, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• information about the devices you use to access the Site and/or the Service, such as IP address, device type, operating system, and web browser;
• dates, times, and duration of your use of the Site and/or the Service, including whether you are a repeat or first-time visitor;
• information on actions taken while using the Site and/or the Service, such as keystrokes, page views, and website navigation patterns;
• certain geolocational information.

Use of Cookies and Other Tracking Technologies

We use cookies and similar tracking technologies to collect and use personal information about you. For further information about the types of cookies we use, why, and how you can control cookies, please see our Cookie Policy.

We do not use cookies or tracking technologies to feed data to third-party advertising networks or marketing platforms.

Third-Party Analytics

We may use third-party analytics services, such as Google Analytics, to help us understand how users interact with the Site and the Service. These services collect information related to your use of the Site and Service for the purpose of improving our platform - not for targeting you with advertising or sharing your data with marketing platforms. You can learn more about how Google Analytics collects and processes data at https://policies.google.com/privacy. You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.

If you have any questions about our use of cookies or tracking technologies, please contact us at info@lyrio.ai.

Information we collect automatically may be statistical data that does not include personal information. We may maintain or associate any such statistical data with personal information we collect in other ways or receive from third parties. It helps us to estimate our audience size and usage patterns, speed up user experience, and improve and personalize the Service, including enabling us to identify and authenticate users. To the extent that we associate any of this non-personal information with your personal information, we will treat it as personal information under the terms of this Privacy Policy.

Technologies we use for automatic data collection may include cookies. A cookie is a small file placed on your smartphone or on the hard drive of your computer, as applicable. Portions of our Site and our emails may also contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). For information on our use of cookies and how you can opt out, see Your Choices, below.

Third-Party Use of Cookies and Other Tracking Technologies

Some content or applications on the Site and/or the Service are served by third parties, including content and application providers. These third parties may use cookies or other tracking technologies to collect limited technical information. We do not permit third parties to use your data for behavioral advertising, cross-site tracking, or any third-party marketing purposes. If you have any questions about any targeted content, you should contact the responsible provider directly.

How We Use the Information We Collect

• to provide you with our products and services;
• to provide you with information or materials you request;
• to respond to your questions and comments and provide customer or technical support;
• to communicate with you about our products, services, offers, and promotions;
• to operate, evaluate, and improve our business and the products and services we offer;
• to analyze trends and statistics regarding use of the Site and the Service and activities supported by the same;
• to protect against and prevent fraud, unauthorized transactions, claims, and other liabilities, and manage risk exposure, including by identifying potential hackers and other unauthorized users;
• to enforce our Terms of Service and other agreements;
• to comply with applicable legal requirements and industry standards; and
• for any other purpose for which you provide your consent.

We do not sell your personal information. We do not share your data with third-party marketing platforms, advertising networks, or data brokers. Your prompts, AI-generated responses, and usage data are never used to build advertising profiles or shared with third parties for marketing purposes. If you do not want us to use your information to contact you about our own service communications, please email info@lyrio.ai. For more information, see Your Choices, below.

Personal Information That We Store

We collect and store certain personal information to provide and improve our Service. Below is a summary of the types of personal data we store, their descriptions, and the purposes for which we use them:

First Name / Last Name

• Description: Your full name obtained through third-party providers such as Google, Microsoft, and Facebook.
• Purpose: To store your user profile details and personalize your experience, including storing your chat history.
• Storage: Atlas MongoDB
• Access: Restricted to authorized personnel from white-listed IP addresses only
• Retention: 30 days

Email

• Description: Your email address is obtained through third-party providers such as Google, Microsoft, and Facebook.
• Purpose: To identify you as a user of the Service.
• Storage: Atlas MongoDB
• Access: Restricted to authorized personnel from white-listed IP addresses only
• Retention: 30 days

Country/State

• Description: Your country and state information.
• Purpose: To store your location details for service personalization and compliance purposes.
• Storage: Atlas MongoDB
• Access: Restricted to authorized personnel from white-listed IP addresses only
• Retention: 30 days

Chats (Prompts and Responses)

• Description: The data you provide by entering prompts and receiving responses from our language models. All prompts and AI-generated responses are encrypted both in transit and at rest (see Security, below).
• Purpose: This is the core feature of the Service, enabling interaction and content generation.
• Storage: Atlas MongoDB
• Access: Restricted to authorized personnel from white-listed IP addresses only
• Retention: 30 days

If you have any questions or concerns about the personal information we store or how we handle it, please contact us at info@lyrio.ai.

How We Share Your Personal Information

We may disclose aggregated information about our users and information that does not identify any individual user, without restriction.

We may disclose personal information that we collect, or you provide (as described in this Privacy Policy):

• to our subsidiaries and affiliates;
• to contractors, service providers, and other third parties we use to support our business operations (see Third Party Providers, below);
• to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• to enforce or apply our Terms of Service and other agreements;
• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Lyrio.ai, users of the Site or the Service, and/or others;
• for any other purpose which is incidental to the normal use of the Service;
• and for any other purpose for which you provide your consent.

We do not disclose your personal information to third parties for marketing purposes. We do not sell, rent, or trade your personal data with advertising platforms, data brokers, or any third-party marketing organizations. Our service providers are contractually prohibited from using your data for any purpose beyond delivering the specific services they provide to us.

We also reserve the right to transfer your personal and other information to a buyer or other transferee in the event of a merger, divestiture, restructuring, reorganization, dissolution, sale, or other transfer of some or all of our assets. Should such a sale, merger, or transfer occur, we will use reasonable efforts to direct the transferee to use your information in a manner that is consistent with our Privacy Policy.

Third Party Providers

We may employ or otherwise utilize third party companies and individuals to facilitate our Site and our provision of the Service, and to process data, perform Site and Service-related services, or to assist us in analyzing how the Service is used (collectively, "Third Party Providers"). These Third Party Providers have access to your personal information only for purposes of performing these tasks on our behalf. They are contractually prohibited from using your data for their own marketing, advertising, or any purpose unrelated to the services they provide to Lyrio. We advise you to review the privacy policies of the Third Party Providers.

Third Party Providers include, but are not limited to, the following:

Analytics. We may use Third Party Providers to monitor and analyze the use of our Site and the Service for product improvement purposes only — not for advertising or marketing targeting.

• Google Analytics. Google Analytics is an independent web analytics service offered by Google that tracks and reports application traffic. This data is used solely to understand how our Service is used and to improve it. We do not permit Google to use this data for ad personalization on our behalf. You can learn about Google's privacy practices at https://www.google.com/intl/en/policies/privacy. You may opt out by installing the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout.

AI Tools. We use artificial intelligence tools to power content generation and other functionalities of the Service. These tools include, but are not limited to:

• OpenAI. You can learn about OpenAI's privacy practices at https://openai.com/policies/row-privacy-policy/.
• Gemini. You can learn about Gemini's privacy practices at https://support.google.com/gemini/answer/13594961?hl=en.
• Grok. You can learn about Grok's privacy practices at https://x.ai/legal/privacy-policy.

Payment Processing.

• Stripe. Stripe is a payment processing platform that helps accept online payments, manage subscriptions, and handle financial transactions securely. You can learn about Stripe's privacy practices at https://stripe.com/privacy.

Consent Management.

• CookieBot. CookieBot is a Consent Management Platform (CMP) that helps scan, detect, and control cookies and trackers, and collect users' consent in accordance with global privacy laws such as GDPR and CCPA. You can learn about CookieBot's privacy practices at https://www.cookiebot.com/en/privacy-policy/.

Security

Lyrio takes protecting your information seriously. We follow a "Security by Design" philosophy - every component of our platform is built with security as a foundational requirement, not an afterthought.

Encryption of Your Data in Transit

Every interaction you have with Lyrio, including all prompts you send and all AI-generated responses you receive, is transmitted through an encrypted, secure connection. Specifically:

• TLS 1.2+ (Transport Layer Security): We enforce TLS 1.2 or higher for all connections between your device and our servers. This means that your questions, responses, and any other data are mathematically unreadable to any interceptor, internet service provider, or malicious actor on the network.
• SSL/TLS Certificates: We utilize advanced SSL/TLS certificates managed by AWS Certificate Manager (ACM) to ensure continuous, up-to-date encryption coverage.

Encryption of Your Data at Rest

Once your data reaches our infrastructure, it is immediately secured:

• Database Encryption: Our databases utilize AES-256 standard encryption — the same standard used by financial institutions and government agencies — to protect all stored data, including your chat history.
• File System Encryption: Unstructured data (such as documents or media files) is stored with transit and encryption-at-rest enabled via Amazon Elastic File System (EFS).
• Key Management: Cryptographic keys are managed via a secure Key Management Service (KMS), with keys rotated regularly and access strictly audited.

No Marketing Data Exposure

Your data is never routed through, shared with, or accessible to third-party marketing platforms, advertising networks, or data aggregators. Our private network architecture ("air-gap" design using AWS Virtual Private Cloud) ensures that our AI models, databases, and inference engines reside in private subnets with no public IP addresses — they are physically unreachable from the public internet.

Identity and Access Management

We operate on the Principle of Least Privilege. Every component of our system has only the minimum permissions necessary to do its job:

• Role-Based Access Control (RBAC): Each microservice has its own unique identity with scoped permissions. No service can access data beyond what it needs to function.
• Encrypted Session Tokens: Your credentials are never passed around internally. We use short-lived, encrypted tokens to validate requests, so your login information remains protected throughout your session.
• White-listed Access: Administrative access to databases is restricted to authorized personnel from white-listed IP addresses only.

Compliance Standards

Our infrastructure is engineered to align with:

• GDPR: We respect the "Right to be Forgotten" and "Data Minimization." Automated lifecycle policies identify and securely purge temporary data and caches no longer needed for active processing.
• OWASP Top 10: Our defenses are specifically tuned to block the ten most critical web application security risks, including injection attacks, broken access control, and security misconfigurations.
• NIST Cryptographic Standards: We adhere to NIST guidelines for data encryption, ensuring no legacy or weak ciphers are used to transmit your information.

Please note that while we implement strong technical safeguards, the electronic transmission of information cannot be guaranteed to be 100% secure. Where we have given you (or where you have chosen) a password for access to the Service, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Information and Data Transfers

The Service is administered by Lyrio.ai in the United States. When we obtain information about you through your access to or use of the Site or the Service, we may transfer, process, and store such information in the United States. If you access the Site and/or the Service from outside the United States, you do so on your own initiative, at your sole risk, and you are responsible for compliance with all applicable laws. If you are a non-United States resident and provide us with your personal information, or if you use the Service, you consent to the transfer to and processing of such information in the United States, which may have data protection laws less stringent than those in the country in which you reside.

Your Choices

We strive to provide you with choices regarding the personal information you provide to us.

Cookies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Site and/or the Service may then be inaccessible or not function properly.

Disclosure of Your Information. We do not share your personal information with unaffiliated third parties for promotional purposes. If you have any concerns about how your data is being used, you can contact us at info@lyrio.ai.

Emails. Lyrio.ai may send service updates, service notifications, and other service-related communications to you via email. Promotional email communications will contain instructions describing how you can opt out of receiving future promotional emails from us. You may also email us at info@lyrio.ai to be removed from our mailing list. If you opt out of promotional emails, you may continue to receive non-promotional, transactional emails from us.

Limiting Provided Information. You can choose not to provide us with certain information. If you decline to provide certain information, however, please note that some features of the Site and/or the Service may then be inaccessible.

"Do Not Track" Requests

Some web browsers have a "Do Not Track" feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. The Site is not currently set up to respond to those signals. However, as noted throughout this Policy, we do not share your data with third-party marketing platforms regardless of this signal.

Third Party Applications and Websites

The Site and/or the Service may contain links to third-party websites. Lyrio.ai is not responsible for the privacy practices or content of these websites, and linking to a website does not constitute endorsement by us of that website. You should review the privacy policy and terms and conditions of any such third-party website prior to using or providing information to the same.

Accessing, Correcting, and Retaining Your Information

You may send us an email at info@lyrio.ai to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

We retain personal information that we collect for as long as we need to use it in connection with our business and in accordance with our standard practices or in compliance with applicable laws. When we no longer need the personal information, we will deidentify, aggregate, or delete this information where required by law.

Data Export

Users have the ability to securely export all of their personal data collected and stored by Lyrio.ai. This export feature is accessible through the User Account page on the Lyrio.ai website. Upon request, a secure link to download the data will be sent to the user's registered email inbox. Lyrio.ai ensures that no third parties or members of the development team have access to the exported data during this process. This functionality fulfills the GDPR right of access and data portability, allowing users to obtain and reuse their personal data across different services.

Account Deletion

Users may delete their Lyrio.ai account and all associated personal data at any time. When an account deletion request is made, the account is initially marked as "deactivated" for a period of 30 days. During this deactivation period, users may log in to their accounts to restore access to their chats and history. If the account is not reactivated within 30 days, all personal data and chat history are permanently removed from Lyrio.ai's infrastructure. Please note that while Lyrio.ai deletes user data from its systems, Stripe, as the payment processor, continues to store customers' financial information independently in accordance with its own privacy policies.

Your State Privacy Rights

California Residents. California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. As stated in this Policy, we do not share personal information with third parties for direct marketing purposes. If you are a California resident and would like to make a request, please submit your request in writing to us by email at info@lyrio.ai or write to us at the mailing address set forth at the end of this Policy.

Colorado, Connecticut, Virginia, and Utah Residents. Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to: (i) confirm whether we process their personal information; (ii) access and delete certain personal information; (iii) data portability; and (iv) opt-out of personal data processing for targeted advertising and sales. Additionally, Colorado, Connecticut, and Virginia also provide their state residents with rights to: (v) correct inaccuracies in their personal information, taking into account the information's nature and processing purpose; and (vi) opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects. To exercise any of these rights please submit your request in writing to us by email at info@lyrio.ai or write to us at the mailing address set forth at the end of this Policy.

Nevada Residents. Nevada provides its residents with a limited right to opt-out of certain personal information sales. However, please know that we do not currently sell data triggering that statute's opt-out requirements. Residents who wish to submit a request may do so in writing to info@lyrio.ai or to the mailing address set forth at the end of this Policy.

Your European and UK Privacy Rights

If you are a resident of the European Union or the UK, you are entitled to certain information and have certain rights under the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR") or the UK GDPR adopted post Brexit. Those rights include:

• the right of access to your information.
• the right to rectify your information if it is incorrect or incomplete.
• the right to have your information erased ("right to be forgotten").
• the right to withdraw your consent to our processing of your information at any time (if our processing is based on consent).
• the right to object to our processing of your information (if processing is based on legitimate interests).
• the right to object to our processing of your information for direct marketing purposes.
• the right to receive your information from us in a structured, commonly used and machine-readable format, and the right to transmit your information to another controller without hindrance from us (data portability).

If you are located in the European Union or the UK, we will never share your information with a third party for such third party's marketing purposes, unless you have specifically consented to us doing so.

You may contact us at info@lyrio.ai to exercise any of the above rights. We may request specific information from you to confirm your identity, and in some circumstances, we may charge a reasonable fee for access to your information.

Furthermore, if you believe that our processing of your information is inconsistent with your data protection rights under the GDPR and we have not adequately addressed your concerns, you have the right to lodge a complaint with the data protection supervisory authority of your country.

For purposes of the GDPR, we are a "controller" and you are a "data subject."

Updates to Our Privacy Policy

Lyrio.ai reserves the right to change this Privacy Policy at any time. If we make a material change to this Privacy Policy, we will communicate these changes to you either via email (if we have your email address) or by posting a notification on the Site or to the Service. The date this Privacy Policy was last revised is at the top of this page. We encourage you to review this Privacy Policy periodically to check for any updates or changes.

Contact Us

If you have any questions about this Privacy Policy or our information practices, please email us at info@lyrio.ai or write to us at:

Skywood AI, Inc.

855 El Camino Real, #13A-222

Palo Alto, California 94301

For legal concerns: legal@skywood.ai

For general inquiries: info@lyrio.ai