Privacy Policy

This Privacy Policy describes how Lancst LLC. ("LancstTrack," "we," "us," or "our"), a company incorporated in the State of Wyoming, United States, collects, uses, shares, and protects personal data when you use our website at lancst.com and our event tracking and analytics platform (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

1. Data We Collect

We collect different categories of data depending on how you interact with our Service. This includes data you provide directly to us, data collected automatically through our tracking technology, and data received from third-party sources.

1.1 Account Information

When you register for an account, subscribe to a plan, or contact us, we may collect:

• Full name and email address
• Company or organization name
• Billing address and payment information (processed via Stripe)
• Password (stored in hashed form)
• Communication preferences

1.2 Event and Analytics Data

When our tracking script is installed on a customer's website, we collect the following data from end users of that website:

• Event data: page views, clicks, form submissions, scroll depth, and custom events configured by the website operator
• IP addresses: collected for geolocation purposes and anonymized within 24 hours by stripping the last octet
• Browser information: browser type and version, preferred language, and referrer URL
• Device information: device type (desktop, mobile, tablet), operating system, screen resolution, and viewport size
• Cookies and identifiers: a first-party session identifier cookie used to group events within a single browsing session; no third-party advertising or cross-site tracking cookies are used
• Timestamp data: the date, time, and timezone of each event

1.3 Usage and Log Data

We automatically collect information when you interact with the LancstTrack dashboard and platform, including pages visited within the Service, features used, API calls made, server logs (IP address, request timestamps, HTTP method, and response codes), and performance metrics.

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases under Article 6 of the General Data Protection Regulation (GDPR):

• Performance of a contract (Article 6(1)(b)): We process account information and payment data as necessary to provide the Service you have contracted for, including account creation, subscription management, billing, and customer support.
• Legitimate interests (Article 6(1)(f)): We process event and analytics data, usage data, and log data on the basis of our legitimate interest in operating, improving, and securing the Service. This includes analyzing usage patterns to improve product features, detecting and preventing fraud or abuse, and ensuring the technical security of the platform. We have conducted a balancing test to ensure that our legitimate interests are not overridden by your fundamental rights and freedoms.
• Consent (Article 6(1)(a)): Where required by applicable law, we rely on your explicit consent for certain processing activities, such as sending marketing emails or placing non-essential cookies. You may withdraw your consent at any time by contacting us or using the unsubscribe mechanism provided in our communications.
• Legal obligation (Article 6(1)(c)): We may process personal data where necessary to comply with a legal obligation to which we are subject, such as tax reporting, responding to lawful government requests, or retaining records as required by applicable law.

3. Purpose of Data Collection

We collect and process personal data for the following purposes:

• Service delivery: To provide, maintain, and operate the LancstTrack analytics platform, including processing events, generating reports, dashboards, and heatmaps.
• Account management: To create and manage your account, process payments, and communicate with you about your subscription and billing.
• Product improvement: To analyze aggregated usage patterns and feedback in order to improve, develop, and optimize the features, performance, and reliability of the Service.
• Security and fraud prevention: To detect, investigate, and prevent unauthorized access, abuse, fraudulent activity, and other security incidents.
• Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
• Communications: To send transactional notifications (e.g., account confirmations, billing receipts, security alerts) and, with your consent, marketing communications about product updates and new features.
• Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. Cookies and Tracking Technologies

LancstTrack uses a minimal set of cookies and does not use third-party advertising trackers. The cookies we use include:

• Session cookie: A first-party cookie that identifies a browsing session for the purpose of grouping events. This cookie expires when the browser is closed or after 30 minutes of inactivity.
• Authentication cookie: Used to keep you signed in to your LancstTrack dashboard. This cookie is strictly necessary for the operation of the Service.
• Preference cookies: Used to remember your dashboard settings and display preferences.

You can control cookies through your browser settings. Note that disabling strictly necessary cookies may impair the functionality of the Service.

5. Third-Party Data Processors

We engage the following third-party service providers who process personal data on our behalf. Each processor is bound by a Data Processing Agreement (DPA) that ensures they process data only on our instructions and in compliance with applicable data protection laws:

We do not sell, rent, or trade your personal data to any third party. We do not share personal data with third parties for their own marketing purposes.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods are as follows:

• Account data: Retained for the duration of your account and for 30 days after account deletion to allow for recovery, after which it is permanently deleted.
• Event and analytics data: Retained according to your subscription plan—7 days for Free plans, 1 year for Pro plans, and an unlimited period for Enterprise plans. Once data exceeds the applicable retention window, it is permanently and irreversibly deleted from our systems.
• IP addresses: Raw IP addresses are anonymized within 24 hours of collection. The anonymized (truncated) form is retained alongside event data per your plan's retention period.
• Billing and transaction records: Retained for 7 years after the transaction date to comply with tax and accounting obligations under applicable law.
• Server logs: Retained for 90 days for security monitoring and debugging purposes, then automatically purged.
• Support correspondence: Retained for 2 years after the last communication to enable follow-up and quality assurance, then deleted.

7. International Data Transfers

Lancst LLC. is headquartered in the United States. If you access the Service from outside the United States, your personal data will be transferred to and processed in the United States and potentially other countries where our service providers operate.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on the following safeguards:

• EU-U.S. Data Privacy Framework: Where applicable, our processors (including Stripe, Vercel, and AWS) participate in the EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce.
• Standard Contractual Clauses (SCCs): Where the Data Privacy Framework does not apply, we enter into the European Commission's Standard Contractual Clauses (as adopted under Commission Implementing Decision (EU) 2021/914) with our sub-processors to ensure an adequate level of data protection.
• Supplementary measures: We implement additional technical and organizational safeguards, including encryption of data in transit (TLS 1.2+) and at rest (AES-256), access controls, and regular security assessments.

8. Data Security

We implement industry-standard technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit using TLS 1.2 or higher, encryption of data at rest using AES-256, role-based access controls with the principle of least privilege, regular security audits and penetration testing, automated vulnerability scanning, secure software development practices, and incident response procedures. While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying affected individuals and relevant authorities in the event of a data breach as required by applicable law.

9. Your Rights

Depending on your location and applicable data protection laws (including the GDPR, UK GDPR, and the California Consumer Privacy Act), you may have the following rights regarding your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
• Right to rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
• Right to erasure: You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where there is no overriding legitimate interest for continued processing.
• Right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format (such as JSON or CSV), and to transmit that data to another controller without hindrance.
• Right to object: You have the right to object to the processing of your personal data based on our legitimate interests. Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• Right to restriction of processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful.
• Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been infringed.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days, or within the timeframe required by applicable law. We may ask you to verify your identity before fulfilling your request.

10. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data promptly. If you believe that a child under 16 has provided us with personal data, please contact us at [email protected].

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and notify you via email or through a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this page periodically.

12. Data Protection Officer

LancstTrack has designated a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with applicable data protection laws. If you have any questions or concerns about how we handle your personal data, or if you wish to exercise any of your data protection rights, you may contact our DPO at:

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: