Privacy Policy
How Lonia AI Protects Your Privacy
Your data belongs to you. Lonia AI is built on local-first processing, minimal server storage, and a strict no-selling policy. This page explains exactly what we collect, why, and how you stay in control.
Last updated: April 2026
What data does Lonia AI collect?
We collect only what is necessary to operate our products and provide you with a secure, functional experience.
Account Metadata
When you sign in via Google OAuth, we receive your name and email address. We use this to identify your account and communicate with you. We do not store passwords — authentication is handled entirely through OAuth.
Usage Analytics
We collect anonymized usage data to understand how our products are used and to improve them. This includes page views, feature usage patterns, and error reports. Analytics data is not tied to your personal identity.
Payment Data
Payments are processed by Stripe. Lonia AI does not store credit card numbers, bank account details, or other sensitive financial information on its servers. Stripe handles all payment processing in compliance with PCI DSS standards.
Product-Specific Data
BillCheck and Themis handle medical billing documents. BillCheck processes documents and deletes them within 7 days. Themis processes data locally on the user's device. Lonia AI does not store medical documents on its servers long-term.
How does Lonia AI handle data processing?
Local-First Architecture
Most Lonia AI products process data directly on your device using browser-based storage (IndexedDB). This means your data never leaves your machine for the majority of operations. Server-side storage is minimized and used only when absolutely necessary for product functionality, such as generating reports or syncing across devices.
Does Lonia AI sell my data?
Lonia AI does not sell, rent, or share personal data with third parties for marketing purposes. Period.
Your data is used solely to operate and improve the Lonia AI products you use. We will never monetize your personal information or usage data through third-party advertising or data brokerage.
What third-party services does Lonia AI use?
We use a limited set of trusted third-party services to operate our platform. Each is selected for its security posture and compliance standards.
Supabase
Authentication and database services. Row-level security enforced.
Stripe
Payment processing. PCI DSS compliant. Lonia AI never stores card numbers.
Cloudflare
Hosting, CDN, and DDoS protection. Data served from edge locations globally.
Resend
Transactional email delivery for account notifications and reports.
How long does Lonia AI keep my data?
Data retention varies by product and is clearly stated within each product's settings. As a general principle, Lonia AI retains data only as long as necessary to provide the service you are using. BillCheck deletes uploaded documents within 7 days of processing. Products using local-first storage (IndexedDB) keep data on your device under your control.
Can I delete my data?
Yes. You can delete your data at any time through the settings panel within each Lonia AI product. If you need assistance or want to request a full account deletion, contact us at support@lonia.ai. We will process deletion requests within 30 days.
Is Lonia AI HIPAA compliant?
While Lonia AI is not a covered entity under HIPAA, our products that handle medical billing data are built to HIPAA-grade standards as a matter of principle. This includes encrypted data transmission, minimal data retention, access controls, and audit logging. We believe that handling sensitive health-related data responsibly is an obligation, not a checkbox.
Governing Law and Contact
Governing Law
This Privacy Policy is governed by the laws of the State of New Jersey, United States. Any disputes arising from this policy shall be resolved in the courts of the State of New Jersey.
Contact Us
If you have questions about this Privacy Policy or your data, contact us at support@lonia.ai.