Privacy Policy

1. Introduction

Lemma ("we," "our," or "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our organization intelligence platform, including our websites, applications, and services (collectively, the "Services").

Please read this policy carefully. If you disagree with its terms, please discontinue use of our Services.

2. Information We Collect

2.1 Information You Provide

• Account registration data (name, email address, company name)
• Profile information and preferences
• Communications with our support team
• Demo requests and access applications
• Employee data uploaded by your organization

2.2 Information Collected Automatically

• Usage data and analytics (pages visited, features used)
• Device and browser information
• IP addresses and approximate location
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve our Services
• Process transactions and send related information
• Send administrative information, updates, and security alerts
• Respond to inquiries and provide customer support
• Monitor usage patterns and analyze product performance
• Comply with legal obligations and enforce our policies
• Detect, prevent, and address fraud or security incidents

4. Data Isolation and Security

Lemma is designed as an isolated, multi-tenant platform. Each organization's data is strictly separated from other organizations. We implement the following measures:

• Row-level security policies enforced at the database layer
• Encryption at rest and in transit (TLS 1.2+)
• Access controls based on role and organizational membership
• Regular security assessments and audit logging
• Strict separation of trial and production environments

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in these limited circumstances:

• Service providers: Trusted vendors who assist in operating our platform (under strict confidentiality obligations)
• Legal requirements: When required by applicable law, court order, or government authority
• Business transfers: In connection with a merger, acquisition, or sale of assets
• With your consent: For any other purpose with your explicit consent

6. Employee Data

When organizations use Lemma to manage employee records, we act as a data processor on behalf of the organization (data controller). Organizations are responsible for ensuring they have appropriate legal bases for processing employee data, including obtaining necessary consents and complying with applicable labor and data protection laws in their jurisdictions.

7. Data Retention

We retain personal data for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. When data is no longer needed, we securely delete or anonymize it. Organizations may request deletion of their data by contacting us.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your personal data
• Object to or restrict processing of your data
• Data portability (receive your data in a structured format)
• Withdraw consent at any time where processing is consent-based

To exercise these rights, please contact us at privacy@lemmahr.com.

9. International Data Transfers

Your data may be processed in countries other than your own. When transferring data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or other legally recognized transfer mechanisms.

10. Cookies

We use cookies and similar technologies to enhance your experience. Essential cookies are necessary for the platform to function. You may disable non-essential cookies through your browser settings, though this may affect some functionality.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of our Services after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: