Privacy Policy

Last updated: April 17, 2026 · Effective: April 17, 2026

1. Who We Are

LGC operates LMS ("the Service"), an AI-powered operations platform that connects to your business tools and executes commands on your behalf.

2. Data We Collect

We collect only what is necessary to provide the Service:

• Account information: Company name, email address, password (hashed, never stored in plaintext)
• Usage data: Commands executed, AI model used, token consumption, timestamps
• Billing data: Plan selection, payment history (credit card details are stored by Stripe, not by LGC)
• Integration credentials: OAuth tokens and API keys for connected services (Google Workspace, Slack, GitHub, etc.), stored encrypted in Google Cloud Secret Manager
• Audit logs: Actions taken through LMS for security and compliance purposes
• Fraud prevention signals (Free tier only): IP address, user agent, and a 16-character device fingerprint derived from stable browser properties (screen resolution, timezone offset, language, hardware concurrency, and a one-time canvas render hash). This data is used solely to enforce the one-free-account-per-device limit and deter automated abuse of the free trial. It is not collected on paid plans, is not used for tracking or analytics, and is never shared with third parties.

3. Data We Do NOT Collect

• We do not read, store, or analyze the content of your emails, documents, or messages beyond what is required to execute your specific command
• We do not sell, rent, or share your data with third parties for marketing purposes
• We do not use your data to train AI models
• We do not track your browsing activity outside of LMS

4. How We Use Your Data

• Service delivery: Executing commands, connecting to your tools, processing AI requests
• Billing: Calculating usage, generating invoices, processing payments via Stripe
• Security: Audit logging, fraud prevention, rate limiting, duplicate-account detection on the Free tier (via the fingerprint signals described in §2)
• Support: Responding to support requests, debugging issues
• Service improvement: Aggregate, anonymized usage statistics (never individual data)

5. Data Processing & Storage

• Region: All data is processed and stored in Google Cloud Platform, asia-northeast1 (Tokyo, Japan)
• Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.3)
• Credentials: Integration tokens are stored in Google Cloud Secret Manager with IAM-controlled access
• Isolation: Each tenant's data is namespaced in Firestore with logical isolation

6. Third-Party Services

LMS uses the following third-party services to operate:

• Anthropic (Claude AI): Processes natural language commands. Anthropic's privacy policy applies to AI processing. Anthropic does not use your data for training.
• Google Cloud Platform: Infrastructure hosting, database, secret management
• Stripe: Payment processing. Stripe stores your credit card details directly — LGC never sees your full card number
• GTranslate: Optional language translation widget on public pages

7. Data Retention

• Account data: Retained while your account is active
• Usage logs: Retained for the duration specified by your plan (30 days to unlimited)
• Audit logs: Retained per plan tier (30 days to unlimited)
• After termination: Data export available for 90 days via GDPR export endpoint. After 90 days, data is permanently deleted

8. Your Rights

Under Japanese data protection law (個人情報保護法) and GDPR (where applicable), you have the right to:

• Access: Request a copy of all data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data and account
• Export: Export your data in machine-readable format via the GDPR export endpoint
• Restrict processing: Request that we limit how we use your data
• Object: Object to processing of your data for specific purposes

To exercise any of these rights, email info@lgc.inc. We will respond within 30 days.

9. Cookies

LMS uses the following cookies:

• Session cookie: Maintains your login session (essential, no consent required)
• localStorage: Stores JWT token and conversation history locally in your browser (never sent to third parties)
• GTranslate: Language preference cookie on public pages (third-party)

10. Children's Privacy

LMS is a business tool not directed at individuals under 18. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to account holders. The "Last updated" date at the top indicates the most recent revision.

12. Contact

For privacy inquiries, data requests, or complaints:

13. Governing Law

This privacy policy is governed by the laws of Japan. Disputes shall be resolved in the Tokyo District Court (東京地方裁判所).