Privacy Policy

1. Information We Collect

Account Information

When you create an account, our authentication provider (Clerk) collects your email address, name, and — if you choose social sign-in — basic profile information from the OAuth provider. We sync your name and email into our database to associate your account with your data.

Business & Financial Data You Enter

LeanTrack stores the business information you provide, including but not limited to: client and prospect details (names, contact information, contract values), engagement records, invoices and invoice line items, billing entity information (business name, address, optional tax ID), expense records, reimbursable items, revenue targets, and proposal content. This data is necessary to deliver the Service.

Uploaded Files

You may upload receipt images, client documents, onboarding documents, and other files. These are stored securely in our cloud database provider (Convex). Generated artifacts — such as invoice PDFs, Excel exports, and signed proposal documents — are also stored in the same infrastructure.

Electronic Signatures

When a recipient signs a proposal, we collect their name, email address, and signature data. Signed proposals are converted to PDF and stored alongside the proposal record.

Automatically Collected Information

Our authentication provider (Clerk) may collect standard session data such as IP address, browser type, and login timestamps for security purposes. We do not operate any third-party analytics, advertising, or behavioral tracking services on the platform.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service — including invoicing, AR tracking, cash forecasting, proposals, and financial reporting
• Process uploaded receipts using AI-powered parsing to extract vendor, amount, date, and category information (see Section 3)
• Send transactional emails on your behalf — such as invoice deliveries with PDF, Excel, and receipt attachments
• Manage your account, authenticate sessions, and enforce subscription plan features
• Generate audit logs to maintain a record of changes to your business data
• Respond to your support requests and communicate Service updates

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. Third-Party Services

LeanTrack relies on the following third-party services to operate. Each has its own privacy policy governing how it handles data:

4. Data Storage & Security

Your data is stored in Convex's cloud infrastructure with encryption in transit (TLS) and at rest. Access to production systems is restricted to authorized personnel. While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (for example, tax or financial record-keeping obligations). Audit log entries may be retained for compliance purposes.

6. Cookies & Local Storage

LeanTrack uses a minimal set of cookies and browser storage:

• Authentication cookies — set by Clerk to maintain your login session. These are essential for the Service to function.
• Theme preference — stored in localStorage to remember your light/dark mode selection.
• Service worker — used for progressive web app (PWA) caching to improve performance. No tracking data is collected.

We do not use any marketing, advertising, or third-party tracking cookies.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data, subject to legal retention requirements
• Data portability — request your data in a structured, machine-readable format
• Opt-out of sale — we do not sell your personal information. There is nothing to opt out of.

California Residents (CCPA)

Under the California Consumer Privacy Act, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. As stated above, we do not sell personal information. To exercise your rights, contact us at the address below.

European Economic Area Residents (GDPR)

If you are located in the EEA, our legal basis for processing your data is the performance of our contract with you (providing the Service) and our legitimate interests in operating and improving the Service. You have the additional right to lodge a complaint with your local data protection authority.

8. Children's Privacy

LeanTrack is not directed at individuals under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through an in-app notification. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: