Privacy Policy

This Privacy Policy explains what information Lydo collects, how we use it, who we share it with, and the rights you have over it. It applies to the Lydo mobile apps, web app, the marketing site at lydo.chat, and any related services we offer (together, the "Service").

Lydo is operated by Wisr Labs Inc., a Delaware corporation ("Lydo," "we," "our," or "us"). When your employer or team operates a Lydo workspace ("Space"), they are the controller of the data your team puts into that Space; we process that data on their behalf as described below.

1. Information we collect

We collect information in three buckets: what you give us, what your team puts into a Space, and what your device tells us automatically.

1.1 Account information

• Phone number, email address, display name, and profile photo when you create an account.
• Password (hashed) or third-party identity tokens if you sign in with Google, Apple, or another provider.
• Verification codes (SMS or email) used to prove ownership of your account.
• Workspace and role information — which Spaces you belong to, what role you hold, what channels you've joined.

1.2 Communications and content

• Messages — text, images, video, audio, files, polls, and reactions you send in any channel, group, or direct message.
• Voice and video calls — connection metadata (start time, duration, participants), and, where the Space owner has enabled it, recordings and transcripts.
• Transcripts — when transcription is enabled, we generate a written record of voice and video calls; transcripts can be searched by Joby and the team's authorized members.
• Wiki, Notes, Action Board, Calendar, Broadcast — anything your team writes, schedules, captures, or pins inside a Space.
• Joby interactions — questions you ask the agent, the answers it returns, and the source citations.

1.3 Device and usage information

• Device type, operating system, app version, language, timezone, and a device identifier we generate.
• Approximate location derived from IP address. We do not collect precise GPS location unless you explicitly attach it to a message.
• Usage events — when you open the app, send a message, start a call, or open a Space — used for product analytics and abuse prevention.
• Crash reports, latency metrics, and similar diagnostic data.

1.4 Permissions you grant

We request the following device permissions; you may decline any of them, though some features will not work without them.

• Microphone for voice messages, voice calls, and video calls.
• Camera for video calls, attached photos, and avatars.
• Photo library for sending images and videos.
• Contacts to help you find people you already know on Lydo. We hash phone numbers before transmitting them and do not store contact entries that don't match a Lydo account.
• Push notifications for incoming messages, calls, and reminders.
• Calendar on devices where Joby is asked to schedule reminders or read upcoming events on your behalf.

1.5 Payment information

If you subscribe to a paid plan, our payment processor (Stripe) collects and stores your card or bank details. We don't store your full payment card number on our servers — we keep a token that lets us charge you and a record of your billing history.

2. How we use information

• To provide, maintain, and improve the Service.
• To deliver messages, calls, and notifications to the people you intend.
• To power AI features inside your Space, as described in Section 3.
• To operate billing, send receipts, and prevent fraud.
• To detect, investigate, and prevent abuse, security incidents, and violations of our Terms of Service.
• To respond to support requests and communicate operational notices (security alerts, scheduled downtime, policy changes).
• To comply with applicable law and lawful requests from public authorities.

We do not sell your personal information. We do not share your messages, calls, or Joby interactions with advertisers, brokers, or third parties for their own marketing.

3. AI features and Joby

Every Space gets its own Joby — a built-in agent that reads what your team writes and helps in the channels you're already in. To answer your questions, summarize conversations, extract action items, translate messages, and remember decisions, Joby processes your team's content. Here is how that works.

3.1 What Joby can read

Joby reads only the content inside the Space it lives in: messages, call transcripts, wiki pages, notes, board cards, calendar events, and pinned files. Joby in one Space cannot read content from another Space. Direct messages between two users are not visible to Joby unless those users have asked Joby into the conversation.

If you turn on AI features for your personal notes (Settings → Joby), Joby may also process the content of notes you own — and notes shared with you — to power semantic search, in-editor AI actions, related-note suggestions, and similar features. The free-text "Your lydo.md" field, when set, is included with each request to your Joby so its responses better reflect your preferences. You can turn any of this off at any time, which stops further AI processing of personal content.

3.2 Third-party AI processors

Joby uses large language models and supporting AI services hosted by reputable third-party providers to generate responses, transcribe audio, produce embeddings used for search and ranking, and route real-time media. The current list of these providers — and their data-processing regions — is maintained at lydo.chat/subprocessors and may change as we improve the Service. We have written agreements with each that prohibit them from using your content to train their public foundation models, and we use no-retention or zero-data-retention modes where available.

3.3 Training

We do not train external foundation models on your team's content. We may use aggregated, de-identified usage signals (for example: how long a typical answer is, what percentage of users mark a summary as helpful) to improve our own product. We do not use the contents of your messages, files, or transcripts to train models that power other customers.

3.4 Skills marketplace and external integrations

The Skills marketplace and Model Context Protocol (MCP) integrations allow Joby to connect to tools your team already uses — for example, Notion, Linear, GitHub, Google Calendar, or a CRM. When Joby calls one of these tools on your behalf, it sends the data needed to fulfill the request to that tool's provider, and that provider's privacy policy applies to that data. Space admins can disable specific Skills at any time.

3.5 Accuracy

AI outputs may be wrong. Verify before acting on anything Joby tells you, especially anything involving money, health, legal exposure, or harm to others. Lydo is not responsible for decisions you make based on AI output. See the AI Features section of the Terms of Service for the full disclaimer.

4. How we share information

We share information only as follows:

• Inside your Space. Messages, files, and other content you post in a Space are visible to the members of that Space according to its channel and role rules. You are responsible for your team's membership and roles.
• With subprocessors we use to run the Service, listed in Section 5.
• With Space owners. If you use the Service through a Space operated by your employer, contractor, or another organization, the Space owner has access to the content posted in that Space and may export, delete, or audit it according to their own policies.
• For corporate transactions. If we are part of a merger, acquisition, financing, or asset sale, your information may be transferred to the acquirer, who will be bound by this policy or a successor with at least equivalent protections.
• For legal reasons. When we believe in good faith that disclosure is required by law, regulation, legal process, or to prevent imminent harm. Where we can, we'll notify you first.
• With your consent. Any other sharing requires your explicit consent.

5. Subprocessors

To run the Service we use a small set of third-party providers ("subprocessors") for hosting, real-time media, transcription, AI inference, payment processing, crash reporting, and push delivery. We have written agreements with each that bind them to confidentiality, security, and — for the AI vendors — a prohibition on training their public foundation models with your team's content.

The current, authoritative subprocessor list — including each vendor's purpose and data-processing region — lives on its own page so it can be updated independently of this Privacy Policy:

lydo.chat/subprocessors

Enterprise customers receive at least 30 days' advance notice of new subprocessors or material changes in scope. To subscribe to that notice, write team@lydo.chat.

6. Confidential and disappearing messages

Lydo offers two privacy features that go beyond what most team chat tools provide.

6.1 Confidential messages

When you tap Confidential on a message, we erase that message from:

• The sender's device cache.
• The recipient's device cache.
• The Lydo cloud database.
• The Lydo cloud file storage (for any media in the message).
• Search and AI indexes (so Joby can no longer surface it).
• Active backup snapshots (within 30 days; see Backups).

What remains: a tombstone record showing that a message was sent at a particular time and that it was erased. The message text, attachments, and reactions do not. We do not maintain a hidden recoverable copy. Lydo support cannot retrieve a Confidential message.

6.2 Disappearing messages

You can set a per-conversation timer that automatically erases messages a fixed time after they're sent (an hour, a day, a week, a month). The same erasure pipeline as Confidential applies when the timer fires. Disappearing messages are visible to all participants until the timer fires; once it does, they're erased the same way.

6.3 What we cannot guarantee

We can erase messages from systems we control. We cannot prevent another participant from taking a screenshot, photographing their own screen, or copying text into another tool before erasure. Use Confidential and disappearing messages with appropriate trust assumptions.

7. Data retention

• Active workspace content. Retained for as long as the Space is active. Space owners can set a per-channel retention window that automatically erases older messages.
• Closed accounts. When you delete your account, your profile, account settings, and direct messages are deleted within 30 days. Messages you sent in shared Spaces remain owned by the Space and may persist according to that Space's retention rules.
• Closed Spaces. When a Space is deleted, all its content, files, and transcripts are scheduled for deletion within 30 days, with a 7-day grace period during which the Space owner can restore.
• Confidential messages. Erased per Section 6.1; tombstone retained as long as the parent conversation exists.
• Logs. Application and security logs are retained for up to 90 days, then deleted or anonymized.
• Billing records. Retained for 7 years to meet tax and accounting obligations.
• Legal holds. If we are required by law to preserve specific data, we may suspend deletion for that data only and only for as long as the obligation lasts.

8. Backups

We maintain encrypted backups of customer data so we can recover from infrastructure failures. Backup snapshots are retained for up to 30 days and then permanently destroyed. When you trigger an erasure (account deletion, Confidential message, or expired disappearing-message timer), the deletion propagates to active databases immediately and to backup snapshots within the 30-day window as snapshots roll over.

9. Security

• All data in transit is encrypted with TLS 1.2 or higher.
• All data at rest is encrypted using the underlying cloud provider's managed keys.
• Voice and video calls are encrypted in transit between participants and our media servers.
• We follow the principle of least privilege for employee access to customer data and require multi-factor authentication on production systems.
• Access is audited; production data access is logged and reviewed.
• We are working toward SOC 2 Type II attestation. Enterprise customers may request our most recent security questionnaire and pen-test summary under NDA.

No system is ever fully secure. If you discover a vulnerability, please report it to team@lydo.chat.

10. International transfers

Lydo is operated from the United States, and our subprocessors are primarily located in the United States. If you are located in the European Economic Area, the United Kingdom, or Switzerland, your information will be transferred to and processed in countries that may have different data-protection laws than your country of residence. We rely on Standard Contractual Clauses and applicable supplementary measures for these transfers. Enterprise customers may request a Data Processing Addendum and EU-style SCCs from team@lydo.chat.

11. Your rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and the data associated with it.
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, write to team@lydo.chat. If you use Lydo through a Space operated by your employer or another organization, please direct rights requests to that organization first; we will support them in fulfilling the request.

California residents have additional rights under the CCPA/CPRA, including the right to know what categories of personal information we collect and disclose. Lydo does not sell or share personal information for cross-context behavioral advertising.

12. Children's privacy

Lydo is not intended for use by children under 13 years of age (or the equivalent minimum age in your jurisdiction; 16 in parts of the EEA without parental consent). We do not knowingly collect personal information from children below that age. If you believe a child has provided us with personal information, please contact team@lydo.chat and we will delete it.

13. Cookies, local storage, and SDKs

The Lydo web app uses cookies and browser storage to keep you signed in, preserve drafts and unread state, and remember your theme. We do not use advertising cookies. The mobile apps store similar data locally on your device. You can clear local storage from your browser or by removing the app.

We use first-party analytics. We do not embed third-party advertising or behavioral-tracking SDKs in the apps.

14. Push notifications and SMS

If you grant permission, we send push notifications for new messages, calls, and reminders. You can disable push at any time in your device settings or in your Lydo notification preferences.

We send SMS messages only to verify your phone number during sign-up or password reset. Standard message and data rates may apply. We do not send marketing SMS without your separate consent.

15. Export and account deletion

• Export. You can export the messages you authored, your direct-message history, and your account profile from Settings → Privacy → Export my data. The export is delivered as a JSON archive within 7 days.
• Account deletion. You can delete your account from Settings → Account → Delete account. Deletion is irreversible after a 7-day grace period. Content you posted in shared Spaces remains owned by the Space.
• Space deletion. Space owners can delete a Space from Space settings → Danger zone → Delete Space.

16. Changes to this policy

We may update this Privacy Policy as the Service evolves. When we do, we'll change the "Effective" date at the top and, for material changes, give you notice in-app or by email at least 30 days before the change takes effect. Continued use of the Service after the effective date means you accept the updated policy.

17. Contact

All inquiries go to team@lydo.chat. To help us route quickly, please use a descriptive subject line — for example, "Privacy question," "Data subject request," "DPO matter," or "Security disclosure."

Postal address — Wisr Labs Inc., Delaware, United States (full address available on request).