The full, formatted version of this policy lives at lydo.chat/privacy. This in-app copy mirrors the same content for the sign-in flow.

§ How Lydo handles your data

Privacy Policy

Effective May 9, 2026

This Privacy Policy explains what information Lydo collects, how we use it, who we share it with, and the rights you have over it. It applies to the Lydo mobile apps, web app, the marketing site at lydo.chat, and any related services we offer (together, the "Service").

Lydo is operated by Wisr Labs Inc., a Delaware corporation ("Lydo," "we," "our," or "us"). When your employer or team operates a Lydo workspace ("Space"), they are the controller of the data your team puts into that Space; we process that data on their behalf as described below.

The short version We collect only what we need to run the Service. We don't sell your data. We don't train external AI models on your team's content. We give you the strongest erasure feature in any team chat — Confidential — and we use it on ourselves too.

1. Information we collect

1.1 Account information

Phone number, email, display name, profile photo when you create an account.
Password (hashed) or third-party identity tokens if you sign in with Google, Apple, or another provider.
Verification codes used to prove ownership of your account.
Workspace and role information — which Spaces you belong to, what role you hold, what channels you've joined.

1.2 Communications and content

Messages — text, images, video, audio, files, polls, and reactions you send in any channel, group, or direct message.
Voice and video calls — connection metadata, and, where the Space owner has enabled it, recordings and transcripts.
Transcripts — when transcription is enabled, we generate a written record of voice/video calls; transcripts can be searched by Joby, approved connected agents, and the team's authorized members.
Wiki, Notes, Action Board, Calendar, Broadcast — anything your team writes, schedules, captures, or pins inside a Space.
AI agent interactions — questions you ask Joby or an approved connected agent, the answers returned, and the source citations.

1.3 Device and usage information

Device type, OS, app version, language, timezone, and a device identifier we generate.
Approximate location derived from IP. We do not collect precise GPS unless you attach it to a message.
Usage events for product analytics and abuse prevention.
Crash reports, latency metrics, and similar diagnostic data.

1.4 Permissions you grant

Microphone for voice messages, voice calls, video calls.
Camera for video calls, attached photos, avatars.
Photo library for sending images and videos.
Contacts to help you find people you already know on Lydo. We hash phone numbers before transmitting them.
Push notifications for incoming messages, calls, reminders.
Calendar on devices where Joby or an approved connected agent is asked to schedule reminders.

1.5 Payment information

Stripe collects and stores your card or bank details for paid plans. We don't store your full card number — we keep a token that lets us charge you and a record of your billing history.

2. How we use information

To provide, maintain, and improve the Service.
To deliver messages, calls, and notifications.
To power AI features inside your Space (see Section 3).
To operate billing, send receipts, and prevent fraud.
To detect, investigate, and prevent abuse and Terms violations.
To respond to support requests and operational notices.
To comply with applicable law.

We do not sell your personal information. We do not share your messages, calls, or AI agent interactions with advertisers, brokers, or third parties for their own marketing.

3. AI features and agents

Every Space gets Joby, our built-in agent, and Space admins can connect approved AI agents such as Claude, ChatGPT, Gemini, Grok, or custom agents. To answer questions, summarize conversations, extract action items, translate messages, and remember decisions, Joby and approved connected agents process the content your Space permits.

3.1 What AI agents can read

Joby and approved connected agents read only the content inside the Space, channel, conversation, or tool scope they are allowed to access. An agent in one Space cannot read content from another Space unless your organization has explicitly connected those Spaces. Direct messages between two users are not visible to an agent unless those users have asked that agent into the conversation.

If you turn on AI features for your personal notes (Settings → Joby), Joby and approved connected agents may also process the content of notes you own — and notes shared with you — to power semantic search, in-editor AI actions, related-note suggestions, and similar features. The free-text "Your lydo.md" field, when set, is included with each request so responses better reflect your preferences. You can turn any of this off at any time, which stops further AI processing of personal content.

3.2 Third-party AI processors

Joby and connected AI features use large language models and supporting AI services hosted by reputable third-party providers to generate responses, transcribe audio, produce embeddings used for search and ranking, and route real-time media. The current list of these providers — and their data-processing regions — is maintained at lydo.chat/subprocessors and may change as we improve the Service. We have written agreements with each that prohibit them from using your content to train their public foundation models, and we use no-retention or zero-data-retention modes where available.

3.3 Training

We do not train external foundation models on your team's content. We may use aggregated, de-identified usage signals (e.g. how long an answer is, what percentage of users mark a summary as helpful) to improve our own product.

3.4 External integrations

Third-party integrations and Model Context Protocol (MCP) connections let Joby and approved connected agents connect to tools like Notion, Linear, GitHub, Google Calendar, and CRMs. When an agent calls a tool on your behalf, the data needed to fulfill the request is sent to that tool's provider, and that provider's privacy policy applies. Space admins can disable specific integrations at any time.

3.5 Accuracy

AI outputs may be wrong. Verify before acting on anything an AI agent tells you, especially anything involving money, health, legal exposure, or harm to others.

4. How we share information

Inside your Space — content is visible according to channel and role rules.
With subprocessors we use to run the Service (see Section 5).
With Space owners — if you use the Service through a Space operated by your employer or another organization, that Space owner has access to the content posted in that Space.
For corporate transactions — in connection with a merger, acquisition, financing, or asset sale.
For legal reasons — when we believe in good faith disclosure is required by law or to prevent imminent harm.
With your consent.

5. Subprocessors

To run the Service we use a small set of third-party providers ("subprocessors") for hosting, real-time media, transcription, AI inference, payment processing, crash reporting, and push delivery. We have written agreements with each binding them to confidentiality, security, and — for the AI vendors — a prohibition on training their public foundation models with your team's content.

The current, authoritative subprocessor list — with each vendor's purpose and data-processing region — lives on its own page so it can be updated independently of this Privacy Policy: lydo.chat/subprocessors.

Enterprise customers receive at least 30 days' advance notice of new subprocessors. Email team@lydo.chat with subject "Subprocessor notice" to subscribe.

6. Confidential and disappearing messages

6.1 Confidential

When you tap Confidential on a message, we erase it from sender and recipient device caches, the Lydo cloud database, cloud file storage, search and AI indexes, and active backup snapshots (within 30 days). What remains is a tombstone showing a message was sent and erased. We do not maintain a hidden recoverable copy.

6.2 Disappearing messages

You can set a per-conversation timer that automatically erases messages a fixed time after they're sent. The same erasure pipeline as Confidential applies when the timer fires.

6.3 What we cannot guarantee

We can erase messages from systems we control. We cannot prevent another participant from screenshotting, photographing their screen, or copying text into another tool before erasure.

7. Data retention

Active workspace content — kept while the Space is active. Owners can set a per-channel retention window.
Closed accounts — profile, settings, and DMs deleted within 30 days. Messages in shared Spaces remain owned by the Space.
Closed Spaces — content scheduled for deletion within 30 days, with a 7-day grace period.
Confidential — erased per Section 6.1; tombstone retained as long as the parent conversation exists.
Logs — retained up to 90 days.
Billing — retained 7 years for tax/accounting.
Legal holds — may suspend deletion only as required.

8. Backups

Encrypted backups are retained up to 30 days then permanently destroyed. When you trigger an erasure, deletion propagates to active databases immediately and to backup snapshots within the 30-day window as snapshots roll over.

9. Security

TLS 1.2+ in transit.
Encryption at rest using cloud-provider managed keys.
Voice/video encrypted in transit between participants and our media servers.
Least-privilege employee access; multi-factor auth on production.
Production access logged and reviewed.
Enterprise MLS encrypted Spaces are planned for private rollouts with teams that need human members and approved AI agents operating inside the same encrypted boundary.
Working toward SOC 2 Type II. Enterprise customers may request our latest security questionnaire under NDA.

10. International transfers

Lydo is operated from the United States. If you're in the EEA, U.K., or Switzerland, your information will be transferred to and processed in countries with different data-protection laws. We rely on Standard Contractual Clauses for these transfers. Enterprise customers may request a Data Processing Addendum.

11. Your rights

Depending on where you live, you may have the right to access, correct, delete, export, object to processing, restrict processing, withdraw consent, and lodge a complaint with your data-protection authority. Contact team@lydo.chat. California residents have additional CCPA/CPRA rights. We do not sell or share personal information for cross-context behavioral advertising.

12. Children's privacy

Lydo is not intended for children under 13 (or the equivalent age in your jurisdiction; 16 in parts of the EEA without parental consent).

13. Cookies and SDKs

We use cookies and browser storage to keep you signed in, preserve drafts and unread state, and remember your theme. We do not use advertising cookies. We use first-party analytics and do not embed third-party advertising or behavioral-tracking SDKs in the apps.

14. Push and SMS

If you grant permission, we send push notifications. SMS is sent only for verification during sign-up or password reset; standard rates may apply. We do not send marketing SMS without separate consent.

15. Export and deletion

Export — Settings → Privacy → Export my data. Delivered as a JSON archive within 7 days.
Account deletion — Settings → Account → Delete account. Irreversible after a 7-day grace period.
Space deletion — Space settings → Danger zone → Delete Space.

16. Changes

For material changes, we'll give notice in-app or by email at least 30 days before the change takes effect.

17. Contact

All inquiries go to team@lydo.chat. Use a descriptive subject line — for example, "Privacy question," "Data subject request," "DPO matter," or "Security disclosure."

Postal — Wisr Labs Inc., Delaware, United States.