Privacy Policy

Introduction

This Privacy Policy explains how Legache, a division of Waypoint, Inc. (“Legache”, “we”, “us”, or “our”) collects, uses, and discloses information in connection with the Cassandra web application at https://cassandra.legache.com (the “Service”).

This Privacy Policy applies when you visit, access, or use the Service.

Your use of the Service is also subject to our Terms of Service at https://cassandra.legache.com/legal/terms.

By using the Service, you acknowledge the practices described in this Privacy Policy.

Definitions

SERVICE means the Cassandra web application and related features available at https://cassandra.legache.com.

PERSONAL DATA means information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable individual.

USAGE DATA means technical and activity information collected when you access or interact with the Service.

COOKIES are small text files and similar technologies used to remember preferences, maintain sessions, and measure usage.

BROWSER STORAGE means localStorage, sessionStorage, and similar client-side storage available in your browser.

CONTENT means files, prompts, chat messages, documents, graphs, configurations, feedback, and other materials you submit or generate through the Service.

SERVICE PROVIDERS means third parties that process information on our behalf to help operate, secure, analyze, or support the Service.

Information Collection and Use

We collect several categories of information so we can operate, secure, support, and improve the Service.

Data Collection

Account and Authentication Information

• When you create or use an account, we may collect your email address, user identifier, authentication and session information, and related account metadata.

User-Submitted Content

• We may collect and process Content you upload, paste, type, generate, or share through the Service, including documents, prompts, chat messages, graph or editor data, workspace materials, generated outputs, and feedback.

Usage and Device Data

• We may collect information about your browser, device, IP-derived network information, pages or screens viewed, feature usage, timestamps, referring URLs, and diagnostic information related to your interaction with the Service.

Billing and Subscription Data

• If you use paid features, we may collect subscription tier, billing status, renewal or cancellation state, and transaction metadata needed to operate billing and account access. Payment processors may collect additional payment information directly from you.

Communications

• If you contact us or opt in to updates, we may collect the contents of your messages and the contact details associated with those communications.

Browser Storage and Local State

The Service uses browser storage and local state to improve continuity, preserve context, and support interactive features.

• localStorage may be used to persist workspace selection, email or user identity scoping, chat history or chat-related state, UI preferences, and similar application state.

• sessionStorage may be used to preserve active editor content, chat or session continuity, and other per-tab state while you use the Service.

• Cookies and similar technologies may be used by us and our service providers for analytics, preference management, security, and session-related functionality.

You can clear or block some browser storage and cookies through your browser settings, but doing so may affect the availability or behavior of parts of the Service.

Use of Data

We use the information we collect to:

• provide, maintain, and improve the Service;

• authenticate users and maintain accounts and sessions;

• process documents, prompts, and other Content to provide AI-assisted features and generated outputs;

• preserve workspace, editor, and chat continuity across your use of the Service;

• provide support and respond to questions or feedback;

• measure usage, analyze performance, and monitor reliability;

• manage billing, subscription access, service notices, and other communications;

• detect, investigate, prevent, and respond to fraud, abuse, misuse, security incidents, and technical issues;

• comply with legal obligations and protect our rights, property, users, and the Service;

• carry out any other purpose disclosed at the time of collection or with your consent.

AI and Automated Processing

The Service may use automated systems, including large language models and other machine learning tools, to process the Content and prompts you submit.

This processing may be used to generate answers, summaries, labels, relationships, graph structures, recommendations, and other outputs or supporting metadata.

To provide these features, submitted Content, prompts, generated outputs, and related metadata may be transmitted to, processed by, and stored within our systems and service-provider infrastructure.

You should not submit information you are not authorized to disclose or that you do not want processed in connection with AI-assisted features.

Retention of Data

We retain Personal Data, Usage Data, and Content for as long as reasonably necessary to provide, secure, support, and improve the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention periods may vary depending on the type of information, account status, legal requirements, operational needs, and the features you use.

Data stored in your browser may remain on your device until you clear it, it expires, or the Service removes or replaces it.

Transfer of Data

Your information may be processed on servers located outside your state, province, or country.

By using the Service or submitting information to it, you understand that your information may be transferred to and processed in jurisdictions that may have different data protection laws, subject to applicable law.

Disclosure of Data

We may disclose information we collect or you provide:

• to our affiliates and service providers that help us operate, secure, analyze, support, or bill for the Service;

• to fulfill the purpose for which you provided the information or requested the feature;

• when required by law, legal process, or valid governmental request;

• when we believe disclosure is necessary to protect our rights, property, users, or the safety or integrity of the Service;

• in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction;

• with your consent or at your direction.

Security of Data

We use commercially reasonable administrative, technical, and organizational measures designed to protect information processed through the Service.

No method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

Service Providers

We may use third-party service providers to help host, authenticate, secure, support, monitor, analyze, or otherwise operate the Service.

These providers may have access to information only as reasonably necessary to perform services for us or on our behalf and are subject to their own legal and contractual obligations.

Analytics

We use Google Analytics to help us understand website traffic and product usage patterns.

Google Analytics may collect usage, browser, device, and cookie-related information subject to Google's own terms and privacy practices.

For more information, please visit https://policies.google.com/privacy?hl=en and https://support.google.com/analytics/answer/4597324?hl=en.

Authentication and Account Services

We use Supabase to support sign-up, sign-in, session management, and related authentication services.

Supabase may process account identifiers, authentication credentials, tokens, and session metadata as needed to provide those services.

For more information, please visit https://supabase.com/privacy.

Error Monitoring and Diagnostics

We use Sentry to receive error reports and operational diagnostics that help us detect, investigate, and fix problems with the Service.

Our Sentry configuration is intended to avoid sending default personally identifying information and to redact certain sensitive request fields where practicable, but diagnostic data may still include technical context about your use of the Service.

For more information, please visit https://sentry.io/privacy/.

Payments

If you use paid features, billing and subscription management may involve third-party payment processors or billing providers selected by us.

Those providers may process payment information directly under their own terms and privacy policies. We may receive limited billing details such as subscription status, renewal dates, cancellation status, and transaction metadata needed to manage your account and paid access.

Links to Other Sites

The Service may contain links to sites or services that are not operated by us.

If you visit a third-party site or service, its privacy practices and content are governed by that third party, not by us. We encourage you to review the privacy policy of every external site or service you use.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time by posting the revised version on this page.

Changes become effective when posted unless otherwise stated. We encourage you to review this page periodically for updates.

Contact Us

If you have any questions about this Privacy Policy, please contact us at contact@legache.com.