1. Who We Are
Red Lobsta ("we", "us", "our") operates LobstaCloud, LobstaKit, and LobstaBox — products that enable personal AI assistants. This Privacy Policy explains how we collect, use, and protect your information across all our services. Our website is redlobsta.com.
2. Information We Collect
We collect the following types of information:
Account Information
- Name and email address (provided directly or via GitHub/Google OAuth)
- Profile information from OAuth providers (display name, avatar)
- Account preferences and settings
Payment Information
- Billing details are processed and stored by Stripe. We do not store your full credit card number.
- We retain Stripe customer IDs, subscription status, and transaction history for billing purposes.
Usage Data
- Instance metrics (uptime, resource consumption, API call counts)
- Log data (timestamps, error logs, performance metrics)
- Feature usage and interaction patterns within the dashboard
Technical Data
- IP address, browser type, operating system
- Device identifiers and session information
3. How We Use Your Information
- Provide, operate, and maintain the Services
- Process transactions and manage subscriptions via Stripe
- Send transactional emails (billing confirmations, security alerts, service updates)
- Monitor and improve performance, reliability, and security
- Analyze aggregate usage trends (not individual behavior)
- Detect, prevent, and respond to fraud or abuse
- Comply with legal obligations
4. Your Instance Data
You retain full ownership of all data processed by your Lobsta instances — including conversations, files, memories, and configurations. We do not access, read, or analyze your instance data except:
- When necessary to provide the Service (e.g., infrastructure operations)
- At your explicit request (e.g., debugging support)
- As required by law
5. Third-Party Services
We use the following third-party services that may process your data:
- Stripe — Payment processing. Subject to Stripe's Privacy Policy.
- Google Cloud Platform — Infrastructure hosting. Data encrypted at rest and in transit.
- GitHub OAuth — Authentication. We receive your public profile info and email.
- Google OAuth — Authentication. We receive your name, email, and profile picture.
We do not sell your personal information to any third party. We do not use third-party advertising or tracking services.
6. Data Storage & Security
Your data is stored on Google Cloud Platform infrastructure with the following protections:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Each instance runs in an isolated container with its own network namespace
- API keys are stored as salted hashes — never in plaintext
- Regular security audits and dependency updates
- Access to production systems is restricted and logged
7. Cookies
We use only essential cookies required for the Services to function:
- Authentication cookies — Maintain your login session
- Security cookies — CSRF protection and session validation
We do not use third-party advertising cookies, social media tracking pixels, or behavioral analytics cookies. We may use anonymous, aggregated analytics to understand how the Services are used.
8. Data Retention
- Account data — Retained while your account is active
- Instance logs — Retained for 30 days, then automatically purged
- Account deletion — All personal data and instance data permanently deleted within 30 days of account deletion
- Billing records — Retained for up to 7 years as required by tax and financial regulations
- Security logs — Retained for up to 90 days for fraud prevention
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate data
- Deletion — Request deletion of your personal data and account
- Export — Export your instance data at any time via the dashboard or API
- Restriction — Request that we limit processing of your data
- Objection — Object to processing based on legitimate interests
- Portability — Receive your data in a structured, machine-readable format
To exercise any of these rights, contact us at privacy@redlobsta.com. We will respond within 30 days.
10. GDPR (European Users)
If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal data under the following legal bases:
- Contract performance — Processing necessary to provide the Services you've subscribed to
- Legitimate interest — Security, fraud prevention, and service improvement
- Legal obligation — Tax and financial record-keeping
- Consent — Where required (e.g., optional communications)
Your data may be transferred outside the EEA to the United States (Google Cloud). We rely on Standard Contractual Clauses and adequate safeguards to protect your data during international transfers. You have the right to lodge a complaint with your local data protection authority.
11. CCPA (California Users)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know — Request disclosure of the categories and specific pieces of personal information we've collected
- Right to Delete — Request deletion of your personal information
- Right to Opt-Out — We do not sell personal information, so this right does not apply
- Non-Discrimination — We will not discriminate against you for exercising your CCPA rights
To make a CCPA request, email privacy@redlobsta.com with the subject line "CCPA Request".
12. Children's Privacy
The Services are not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or through the Services at least 30 days before they take effect. Your continued use of the Services constitutes acceptance of the updated policy.