Privacy Policy

We collect three buckets of data, and only the minimum that lets the service work:

• Account data — your name, email, and password (stored as a salted hash). Optional: profile preferences such as preferred travel pace. Legal basis: UK GDPR Article 6(1)(b) — necessary to perform the contract you have with us.
• Generation data — the prompts you send us, the reference images you upload, and the itineraries, charts, and reels we generate for you. We keep these so you can return to your work. Legal basis: Article 6(1)(b) (contract).
• Operational data — login timestamps, IP at sign-in, browser user-agent, and access logs that we use to detect fraud and to defend payment disputes. Legal basis: Article 6(1)(f) — legitimate interests in fraud prevention and dispute defence (we have run a balancing test).
• Tax and accounting records — invoices, refund records, and customer identifiers retained for statutory record-keeping. Legal basis: Article 6(1)(c) — legal obligation under UK Companies Act and HMRC rules (six years).

We do not collect your passport number, biometric data, sensitive religious or political opinions, or precise device GPS location. The destination strings you type (e.g. "Tokyo") are not your geolocation.

No. Your prompts, references, and outputs are processed to generate your itinerary and to keep your account history navigable. They are not used to train Lanely's models or any third-party model. You can wipe your generation history any time from Settings — Lanely deletes within 30 days of the request.

• Stripe, our payment processor — for processing payments and managing subscriptions. Stripe receives your name, email, billing address, and card details directly; Lanely never sees your full card number.
• Cloud infrastructure providers (Vercel for hosting, Supabase for database) under contractual data-processing agreements compliant with GDPR Article 28.
• AI inference providers for the model that generates your itineraries and reels. Prompts are sent for processing; providers are bound by no-training data handling agreements.
• Anti-fraud / dispute resolution — when a chargeback or fraud signal requires it, we share necessary access logs with Stripe and law enforcement.

• Access — request a copy of your data; we deliver within 30 days.
• Rectification — correct anything inaccurate via Settings or by email.
• Erasure — request deletion; we honour within 30 days, retaining only what we need for legal accounting (transaction records for 6 years per UK tax law).
• Portability — export your itineraries, charts, and reels in JSON / mp4.
• Objection — opt out of analytics cookies via the cookie banner.
• CCPA "Do Not Sell" — Lanely does not sell personal information.

• Account profile — until you delete the account.
• Itineraries and reels — retained until you delete them, then 30-day soft-delete.
• Operational and access logs — 13 months, the maximum dispute window.
• Invoices, payment records, and dispute evidence — 6 years (UK Companies Act).

Primary processing occurs in the EEA / UK and the United States. Several of our sub-processors (notably Stripe, Vercel, and AI inference providers) operate infrastructure in the US. Transfers to the US rely on the EU–US Data Privacy Framework certification of those processors where available, supplemented by Standard Contractual Clauses (Module 2 for controller-to-processor and Module 3 for processor-to-processor flows) and the UK International Data Transfer Addendum.

We are not strictly required to appoint a DPO under UK GDPR Article 37 because our processing is not large-scale special-category processing. Our privacy lead is reachable at support@carrollservicesco.com. As a UK-established controller offering services to data subjects in the EU, we have appointed an EU representative under Article 27. The current representative will be listed in this section before any EU marketing — if you are an EU data subject and need to reach the representative before that, email us and we will route your enquiry directly.

Lanely is not aimed at users under 18. If you believe a minor has registered, email support@carrollservicesco.com and we will close the account and delete the data.