Privacy Policy
Effective Date: April 15, 2026 · Last Updated: April 15, 2026
1. Introduction
Lisle.ai ("Lisle," "we," "us," or "our") is an AI-powered personal finance platform designed for high-earning individuals and households. This Privacy Policy describes what personal information we collect, why we collect it, how we use and share it, how long we keep it, and what rights you have regarding your data.
Lisle is operated by Lisle, Inc. We act as the data controller for all personal information collected through our website at lisle.ai, our mobile application, and related services (collectively, the "Platform").
This Privacy Policy applies to all visitors, users, and subscribers of the Platform. By creating an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Platform.
This Privacy Policy incorporates our obligations under:
- The Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. 6801–6809, and its implementing Regulation S-P (17 CFR Part 248)
- The California Consumer Privacy Act (CCPA), Cal. Civ. Code 1798.100 et seq., as amended by the California Privacy Rights Act (CPRA)
- The FTC Safeguards Rule, 16 CFR Part 314
- Applicable state consumer privacy laws (Virginia VCDPA, Colorado CPA, Connecticut CTDPA, and others as enacted)
2. Categories of Personal Information Collected
We collect the following categories of personal information. The specific data elements, sources, and purposes for each category are detailed below.
2.1 Identity and Account Data
| Data Element | Collected At |
|---|---|
| Full name | Signup |
| Email address | Signup |
| Password (hashed; we never store plaintext passwords) | Signup |
| State of residence | Onboarding |
| Date of birth | Onboarding |
| Employer name | Onboarding |
| Referral code (if applicable) | Signup |
2.2 Financial Account Data (via Plaid)
| Data Element | Description |
|---|---|
| Institution name | Name of connected bank or brokerage |
| Account names and types | For example, "Chase Checking (Checking)" |
| Account balances | Current and available balance snapshots, synced daily |
| Transaction history | Date, amount, merchant name, and category for each transaction |
We do NOT receive or store: bank account numbers, routing numbers, or your bank login credentials. Those remain with Plaid. Plaid access tokens are encrypted via Supabase Vault (AES-256-GCM) and are never stored in plaintext.
2.3 Tax and Income Data
| Data Element | Source |
|---|---|
| W-2 wages and withholding amounts | User input or document upload |
| Filing status (Single, Married Filing Jointly, Head of Household) | User input |
| Itemized deductions (mortgage interest, property taxes, charitable contributions, medical expenses) | User input |
| Number of dependents | User input |
| Investment income (dividends, capital gains) | User input |
| Tax estimate results (computed federal, state, FICA liabilities) | Calculated by our tax engine |
2.4 Equity Compensation Data
| Data Element | Source |
|---|---|
| Equity grant type (RSU, ISO, NSO, ESPP) | User input or document upload |
| Grant date, total share count | User input or document upload |
| Strike/exercise price | User input or document upload |
| Vesting schedule (dates and amounts) | User input or document upload |
| Stock ticker symbol | User input |
2.5 Uploaded Documents
| Data Element | Description |
|---|---|
| W-2 forms | Wage and tax statements |
| Paystubs | Earnings statements |
| Equity grant letters | Stock option or RSU grant agreements |
| Other financial documents | As uploaded by the user for AI analysis |
Documents are stored encrypted at rest in Supabase Storage. They are processed by our AI system (Anthropic Claude) for data extraction and analysis. See Section 9 for details on AI processing of documents.
2.6 AI Interaction Data
| Data Element | Description |
|---|---|
| Chat messages | Your questions and instructions to the AI financial co-pilot |
| AI responses | The AI-generated replies and analysis |
| Chat session metadata | Timestamps, session identifiers |
2.7 Behavioral and Analytics Data
| Data Element | Description |
|---|---|
| Page views | Which pages you visit within the Platform |
| Feature usage events | Which features you interact with (scenario runs, chat messages, card clicks, tooltip hovers) |
| Session identifiers | Randomly generated per-session IDs to group activity within a single visit |
| Device type | Desktop, tablet, or mobile (derived from screen width) |
| Engagement scoring | Aggregated behavioral metrics used to assess product usage patterns |
2.8 Values Profile Data
As part of onboarding or in-app interactions, we may derive a behavioral profile categorizing your financial motivations (for example, "freedom seeker," "achievement driver," "security anchor," or "legacy builder"). This profile is used to personalize the tone and framing of AI-generated insights. See Section 9.4 for details on this profiling.
2.9 Technical and Security Data
| Data Element | Description |
|---|---|
| IP address | Logged in audit records for security monitoring |
| User agent string | Browser and device information in server logs |
| Authentication events | Login timestamps, failed login attempts, password resets |
| Error reports | Application errors captured by Sentry |
2.10 Payment Data
| Data Element | Description |
|---|---|
| Stripe customer ID | Links your Lisle account to your Stripe billing record |
| Subscription tier and status | Core ($19/mo), Pro ($49/mo), or Pro+ ($99/mo); active, canceled, or past due |
We do NOT receive, store, or process credit card numbers, bank account numbers for payment, or other payment instrument details. All payment processing is handled entirely by Stripe. Lisle never has access to your payment card data.
2.11 Referral and Landing Page Data
| Data Element | Description |
|---|---|
| Email address | Collected when you request access or join the waitlist on our landing page |
| Referral code | If you were referred by an existing user |
3. Sources of Personal Information
We collect personal information from the following sources:
| Source | Categories Collected |
|---|---|
| Directly from you | Identity data, tax and income data, equity data, chat messages, uploaded documents, onboarding responses, referral/waitlist signups |
| Plaid (with your authorization) | Financial account data (institution names, account names and types, balances, transactions) |
| Stripe | Payment status and subscription tier (Stripe customer ID is assigned when you subscribe) |
| Finnhub | Stock price data associated with ticker symbols you provide (no personal information is sent to Finnhub) |
| Automated collection | Behavioral events, session data, device type, IP address, user agent, error reports |
| Derived by our systems | Tax estimates, engagement scores, values profile categorization, AI-generated financial summaries, financial context embeddings |
4. Purposes for Collection and Use
We use your personal information for the following purposes:
| Purpose | Data Categories Used | Legal Basis |
|---|---|---|
| Account creation and authentication | Identity data, email, password | Contractual necessity |
| Delivering the core Platform service | Financial account data, tax data, equity data | Contractual necessity |
| Tax estimation and scenario planning | Tax data, income data, equity data, filing status, deductions | Contractual necessity |
| AI financial co-pilot chat | Chat messages, monthly financial summaries (aggregated), retrieved context chunks | Contractual necessity |
| Document analysis | Uploaded documents (W-2, paystubs, grant letters) | Contractual necessity with your explicit action |
| Proactive financial insights | Monthly financial summaries, spending patterns, equity vesting events | Contractual necessity; legitimate interest |
| Household data sharing | Financial data shared with your household partner per your consent flags | Your explicit consent (per-category opt-in) |
| Subscription billing | Stripe customer ID, subscription tier | Contractual necessity |
| Values profile and personalization | Onboarding responses, behavioral patterns | Legitimate interest (with opt-out available) |
| Product improvement and analytics | Behavioral events, session data, feature usage, engagement scoring | Legitimate interest |
| Security and fraud prevention | IP address, user agent, authentication events, audit logs | Legitimate interest; legal obligation (GLBA Safeguards Rule) |
| Legal compliance | Audit logs, account activity records | Legal obligation |
| Referral program administration | Email address, referral codes | Consent (provided at signup/waitlist) |
5. How We Share Your Information
We share personal information only with the third-party service providers necessary to operate the Platform. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
5.1 Plaid, Inc. (Bank Data Connectivity)
- Purpose: Enables secure, read-only connections to your bank and brokerage accounts.
- Data sent to Plaid: Your bank login credentials are entered directly into Plaid's secure Link interface during connection setup. Lisle never sees or receives your bank login credentials.
- Data received from Plaid: Account names, types, balances, and transaction history.
- Security: SOC 2 Type II certified; PCI DSS Level 1 compliant.
- Plaid Privacy Policy: plaid.com/legal
5.2 Anthropic (AI Chat and Document Analysis)
- Purpose: Powers the AI financial co-pilot chat and processes uploaded documents for data extraction.
- Data sent to Anthropic: Your chat messages; monthly financial summaries aggregated at the category level; relevant financial context chunks retrieved by our RAG system (maximum 5 per query); uploaded document content when you use the document analysis feature.
- Data NOT sent to Anthropic: Individual transaction records; bank account numbers or routing numbers; Plaid access tokens; Social Security Numbers; payment card data; raw account balances as standalone data.
- Model training: Under our enterprise agreement, Anthropic does not use your data to train its AI models.
- Anthropic Privacy Policy: anthropic.com/privacy
5.3 OpenAI (Embeddings Only)
- Purpose: Generates vector embeddings of your monthly financial summaries for our RAG system. OpenAI does not generate any user-facing text or analysis.
- Data sent to OpenAI: Monthly financial category summaries (aggregated). No names, account numbers, or merchant-level details.
- Data retention by OpenAI: Zero Data Retention (ZDR) policy applies under our enterprise agreement.
- Model training: Your data is not used for training under our enterprise terms.
- OpenAI Privacy Policy: openai.com/policies/privacy-policy
5.4 Stripe (Payment Processing)
- Purpose: Processes subscription payments and manages the billing portal.
- Data shared with Stripe: Email address; subscription tier and status metadata.
- Data NOT shared with Stripe: Financial account data, transaction history, tax data, equity data, AI chat transcripts, or any financial analysis.
- Security: PCI DSS Level 1 certified; SOC 2 Type II certified.
- Stripe Privacy Policy: stripe.com/privacy
5.5 Supabase (Database and Authentication)
- Purpose: Primary database (PostgreSQL), user authentication, encrypted secret storage (Vault), and file storage for uploaded documents.
- Data stored in Supabase: All user data described in Section 2, with Row Level Security (RLS) enforced on every table.
- Encryption: AES-256 encryption at rest; TLS in transit; Plaid access tokens additionally encrypted via Supabase Vault (AES-256-GCM).
- Supabase Privacy Policy: supabase.com/privacy
5.6 Finnhub (Stock Price Data)
- Purpose: Provides real-time and delayed stock price quotes for equity compensation tracking.
- Data sent to Finnhub: Stock ticker symbols only (e.g., "AAPL," "GOOG"). No personal information is sent to Finnhub.
5.7 Sentry (Error Monitoring)
- Purpose: Captures application errors, stack traces, and browser metadata to help us diagnose and fix bugs.
- Data sent to Sentry: Error event data, anonymized stack traces, browser metadata. Session Replay is currently disabled.
- Sentry Privacy Policy: sentry.io/privacy
5.8 Vercel (Web Hosting)
- Purpose: Hosts the Lisle.ai web application and serves as the content delivery network (CDN).
- Data processed by Vercel: Encrypted environment variables; HTTP request logs (IP addresses, request paths). No user financial data is stored by Vercel.
5.9 Railway (Tax Engine Hosting)
- Purpose: Hosts the Python-based tax calculation microservice.
- Data processed by Railway: Tax calculation inputs are transmitted to the microservice in-memory for computation and returned as results. The tax engine is stateless — it does not persist any user data.
5.10 Upstash (Rate Limiting and Job Scheduling)
- Purpose: Redis-based rate limiting for API endpoints and subscription query counters; QStash for scheduling background jobs (nightly Plaid sync, embedding refresh, data purge).
- Data stored in Upstash: User ID hashes and counter values for rate limiting (no financial data). Rate limit counters expire automatically with a maximum TTL of 1 hour.
5.11 Other Disclosures
We may also disclose your personal information:
- To comply with law: In response to lawful requests by public authorities, including to meet national security or law enforcement requirements, or to comply with a court order, subpoena, or other legal process.
- To protect rights and safety: When we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, or to investigate fraud.
- In a business transfer: In connection with a merger, acquisition, reorganization, or sale of assets. We will notify you via email and/or a prominent notice on our Platform before your personal information becomes subject to a different privacy policy.
- With your consent: When you direct us to share information with a specific party.
6. Data Retention Schedule
We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.
| Data Category | Retention Period | Basis |
|---|---|---|
| Account and profile data | Duration of active account + 30-day grace period | Service delivery |
| Financial account data (Plaid) | 24 months rolling; deleted within 30 days of account deletion | Financial trend analysis |
| Transaction history | 24 months rolling | Cash flow analysis and AI context |
| Tax scenarios and estimates | Duration of active account | User benefit |
| Equity grants and vesting schedules | Duration of active account | User benefit |
| AI chat messages and responses | 90-day rolling window (automatically purged) | Service quality |
| Financial context embeddings (pgvector) | Duration of active account; purged immediately on deletion request | RAG retrieval |
| Uploaded documents | Duration of active account; deleted within 30 days of deletion | Document analysis feature |
| Proactive insights | 30 days from generation (automatically purged) | In-app display |
| Behavioral analytics events | 12 months rolling | Product improvement |
| Audit logs (GLBA compliance) | 7 years | Legal and regulatory (FTC Safeguards Rule, 16 CFR Part 314) |
| Authentication logs | 90 days | Security monitoring |
| Redis rate limit counters | Maximum 1 hour (TTL enforced) | Rate limiting only |
| Stripe billing records | 7 years from last transaction | Tax and accounting obligations |
Account Deletion Process
When you request account deletion (via Settings or by emailing privacy@lisle.ai):
- Day 0 (immediate): Your deletion request is recorded. Plaid access tokens are revoked. Financial context embeddings are purged. Your Stripe subscription is canceled. Your account is marked as deletion-pending.
- Days 1–30 (grace period): You may cancel the deletion request by contacting support@lisle.ai. During this period, your data is preserved but not accessible for service delivery.
- Day 30 (hard delete): A scheduled background job permanently and irreversibly deletes all data associated with your account from all Lisle systems via cascading database deletion.
Following hard deletion, anonymized aggregate analytics that cannot be linked back to your identity may be retained indefinitely for product improvement.
7. GLBA Privacy Notice
This section constitutes our initial and annual privacy notice as required by the Gramm-Leach-Bliley Act (15 U.S.C. 6801–6809) and Regulation S-P (17 CFR Part 248).
7.1 Our Commitment to Your Financial Privacy
Protecting your nonpublic personal information ("NPI") is a core priority for Lisle. This GLBA Notice explains how we collect, use, and safeguard your NPI.
7.2 Categories of NPI We Collect
- Information we receive from you: Name, email address, state of residence, date of birth, employer, filing status, income information, deduction details, equity compensation data, and the content of uploaded financial documents.
- Information about your transactions with us: Subscription history, tax scenarios you have created, AI chat history, equity grant tracking data, and scenario projections.
- Information we receive from third parties: Bank account names, types, balances, and transaction history received from your financial institutions via Plaid with your authorization.
7.3 How We Use and Share Your NPI
We use your NPI to provide the financial analysis, tax estimation, equity tracking, and AI co-pilot services you have requested. We share your NPI with nonaffiliated third parties only as described in Section 5, specifically with service providers under contractual obligations to protect your information.
We do not share your NPI with nonaffiliated third parties for their own marketing purposes. Under GLBA, you have the right to opt out of such sharing. Because we do not engage in this type of sharing, no opt-out action is required on your part.
7.4 Safeguarding Your Information
We maintain physical, electronic, and procedural safeguards to protect your NPI in compliance with the FTC Safeguards Rule (16 CFR Part 314), including:
- AES-256 encryption of all data at rest
- TLS encryption for all data in transit
- Additional AES-256-GCM encryption of Plaid access tokens via Supabase Vault
- Row Level Security (RLS) on all database tables
- Role-based access controls with the principle of least privilege
- Multi-factor authentication for developer access to production systems
- Regular access reviews and audit logging
- A Written Information Security Program (WISP) maintained and reviewed annually
7.5 Annual Notice
We will provide this GLBA Privacy Notice to you at the time you establish a customer relationship with us and annually thereafter for the duration of that relationship, as required by Regulation S-P. Annual notices will be delivered electronically to the email address associated with your account. You may request a copy of this notice at any time by emailing privacy@lisle.ai.
7.6 Changes to Our Sharing Practices
If we change our information-sharing practices in a manner that would require an opt-out right under GLBA, we will provide you with a revised privacy notice and a reasonable opportunity to opt out before implementing the change.
8. Your California Privacy Rights (CCPA/CPRA)
This section applies to California residents and is provided pursuant to the California Consumer Privacy Act (Cal. Civ. Code 1798.100 et seq.) as amended by the California Privacy Rights Act.
8.1 CCPA Categories Disclosure
| CCPA Category | Data Elements We Collect | Sold? | Shared for Behavioral Advertising? |
|---|---|---|---|
| A. Identifiers | Name, email, IP address, Stripe customer ID, session IDs | No | No |
| B. Personal information per Cal. Civ. Code 1798.80(e) | Name, financial account data, tax data, equity data | No | No |
| C. Protected classification characteristics | Date of birth | No | No |
| D. Commercial information | Subscription tier, transaction history, equity grants | No | No |
| F. Internet or electronic network activity | Page views, feature usage, session data, device type, user agent | No | No |
| G. Geolocation data | State of residence (user-provided, not GPS) | No | No |
| H. Audio, electronic, visual, or similar information | Uploaded documents (W-2, paystubs, grant letters) | No | No |
| I. Professional or employment-related information | Employer name | No | No |
| K. Inferences drawn from personal information | Values profile, engagement scores, tax estimates, AI-generated financial analysis | No | No |
| L. Sensitive personal information | Financial account data (balances and transactions), tax and income data, state of residence | No | No |
We have not sold personal information in the preceding 12 months. We do not sell personal information. We have not shared personal information for cross-context behavioral advertising in the preceding 12 months.
8.2 Right to Know
You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it.
How to exercise: Email privacy@lisle.ai with the subject line "CCPA Right to Know" or use the in-app Data Export feature at Settings > Export My Data.
8.3 Right to Delete
You have the right to request that we delete your personal information, subject to certain exceptions (for example, data required for legal compliance).
How to exercise: Use the in-app account deletion flow at Settings > Account > Delete Account, or email privacy@lisle.ai with the subject line "CCPA Right to Delete."
8.4 Right to Correct
You have the right to request that we correct inaccurate personal information we maintain about you.
How to exercise: Update your information directly in Settings > Profile, or email privacy@lisle.ai with the subject line "CCPA Right to Correct."
8.5 Right to Opt-Out of Sale or Sharing
Lisle does not sell personal information and does not share personal information for cross-context behavioral advertising. We provide a formal mechanism for your records:
- Web page: Visit lisle.ai/do-not-sell
- Email: privacy@lisle.ai with subject "Do Not Sell My Personal Information"
8.6 Right to Limit Use of Sensitive Personal Information
Under CPRA, you have the right to limit our use of sensitive personal information to only what is necessary to provide the services you requested. We use sensitive personal information only to provide the Platform services you have requested and not for any further purposes.
How to exercise: Email privacy@lisle.ai with the subject line "Limit Use of Sensitive Personal Information."
8.7 Do Not Sell or Share My Personal Information
Lisle does not sell or share (as defined by the CCPA/CPRA) your personal information to third parties. All data sharing described in Section 5 is with service providers acting on our behalf under written contracts that prohibit them from using personal information for any purpose other than performing services for Lisle.
8.8 Global Privacy Control
We honor the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we will treat it as a valid opt-out of the sale or sharing of personal information for that browser.
8.9 Non-Discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. Exercising your rights will not result in denial of services, a different price or rate for services, or a different level or quality of services.
8.10 Verification of Requests
To protect your privacy, we must verify your identity before responding to a Right to Know, Right to Delete, or Right to Correct request. We verify your identity by matching the email address you provide in your request to the email address registered to your Lisle account.
8.11 Authorized Agents
California residents may designate an authorized agent to make CCPA requests on their behalf. To do so, submit a signed, written authorization to privacy@lisle.ai along with verification of the agent's identity.
8.12 Response Timing
We will acknowledge receipt of your request within 10 business days and provide a substantive response within 45 calendar days. If we need additional time (up to an additional 45 days), we will notify you in writing with an explanation.
8.13 Metrics
As required by the CCPA, we will publish annual metrics on the number of requests to know, delete, correct, and opt-out received, complied with, and denied, along with the median response time.
9. AI and Automated Decision-Making Disclosure
Lisle uses artificial intelligence and automated systems as core components of the Platform. This section provides transparency into what AI models are used, what data they process, and how you can control AI processing of your data.
9.1 AI Models and Their Purposes
| AI Provider | Model | Purpose | Data Sent |
|---|---|---|---|
| Anthropic | Claude (via API) | Financial co-pilot chat, document analysis, proactive insight generation, offer letter comparison | Chat messages; monthly financial summaries (aggregated, category-level); uploaded documents (when you use document analysis) |
| OpenAI | text-embedding-3-small | Generating vector embeddings for semantic search (RAG) | Monthly financial summaries (aggregated, category-level); no individual transactions; no personally identifiable information beyond what is in summaries |
Neither Anthropic nor OpenAI uses your data to train their models under our enterprise agreements with each provider.
9.2 RAG Pipeline Explanation
When you ask the AI co-pilot a question, the following process occurs:
- Embedding generation (nightly): Each night, a scheduled background job creates updated monthly summaries of your financial data, aggregated at the category level. These summaries are converted into vector embeddings using OpenAI's text-embedding-3-small model.
- Context retrieval (at query time): When you submit a question, your question is converted into a vector embedding. Our system searches your stored embeddings by cosine similarity to find the five most relevant monthly summaries.
- Prompt assembly: Those five summary chunks — which contain category-level aggregated data, not individual transactions — are included as context in the prompt sent to Anthropic's Claude API, along with your question.
- Response generation: Claude generates a personalized response based on the provided context and your question. The response is streamed to your screen in real time.
At no point in this process are individual transaction records (merchant name, exact amount, exact date) sent to any external AI service. Only monthly category-level aggregates are used for AI context.
9.3 Proactive Insights
Lisle may generate proactive financial insights without you asking a question. These insights are triggered by scheduled analysis of your aggregated financial data and may include spending trend alerts, lifestyle creep detection, equity vesting reminders, and cash flow projections.
You can disable proactive insights at any time via Settings > Notification Preferences > AI Insights.
9.4 Behavioral Profiling and Values Profile
Lisle derives a "values profile" based on your onboarding responses and engagement patterns. This profile categorizes your financial motivations (e.g., "freedom seeker," "achievement driver," "security anchor," or "legacy builder") and is used to personalize the tone and framing of AI-generated insights.
The values profile does not affect the accuracy of tax calculations, your subscription pricing, or any lending, credit, insurance, or employment decisions.
How to opt out: Email privacy@lisle.ai with the subject line "Remove Values Profile." Your profile will be deleted within 10 business days.
9.5 Document Analysis
When you upload a document (W-2, paystub, equity grant letter), the document content is sent to Anthropic's Claude API for analysis and data extraction. Anthropic does not retain the document content after processing under our enterprise agreement. If you upload a document containing your Social Security Number, we strongly recommend redacting your SSN before uploading.
9.6 Automated Decision-Making
Lisle does not make automated decisions that produce legal effects or similarly significant effects on you. Lisle does not approve or deny credit, loans, insurance, or employment. Tax estimates and financial projections are informational tools, not binding determinations.
9.7 How to Opt Out of AI Processing
| Feature | Opt-Out Method |
|---|---|
| AI co-pilot chat | Do not use the chat feature; your financial data will not be sent to Anthropic for chat purposes |
| Proactive insights | Settings > Notification Preferences > toggle off "AI Insights" |
| Values profile | Email privacy@lisle.ai with subject "Remove Values Profile" |
| Financial data embeddings | Email privacy@lisle.ai with subject "Opt Out of AI Processing" |
| Document analysis | Do not upload documents; request deletion via Settings or email |
| All AI processing | Email privacy@lisle.ai with subject "Opt Out of All AI Processing" |
10. Data Security Measures
10.1 Encryption
- At rest: All data stored in our database (Supabase PostgreSQL) is encrypted with AES-256.
- In transit: All data transmitted between your device and our servers is encrypted with TLS 1.2 or higher.
- Plaid access tokens: Additionally encrypted with AES-256-GCM via Supabase Vault. These tokens are never stored in plaintext.
10.2 Access Controls
- Row Level Security (RLS): Enforced on every database table. No user can access another user's data through the application layer.
- Service role isolation: The administrative service role key (which bypasses RLS) is used only by server-side background jobs and is never exposed to the client.
- Role-based admin access: Administrative functions require authenticated admin accounts with the appropriate role. Admin actions are logged in the audit trail.
- Developer access controls: Production database access requires multi-factor authentication.
10.3 Monitoring and Logging
- Audit logging: Security-relevant events are recorded in an immutable audit log retained for 7 years.
- Error monitoring: Sentry captures application errors. Session Replay is currently disabled.
- Rate limiting: API endpoints are protected by Upstash Redis-based rate limiting.
10.4 Incident Response
We maintain a documented Incident Response Playbook. In the event of a data breach affecting your personal information, we will notify you in accordance with applicable law (including Cal. Civ. Code 1798.82 for California residents).
10.5 Vendor Security
| Provider | Certifications |
|---|---|
| Plaid | SOC 2 Type II, PCI DSS Level 1 |
| Stripe | PCI DSS Level 1, SOC 2 Type II |
| Supabase | SOC 2 Type II |
| Sentry | SOC 2 Type II |
| Vercel | SOC 2 Type II |
11. Children's Privacy
Lisle is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are under 18, please do not use the Platform. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. Contact us at privacy@lisle.ai if you believe a child has provided us their information.
12. Household Data Sharing
Lisle offers a Household feature that allows two users to form a shared financial household for combined financial planning.
12.1 How Household Sharing Works
- A household is formed when one user (the "primary") invites another user (the "partner") via a secure, token-based invitation link.
- The partner must have their own Lisle account and must explicitly accept the invitation.
- Each household member independently controls what categories of their financial data the other member can view.
12.2 Granular Consent Flags
| Consent Flag | What It Controls | Default |
|---|---|---|
| Share Net Worth | Whether your partner can see your financial account balances and net worth summary | On |
| Share Equity | Whether your partner can see your equity grants and vesting events | Off |
| Share Tax Scenarios | Whether your partner can see your tax estimates, scenarios, and financial profile | Off |
These consent flags are enforced at the database level through Row Level Security policies.
12.3 Changing or Revoking Consent
You can change your sharing preferences at any time via Settings > Household. Changes take effect immediately.
12.4 Dissolving a Household
Either member may dissolve the household at any time. Upon dissolution, all cross-user data access is immediately revoked and the partner is notified.
12.5 AI and Household Data
When household sharing is active and a member uses the AI co-pilot, the RAG system may retrieve financial context from both members' data (subject to consent flags). The AI co-pilot will not reveal data that has not been shared per the consent flags.
13. Document Upload Privacy
13.1 What We Collect
We receive and store the documents you upload, which may include W-2 forms, paystubs, equity grant letters, and other financial documents. These documents may contain sensitive information including your name, employer, Social Security Number (if present on the document), wages, and other financial data.
13.2 How Documents Are Stored
- Documents are stored in Supabase Storage with AES-256 encryption at rest.
- Access is restricted to you via Row Level Security. No other user (including household partners) can access your uploaded documents.
- Documents are transmitted over TLS-encrypted connections.
13.3 How Documents Are Processed
- When you request document analysis, the document content is sent to Anthropic's Claude API for data extraction.
- Anthropic does not retain document content after processing under our enterprise agreement.
- Extracted data is stored in your Lisle account for use in tax calculations and equity tracking.
13.4 Document Retention and Deletion
- Documents are retained for the duration of your active account and deleted within 30 days of account deletion.
- You may delete individual documents at any time via the Platform.
13.5 Sensitive Data in Documents
If you upload a document that contains your Social Security Number, that SSN may be transmitted to Anthropic's Claude API during document analysis. We strongly recommend redacting your SSN from any document before uploading. Lisle does not extract, store, or use SSNs for any purpose.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top of this Policy.
- We will notify you by email to the address associated with your account at least 30 days before material changes take effect.
- We will provide a prominent notice within the Platform.
- For changes that materially affect our GLBA sharing practices, we will provide a revised GLBA Privacy Notice with an opportunity to opt out.
Your continued use of the Platform after the effective date of a revised Privacy Policy constitutes your acceptance of the revised terms.
15. Contact Information
For privacy-related inquiries, requests, or complaints:
- Email: privacy@lisle.ai
- Subject line format: "Privacy Request — [Right or Topic] — [Your Account Email]"
- Mailing Address: Lisle, Inc., Attn: Privacy, 2261 Market Street #4458, San Francisco, CA 94114
- Security incidents / vulnerability disclosures: security@lisle.ai
- General support: support@lisle.ai
Response times: Acknowledgment within 10 business days. Substantive response to verified requests within 45 calendar days (extendable by an additional 45 days with written notice).
16. State-Specific Disclosures
In addition to the California rights described in Section 8, residents of the following states have additional rights under their respective state privacy laws.
16.1 Virginia (Virginia Consumer Data Protection Act, Va. Code 59.1-575 et seq.)
| Right | Description | How to Exercise |
|---|---|---|
| Right to Access | Confirm whether we are processing your personal data and access it | Email privacy@lisle.ai or use in-app Data Export |
| Right to Correct | Correct inaccuracies in your personal data | Settings > Profile or email privacy@lisle.ai |
| Right to Delete | Delete personal data you have provided or we have obtained | Settings > Account > Delete Account or email privacy@lisle.ai |
| Right to Data Portability | Obtain a portable copy of your data in a readily usable format | Settings > Export My Data |
| Right to Opt Out of Profiling | Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects | Email privacy@lisle.ai with subject "Opt Out of Profiling" |
| Right to Appeal | Appeal a denial of your privacy request | Email privacy@lisle.ai within 45 days of receiving our response |
16.2 Colorado (Colorado Privacy Act, C.R.S. 6-1-1301 et seq.)
Effective July 1, 2023. Colorado residents have rights substantially similar to those described in Section 8 (California) and Section 16.1 (Virginia), including the right to appeal denials. We honor universal opt-out mechanisms including the Global Privacy Control (GPC). If your appeal is denied, you may contact the Colorado Attorney General at coag.gov/file-complaint.
16.3 Connecticut (Connecticut Data Privacy Act, Conn. Gen. Stat. 42-515 et seq.)
Effective July 1, 2023. Connecticut residents have rights to access, correct, delete, and port their data, and to opt out of targeted advertising, sale, and profiling. We honor the Global Privacy Control (GPC) signal. If your appeal is denied, you may contact the Connecticut Attorney General at dir.ct.gov/ag/complaint.
16.4 Utah (Utah Consumer Privacy Act, Utah Code 13-61-101 et seq.)
Effective December 31, 2023. Utah residents have rights to access, delete, and port their data, and to opt out of targeted advertising and the sale of personal data. Exercise these rights by emailing privacy@lisle.ai or using in-app tools.
16.5 Texas (Texas Data Privacy and Security Act, Tex. Bus. & Com. Code Ch. 541)
Effective July 1, 2024. Texas residents have rights to access, correct, delete, and port their data, and to opt out of targeted advertising, the sale of personal data, and profiling. Exercise these rights by emailing privacy@lisle.ai or using in-app tools.
16.6 Oregon (Oregon Consumer Privacy Act, Or. Rev. Stat. 646A.570 et seq.)
Effective July 1, 2024. Oregon residents have rights to access, correct, delete, and port their data, and to opt out of targeted advertising, sale, and profiling. Oregon residents may also request a list of specific third parties to whom we have disclosed personal data. Exercise these rights by emailing privacy@lisle.ai.
16.7 Montana (Montana Consumer Data Privacy Act, Mont. Code Ann. 30-14-2801 et seq.)
Effective October 1, 2024. Montana residents have rights substantially similar to those described in Section 16.2 (Colorado). Exercise these rights by emailing privacy@lisle.ai or using in-app tools.
16.8 Other States
We monitor the evolution of state privacy laws. As new state privacy laws take effect, we will update this section accordingly. Residents of states not listed above who have privacy questions are encouraged to contact privacy@lisle.ai.
16.9 Response Times
For all state-specific rights requests: acknowledgment within 10 business days; substantive response within 45 calendar days (extendable by an additional 45 days with written notice); appeals processed within the timeframe specified by the applicable state law (45–60 days depending on state).
17. International Users
Lisle is currently designed for and offered to users in the United States. If you are located outside the United States and choose to use the Platform, you understand and consent to the transfer and processing of your personal information in the United States, which may have different data protection laws than your country of residence.
18. Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals. Because there is no uniform standard for how DNT signals should be interpreted, Lisle does not currently respond to DNT signals. However, we do honor the Global Privacy Control (GPC) signal as described in Section 8.8.
19. Version History
| Version | Date | Summary of Changes |
|---|---|---|
| 1.0 | April 15, 2026 | Initial comprehensive Privacy Policy covering GLBA, CCPA/CPRA, AI disclosure, household sharing, document upload, and multi-state rights |
Contact Us
For privacy-related inquiries, please contact: privacy@lisle.ai