LirefinLirefin
Add to Chrome
Legal

Privacy Policy

Last updated: May 11, 2026

This Privacy Policy explains how Lirefin ("we", "us", "our") collects, uses, and shares information when you use the Lirefin Chrome extension, our website at lirefin.com, and related backend services (collectively, the "Service").

We designed Lirefin to do its job with as little personal data as possible. We do not sell your data, we do not advertise on it, and we do not log article text persistently.

1. Information we collect

1.1 Account information

When you sign in with Google, our authentication provider Supabase stores your email address, Google account ID, and profile picture URL. We use this only to identify your account, sync settings across your devices, and contact you about the Service.

1.2 Portfolio data

You voluntarily configure a list of tickers (e.g. AAPL, MSFT, BTC) and ETFs you want analyses for. This list is stored in your account and synced via Chrome storage. We use it solely to filter and contextualize the analyses we generate for you. You can edit or delete your portfolio at any time from the extension's settings panel.

1.3 Article content (transient)

When you press Analyzeon a financial news article, the extension extracts the article text using Mozilla Readability and sends it to our backend for processing by Anthropic's Claude AI. We do not log article text persistently. Article content is held in volatile memory only long enough to generate your analysis. A short SHA-256 hash of the article URL and your output language is cached for up to 5 minutes to avoid charging you twice for the same article — the cache stores the analysis result, not the original article text.

1.4 Usage data

We log minimal operational metadata: a per-device random UUID (generated client-side, used for rate-limiting), the timestamp of each analysis, your output language, the number of credits each request consumed, and a hashed identifier for the source URL. We do not log your full browsing history, the contents of pages you visit, your tabs, your cookies, or any form data.

1.5 Billing data

Billing is processed by Dodo Payments, our Merchant-of-Record. Dodo collects the information required to process the transaction (name, email, billing country, last four digits of payment instrument, tax identifier where required). We receive a transaction confirmation and, upon successful payment, credit your account. We never see or store full card numbers, CVVs, or bank credentials. Dodo's own privacy policy governs the data they collect from you during checkout.

1.6 Information we do NOT collect

  • Your full browsing history or list of open tabs.
  • The content of pages you do not explicitly Analyze.
  • Form data, passwords, or any credentials you type.
  • Cookies set by other sites.
  • Your IP address beyond standard server access logs.
  • Behavioral, advertising, or cross-site tracking data.

2. How we use your information

  • To authenticate you and sync your settings across devices.
  • To generate AI analyses tailored to the assets in your portfolio.
  • To enforce per-device rate limits and prevent abuse of our backend.
  • To debug failures and improve reliability of the Service.
  • To process payments and apply credits to your account (when paid plans launch).
  • To communicate with you about your account, security, and material changes to the Service.

3. Sub-processors and third parties

To run the Service we share strictly necessary information with the following sub-processors:

  • Anthropic (USA) — receives the article text and your portfolio for the duration of one analysis call to generate output via Claude. Anthropic does not train its models on data sent through their commercial API.
  • Supabase (USA / EU) — stores your account, portfolio, and credit balance. Hosts our PostgreSQL database with row-level security.
  • Finnhub (USA) — receives the search string when you look up a ticker in the settings panel; returns matching global tickers. We do not send your portfolio.
  • Resend (USA) — delivers transactional emails (one-time codes, account notifications).
  • Railway (USA) — hosts our backend service.
  • Vercel (USA) — hosts this marketing website.
  • Google — provides the OAuth identity flow when you sign in with Google.
  • Dodo Payments (USA) — our Merchant-of-Record. Handles checkout, subscription management, sales tax / VAT, and refunds. Dodo collects the personal and payment information required to process the transaction.

We do not sell or rent your personal information. We do not use it for advertising. We will never share your data except (a) with the sub-processors listed above as required to run the Service; (b) with your explicit consent; or (c) when required by law.

4. Cookies and similar technologies

This section describes our public marketing website at lirefin.com only. It does not cover cookies placed by the Chrome extension itself.

4.1 Essential storage

We save your cookie choice (for example Accept or Decline optional) in localStorage so we do not show the banner again on every visit. This processing is limited to what is necessary to respect your preference.

4.2 Analytics and performance

We load lightweight scripts on the marketing pages for Google Analytics 4 (Consent Mode defaults: analytics storage is denied until you choose Accept; you can revoke later via cookie settings) and Ahrefs Web Analytics so we can see aggregate traffic and confirm third-party dashboards recognize the snippet.

If you click Accept, we also enable Vercel Web Analytics and Vercel Speed Insights for additional aggregate performance telemetry.

If you click Decline optional, we keep GA4's analytics storage in the default denied state and we do not load Vercel's analytics scripts. You can revisit your choice any time using Cookie settings in the footer.

4.3 Sub-processors

When enabled, analytics events are processed under each vendor's terms (including Ahrefs Web Analytics present on pages, Google when GA4 loads, Vercel when you accept optional analytics tools). We minimise data and do not sell your personal information.

For visitors in the EEA, UK, Switzerland, or where similar rules apply, GA4 runs with refused analytics measurement until you opt in via the banner, and we load Vercel Web Analytics plus Speed Insights only after that choice.

5. Data retention

  • Account profile: kept for the lifetime of your account; deleted within 30 days of account deletion.
  • Portfolio: kept for the lifetime of your account; deleted within 30 days of account deletion.
  • Article text: not persistently stored. Held in volatile memory for the duration of one analysis only.
  • Analysis results: cached for up to 5 minutes server-side; stored in your local extension storage if you choose to keep them in your local history.
  • Operational logs (timestamps, device UUID, hashed URL, credits consumed): up to 90 days.
  • Billing records: kept for 10 years where required by tax law in the user's jurisdiction.

6. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to or restrict our processing of it. Specifically:

  • EU/EEA + UK (GDPR): rights of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and objection (Art. 21).
  • California (CCPA/CPRA): rights to know, delete, correct, opt out of sale (we do not sell), and limit use of sensitive personal information.
  • Türkiye (KVKK): the rights set out in Article 11 of Law No. 6698, including learning whether your personal data has been processed, requesting information about it, and requesting deletion.

To exercise any of these rights, email us at legal@lirefin.com. We respond within 30 days. You can also delete your account from the extension's settings panel at any time.

7. Children

Lirefin is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

8. International data transfers

We are based outside the EU, and our sub-processors are located in the United States and the European Union. By using Lirefin you acknowledge that your data may be transferred to and processed in those jurisdictions. Where required, we rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms.

9. Security

We use TLS in transit, encrypted-at-rest storage on Supabase, row-level security policies, principle-of-least-privilege backend credentials, and short-lived JWTs for authentication. No system is perfectly secure; if a breach affects you, we will notify you and the relevant authorities as required by law.

10. Changes to this policy

If we materially change how we handle your data we will update this page and, when the change is significant, notify you by email or inside the extension. Continued use of the Service after a change constitutes acceptance of the updated policy.

11. Contact

Questions, complaints, or rights requests: legal@lirefin.com. See also our contact page.