Privacy Policy

1. Who We Are

LAVION, Inc. ("LAVION," "we," "us," or "our") is a Delaware C-corporation that provides AI-powered parts pricing automation for appliance repair service businesses. Our platform is available at app.lavion.ai and through a locally-installed agent application.

2. Information We Collect

We collect the following categories of information:

• Account information: name, email address, company name, and contact details provided during onboarding.
• Service data: parts records, job references, model/serial numbers, vendor pricing, and other operational data processed by the LAVION agent on your behalf.
• Usage data: agent heartbeats, cycle counts, error logs, and platform interaction metrics used to monitor service health and improve performance.
• Authentication data: hashed API keys and session tokens. We never store raw API keys or passwords.

3. How We Use Your Information

• To provide, operate, and maintain the LAVION platform and agent services.
• To generate parts pricing recommendations and vendor routing decisions.
• To monitor agent health, detect errors, and send operational alerts.
• To create aggregated, anonymized datasets for product improvement and market intelligence. Individual customer data is never shared with other customers.
• To generate invoices, reports, and savings analyses for your account.
• To communicate service updates, security alerts, and account information.

4. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) hosted in the United States (East US). All data is encrypted in transit (TLS 1.2+) and at rest. We employ row-level security policies, hashed API keys (SHA-256), rate limiting, and regular security audits to protect your information. Access to production systems is restricted to authorized LAVION personnel.

5. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

• Service providers: Anthropic (AI processing), Vercel (hosting), Supabase (database), and Telegram (operational alerts). These providers process data on our behalf under contractual obligations.
• Legal requirements: When required by law, subpoena, or legal process.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

6. Data Retention

We retain your service data for as long as your account is active. Heartbeat telemetry is pruned after 7 days. Analysis and pricing data is retained for the duration of the service agreement. Upon account termination, we will delete your identifiable data within 90 days, except where retention is required by law or for legitimate business purposes (e.g., aggregated anonymized data).

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (subject to legal retention requirements).
• Export your data in a portable format.
• Opt out of certain data processing activities.

To exercise these rights, contact us at privacy@lavion.ai.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To make a request, contact privacy@lavion.ai.

9. Cookies and Tracking

We use essential cookies for authentication and session management only. We do not use third-party advertising trackers, analytics pixels, or cross-site tracking technologies.

10. Children's Privacy

Our services are designed for business use and are not directed at individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this policy from time to time. We will notify active customers of material changes via email or platform notification. Continued use of the service after changes constitutes acceptance.

12. Contact

LAVION, Inc.
Email: privacy@lavion.ai