Legal
Privacy Policy
This Privacy Policy explains how Leny ("Leny," "we," "us," or "our") collects, uses, shares, and protects information when you use our websites, mobile experiences, and the Leny AI health companion (collectively, the "Service"). Leny serves two audiences: people seeking general health information ("patients" or "consumers") and clinicians using Leny as a clinical assistant ("clinicians"). This policy applies to both, and we call out where the rules differ.
If you do not agree with this policy, please do not use the Service.
Contents
- Who we are
- The short version
- Information we collect
- How we use your information
- Health information & HIPAA
- AI processing of your messages
- Voice features (Deepgram)
- Analytics (PostHog)
- Cookies and similar technologies
- How we share information
- Data retention
- Security
- Your rights
- International data transfers
- Children
- Changes to this policy
- Contact us
1. Who we are
- Controller / business: Leny, a California corporation headquartered at 7660H Fay Ave, Suite 504, La Jolla, CA 92037.
- Contact: info@leny.ai
- Product: Leny is a consumer wellness and clinical-assistant tool. Leny is not your doctor, does not provide medical care, and is not a substitute for professional medical advice, diagnosis, or treatment.
2. The short version (TL;DR)
- We collect what you tell us (account info, chat messages, voice when you use voice features), what your device tells us (IP, browser, basic event logs), and limited data from our processors.
- We use it to run the Service, generate AI responses, keep you signed in, improve the product, and keep things secure.
- We do not sell your personal information. We do not use your health-related chat content to train third-party foundation models without your consent.
- Voice is transcribed by Deepgram. Product analytics run on PostHog. AI responses are generated by [Anthropic / OpenAI]. Hosting is on [AWS].
- Important HIPAA note: In the consumer flow, Leny is generally not a HIPAA-covered entity, so the health information you type into Leny is not protected by HIPAA. See Section 5.
- You have rights — access, deletion, correction, and more — see Section 13.
- Contact us at info@leny.ai with any question.
3. Information we collect
3.1 You give us
| Category | Examples |
|---|---|
| Account | Username, email, hashed password, display name, role (patient or clinical role such as physician, RN, NP, PA, pharmacist, student) |
| Profile | Care team / provider names you choose to save |
| Conversation content | Messages you send to Leny, including symptoms, conditions, medications, lab values, and any free-text health information you choose to share |
| Voice | Audio you record when you use voice input (transcribed in near-real time, see Section 7) |
| Verification | A photo of a government-issued ID. We only ask for photo ID for primary verification — we do not collect medical licenses, diplomas, or board certificates as primary verification documents |
| Communications | Messages you send to support, feedback, survey responses |
3.2 Collected automatically
- Device & browser metadata: IP address, user agent, OS, screen size, language, time zone.
- Session and security tokens: Stored in your browser's
localStorageasleny_token,leny_is_guest, andleny_username. - Local conversation snapshot: A
Leny_v21object stored inlocalStorageso your in-progress chat persists across reloads. This stays on your device. - Product events: Things like
guest_session_created,turn_nudge_shown, andsignup_completed(see Section 8). - Logs: Server logs of requests, errors, and timing for security and reliability.
3.3 From third parties
- Identity providers (if you sign in via [Google / Apple]): basic profile info they share with us.
- Sub-processors: Limited operational data from Deepgram, PostHog, [AWS], [Anthropic / OpenAI], and our [email provider] — only what's needed to deliver the Service.
4. How we use your information
We process your information to:
- Create and secure your account, authenticate you, and keep your session active.
- Send your messages to our AI model provider so it can generate a response.
- Transcribe your voice input when you use voice features.
- Personalize content (e.g., remembering your saved care team).
- Operate, debug, and improve the Service (analytics, A/B tests, abuse detection).
- Comply with law, enforce our Terms, and prevent fraud or harm.
- Send service messages and, with your consent or where allowed, occasional product updates.
We do not use your conversation content to train third-party foundation models without your consent. We may use de-identified or aggregated data to improve our own prompts, evaluations, and product quality.
5. Health information — important context (HIPAA, sensitive data)
Please read this section carefully. It is the most commonly misunderstood part of using a tool like Leny.
- Consumer use is not HIPAA-covered. Leny is a consumer wellness service. We are not your healthcare provider, your insurer, or a clearinghouse. That means the health-related information you type into Leny in the consumer flow is not Protected Health Information (PHI) under HIPAA — HIPAA's protections do not apply to it.
- We still treat it as sensitive. We protect health-related content with the same security and access controls we use for other sensitive data, and most US state privacy laws (including California's CPRA) treat health information as "sensitive personal information."
- B2B / Business Associate situations. When Leny is used under a contract with a HIPAA-covered entity (for example, a clinic that deploys Leny to its staff or patients), and we sign a Business Associate Agreement ("BAA"), Leny acts as a Business Associate for that deployment. In that case, the BAA — not this Privacy Policy alone — governs how we handle PHI for that customer.
- Clinician-entered patient information. If you are a clinician using Leny as a clinical assistant, do not paste identifiable patient information unless your organization has a BAA with us. Use de-identified case details.
6. AI processing of your messages
- Your prompts (including any health information you include) are sent to our AI model provider, currently [Anthropic / OpenAI], to generate responses.
- We have a contract with the model provider that prohibits using your inputs and outputs to train their general models.
- We may store your conversations on our servers so you can see your history, and so we can debug and improve safety. Retention details are in Section 11.
- AI responses can be wrong. Always confirm anything important with a qualified clinician.
7. Voice features (Deepgram)
- When you use voice input, your audio is streamed to Deepgram for transcription.
- Deepgram returns text to us, and we then process that text the same way as any typed message (Section 6).
- Per our agreement with Deepgram, your audio is not used to train Deepgram's models.
- Audio is generally not retained by us beyond what's needed to produce and (briefly) verify the transcript. See Section 11.
8. Analytics and product improvement (PostHog)
- We use PostHog to understand how the Service is used.
- Events we track include things like
guest_session_created,turn_nudge_shown, andsignup_completed, plus page views and basic session metadata. - We do not send the contents of your chat messages to PostHog.
- PostHog data is associated with a pseudonymous device or user ID, plus your account ID once you sign in.
- You can opt out of analytics where required (see Section 13).
9. Cookies and similar technologies
We use cookies, localStorage, and similar technologies to keep you signed in
(leny_token), remember guest sessions (leny_is_guest,
leny_username), persist your in-progress chat (Leny_v21), and run
analytics. For details on each cookie/storage key, its purpose, and how to control it, see our
Cookie Policy.
10. How we share information (sub-processors, no sale)
We share information only with:
| Recipient | Purpose | Data involved |
|---|---|---|
| [AWS] | Cloud hosting and storage | All Service data |
| [Anthropic / OpenAI] | AI model inference | Your prompts and conversation context |
| Deepgram | Voice-to-text transcription | Your audio input |
| PostHog | Product analytics | Event metadata, pseudonymous IDs |
| [Email provider] | Transactional and account email | Email address, message content |
| Identity providers (if used) | Sign-in | Account identifiers |
| Professional advisors | Legal and financial support | As needed |
| Government / legal | Where required by law, subpoena, or to protect rights and safety | As required |
| Acquirer (in a merger or asset sale) | Continuity of the Service | All Service data, with notice |
We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under California law.
A current sub-processor list is available at [/sub-processors] (or by request to info@leny.ai).
11. Data retention
- Account data: Kept while your account is active and for up to [12] months after deletion, then purged or de-identified, except where we must keep records longer for legal, tax, or security reasons.
- Conversation history: Kept while your account is active so you can view past chats. You can delete individual conversations in-app at any time.
- Voice audio: Not retained beyond what's needed to produce and verify the transcript — typically minutes, not days.
- Logs: Server and security logs are kept for up to [90] days.
- Analytics events: Retained by PostHog per our configured retention of [12] months.
- Backups: May persist for up to [30] days after deletion before being overwritten.
- Guest sessions: Stored locally on your device until you clear them; any server-side artifacts are purged on a [30]-day rolling basis.
12. Security
- Encryption in transit (TLS) and at rest for stored data.
- Passwords are hashed (we never see your plaintext password).
- Role-based access controls and least-privilege internal access.
- Logging, monitoring, and incident response procedures.
- Annual review of vendors and sub-processors.
No system is perfectly secure. If we learn of a breach affecting your personal information, we will notify you and regulators as required by law (see Section 13.3 for EU breach timing).
13. Your rights
13.1 All users
You can:
- Access the personal information we hold about you.
- Correct information that is inaccurate.
- Delete your account and associated data, subject to limited exceptions (legal hold, fraud prevention).
- Export a copy of your data in a portable format.
- Withdraw consent for optional processing (e.g., analytics, marketing) at any time.
To exercise these rights, email info@leny.ai from the email on your account, or use in-app settings where available. We respond within 30 days (or as required by your local law).
13.2 California residents (CCPA/CPRA)
If you live in California, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete personal information we hold about you.
- Correct inaccurate personal information.
- Opt out of "sale" or "sharing" of personal information. Leny does not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of today — but the right is yours if that ever changes.
- Limit the use of sensitive personal information. We use sensitive PI (e.g., health information, account credentials) only for purposes permitted by the CPRA and reasonably expected by you.
- Non-discrimination for exercising your rights.
You may use an authorized agent. We will verify requests using information already on file (we do not request additional sensitive documents for verification).
13.3 EU/UK/EEA residents (GDPR / UK GDPR)
If you are in the EU, UK, or EEA, you have the rights to:
- Access your data.
- Rectification of inaccurate data.
- Erasure ("right to be forgotten").
- Data portability.
- Object to processing based on legitimate interests.
- Restrict processing.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with your local data protection authority.
Legal bases we rely on:
- Contract — to provide the Service you signed up for.
- Legitimate interests — to secure the Service, prevent abuse, and improve the product.
- Consent — for optional features like marketing emails or non-essential analytics, where required.
- Legal obligation — to comply with applicable law.
If a notifiable personal data breach occurs, we will notify the relevant supervisory authority within 72 hours where required, and affected users without undue delay.
14. International data transfers
Leny is operated from the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US and other countries where our sub-processors operate. For transfers from the EU/UK/EEA, we rely on the EU Standard Contractual Clauses (and the UK Addendum) with our sub-processors, plus supplementary measures where appropriate.
15. Children
Leny is intended for users 18 years of age and older. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us information, contact info@leny.ai and we will delete it.
16. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, notify you in-app or by email. Continued use of the Service after the effective date means you accept the updated policy.
17. Contact us / DPO
Privacy questions and rights requests: info@leny.ai
Mailing address: Leny, 7660H Fay Ave, Suite 504, La Jolla, CA 92037
EU/UK representative (Art. 27 GDPR): [to be appointed if/when EU users are in scope]
Data Protection Officer: [to be appointed where required]