Privacy Policy

Last updated: March 19, 2026

1. Information We Collect

When you use LobsterCage, we collect information you provide directly (account details, payment information) and information generated through your use of the service (usage metrics, logs, cage metadata).

  • Account data: name, email address, authentication credentials (via Clerk)
  • Payment data: processed by Stripe; we do not store card numbers
  • Usage data: cage start/stop events, credit consumption, API call metadata
  • Technical data: IP address, browser type, device information

2. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the LobsterCage service
  • Process billing and manage your account
  • Send service-related communications (outage notices, billing alerts)
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations

3. Data Storage & Security

Your data is hosted on US-based cloud infrastructure (AWS). Cage environment variables are encrypted at rest using industry-standard envelope encryption. All data in transit is encrypted via TLS.

4. Data Retention

  • Account data: retained while your account is active and for 30 days after deletion
  • Billing records: retained for 7 years to comply with tax and accounting obligations
  • Cage event logs: retained for 30 days, then automatically deleted
  • Usage data: retained for the duration of your account for billing and analytics purposes
  • Cage contents: permanently destroyed when a cage is deleted

5. Your Cage Data

Code and files within your cages are yours. We do not access, read, or analyze the contents of your cage environments except as necessary to provide the service (e.g., health checks) or as required by law.

6. Cookies & Analytics

We use cookies and similar technologies to operate the service and understand how it is used:

  • Essential cookies: required for authentication and session management (set by Clerk)
  • Analytics cookies: used to understand product usage and improve the service (set by PostHog)

You can disable analytics cookies by using your browser's cookie settings or by enabling a "Do Not Track" signal. PostHog respects the Do Not Track header. Disabling essential cookies may prevent the service from functioning correctly.

7. Third-Party Services

We use the following third-party services:

  • Clerk — authentication and identity management
  • Stripe — payment processing
  • AWS — cloud infrastructure
  • PostHog — product analytics

Each third-party service has its own privacy policy governing their handling of your data. We encourage you to review their policies.

8. International Data Transfers

LobsterCage infrastructure is located in the United States. If you access the service from outside the US, your data will be transferred to and processed in the United States. By using the service, you consent to this transfer. We take reasonable steps to ensure your data is treated securely and in accordance with this policy regardless of where it is processed.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Request a portable copy of your data
  • Opt out of analytics tracking

To exercise any of these rights, contact us at the address below. Deleting your account will remove your profile, API keys, and cage configurations. Cage environments and their contents are permanently destroyed when deleted.

10. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or dashboard notification at least 30 days before taking effect. Continued use of the service after changes constitutes acceptance.

11. Contact

For privacy-related inquiries, contact privacy@lobstercage.ai.