LancerOS
Waitlist

Legal

Privacy Policy

How LancerOS collects, uses, secures, and stores your information.

Last updated: March 14, 2026

Welcome to LancerOS (“we,” “our,” or “us”). LancerOS is a business management platform for freelancers, operated by Luca Baldestein as a sole proprietorship based in the Netherlands. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at app.lanceros.io and related services (collectively, the “Service”).

This policy is compliant with the General Data Protection Regulation (GDPR). If you have questions about our data practices, contact privacy@lanceros.io.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: name, email address, and password when you register
  • Profile information: business name, profession, contact details, timezone, and profile photo
  • Client data: client names, contact details, project information, notes, and communication history you enter into the platform
  • Financial data: invoice details, proposal amounts, income and expense records, and hourly rates you track within the Service
  • Calendar data: scheduling preferences, availability windows, and appointment details
  • Time tracking data: hours logged per client or project
  • Communications: messages you send to us for support or feedback

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, session duration, and interaction patterns
  • Device information: browser type, operating system, and screen resolution
  • Log data: IP address, access times, and referring URLs
  • Cookies: session cookies for authentication and preference cookies for your settings

1.3 Information from Third-Party Services

When you connect third-party accounts to LancerOS, we receive information from those services:

  • Google Calendar: calendar events, availability data, and scheduling information
  • Calendly: booking availability and appointment data
  • Google Account (sign-in): your name, email address, and profile picture if you choose to sign in with Google

2. How We Use Your Information

Under GDPR Article 6, we process your data on the following legal bases:

Performance of a contract (Art. 6(1)(b)) — processing necessary to deliver the Service you signed up for:

  • provide, operate, and maintain the Service
  • process subscriptions and manage billing through our payment processor
  • sync calendar and scheduling data between LancerOS and connected services
  • send transactional emails such as invoices, confirmations, onboarding emails, and account alerts
  • respond to support requests and communicate about your account

Legitimate interests (Art. 6(1)(f)) — processing necessary for our legitimate business interests, balanced against your rights:

  • analyze aggregate usage patterns to improve the Service
  • detect, prevent, and address fraud, abuse, technical issues, and security threats
  • enforce our Terms of Service

Legal obligation (Art. 6(1)(c)) — processing required by applicable law:

  • comply with legal and regulatory obligations, including record retention

Consent (Art. 6(1)(a)) — processing based on your explicit, freely given consent:

  • power AI-assisted features (optional; you may use the Service without enabling AI agents)
  • analytics cookies (you may withdraw consent at any time via the cookie banner)

3. Third-Party Service Providers

We share your information with the following categories of service providers only as necessary to operate the Service:

ProviderPurposeData Shared
SupabaseDatabase hosting, authentication, and serverless functionsAccount data and application data
VercelFrontend hosting and deliveryNo user data stored; serves the web application
StripeSubscription billing and payment processingEmail, name, subscription plan, and payment method handled by Stripe
ResendTransactional email deliveryEmail address, name, and email content
OpenAIAI agent processingAnonymized business data excerpts sent per query
PerplexityAI-powered contextual research for agentsQuery context
Google APIsCalendar sync and OAuth authenticationCalendar events and profile information with your authorization

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. AI Data Processing

LancerOS includes AI-powered agents that analyze your business data to provide personalized insights.

  • AI processing uses third-party AI providers including OpenAI and Perplexity.
  • Only the data relevant to your specific query is sent for processing.
  • Third-party providers do not use your data to train their models.
  • AI features are optional tools inside the platform.
  • We do not use your data to train any proprietary AI models.

5. Data Security

We implement industry-standard technical and organizational measures to protect your information:

  • all data is encrypted in transit using TLS/SSL
  • data at rest is encrypted in our database infrastructure
  • sensitive tokens are encrypted before storage
  • authentication is managed with secure session handling
  • row-level security is enforced at the database level
  • access to production systems is restricted and protected with multi-factor authentication

No method of electronic transmission or storage is completely secure. While we work to protect your data, we cannot guarantee absolute security.

6. Data Retention

  • Active accounts: retained while your account remains active
  • Cancelled accounts: retained for 30 days to allow reactivation, then scheduled for deletion
  • Data export: available on request
  • Legal retention: certain records may be retained where required by law
  • Backups: encrypted backups may contain your data for up to 90 days after deletion

7. Cookies and Tracking

LancerOS uses:

  • essential cookies for authentication and session management
  • preference cookies for settings such as theme, timezone, and layout
  • privacy-respecting analytics cookies to understand aggregate product usage

We do not use advertising, retargeting, or cross-site tracking cookies.

8. Your Rights

Depending on your location, you may have rights to:

  • access your personal data
  • correct inaccurate data
  • request deletion
  • request portability
  • opt out of marketing communications
  • restrict processing in certain circumstances
  • withdraw consent where processing is based on consent

To exercise these rights, contact privacy@lanceros.io. We aim to respond within 30 days.

If you are located in the European Economic Area, you also have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), reachable at autoriteitpersoonsgegevens.nl.

9. International Data Transfers

Your data may be processed in countries outside the European Economic Area by infrastructure providers such as Supabase, Vercel, and Stripe. Where such transfers occur, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, as maintained by each provider. You may request details of the specific safeguards applicable to your data by contacting privacy@lanceros.io.

10. Children’s Privacy

The Service is not intended for individuals under 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the last updated date. For material changes, we may also notify you by email.

12. Contact

If you have questions about this Privacy Policy or our data practices, contact: