Lodestar
Sign inGet started
Legal

Privacy Policy

What we collect, why, and how we handle it — including the clear line between the profile facts you choose to publish and the account data we keep private.

Last updated June 26, 2026

This Privacy Policy explains how Lodestar, operated by Eastbase Studio, handles personal data. It is a template starting point, not legal advice — please have it reviewed before you rely on it.

1. The short version

We collect what we need to run your account, publish the surfaces you ask us to, and improve the product. The business facts you publishare intentionally public and machine-readable. Everything else — your account details, draft content, and inquiry inbox — is private to your account. We don't sell your personal data.

2. Information we collect

  • Account information — your email address and name, and either a hashed password or an identifier from a social sign-in provider (Google or GitHub) if you use one.
  • Business profile content — the name, services, pricing, hours, location, policies, and FAQs you enter. When you publish, this becomes public (see section 4).
  • Inquiries— when an agent sends you a lead on a customer's behalf, we store the contact details and message it includes so you can respond.
  • Usage & agent-event logs — records of which AI agents and crawlers reach your surfaces and what they ask, used for your analytics and the answer-gap radar. IP addresses in these logs are stored as a one-way hash, not in the clear.
  • Cookies & analytics — see our Cookie Policy.

3. How we use your data

  • To provide your account, dashboard, and published surfaces.
  • To generate analytics, the agent-readiness score, and optimization suggestions for you.
  • To send transactional email (verification, password reset, account changes).
  • To process subscriptions and prevent abuse.
  • To diagnose errors and improve reliability and the product.

4. What you publish is public

The purpose of Lodestar is to make your business readable by AI agents. Once you publish, your profile facts are served publicly — through files like llms.txt, schema.org JSON-LD, a discovery document, your MCP server, and a human profile page — and may be cached or copied by third parties beyond our control. Don't publish anything you wouldn't want public.

5. AI processing

When you use AI features or an agent calls the grounded asktool, the relevant profile content and question are sent to our AI provider (Google's Gemini API) to generate the response. That processing is subject to the provider's terms. We don't use your data to train our own models, and AI answers are grounded only in the facts you provide.

6. Service providers

We share data with a small set of service providers (subprocessors) only as needed to run the service. Several are used only when the corresponding integration is configured:

  • NeonDatabase hosting (PostgreSQL).
  • VercelApplication hosting & content delivery.
  • ResendTransactional email (verification, password reset) (only when enabled).
  • Google (Gemini AI)AI features — content drafting & grounded answers (only when enabled).
  • Lemon SqueezyPayments & subscriptions (Merchant of Record) (only when enabled).
  • SentryError monitoring & diagnostics (only when enabled).
  • PostHogProduct analytics (only when enabled).
  • Google / GitHubOptional social sign-in (OAuth) (only when enabled).

[Founder to confirm which of these optional providers are enabled in production]

7. Payments

Subscription payments are handled by Lemon Squeezy as our Merchant of Record. They collect and process your payment details under their own privacy policy; we never see or store full card numbers. We receive only the subscription status and limited billing metadata needed to manage your plan.

8. Data retention

We keep your data for as long as your account is active. If you delete content or close your account, we remove or de-identify the associated personal data within a reasonable period, except where we must retain it for legal, accounting, or security reasons. Published surfaces stop being served once your profile is unpublished or your subscription lapses.

9. Your rights

You can access and edit most of your data directly from the dashboard, and update your account email and password in settings. Depending on where you live, you may also have rights to access, correct, export, or delete your personal data, or to object to certain processing. To make a request, email support@eastbase.studio.

10. Security

We protect data with measures including encrypted transport (HTTPS), hashed passwords, hashed IP addresses in logs, strict per-business data isolation, and signature-verified billing webhooks. No system is perfectly secure, but we work to keep your data safe.

11. International transfers

Our providers may process data in countries other than yours. Where that happens, we rely on the safeguards offered by those providers. [Founder to confirm primary data-hosting region]

12. Children

Lodestar is a tool for businesses and is not directed to children. We don't knowingly collect personal data from anyone under the age of 16.

13. Changes & contact

We'll update this policy as the product evolves and revise the “Last updated” date above. Questions or requests? Email support@eastbase.studio.