Privacy Policy
LavaPi ("we", "our", or "us") operates the website lavapi.com (the "Site"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights as a data subject.
By using our Site you agree to the practices described in this policy. If you do not agree, please do not use the Site.
LavaPi is a full-stack digital engineering company that partners with businesses, startups, and enterprises to deliver software, AI integrations, cloud infrastructure, and design solutions.
Contact: info@lavapi.com
Website: https://lavapi.com
3.1 Contact Form
When you submit our contact form at /contact we collect:
- Full name, email address, company name (optional)
- Services you are enquiring about
- Your message
- IP address, country, city, device type, browser and OS — collected automatically to help us understand our audience and prevent abuse
3.2 Booking Requests
When you book a call via /book we collect:
- Full name and email address
- Preferred date and time slot
- Optional message
- A single-use booking token that expires after 24 hours
3.3 Live Chat Widget
Our floating chat widget is powered by an AI assistant (Anthropic Claude). When you use it we collect and store:
- A randomly generated session ID saved in your browser's localStorage
- All messages you send and the AI responses you receive
- Timestamps of each message
Chat sessions expire after 10 minutes of inactivity. We may review conversation transcripts for quality and safety purposes.
3.4 Visitor Analytics
We run our own privacy-respecting analytics to understand site usage. We collect:
- A randomly generated visitor ID saved in your browser's localStorage (key: lv_vid)
- Pages you visit and the timestamps of those visits
- IP address and approximate geolocation (country, city, region, timezone)
- Browser, operating system, and device type derived from your User-Agent string
- Interaction signals (mouse movement, scrolling, keyboard use) used only to distinguish real visitors from automated bots
We do not use third-party analytics platforms such as Google Analytics. All data is stored in our own database.
We use the data we collect for the following purposes:
- Responding to enquiries — contact form and booking submissions are used solely to communicate with you about your project
- Delivering our services — when you become a client, contact data is used to manage the engagement
- Improving the Site — anonymised analytics help us understand which content is most useful
- AI chat responses — your messages are sent to Anthropic's API to generate replies (see Section 6)
- Fraud and abuse prevention — IP and behavioural signals help us block automated abuse
- Team notifications — contact form submissions and initial chat messages are forwarded internally via email and messaging tools
We do not sell, rent, or trade your personal data to third parties for marketing purposes.
For users in the European Economic Area (EEA) our legal bases are:
- Legitimate interests — visitor analytics, security monitoring, internal notifications
- Contractual necessity — processing enquiries and bookings in order to potentially enter into a service agreement with you
- Consent — where we ask for your explicit permission (e.g. future marketing communications)
You may object to processing based on legitimate interests at any time by contacting us at info@lavapi.com.
We work with the following sub-processors. Each has its own privacy policy linked below.
| Service | Purpose | Data Involved | Policy |
|---|---|---|---|
| Supabase (EU region) | Database and authentication | All collected data | supabase.com/privacy |
| AWS SES (eu-central-1) | Transactional email delivery | Name, email, message | aws.amazon.com/privacy |
| Anthropic | AI chat responses | Chat messages | anthropic.com/privacy |
| Telegram | Internal team notifications | Contact form summary, first chat message preview | telegram.org/privacy |
| ip-api.com | IP geolocation lookup | IP address | ip-api.com/docs/legal |
| Unsplash | Blog cover images | Image search queries | unsplash.com/privacy |
We do not share your data with any of these providers beyond what is necessary for the service they provide.
We retain personal data for as long as is necessary for the purposes described in this policy:
- Contact form submissions — retained for up to 2 years for lead management and legal record-keeping
- Booking records — retained for 2 years after the booked date
- Booking tokens — automatically deleted after 24 hours
- Chat messages — retained for 12 months, then deleted
- Visitor analytics — anonymised aggregate data retained indefinitely; raw IP data deleted after 90 days
- Client project data — retained for the duration of the engagement plus 5 years for contractual and legal purposes
You may request early deletion of your data at any time (see Section 9).
All data is stored in Supabase infrastructure hosted in the European Union. We implement the following security measures:
- Encrypted connections (HTTPS/TLS) for all data in transit
- Database-level encryption at rest
- Role-based access control — only authorised team members can access production data
- Regular security reviews
- Minimal data collection principle — we only collect what is necessary
No method of transmission or storage is 100% secure. If you have security concerns or discover a vulnerability, please contact us immediately at info@lavapi.com.
Depending on your location you have some or all of the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data ("right to be forgotten")
- Restriction — request that we limit how we process your data
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, email info@lavapi.com with the subject line "Data Request". We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
Our Site is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
Our primary infrastructure is located in the European Union. Where data is processed outside the EEA (for example by Anthropic in the United States), we rely on standard contractual clauses or adequacy decisions to ensure your data is protected to EU standards.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes we will notify users via a notice on the Site. Continued use of the Site after changes constitutes acceptance of the updated policy.
If you have any questions, complaints, or requests regarding this Privacy Policy, please contact us:
Email: info@lavapi.com
Website: https://lavapi.com/contact
If you are located in the EEA and are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority.
Questions? Contact us at info@lavapi.com