Privacy Policy

Last updated: 12 May 2026

This Privacy Policy explains how Lazure (“Lazure”, “we”, “us”, “our”) collects, uses, shares, and protects personal information when you visit lazure.io, sign up for early access, or use our product. By using Lazure you agree to this Policy. If you do not agree, please do not use Lazure.

1. About Lazure

Lazure is an AI sales execution platform built by a small team based in India. We are in the process of incorporating Lazure as a private limited company in India; until incorporation is complete, the platform is operated by the founding team. All privacy and data-related inquiries are handled directly by us at praachi@lazure.io.

2. Information we collect

2.1 Information you give us directly

Account & demo requests — name, work email, company, role, and anything else you submit through forms on lazure.io.
Communications — emails, chat messages, support requests you send us.
Integration data — when you connect Salesforce, HubSpot, Google Workspace, Slack, LinkedIn, email, or other tools, we receive whatever those services authorize Lazure to access on your behalf.
Customer Data — leads, contacts, accounts, deals, messages, calendars, and any other records you upload, sync, or process through the Lazure product.

2.2 Information we collect automatically

Usage data — pages visited, features used, actions taken, approximate time spent.
Device data — browser type, operating system, IP address (truncated), referrer.
Cookies and similar technologies — see Section 4.

2.3 Information from third parties

Enrichment providers (company information, technographics, intent signals) used to qualify and route leads.
Publicly available business and professional information.

3. How we use information

To operate, maintain, and improve Lazure.
To respond to inquiries, schedule demos, and provide support.
To send service-related communications (account, security, product changes).
To personalize the experience and recommend useful features.
To detect and respond to fraud, abuse, and security incidents.
To comply with legal obligations and enforce our terms.
For direct marketing — only with your consent and always with a one-click opt-out.

4. Cookies and tracking

We use cookies and similar technologies in two categories:

Strictly necessary — required for the site and app to function (session, security, load balancing). These cannot be disabled.
Analytics — anonymized usage data and, with consent, session replay via PostHog.

You can accept or decline non-essential cookies via the banner shown on your first visit. To change your decision later, click Cookie settings in the footer. You can also block cookies via your browser settings.

5. Sub-processors

We rely on a small number of trusted infrastructure providers to operate Lazure. Each is selected for its published security practices, certifications, and data-processing terms.

Provider	Purpose	Data processed	Region
Vercel Inc.	Application hosting, edge delivery, logs	Site and app traffic, request metadata	United States (global edge)
Prismic SAS	Headless CMS for marketing content	Marketing-site content (no end-user PII)	European Union (France)
PostHog Inc.	Product analytics, session replay	Usage data, with your consent	EU / US (region-selectable)
Google LLC (Workspace / Gmail)	Form-submission inbox, internal communications	Form contents and correspondence	United States
OpenAI, OpenAI L.L.C. & Anthropic, PBC	Large-language-model inference for AI features	Prompts and outputs required by each feature	United States
GitHub Inc.	Source-code hosting	Code only (no customer data)	United States

We may add or change sub-processors as our infrastructure evolves. The current list is always available here. Material changes will be announced at least 30 days in advance to customers under a written agreement.

6. Customer Data inside the Lazure product

When you use Lazure to manage leads and prospects, the information you upload or sync is “Customer Data”. We process Customer Data on your behalf, acting as a processor while you remain the controller. You are responsible for ensuring you have the lawful basis, notices, and consents required to provide that data to us.

We do not sell Customer Data.
We do not use Customer Data to train our general-purpose AI models. Any per-customer fine-tuning, where offered, is opt-in and isolated.
We delete or return Customer Data on request and on contract termination, subject to legal retention requirements.

7. How we share information

We share information only:

With the sub-processors listed in Section 5.
With integrations you authorize — you decide what flows in and out.
When required by law (lawful requests, court orders, government demands).
In a corporate transaction (merger, acquisition, asset sale, dissolution) — with notice and continued protection.
With your explicit consent.

We do not sell personal information and we do not engage in cross-context behavioural advertising.

8. International data transfers

Lazure is operated from India. To deliver the Service we rely on infrastructure providers in the United States and the European Union (see Section 5). Where applicable, we rely on the Standard Contractual Clauses, the UK International Data Transfer Addendum, and equivalent mechanisms published by our sub-processors. We choose providers that maintain comparable protections to those of your home jurisdiction.

9. Data retention

Visitor and lead data — up to 24 months after last interaction.
Account data — for the life of the account plus 30 days after termination.
Customer Data — per your direction and contract terms.
Backups — up to 90 days.
Records required by law (tax, contracts, security) — as long as legally required.

10. Your rights

Depending on where you live, you may have the right to:

Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Erase personal data.
Restrict or object to certain processing.
Receive your data in a portable format.
Withdraw consent at any time (without affecting prior lawful processing).
Nominate someone to exercise these rights on your behalf.
Lodge a complaint with your local data-protection authority.

Specifically:

India — under the Digital Personal Data Protection Act, 2023 (the “DPDP Act”), you have the right to access, correction, erasure, grievance redressal, and nomination. We aim to act on requests within 30 days.
European Economic Area / UK / Switzerland — rights under the GDPR / UK GDPR / FADP, including access, rectification, erasure, restriction, portability, and the right to lodge a complaint with a supervisory authority.
California (United States) — under the CCPA / CPRA, you have the right to know, delete, correct, opt out of sale/share (we do not sell), and non-discrimination.

To exercise any right, email praachi@lazure.io. For Customer Data held inside the Lazure product, requests should be directed to the customer (controller) you interacted with; we will support fulfilment as their processor.

11. Security

We follow industry-standard security practices: TLS 1.2+ in transit, encryption at rest, scoped access controls, least-privilege defaults, audit logging, and regular reviews. No system is 100% secure; if we become aware of a security breach affecting your personal data, we will notify you and the relevant authorities as required by law.

12. Children's privacy

Lazure is built for business use and is not intended for individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with their data, contact praachi@lazure.io and we will delete it promptly.

13. Changes to this Policy

We will update this Policy as our practices evolve. Material changes will be announced at least 30 days in advance via email or in-app notice. Continued use after the effective date constitutes acceptance of the revised Policy. The “Last updated” date at the top of this page reflects the most recent revision.

14. Contact

For any privacy question, request, or grievance, write to praachi@lazure.io. The same address serves as our point of contact for the DPDP Act, the GDPR, and the CCPA. We aim to respond within 7 business days and resolve formal requests within 30 days.