Legal

Legal & Privacy

Last updated April 2026

Privacy PolicyTerms of Service

Privacy Policy

This explains what information Lyō Solutions ("we", "us") collects when you use Lyō CC, how we use it, and who we share it with. If anything is unclear, email us at privacy@lyocc.com.

What We Collect

When firms and their clients use Lyō CC, we collect:

  • Account information — names, email addresses, and phone numbers provided during signup or client onboarding.
  • Conversation messages — everything sent through the Leo AI chat, whether via WhatsApp, SMS, or the web portal.
  • Uploaded documents — PDFs and other files clients or firms upload so Leo can reference them.
  • IP addresses — captured for rate limiting and security purposes.
  • Usage data — basic platform activity such as pages visited and features used, collected to keep the service running smoothly.

We do not collect payment card numbers directly — billing is handled by our payment processor.

How We Use It

We use your data to operate the platform — full stop. This means routing messages to Leo, letting firms review and approve responses, storing documents you upload, and sending transactional emails like portal invitations.

We do not sell your data. We do not use it for advertising. We do not use client conversation data to train AI models. Your firm's data belongs to your firm.

Third Parties

Running the platform requires a small number of trusted vendors. Here's exactly who receives your data and why:

  • Anthropic — Messages and uploaded documents are processed by Anthropic's Claude AI to power Leo. Anthropic does not use API data to train its models by default.
  • Twilio — Handles WhatsApp and SMS message delivery. Twilio receives message content and phone numbers for routing purposes.
  • Resend — Sends transactional emails (portal invites, notifications). Resend receives recipient email addresses and message content.
  • Supabase — Stores all platform data including messages, documents, and account records. Data is hosted on AWS in the us-east-1 (N. Virginia) region.
  • Vercel — Hosts the web application. Vercel processes HTTP requests, which includes IP addresses and browser metadata.
  • Upstash — Receives IP addresses for rate limiting. No message content is shared with Upstash.

We do not share data with any other third parties.

Data Retention

We keep your data for as long as your account is active. When you cancel, all firm and client data — including messages, documents, and account records — is permanently deleted within 90 days of cancellation.

If you need your data deleted sooner, email privacy@lyocc.com and we'll handle it within 30 days.

Your Rights

You have the right to:

  • Access — request a copy of all data we hold about you.
  • Deletion — ask us to delete your data at any time.
  • Export — receive your data in a portable format (JSON or CSV).

To exercise any of these rights, email privacy@lyocc.com. We'll respond within 30 days.

Security

  • All data stored in Supabase is encrypted at rest using AES-256.
  • All data in transit is encrypted via HTTPS/TLS.
  • Authentication tokens are stored in httpOnly cookies — inaccessible to JavaScript and protected against XSS attacks.
  • API endpoints are rate-limited to protect against abuse.

If you discover a vulnerability, please report it to privacy@lyocc.com.

GLBA Compliance

Lyō CC is designed to serve accounting firms, tax advisors, and other financial service providers subject to the Gramm-Leach-Bliley Act (GLBA). In that relationship, we act as a service provider to your firm — we process client financial information on your behalf and under your direction.

We maintain administrative, technical, and physical safeguards appropriate to the sensitivity of the data we process. Your firm remains responsible for your own GLBA compliance, including your privacy notices to clients.

Contact

For any privacy questions or data requests, contact us at privacy@lyocc.com. We read every email.

Terms of Service

By signing up for Lyō CC, you agree to these terms. If you have questions, email legal@lyocc.com.

Leo Is Not a Professional Advisor

Leo is an AI assistant. Leo is not a licensed tax advisor, CPA, attorney, or financial planner. Nothing Leo says is professional advice. Leo's responses are informational only — they're a starting point for a conversation with a qualified professional, not a substitute for one.

Tax law is complicated and changes frequently. Leo can make mistakes. Always have a qualified professional review AI-generated content before relying on it.

Firm Responsibility

Lyō CC is built for professional firms. The platform includes an approval workflow: Leo's responses must be reviewed and approved by a firm user before they are sent to a client.

When a firm user approves a message, that firm accepts full responsibility for its content. Lyō Solutions is not liable for approved responses that turn out to be inaccurate, incomplete, or inappropriate. The approval step is a meaningful professional review — not a formality.

Who Can Use This

By signing up, you confirm that:

  • You are at least 18 years old.
  • You are signing up on behalf of a legitimate registered business.
  • You have the authority to accept these terms on behalf of that business.
  • You will not use the platform for any unlawful purpose.

We reserve the right to refuse or terminate service at our discretion.

How We Handle Your Data

Lyō CC processes your firm's data — including client messages and documents — solely to operate the platform on your behalf. We act as a service provider, not a data controller for your clients' information.

We do not use your firm's data or your clients' data to train AI models. Your conversation history and uploaded documents are yours. We process them to run the service and for nothing else.

Billing & Cancellation

Subscriptions are billed monthly in advance.

  • Cancellation — cancel any time from your account settings. Access continues until the end of the current billing period.
  • No partial refunds — we do not pro-rate or refund partial months.
  • Data after cancellation — your data is permanently deleted within 90 days of cancellation.
  • Price changes — we'll give you at least 30 days notice before changing your subscription price.

Limitation of Liability

The platform is provided "as is." We don't guarantee uninterrupted service, and we're not responsible for decisions made based on Leo's responses.

To the maximum extent permitted by law, Lyō Solutions' total liability for any claim arising from your use of the platform is capped at the fees you paid us in the three months prior to the event giving rise to the claim. We are not liable for indirect, incidental, or consequential damages.

Governing Law

These Terms are governed by the laws of the State of Texas. Any disputes will be resolved in the state or federal courts located in Texas, and you consent to personal jurisdiction there.