Skip to main content
Lean Security

Privacy Policy

Last updated: April 18, 2026

Privacy Policy

Last Updated: April 5, 2026

This privacy policy describes how Charles Green, LLC, operating as Lean Security ("we", "us", or "our"), collects, uses, and shares information about you when you use our websites, products, and services (collectively, the "Services").

1. Information We Collect

Information You Provide

  • Account Information: Email address, password (encrypted and never stored in plain text), and name
  • Payment Information: Processed securely by Stripe; we do not store your full credit card number
  • Domain Information: Domains you add for monitoring through our products (Email Watch, Vendor Watch)
  • Communications: Messages you send to us for support or feedback

Information We Collect Automatically

  • Log Data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps
  • Device Information: Device type, screen resolution, and unique device identifiers
  • Usage Analytics: Feature usage, interactions, and preferences via PostHog
  • Cookies: Session cookies for authentication and analytics cookies for product improvement

Product-Specific Data Collection

For our security monitoring products:

  • Email Watch: We collect DMARC aggregate reports containing sending IP addresses, email volume statistics, and authentication results. We do not collect forensic reports (RUF) which contain individual email headers or message content.
  • Vendor Watch: We collect publicly available security information about vendors you choose to monitor.

2. How We Use Your Information

We use your information to:

  • Provide Services: Deliver core product functionality, including threat monitoring and security analysis
  • AI-Powered Analysis: Process data through Google Vertex AI to generate insights and recommendations
  • Process Payments: Handle billing, invoicing, and subscription management
  • Communications: Send service-related emails, security alerts, and product updates
  • Support: Respond to your questions and resolve issues
  • Improve Products: Analyze usage patterns to enhance features and user experience
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance: Meet regulatory requirements and respond to legal requests

3. Data Retention

  • Account Data: Retained while your account is active and for 30 days after closure
  • Product Data: Retention varies by subscription tier (30 days to 1 year depending on plan)
  • Financial Records: Pseudonymized and retained for 7 years for tax compliance
  • Log Data: Retained for 90 days for security and debugging purposes

After account closure:

  • Personal data is deleted within 30 days
  • You have a 30-day grace period to reactivate your account
  • Financial records are pseudonymized and retained as required by law

4. Data Sharing

We do not sell your personal information. We share information only with:

Service Providers

  • Google Cloud Platform: Infrastructure hosting (us-central1 region)
  • Google Vertex AI: AI-powered analysis and insights
  • Stripe: Payment processing
  • Brevo: Transactional email delivery
  • PostHog: Product analytics

We may disclose information when required by law, court order, or government request, or to protect our rights, property, or safety.

5. Security Measures

We implement industry-standard security measures including:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Password Security: bcrypt hashing with secure salting
  • Database Security: Encrypted connections with IAM authentication
  • Access Controls: Role-based access and audit logging
  • Regular Audits: Periodic security reviews and penetration testing

No internet transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Export: Download your data in JSON or CSV format
  • Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact us at privacy@leansecurity.co or use the account settings in your dashboard.

7. Cookies and Tracking

We use cookies for:

  • Essential Cookies: Authentication and session management
  • Analytics Cookies: Understanding product usage via PostHog
  • Preference Cookies: Remembering your settings

You can control cookies through your browser settings, though some features may not function properly without essential cookies.

8. International Data Transfers

Your data may be processed in the United States. By using our Services, you consent to the transfer of your information to the United States, which may have different data protection laws than your country.

9. Children's Privacy

Our Services are not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by:

  • Posting a notice on our website
  • Sending an email to your registered address
  • Updating the "Last Updated" date

Continued use of our Services after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or our data practices:

  • Email: privacy@leansecurity.co
  • Address: Charles Green, LLC, Lean Security, 1111B S Governors Ave STE 21617, Dover, DE 19904, United States