Privacy Policy
Last updated: March 16, 2026
1. Introduction
Lazy Lab Limited (trading as LottoLabs.ai) (“we,” “our,” or “us”) operates the website located at https://lottolabs.ai and provides AI-powered data analytics services (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using LottoLabs.ai, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Account Information
When you create an account, we collect your name, email address, and authentication credentials. If you sign up through a third-party provider (such as Google or GitHub), we receive your basic profile information from that provider.
2.2 Uploaded Datasets
You may upload datasets (CSV, JSON, Excel, or other supported formats) to our platform for analysis. We store these datasets in our secure infrastructure to provide the analytics Service to you.
2.3 Usage Analytics
We automatically collect information about how you interact with our Service, including pages visited, features used, analysis requests made, session duration, browser type, operating system, and device information.
2.4 Cookies and Tracking Technologies
We use cookies and similar tracking technologies to maintain your session, remember your preferences, and collect usage analytics. For detailed information about the cookies we use, please see our Cookie Policy.
2.5 Payment Information
When you subscribe to a paid plan, payment information is collected and processed by our payment provider, Paddle. We do not store your full credit card details on our servers.
3. How We Use Your Data
We use the information we collect for the following purposes:
- Provide the analytics Service: Process your uploaded datasets, generate insights, detect patterns, and deliver analysis results.
- Improve our AI models: Use aggregated, anonymized usage patterns to improve the accuracy and performance of our analytical algorithms. We do not use your individual datasets to train AI models.
- Send notifications: Deliver transactional emails (analysis completion, account changes), service announcements, and optional marketing communications you have opted into.
- Maintain and improve the Service: Monitor performance, diagnose technical issues, and develop new features.
- Ensure security: Detect and prevent fraud, abuse, and unauthorized access.
- Comply with legal obligations: Fulfill legal requirements, enforce our terms, and respond to lawful requests.
4. AI Data Processing
Our core Service involves AI-powered analysis of your datasets. Here is how we handle your data during AI processing:
- Pattern recognition and analysis: Your datasets are processed by our AI systems to identify patterns, trends, anomalies, and statistical insights.
- No model training on your data: We do not use your uploaded datasets or analysis results to train, fine-tune, or improve our underlying AI models. Your data is yours.
- In-memory processing: During analysis, your data is processed in-memory. Only the resulting analysis outputs and metadata are persistently stored.
- Results storage: Analysis results (charts, statistical summaries, detected patterns) are stored in your account for your continued access.
- AI provider safeguards: When data is sent to our AI processing partner (Anthropic / Claude) for analysis, it is transmitted securely and is subject to Anthropic's data processing terms, which prohibit the use of customer data for model training.
5. Third-Party Services
We use the following third-party services to operate LottoLabs.ai. Each provider has its own privacy policy governing the data they process:
| Provider | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication | Email, name, authentication tokens |
| Supabase | Database and storage | Account data, datasets, analysis results |
| Paddle | Payment processing | Billing details, subscription status |
| Vercel | Hosting and deployment | Request logs, IP address, usage data |
| Anthropic / Claude | AI data processing | Dataset contents for analysis (not used for training) |
| PostHog / Plausible | Product analytics | Usage events, page views, anonymized metrics |
6. Data Retention
- Active accounts: Your account information, uploaded datasets, and analysis results are retained for as long as your account remains active.
- Deleted accounts: When you request account deletion, all personal data, uploaded datasets, and analysis results are permanently removed from our systems within 30 days. Anonymized, aggregated data that cannot be linked back to you may be retained for analytical purposes.
- Backup retention: Data in automated backups is purged in accordance with our backup rotation schedule, which does not exceed 90 days.
7. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
- Encryption at rest: Stored data, including your datasets and analysis results, is encrypted at rest using AES-256.
- Access controls: Strict role-based access controls limit who can access production data within our organization.
- SOC 2 compliance: We are working toward SOC 2 Type II certification and have implemented controls aligned with the SOC 2 Trust Services Criteria.
- Incident response: We maintain an incident response plan and will notify affected users without undue delay in the event of a data breach.
8. Your Rights
Depending on your location, you may have the following rights under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA):
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete personal data.
- Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
- Right to data portability: Request your data in a structured, commonly used, machine-readable format.
- Right to restrict processing: Request that we limit the processing of your personal data under certain circumstances.
- Right to object: Object to the processing of your personal data for direct marketing or based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us at info@lottolabs.ai. We will respond to verified requests within 30 days.
8.1 California Residents (CCPA)
If you are a California resident, you have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information is collected, the business purpose for collecting the information, and the categories of third parties with whom we share the information. We do not sell your personal information.
9. Cookie Policy
We use cookies and similar technologies to operate and improve our Service. For detailed information about the types of cookies we use, what data they collect, and how to manage your cookie preferences, please refer to our Cookie Policy.
10. Children's Privacy
LottoLabs.ai is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected data from a minor, please contact us at info@lottolabs.ai.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your jurisdiction. When we transfer data internationally, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data receives an adequate level of protection regardless of where it is processed.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on this page with a revised “Last updated” date, and where required by law, we will provide additional notice (such as via email or an in-app notification). We encourage you to review this page periodically.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:
- Privacy requests: info@lottolabs.ai
- General support: info@lottolabs.ai
- Website: https://lottolabs.ai