LemonLime
AboutPricingKnowledge
Log in / Register→
Legal

Privacy Policy

Last Updated: May 24, 2026Effective Date: April 28, 2026

This Privacy Policy (the “Policy”) describes how LemonLime AI Inc. (doing business as “LemonLime,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information in connection with our website at lemonlime.ai (the “Site”) and our custom artificial-intelligence consulting, development, deployment, hosting, and related services (collectively, the “Services”).

LemonLime is a business-to-business company. Our Services are designed for, sold to, and used by other businesses (each, a “Customer”). This Policy applies when (a) you visit the Site or interact with us in a marketing, sales, recruiting, or business-development capacity, (b) you are a Customer or are an employee, contractor, agent, or other authorized user of a Customer, or (c) we receive personal information about you because a Customer has used our Services to process information about you.

By accessing or using the Site or the Services, you acknowledge that you have read this Policy. If you do not agree with this Policy, you must not access or use the Site or the Services.

Quick Summary

We have written this Policy to be as clear as we can. Because the language has to be precise, we summarize the most important points here. The full Policy below controls in case of any conflict.

  • Our role: We are a B2B service provider. For most personal information we process about Customers’ end users and contacts, we act as a “processor” or “service provider” on behalf of our Customer, who decides what data goes into the Services and why.
  • What we collect: Account, billing, and contact information from Customers; data Customers submit to the Services; data automatically generated when you use the Site or Services; and information from third-party sources, vendors, and AI model providers we work with.
  • How we use it: To operate, secure, support, and improve the Services; to bill Customers; to communicate with you; to comply with law; and, in de-identified or aggregated form, to develop and improve our products.
  • Sharing: With service providers and subprocessors (including third-party AI model providers and hosting providers), with Customers (where you are an end user), in connection with corporate transactions, and where required by law.
  • We do not sell your personal information for monetary consideration. Some sharing for advertising or analytics may qualify as a “sale” or “share” under California law; you can opt out as described below.
  • AI:We use third-party AI and machine-learning models to provide the Services. LemonLime does not train our own models on identifiable Customer Data. Whether a third-party model provider may use data routed to it is governed by that provider’s own terms; where they offer a no-training setting, we generally configure our integration to use it. See Section 6.2.
  • Your rights: Depending on where you live, you may have rights to access, correct, delete, port, or limit our use of your personal information. See Section 8.

Contents

  1. Scope and our role (controller vs. processor)
  2. Personal information we collect
  3. How we use personal information
  4. How we share personal information
  5. Cookies and similar technologies
  6. AI, machine learning, and third-party integrations
  7. Retention of personal information
  8. Your privacy rights and choices
  9. Notice for residents of California (CCPA/CPRA)
  10. Notice for residents of other U.S. states
  11. Notice for residents of the EEA, the UK, and Switzerland
  12. International data transfers
  13. Security
  14. Children
  15. Third-party sites and services
  16. Changes to this Policy
  17. Contact us

1. Scope and Our Role

1.1 What this Policy covers

This Policy describes our processing of personal information in three main contexts: (a) when LemonLime is the “controller” or “business” — that is, when we determine the purposes and means of processing — for example, when you visit the Site, contact us, sign up for marketing communications, apply for a job, or are an authorized representative of a Customer; (b) when LemonLime acts as a “processor” or “service provider” — that is, when we process personal information on behalf of, and under the instructions of, a Customer (for example, end-user data submitted to the Services by Customer); and (c) when we receive personal information from third-party sources or partners as described in this Policy.

1.2 LemonLime as Customer’s processor

When we provide the Services to a Customer, the Customer is generally the controller (or business) of any personal information about its end users, contacts, leads, customers, or employees that the Customer or its authorized users submit to or generate through the Services (“Customer Data”). LemonLime processes that Customer Data on the Customer’s behalf and only as instructed by the Customer in our agreement with that Customer (which may include a Data Processing Addendum). If you are an end user, contact, employee, lead, or customer of a Customer and you have questions about how your personal information is being processed through our Services, please contact that Customer. The Customer’s privacy policy — not this Policy — governs the Customer’s collection and use of your personal information.

1.3 LemonLime as controller

When you visit the Site, request a demo, attend one of our events, communicate with our sales or support teams, apply for a job at LemonLime, sign up for our marketing communications, or are an authorized representative or billing contact of a Customer, LemonLime acts as the controller or business with respect to your personal information, and the rest of this Policy describes our practices.

2. Personal Information We Collect

2.1 Information you provide to us

We collect personal information that you (or your employer) voluntarily provide to us, including:

  • Account and registration information such as your name, business email address, business phone number, job title, company name, and a password when you or your employer creates an account or subscribes to the Services.
  • Billing information such as billing contact name, billing address, and the last four digits of any payment card. We do not store full payment-card numbers; payments are processed by our payment processor, who handles full card data directly.
  • Communications and support data such as the contents of emails, chat messages, voice or video calls, support tickets, or meeting recordings you send to or have with us, including any personal information you choose to include in those communications.
  • Sales and marketing data such as information you submit through forms on the Site (for example, a request to book a demo or a newsletter signup), your responses to surveys, and your interactions with our marketing campaigns.
  • Recruiting data if you apply for a position at LemonLime, including your resume, cover letter, work history, education, references, and any other information you choose to provide.
  • Customer Data that you or your employer submits to the Services. The categories of personal information contained in Customer Data are determined by the Customer and may include any data that the Customer chooses to use the Services to process.

2.2 Information we collect automatically

When you use the Site or the Services, we (and our service providers) automatically collect certain information about your device and how you interact with the Site and the Services, including:

  • Device and connection data such as IP address, device type, operating system, browser type, mobile network information, time zone, language, and unique device identifiers.
  • Usage and log data such as the pages or features you visit, the time and duration of your activities, the URL of the page that referred you to the Site, error and diagnostic logs, the actions you take in the Services, the prompts you submit, and the responses you receive.
  • Cookies and similar technologies, as described in Section 5.

2.3 Information we collect from third parties

We may receive personal information about you from third parties, including:

  • our Customer (where you are an end user, contact, employee, or lead of a Customer);
  • publicly available sources, such as company websites, business directories, and professional social-networking sites;
  • data enrichment vendors and lead providers we use for sales and marketing;
  • third-party AI model and infrastructure providers we use to deliver the Services;
  • event organizers, business partners, and resellers; and
  • identity-verification, fraud-prevention, and security service providers.

2.4 Sensitive personal information

We do not seek to collect sensitive personal information about you (such as government-issued identifiers, financial-account credentials, precise geolocation, biometric data, health information, racial or ethnic origin, religious beliefs, sexual orientation, or genetic data) and we ask that you do not submit such information to us. If we do receive sensitive personal information — for example, because Customer chose to submit it to the Services — we process it only as necessary to provide the Services and in compliance with applicable law.

3. How We Use Personal Information

We use personal information for the following purposes, in each case as permitted by applicable law:

  • Provide and operate the Services. To set up and maintain accounts, authenticate users, deliver requested features, host Customer Data, and respond to instructions from Customer.
  • Customer support. To respond to questions, troubleshoot issues, and otherwise assist you and our Customers.
  • Billing and account management. To invoice Customers, process payments, manage subscriptions and usage-based billing, send service-related notices, and recover unpaid amounts.
  • Security and fraud prevention. To monitor, investigate, and prevent fraudulent, unauthorized, or illegal activity; to protect the Services, our Customers, and others from harm; and to enforce our Terms and Conditions and acceptable use policies.
  • Improve and develop the Services. To analyze how the Services are used, fix bugs, develop new features, conduct research, and improve our models, prompts, tooling, and workflows. Where we use Customer Data for these purposes beyond what is strictly necessary to deliver the Services to a particular Customer, we use de-identified or aggregated data, as further described in Section 6.
  • Marketing and sales. To send you information about LemonLime, including newsletters, product updates, event invitations, case studies, and other commercial communications, where permitted by law. You can unsubscribe at any time.
  • Compliance. To comply with our legal, regulatory, and contractual obligations, respond to lawful requests from public authorities, and exercise or defend legal claims.
  • Recruiting. To evaluate your application for employment, contact you about open positions, and (with your consent) keep your application on file for future opportunities.
  • Corporate transactions. To facilitate due diligence and consummate any merger, acquisition, financing, restructuring, sale of assets, or similar transaction.

3.1 Legal bases (EEA, UK, and Switzerland)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal information on the following legal bases: (a) the performance of a contract with you or with your employer (for example, to provide the Services); (b) our legitimate interests in operating, securing, improving, and marketing our business, where those interests are not overridden by your interests or fundamental rights; (c) compliance with our legal obligations; and (d) your consent, where required (which you may withdraw at any time without affecting the lawfulness of processing before withdrawal). For more information about our processing under European data-protection law, see Section 11.

4. How We Share Personal Information

We share personal information with the following categories of recipients:

  • Service providers and subprocessors. We share personal information with vendors and contractors that perform services on our behalf, including cloud hosting and infrastructure providers, third-party AI model providers (such as foundation-model and large-language-model vendors), vector and traditional database providers, observability and analytics providers, payment processors, customer-relationship-management providers, communications providers, security and fraud-prevention vendors, and professional advisors. These providers are bound by contractual obligations to use personal information only as necessary to provide services to us and to protect it appropriately.
  • Customers. Where you are an end user, contact, employee, or lead of a Customer, we share personal information with that Customer as part of providing the Services.
  • Affiliates. We may share personal information with our parent, subsidiaries, and other corporate affiliates, who will use it consistent with this Policy.
  • Business partners. We may share personal information with resellers, integrators, technology partners, and other business partners where you have requested an integration or where doing so is necessary to provide the Services.
  • Legal and compliance recipients. We may share personal information with law-enforcement, regulatory, or other governmental authorities, courts, and other parties as required by law, subpoena, court order, or other legal process; to enforce our agreements; to protect our rights, property, or safety, or those of our Customers or others; and to investigate or prevent illegal activity, fraud, or violations of our policies.
  • Corporate transactions. If LemonLime is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of assets, or transition of services to another provider, personal information may be shared, sold, or transferred as part of that transaction.
  • With your direction or consent. We may share personal information for other purposes with your consent or at your direction.
  • De-identified or aggregated data. We may share de-identified or aggregated information that cannot reasonably be used to identify you with third parties for any lawful purpose.

5. Cookies and Similar Technologies

We and our service providers use cookies, pixels, web beacons, software development kits, local storage, server logs, and similar technologies (collectively, “Cookies”) on the Site and within certain Services to recognize you, remember your preferences, understand how you use the Site, deliver and measure marketing campaigns, and operate and secure the Services.

We use the following categories of Cookies:

  • Strictly necessary Cookies, which are required for the Site or Services to function and cannot be turned off.
  • Functional Cookies, which remember your preferences and personalize the Site or Services.
  • Analytics Cookies, which help us understand how the Site and Services are used so that we can improve them.
  • Advertising Cookies, which help us deliver and measure marketing communications and advertising about LemonLime, including on third-party sites.

Most browsers let you remove or reject Cookies through your browser settings. You can also use our cookie banner or preferences center on the Site to manage your preferences for non-essential Cookies. Note that disabling Cookies may affect the functionality of the Site or Services.

Some browsers offer a “Do Not Track” signal. Because there is no industry consensus on how to interpret these signals, we do not currently respond to them. We do, however, honor Global Privacy Control (GPC) signals where required by applicable law as an opt-out of the “sale” or “sharing” of personal information for residents of states that recognize GPC.

6. AI, Machine Learning, and Third-Party Integrations

6.1 Use of AI in the Services

Our Services rely on artificial intelligence and machine-learning technologies, including large language models, retrieval and embeddings models, classifiers, and agentic systems. Some of these models are operated by LemonLime; many are operated by third-party AI providers and infrastructure providers that act as our subprocessors. To deliver the Services, prompts, instructions, Customer Data, and Output may be transmitted to and processed by these providers.

6.2 Model training

LemonLime does not train, fine-tune, or improve our own (or any shared or foundational) AI or machine-learning models on Customer Data — in identifiable, de-identified, or aggregated form. We do not share Customer Data in identifiable form between Customers.

When Customer Data is routed to a third-party AI provider to generate a response (for example, OpenAI, Anthropic, Google, Meta, xAI, Perplexity, or Microsoft), whether that provider may use the data to train or improve its own models is governed by that provider’s own terms and default configuration, not by LemonLime. Where a provider offers a no-training setting, enterprise API tier, or zero-retention option, we generally configure our integration to use it. Customers are responsible for reviewing the terms of any specific model they direct LemonLime to route Customer Data through, and may restrict which models we route their data to through in-product settings.

A Customer may also explicitly opt in to a feature that involves training a model on that Customer’s own data for that Customer’s own use (for example, a Customer-specific fine-tune or retrieval embedding). When a Customer does so, the resulting model artifacts are isolated to that Customer’s tenancy and are not used to serve other Customers.

6.3 Service improvement

We may use de-identified, aggregated, or anonymized data derived from Customer Data and from your use of the Services to operate, secure, troubleshoot, analyze, and improve the Services. We do not use Customer Data — in identifiable, de-identified, or aggregated form — to train, fine-tune, or improve our own (or any shared or foundational) AI or machine-learning models. Where required by law or by our contract with a Customer, we will provide a means to opt out of certain forms of service-improvement processing. Customers can contact us at the email addresses below to discuss available options.

6.4 Limitations of AI Output

AI-generated content may be inaccurate, incomplete, or biased. We do not warrant the accuracy or reliability of any output from the Services. You should review and validate AI Output before using it for any decision affecting individuals. If you are an end user interacting with an AI feature deployed by a Customer, you should also consult that Customer’s privacy notices and terms.

6.5 Automated decision-making

LemonLime does not, in its capacity as controller, use personal information to make solely automated decisions that produce legal or similarly significant effects on individuals. Some Customers may, however, configure the Services to make or assist in such decisions. The Customer is responsible for evaluating the appropriateness of any such use, providing required disclosures, ensuring meaningful human review where required, and honoring data-subject rights with respect to those decisions. If you have questions about an automated decision made through a Customer’s deployment of the Services, please contact that Customer.

6.6 Subprocessors and AI providers

We use a small set of vetted vendors to operate the Services. The list below names our current categories of subprocessors and the primary vendor(s) we use in each category as of the Last Updated date above. We update this list as our vendor set changes; the current version always appears in this Policy. Where required by our agreement with a Customer, we will notify Customer in advance of any material change to this list.

  • Hosting and infrastructure: Amazon Web Services; Microsoft Azure; Vercel; Supabase; Cloudflare (data hosting, compute, storage, edge networking).
  • Third-party AI model providers:Anthropic, OpenAI, Google (Gemini), Meta (Llama), xAI (Grok), Perplexity, and Microsoft. Each provider’s own terms and default configuration govern whether and how data routed to that provider may be used to train or improve that provider’s models. Where a provider offers a no-training setting or enterprise API tier, we generally configure our integration to use it. We recommend Customers review the terms of any specific model they plan to route Customer Data through.
  • Payments: Stripe (subscription billing and payment processing). We do not store full payment-card numbers.
  • Customer communications: Resend (transactional email); Mailchimp (marketing email and lifecycle messages); Slack (internal team notifications about account events such as new signups; no Customer Data is sent).
  • Product analytics: Google Analytics (Site and Service usage metrics).
  • Security, monitoring, and observability: Oneleet (compliance and security monitoring); Vercel (deployment + edge observability); Sentry (application error tracking, with personal information redacted where feasible).
  • Source code and CI/CD: GitHub (source code, issue tracking, deployment pipelines).

Each subprocessor is bound by contract to use personal information only on our documented instructions, to maintain appropriate security measures, and to assist us in meeting our obligations to Customers and individuals. For a current comprehensive list, or to request prior notice of subprocessor changes, contact [email protected].

6.7 Google Workspace API integrations (Gmail, Drive, Calendar)

When a Customer or end user authorizes the Services to connect to Google Workspace — including Gmail, Google Drive, or Google Calendar — LemonLime requests OAuth access only to the scopes required to deliver the feature the user enabled, and uses the data received from those APIs only for the purpose the user authorized.

LemonLime’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, LemonLime does not:

  • transfer or sell Google user data to third parties such as advertising platforms, data brokers, or any information resellers;
  • transfer, sell, or use Google user data for serving ads, including retargeting, personalized, or interest-based advertising;
  • transfer, sell, or use Google user data to determine creditworthiness or for lending purposes; and
  • transfer, sell, or use Google user data to create, train, or improve any generalized or non-personalized AI or machine-learning model. Where a user has explicitly enabled a feature that uses Google data to train or fine-tune a model scoped to that user, the resulting model is isolated to that user and is not used to serve other users.

Scopes we request and why.The specific scopes requested are presented to you in Google’s OAuth consent screen at the time you authorize the integration. The features those scopes power, and the data we store as a result, are documented at the point of authorization and again in our in-product integration settings. At the time of writing, our Google scopes are limited to:

  • Google Drive (read-only or read/write as enabled): to read documents, spreadsheets, slides, and PDFs the user selects so they can be indexed into the Customer’s knowledge layer.
  • Gmail (read, draft, and organize as enabled): to read messages the user explicitly authorizes for indexing, to create and update draft messages when the user runs a workflow they configured, and to organize messages (for example, applying or removing labels and archiving) on the user’s behalf as inbox-triage features are enabled. This access is delivered through Google’s consolidated gmail.modify scope; LemonLime does not send email on the user’s behalf at this time.
  • Google Calendar (read-only or read/write as enabled): to read events the user authorizes for scheduling-aware workflows, or to create events when the user runs a workflow that they configured.

Human access.LemonLime employees and contractors do not read Google user data routed through the Services except (a) with the user’s explicit consent, (b) where strictly necessary for security or to respond to a specific support request you submit, (c) to comply with applicable law, or (d) in anonymized or aggregated form for internal operational reporting. All such access is logged.

Deletion. Google user data is deleted from LemonLime systems when the user revokes the integration (via the in-product settings page or via the Google Account permissions page), when the underlying account is deleted, or when the data is no longer needed for the authorized purpose — whichever comes first. Cached copies in backups are purged on our standard backup rotation, typically within ninety (90) days.

6.8 Slack integration

When a Customer or end user authorizes the Services to connect to a Slack workspace, LemonLime requests OAuth scopes only as required to deliver the feature the user enabled, clearly describes the scope use in our App Directory listing, and uses Slack data exclusively for the purpose the user authorized.

Real-time access; no persistent storage of Slack content. Consistent with the Slack API Terms of Service, LemonLime accesses Slack content in real timeto answer a user’s request at the moment it is made, and does notcreate persistent copies, archives, indexes, or long-term data stores of Slack messages, files, or other Slack content. Any handling or caching of Slack content is limited to what is essential for the immediate operation of the requested feature, is minimized, and is deleted promptly once the request is served. This treatment is specific to Slack; other connected sources may, with the Customer’s authorization, be indexed as described in Section 6.9.

With respect to data received from the Slack API, LemonLime:

  • does not use Slack data to train any large language model, foundation model, or other AI or machine-learning model — under any circumstances, on any tier;
  • does not create persistent copies, archives, indexes, or long-term stores of Slack content, and does not bulk-export Slack data;
  • does not rent, sell, share, or otherwise transfer Slack data to any third party except (a) to subprocessors strictly required to deliver the feature the user enabled and (b) where required by law;
  • does not use Slack data for advertising, retargeting, interest-based targeting, or to contact users for marketing purposes;
  • does not combine Slack data with external data sources for purposes unrelated to the authorized feature; and
  • does not use one organization’s Slack data to benefit any other organization, and uses only aggregated, anonymized data for product analytics on Slack-integration usage.

Deletion on uninstall.Because LemonLime does not retain Slack content, there is no stored Slack message or file data to remove. When the Slack integration is uninstalled, when the Customer’s account is deleted, or when LemonLime discontinues the Slack integration, we delete the associated access tokens and any transient operational data — together with any data from a feature the Customer expressly enabled that involves storage — from our active systems within fourteen (14) business days, and purge any copies in encrypted backups on our standard backup rotation thereafter.

Security. Slack data is encrypted in transit (TLS 1.2+) and, to the extent transiently processed, at rest. Access tokens are stored encrypted in isolated credential storage and rotated where supported by the Slack API.

6.9 Other integrations

Where a Customer or end user authorizes LemonLime to connect to another third-party tool (for example, HubSpot, Salesforce, Notion, GitHub, Linear, Stripe, or a custom system the Customer operates), the same general commitments apply: we request only the scopes required to deliver the authorized feature, we do not use that data to train generalized AI or machine-learning models, we do not sell or share that data for advertising, and we delete data from our active systems when the integration is uninstalled or the underlying account is deleted. Specific scope use, retention, and deletion behavior is documented in our in-product integration settings at the point of authorization.

7. Retention of Personal Information

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with our legal, accounting, tax, or reporting obligations, resolve disputes, enforce our agreements, and operate our business. Specific retention periods depend on the type of information and the context in which it was collected, and may include:

  • for active accounts and Customer Data, the duration of the Customer relationship plus a reasonable period afterward (typically not exceeding ninety (90) days unless retention is required by law or our contract with the Customer);
  • for billing and tax records, the period required by applicable accounting and tax laws;
  • for sales and marketing data, until you opt out or until the data is no longer reasonably useful for those purposes;
  • for support communications, the period necessary to resolve the matter and to maintain a record for quality, training, and audit purposes;
  • for security, audit, and legal-claim purposes, the period necessary to investigate and resolve issues, and to satisfy applicable statutes of limitation; and
  • for recruiting data, the duration of the recruiting process plus, where you consent, a reasonable additional period for future opportunities.

When personal information is no longer required, we delete it or de-identify it, except that we may retain de-identified or aggregated information indefinitely.

8. Your Privacy Rights and Choices

8.1 Common rights

Depending on where you live and the law that applies to your personal information, you may have the right to:

  • know what personal information we process about you and obtain a copy of it;
  • correct inaccurate or incomplete personal information;
  • request deletion of your personal information;
  • opt out of certain processing, including for direct marketing or for the “sale” or “sharing” of personal information for cross-context behavioral advertising;
  • limit our use of certain sensitive personal information;
  • port your personal information to another provider; and
  • withdraw any consent you have given (without affecting the lawfulness of prior processing).

8.2 Marketing opt-out

You can unsubscribe from our marketing emails by clicking the “unsubscribe” link in any marketing email we send you, or by contacting us at the addresses below. We may continue to send you transactional or service-related communications related to your account or to the Services.

8.3 How to exercise rights

To exercise any of the rights described above, please contact us at [email protected] or [email protected]. We will respond within the time period required by applicable law. We may need to verify your identity before fulfilling your request, and we may decline a request where permitted or required by law (for example, if a request would adversely affect the rights of others or if we are legally required to retain the information). You may also designate an authorized agent to make a request on your behalf, subject to verification.

8.4 Where we are a processor

Where LemonLime processes personal information on behalf of a Customer (see Section 1.2), we will direct your request to the relevant Customer and assist them in responding as required by our agreement with that Customer and by applicable law. If you would like to exercise rights with respect to personal information processed by a Customer through the Services, you should contact the Customer directly.

8.5 No discrimination

We will not discriminate or retaliate against you for exercising your privacy rights.

9. Notice for Residents of California (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), provides additional rights regarding your personal information. The information in this Section 9 supplements, and should be read together with, the rest of this Policy.

9.1 Categories of personal information collected

In the past twelve (12) months, we have collected the following categories of personal information identified in the CCPA:

  • identifiers (such as name, email, phone, IP address, account ID);
  • information described in Cal. Civ. Code §1798.80 (such as billing or contact information);
  • commercial information (such as records of services purchased and usage);
  • internet or other electronic network activity information (such as Site browsing, interaction with the Services, and device information);
  • geolocation data (general location inferred from IP address);
  • audio, electronic, visual, or similar information (such as call or meeting recordings, where permitted);
  • professional or employment-related information (such as job title, employer, or, for job applicants, work history);
  • inferences drawn from any of the above; and
  • Customer Data, the contents of which are determined by Customer.

9.2 Purposes and recipients

We collect, use, and disclose these categories for the business and commercial purposes described in Sections 3 and 4, and disclose them to the categories of recipients described in Section 4.

9.3 Sale or sharing of personal information

We do not sell personal information for monetary consideration. Like many businesses, however, we use third-party advertising and analytics Cookies on the Site, which may constitute a “sale” or “sharing” of personal information for cross-context behavioral advertising under the CCPA. California residents may opt out of these activities by using the “Do Not Sell or Share My Personal Information” link or cookie-preferences tool on the Site, by emailing us at [email protected], or by sending a Global Privacy Control (GPC) signal in a supported browser. We do not knowingly sell or share for cross-context behavioral advertising the personal information of consumers under the age of sixteen (16).

9.4 Sensitive personal information

We do not use or disclose sensitive personal information for purposes that, under the CCPA, give rise to a right to limit such use.

9.5 Your CCPA rights

California residents have the right to (a) know the categories and specific pieces of personal information we have collected, the categories of sources, the purposes for collection or use, and the categories of third parties to whom we disclose it; (b) request deletion of personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of personal information; (e) limit the use or disclosure of sensitive personal information (where applicable); and (f) not be discriminated against for exercising these rights. To exercise these rights, contact us at [email protected]. We may verify your identity by matching information you provide with information we hold. You may use an authorized agent, who must provide proof of authorization.

9.6 Shine the Light

California Civil Code Section 1798.83 entitles California residents to request information about the disclosure of certain categories of personal information to third parties for their direct-marketing purposes. We do not share personal information with third parties for their own direct-marketing purposes. To make such a request, contact us at [email protected].

9.7 Complaints

California residents may report privacy complaints to the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834, or by telephone at (800) 952-5210 or (916) 445-1254.

10. Notice for Residents of Other U.S. States

Residents of certain other U.S. states (including Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia) may have rights under their state privacy laws similar to those described in Section 8 and Section 9, including rights to access, correct, delete, port, and opt out of certain processing of their personal information. To exercise these rights, contact us at [email protected]. We will respond within the time period required by applicable law and may verify your identity before responding. If we deny your request, you may have the right to appeal that decision; instructions for appealing will be included in our response.

Nevada residents: Nevada law allows residents to opt out of the sale of certain “covered information.” We do not sell covered information as defined under Nevada law. If you have questions about our Nevada privacy practices, please contact us at [email protected].

11. Notice for Residents of the EEA, the UK, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, additional information applies to our processing of your personal information.

11.1 Controller

For the purposes of the EU General Data Protection Regulation (the “GDPR”), the UK GDPR, and the Swiss Federal Act on Data Protection, LemonLime AI Inc. is the controller of personal information processed about you when we act as controller (see Section 1.3). When we act as a processor on behalf of a Customer (see Section 1.2), the Customer is the controller.

11.2 Legal bases

We process your personal information on the legal bases described in Section 3.1 (contract performance, legitimate interests, legal obligation, and consent).

11.3 Your rights

Subject to applicable law, you have the right to access, correct, delete, restrict, or object to the processing of your personal information; the right to data portability; and the right to withdraw consent. You also have the right to lodge a complaint with your local data-protection authority (in the UK, the Information Commissioner’s Office). We would, however, appreciate the chance to address your concerns first; please contact us at [email protected].

12. International Data Transfers

LemonLime is headquartered in the United States, and we operate globally. Personal information we process may be transferred to, stored, and processed in the United States and other jurisdictions where LemonLime, its affiliates, or its service providers maintain operations. The data-protection laws of these jurisdictions may not be equivalent to those in your country.

Where we transfer personal information from the EEA, the UK, or Switzerland to a country that has not been deemed to provide an adequate level of protection by the European Commission, the UK Information Commissioner’s Office, or the Swiss Federal Data Protection and Information Commissioner, as applicable, we use appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and supplementary measures as recommended by the European Data Protection Board. You may request a copy of the relevant safeguards by contacting us at [email protected].

13. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These include encryption of data in transit, access controls, multi-factor authentication, monitoring, vendor due diligence, and employee training. No security measure is perfect, however, and we cannot guarantee that personal information will never be subject to unauthorized access. You are responsible for maintaining the confidentiality of any account credentials and for promptly notifying us of any suspected unauthorized access.

14. Children

Our Site and Services are not directed to children under the age of sixteen (16), and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

15. Third-Party Sites and Services

The Site and the Services may contain links to, or integrations with, third-party websites, applications, and services that we do not own or control. This Policy does not apply to those third parties. We encourage you to review the privacy policies of any third party before providing personal information to it.

16. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you by posting the updated Policy on the Site and updating the “Last Updated” date above, and where required by law we will provide additional notice (such as by email or in-product notice). Your continued use of the Site or the Services after the effective date of the updated Policy constitutes your acknowledgment of the updated Policy.

17. Contact Us

If you have questions about this Policy or our privacy practices, or to exercise any of your privacy rights, please contact us:

LemonLime AI Inc.
Attn: Privacy209 9th Street, Suite 300San Francisco, California 94103
General privacy and support inquiries: [email protected]Legal and formal privacy requests: [email protected]Website: https://lemonlime.ai
LemonLime
The knowledge layer powering AI for your business.
Product
PricingKnowledge
Company
AboutCareers
Support
SupportPrivacyTermsSecurity
© 2026 LemonLime. All rights reserved.
Google, Gmail, Google Drive, Google Calendar, GitHub, Linear, Dropbox, Microsoft, Outlook, OneDrive, SharePoint, and Notion are trademarks of their respective owners. Use of these marks does not imply endorsement.