Privacy Policy
Last updated: January 6, 2026
Raday ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our project management application ("the Service").
We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
1. Data Controller
Raday is operated by Lantharos, which acts as the data controller for the personal data collected through the Service. For any privacy-related inquiries, please contact us at hello@lantharos.com.
2. Information We Collect
2.1 Information You Provide
When you create an account and use the Service, we collect:
- Account information: Email address, name, and password (stored securely hashed using Argon2)
- Two-factor authentication data: TOTP secret keys if you enable 2FA
- User content: Projects, tasks, notes, documents, and any other content you create
- Collaboration data: Project memberships, invitations, and permissions
- Preferences: Theme settings, sidebar preferences, and default view settings
2.2 Information Collected Automatically
When you use the Service, we automatically collect:
- Session data: Session tokens for authentication (stored as hashed values)
- Activity logs: Internal logs of actions like creating projects, completing tasks, etc. (for service functionality only, not shared with third parties)
3. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Contract performance: Processing necessary to provide the Service to you (Article 6(1)(b))
- Legitimate interests: Processing for security, fraud prevention, and service improvement (Article 6(1)(f))
- Consent: Where you have given explicit consent for specific processing activities (Article 6(1)(a))
- Legal obligation: Processing required to comply with applicable laws (Article 6(1)(c))
4. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Create and manage your account
- Authenticate your identity and maintain session security
- Enable collaboration features and project sharing
- Process your preferences and settings
- Respond to your inquiries and provide support
- Detect, prevent, and address technical issues and security threats
- Comply with legal obligations
5. Data Sharing and Third Parties
We share your data with the following third-party service providers:
| Service | Purpose | Data Shared |
|---|---|---|
| Neon (PostgreSQL) | Database hosting | All user data (encrypted in transit) |
| Google Fonts | Font delivery | IP address, User-Agent (via font requests) |
| Railway | Real-time collaboration server hosting | Document content, session tokens, user presence |
| Vercel | Application hosting | Request data, IP addresses |
We do not sell your personal data. We do not use third-party analytics or advertising services.
6. Cookies
We use a single essential cookie for authentication purposes:
| Cookie | Purpose | Duration |
|---|---|---|
| session | Authentication - keeps you logged in | 30 days |
This is a strictly necessary cookie required for the Service to function. We do not use tracking, analytics, or advertising cookies. For more information, see our Cookie Policy.
7. Data Retention
We retain your data as follows:
- Account data: Retained until you delete your account
- User content: Retained until you delete it or delete your account
- Session data: Automatically deleted after 30 days of inactivity
- Activity logs: Retained for service functionality purposes
When you delete your account, all associated data is permanently deleted from our systems, including all projects, tasks, notes, and documents.
8. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Passwords are hashed using Argon2 (industry-standard secure hashing)
- Session tokens are SHA-256 hashed before storage
- All data transmitted using HTTPS/TLS encryption
- Two-factor authentication available for additional account security
- Regular security updates and monitoring
9. Your Rights
Under GDPR and other applicable laws, you have the following rights:
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your data ("right to be forgotten")
- Right to restriction: Request limitation of processing
- Right to data portability: Request your data in a portable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, please contact us at hello@lantharos.com. We will respond to your request within 30 days.
You can delete your account at any time from the Settings page, which will permanently delete all your data.
10. International Data Transfers
Your data may be processed in countries outside your country of residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Ensuring recipients are in countries with adequate data protection laws
- Implementing appropriate technical and organizational security measures
11. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.
12. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights:
- Right to know what personal information we collect and how it's used
- Right to delete your personal information
- Right to opt-out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your privacy rights
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated "Last updated" date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at hello@lantharos.com.
If you are located in the European Economic Area and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.