L

Lilli

Super Intelligence for Projects & Tasks

Privacy Policy

Last updated: January 5, 2026

Our Commitment to Your Privacy

At Lilli, your data is yours. We built Lilli with a local-first architecture because we believe your projects, tasks, and plans deserve the highest level of protection. This policy explains what data we collect, how we use it, and how we protect it.

Information We Collect

Account Information

When you create an account, we collect your email address for authentication and communication purposes. We do not require your name, phone number, or other personal identifiers.

Waitlist Information

If you join our waitlist, we collect your email address and optional information about your role and current tools to help us understand our users better.

Usage Data

We collect anonymous usage analytics to improve Lilli. This includes feature usage patterns, error reports, and performance metrics. This data is aggregated and cannot be used to identify you personally.

Your Project Data

Your projects, tasks, notes, and plans are stored locally on your device by default. When you use cloud sync or AI features, this data is encrypted in transit and at rest.

How We Use AI Providers

Lilli uses AI to help you plan and manage projects. We partner with industry-leading AI providers including:

  • Anthropic (Claude)
  • OpenAI (GPT models)
  • Google (Gemini)

What We Share with AI Providers

When you use AI features, we send only the specific context needed to generate helpful responses. This may include project names, task descriptions, and meeting transcripts you explicitly choose to process.

What We Never Share

We never send personally identifiable information (PII) to AI providers. Your email address, account credentials, and other personal identifiers are never included in AI requests.

Data Processing Agreements

We maintain Data Processing Agreements (DPAs) with all our AI providers. These agreements ensure that:

  • Your data is not used to train their models
  • Your data is processed securely and deleted after use
  • Providers meet industry-standard security requirements
  • Data is handled in compliance with applicable privacy laws

Your Control Over Your Data

You have full control over your data in Lilli:

  • Local-first: Your data lives on your device by default
  • AI is optional: You can use Lilli without any AI features
  • Export anytime: Download all your data at any time
  • Delete anytime: Request complete deletion of your account and data
  • Selective sync: Choose what syncs to the cloud

Data Security

We implement industry-standard security measures to protect your data:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • SOC 2 compliant infrastructure providers
  • Strict access controls and audit logging

Cookies and Tracking

We use essential cookies for authentication and session management. We use privacy-respecting analytics (Vercel Analytics) that do not track you across websites or sell your data to advertisers.

Third-Party Services

In addition to AI providers, we use the following services:

  • Supabase: Authentication and database (with DPA)
  • Vercel: Hosting and analytics (with DPA)
  • Stripe: Payment processing (PCI-DSS compliant)

Children's Privacy

Lilli is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of Lilli after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or your data, please contact us at privacy@lilli.app

← Back to home