Privacy Policy

Last updated: January 2025

Lemonade Password Manager ("Lemonade", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our password management service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address (used for authentication via Google Sign-In)
• Display name (from your Google account)
• Profile photo URL (from your Google account)

1.2 Encrypted Data

We store the following data in encrypted form:

• Passwords and credentials you save
• Env Vault files and secrets
• Notes and additional information you add to entries

Important: Your passwords are encrypted using AES-256-GCM encryption before being stored. We cannot read or access your actual passwords.

1.3 Usage Data

We automatically collect:

• Device type and browser information
• IP address (for security purposes)
• Feature usage patterns (anonymized)
• Error logs (for debugging)

2. How We Use Your Information

We use collected information to:

• Provide and maintain the Lemonade service
• Authenticate your identity
• Sync your encrypted data across devices
• Send important service notifications
• Improve our service and fix bugs
• Detect and prevent fraud or abuse

3. Data Security

We implement industry-standard security measures:

• Encryption: All passwords are encrypted using AES-256-GCM before storage
• Transport Security: All data is transmitted over HTTPS/TLS
• Infrastructure: We use Google Cloud Platform and Firebase, which are SOC 2 compliant
• Access Control: Strict access controls limit who can access systems

4. Data Sharing

We do NOT sell your personal data. We may share data only in these cases:

• Service Providers: Google (Firebase) for authentication and storage
• Legal Requirements: When required by law or to protect our rights
• With Your Consent: When you explicitly share passwords with other users

5. Data Retention

We retain your data for as long as your account is active. When you delete your account:

• Your encrypted passwords are permanently deleted within 30 days
• Anonymized usage data may be retained for analytics
• Backup copies are deleted within 90 days

6. Your Rights

You have the right to:

• Access: Request a copy of your data
• Correction: Update or correct your information
• Deletion: Delete your account and all associated data
• Export: Export your passwords in a standard format
• Withdraw Consent: Revoke access at any time

7. Cookies and Tracking

We use minimal cookies necessary for:

• Authentication and session management
• Security and fraud prevention

We do NOT use advertising cookies or third-party trackers.

8. Children's Privacy

Lemonade is not intended for users under 16 years of age. We do not knowingly collect data from children.

9. International Data Transfers

Your data may be processed in the United States or other countries where Google Cloud operates. We ensure appropriate safeguards are in place for international transfers.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or in-app notification.

11. Contact Us

For privacy-related questions or requests, contact us at:

• Email: privacy@lemonade-pass.com

12. GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under GDPR including the right to lodge a complaint with your local data protection authority.

← Back to Home