Privacy Policy

Last updated: May 15, 2026

1. Who we are

LR180 PRO ("we", "us") provides a company-side labor relations platform to enterprise customers ("Customer"). This policy describes how we process personal data in connection with the platform.

2. Data we process

Account data (name, work email, role), Customer-uploaded employee records, attendance, incidents, grievance documents, and witness statements. Service telemetry (logs, IP, user agent) for security and reliability.

3. Roles under GDPR/CCPA

For Customer-uploaded employee data, the Customer is the controller and LR180 PRO is the processor. For account data of Customer's authorized users, we act as controller for security and account administration.

4. Subprocessors

Supabase (database, auth, storage), Cloudflare (edge runtime), Anthropic (AI grievance drafting — Customer content sent under zero-retention terms). The current list is available on request.

5. Security

TLS 1.3 in transit, AES-256 at rest, per-tenant Row Level Security isolation, leaked-password protection on signup, audit logs, and SSO support. SOC 2 audit in progress.

6. Retention

Customer data is retained for the duration of the subscription and deleted within 30 days of termination, except where legal hold or statutory retention applies.

7. Your rights

If you are an employee whose data the Customer uploaded, please contact your employer to exercise access, correction, or deletion rights. We will assist the Customer in responding within applicable timelines.

8. Contact

Privacy questions: privacy@lr180.app. Data subject requests via your Customer administrator.