Privacy Policy
Updated 2026-06-12This is the complete list of what Lab Twelve collects, where it lives, and how to make it go away. No section of this page is boilerplate.
What I collect
- Session cookie (
rapidapp_sid). A random, httpOnly first-party cookie (1 year) used to tie anonymous page views to the same browser session before you sign in. Campaign parameters from your link are stored in our Postgresutm_attributiontable as first-touch and last-touch records — not sold, not shared with ad networks. - First-party analytics events.Page views and product events (a pricing view, a chat start, a checkout) recorded in Lab Twelve's own Postgres database with a random session id, the path, and campaign parameters if your link carried them. The session id is not your identity.
- Your email, when you give it. Provided in the scope chat or a form, used to send you your quote and follow up on it.
- Scope chat transcripts. What you type at /start is kept so the scope and quote it produced stay auditable, and so the build matches what you asked for.
- Payment records.Stripe processes payments; card numbers never reach Lab Twelve's servers. I see what Stripe shares with merchants: name, email, amount, and transaction status.
- Account data, if you sign in. Name, email, and avatar from Google sign-in, used to show you your projects.
What I never do
- No third-party trackers or analytics scripts. Analytics are first-party events in Lab Twelve's own database.
- No ad pixels, ever.
- No selling or renting your data to anyone.
- No model training on your conversations. Chat transcripts go to Anthropic's API to extract your scope and are governed by Anthropic's commercial API terms, which do not use API content to train models.
Subprocessors
Four services process data on Lab Twelve's behalf. That is the whole list.
| Subprocessor | Purpose | Data it touches |
|---|---|---|
| Railway | Application and database hosting | Everything the app stores: events, lead emails, chat transcripts, project records |
| Stripe | Payment processing | Card details (Stripe-side only), billing name and email, transaction history |
| Resend | Transactional email delivery | Your email address and the contents of emails sent to you |
| Anthropic | AI scope extraction in the scope chat | Chat transcripts from /start conversations |
Retention
- Analytics events and chat transcripts: kept while they're needed to operate the service and audit quotes against delivered scope.
- Lead emails: kept until you ask for deletion or the conversation clearly ended without a project.
- Payment and tax records: kept as long as the law requires, in Stripe.
Deletion on request
Email hello@labtwelve.dev from the address you want removed. I delete your lead data, transcripts, and account within 30 days. The exception: transaction records Stripe and tax law require me to keep.
Changes and contact
When this policy changes, the dateline at the top changes with it. Questions: hello@labtwelve.dev. The terms that govern a purchase are at /terms; pricing is on the pricing page.