Legal

Privacy Policy

How Leide collects, uses, stores, and protects your personal data. We are GDPR-aligned, EU-hosted, and designed from day one for engineering professionals who expect their technical work to stay confidential.

Effective date: TBD
Last updated: Draft — 16 April 2026
Jurisdiction: Norway / EU
DraftThis policy is a placeholder pending final legal review. For questions or a current data-processing summary in the meantime, contact hello@leide.ai.

Overview

Leide provides an AI engineering platform for offshore and maritime professionals. This policy explains what personal data we process when you use leide.ai, our applications, or our API, and what rights you have under the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act.

We do not sell personal data. We do not serve advertising. We do not use your engineering drawings, queries, or project content to train public AI models.

Data we collect

Account data

When you sign up, Clerk (our authentication provider) stores your email address, name, and authentication credentials. Clerk may also process session tokens, device fingerprints, and IP addresses for security purposes. See Clerk's own privacy notice at clerk.com/privacy.

Engineering content

When you use the platform, we process the technical content you submit:

  • Navigator queries — the questions you type, together with metadata (timestamp, user ID, project ID).
  • Drawing files — PDFs and images you upload to the Drawing Checker.
  • Calculator inputs and outputs — parameters you enter and the results produced.
  • Project metadata — project names, asset registers, certificates, and team invitations.

Operational data

To run the service reliably, we collect:

  • Usage logs — HTTP request logs, error traces, and feature-usage counters for debugging and billing.
  • Billing data — when you subscribe, Stripe processes your payment details; we receive only a customer ID, subscription status, and invoice metadata. We never see card numbers.
  • Support correspondence — emails you send to hello@leide.ai or messages in in-app chat.

How we use your data

We process your data only for the purposes listed below:

  • Providing the service — running your queries, analysing your drawings, storing your projects, authenticating your sessions. Legal basis: contract performance (GDPR Art. 6(1)(b)).
  • Service reliability and security — logging, monitoring, abuse prevention, backups. Legal basis: legitimate interest (Art. 6(1)(f)).
  • Billing — charging subscriptions, issuing invoices, handling refunds. Legal basis: contract performance (Art. 6(1)(b)).
  • Product improvement — aggregated, anonymised analytics about which features are used. Legal basis: legitimate interest (Art. 6(1)(f)). You may opt out — see "Your rights" below.
  • Legal compliance — responding to lawful requests, retaining invoices per Norwegian accounting law. Legal basis: legal obligation (Art. 6(1)(c)).

AI processing & sub-processors

Leide uses third-party AI providers to power the Navigator, Drawing Checker, and calculator assistance. Your queries and drawing content are sent to these providers strictly for real-time inference:

  • Anthropic (Claude models) — large-language-model inference.
  • OpenAI — embeddings and occasional inference for specific tools.
  • Pinecone — vector database for retrieval-augmented responses.

We have contractual guarantees with each AI provider that customer content submitted via their API is not used to train their models. Inference data is retained only as required for abuse monitoring (typically 30 days) and then deleted.

Other sub-processors we rely on:

  • Railway — EU-region hosting for application and database.
  • Clerk — authentication and session management.
  • Stripe — payment processing.
  • Resend — transactional email (signup confirmations, certificate expiry alerts, invoices).

Data retention

  • Account data — retained while your account is active, plus 30 days after deletion for restore requests.
  • Drawings and extracted content — processed in memory during analysis; results and audit trails retained within your project until you delete them or close the project.
  • Navigator queries — retained within your project history for retrieval; anonymised aggregates may be kept longer for quality monitoring.
  • Invoices and billing records — retained for 5 years to comply with the Norwegian Bookkeeping Act.
  • Usage logs — retained up to 90 days for security and reliability investigations, then purged.

Where your data lives

Our application, primary database, and backups are hosted on Railway's EU region. AI inference requests are routed to providers whose infrastructure may reside in the EU, the UK, or the US, depending on the provider. All cross-border transfers rely on the EU Commission's Standard Contractual Clauses (SCCs) and, where applicable, the EU‑US Data Privacy Framework.

Your rights

Under GDPR, you have the following rights over your personal data:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate data (most can be edited directly in the portal).
  • Erasure — delete your account and associated personal data.
  • Portability — export your projects and content in a machine-readable format.
  • Restriction — limit how we process your data while a dispute is resolved.
  • Objection — object to processing based on legitimate interest, including opting out of product analytics.
  • Complaint — lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) or your local supervisory authority.

To exercise any right, email hello@leide.ai. We respond within 30 days.

Security

We take reasonable and industry-standard technical and organisational measures to protect your data:

  • TLS 1.2+ encryption for all data in transit.
  • Encryption at rest for the primary database and backups.
  • Authentication and session management via Clerk, with support for MFA.
  • Strict per-user data isolation — each user can access only their own data and projects explicitly shared with them.
  • Principle of least privilege for internal staff access, with audit logging.
  • Regular dependency updates and vulnerability monitoring.

No system is perfectly secure. If you discover a vulnerability, email hello@leide.ai and we will respond promptly.

Cookies & similar technologies

Leide uses a minimal set of cookies:

  • Session cookies (Clerk) — required to keep you signed in. Strictly necessary.
  • Preference cookies — remember UI settings such as theme or sidebar state.

We do not currently use third-party advertising, tracking, or cross-site profiling cookies.

Children

Leide is a professional engineering tool and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes to this policy

We may update this policy as the platform evolves or legal requirements change. Material changes will be announced by email to active account holders at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the current version.

Contact us

Questions, requests, or complaints about privacy — email hello@leide.ai.

Data controller: Singularity Engineering AS (operating the Leide brand), Norway. Final entity details will be confirmed in the finalised policy.