Privacy Policy

Last Updated: March 13, 2026 Effective Date: March 13, 2026

Lep-Q Technologies LLC ("Lep-Q," "we," "us," or "our") operates Sensemaker, a read-it-later and knowledge management application available at https://sensemaker.app (the "Service"). This Privacy Policy describes how we collect, use, store, share, and protect your information when you use our Service.

By creating an account or using Sensemaker, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

Account information: Name, email address, and password when you create an account. If you sign in with Google, we receive your Google profile name and email.
Content you save: Articles, PDFs, EPUBs, highlights, notes, tags, and topics you create
Subscription information: Billing details processed through Stripe (we do not store your credit card number)
Communications: Emails you send to our support address

1.2 Information Collected Automatically

Usage analytics: Pages visited, features used, and interaction patterns (via PostHog)
Device information: Browser type, operating system, and device identifiers
Log data: Request timestamps, request IDs, and error logs. IP addresses are used for rate limiting and security but are not stored in application logs.

1.3 Content Received via Email

When you subscribe to newsletters through Sensemaker, emails sent to your unique inbox.sensemaker.app address are:

Processed to extract article content (title, author, body text)
Stored as articles in your library
The original email metadata (sender, subject, date) is retained for subscription management

1.4 Uploaded Documents

PDF and EPUB files you upload are stored on Cloudflare R2 (object storage infrastructure). Files are accessible only to your account.

2. How We Use Your Information

We use the information we collect to:

Provide the Service: Save, store, and display your content across devices
AI processing (subscribers): Generate content summaries, auto-tag content, and identify connected highlights using AI providers (see Section 4)
Send emails: Transactional emails (verification, password reset) via Postmark. Weekly digest emails if you opt in.
Improve the Service: Understand aggregate usage patterns to fix bugs and develop features
Ensure security: Detect and prevent unauthorized access and abuse

We do NOT:

Sell or rent your personal information to third parties
Share your data with advertisers or data brokers
Use your content for AI model training
Store your Google account password or bank credentials

We share your information only in the following circumstances:

3.1 Service Providers

We use third-party services to operate Sensemaker:

Provider	Purpose	Data Shared
Anthropic (Claude)	AI summaries, tagging, suggested highlights	Article content (processed, not retained by provider)
Stripe	Subscription billing	Email, payment details (handled by Stripe)
Postmark	Email delivery	Email address, email content
PostHog	Product analytics	Anonymized usage events
Cloudflare	DNS, email routing, R2 storage	Domain queries, uploaded documents
Hetzner	Server hosting	All data at rest (encrypted)

3.2 Legal Requirements

We may disclose your information if required by law, court order, or government request.

3.3 Business Transfers

If Lep-Q is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

4. AI Data Processing

4.1 What AI Processes

For subscribers with AI features enabled, the following content is sent to AI providers for processing:

Article text (for summaries and tagging)
Highlight text (for suggested connections)

4.2 How AI Providers Handle Your Data

Content is processed in real-time and not retained by the AI provider after the request completes
AI-generated outputs (summaries, tags, suggestions) are stored in your Sensemaker account
Your content is not used to train AI models

4.3 Opting Out

You can disable AI features individually in Settings:

AI auto-tagging: toggle off
Suggested highlights: toggle off
Weekly digest: toggle off

Disabling these features stops content from being sent to AI providers.

5. Data Storage and Security

5.1 Where Your Data Is Stored

Application data (accounts, articles, highlights, tags): PostgreSQL database on a Hetzner VPS in Germany
Uploaded documents (PDFs, EPUBs): Cloudflare R2 (globally distributed object storage)
Email processing: Postmark (US-based)
Analytics: PostHog Cloud

5.2 Security Measures

Passwords are hashed with bcrypt (12 rounds)
All connections use TLS encryption (Let's Encrypt certificates)
JWT tokens for authentication with configurable expiration
Database connections use SSL
Uploaded documents are accessible only via signed, time-limited URLs
Structured logging with PII redaction (no passwords, tokens, or sensitive data in logs)

6. Data Retention

Data Type	Retention Period
Account information	Until account deletion
Saved articles and highlights	Until you delete them or your account
Uploaded documents	Until you delete the library item or your account
Newsletter emails (processed)	Until you delete the article or your account
Usage analytics	12 months
Server logs	30 days
Deleted account data	Removed within 30 days of deletion request

7. Your Rights

7.1 Access and Export

You can export all your data from Profile > Export Data. This includes your articles, highlights, notes, and tags.

7.2 Deletion

You can delete your account from Profile > Danger Zone. Account deletion removes:

Your account information
All saved articles, highlights, notes, and tags
All uploaded documents from R2 storage
All newsletter subscription aliases

Deletion is processed within 30 days.

7.3 Correction

You can edit your profile information and content at any time within the Service.

7.4 Opt Out of Analytics

Disable usage analytics in Settings. This stops PostHog from collecting usage events for your account.

8. Children's Privacy

Sensemaker is not directed at children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, contact us at [email protected].

9. International Users

Your data may be processed in countries other than your own (primarily Germany for hosting and the US for email and AI processing). By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Service. The "Last Updated" date at the top reflects the most recent revision.

11. Contact

For privacy questions or data requests, contact us at:

Email: [email protected]

Lep-Q Technologies LLC Massachusetts, United States

1. Information We Collect​

1.1 Information You Provide Directly​

1.2 Information Collected Automatically​

1.3 Content Received via Email​

1.4 Uploaded Documents​

2. How We Use Your Information​

3. How We Share Your Information​

3.1 Service Providers​

3.2 Legal Requirements​

3.3 Business Transfers​

4. AI Data Processing​

4.1 What AI Processes​

4.2 How AI Providers Handle Your Data​

4.3 Opting Out​

5. Data Storage and Security​

5.1 Where Your Data Is Stored​

5.2 Security Measures​

6. Data Retention​

7. Your Rights​

7.1 Access and Export​

7.2 Deletion​

7.3 Correction​

7.4 Opt Out of Analytics​

8. Children's Privacy​

9. International Users​

10. Changes to This Policy​

11. Contact​