Privacy Policy
Lapsi ("we," "us," or "our") operates lapsi.io, a building compliance monitoring service for NYC property owners. This policy explains what information we collect, how we use it, and your rights regarding that information.
1. Information We Collect
When you create an account and use Lapsi, we collect:
- Account information: your name, email address, and phone number.
- Building information: Building Identification Numbers (BINs) and addresses you register for monitoring.
- Payment information: billing details are processed by Stripe and not stored on our servers. We retain only your Stripe customer ID.
- Usage data: pages visited, actions taken, and timestamps within the application.
We also pull publicly available compliance data from the NYC Open Data portal (elevator and boiler certificate records) on your behalf. This data is not private — it is publicly accessible.
2. How We Use Your Information
- To send you compliance deadline alerts via email and SMS.
- To manage your account and subscription.
- To improve the service and diagnose technical issues.
- To communicate important updates about the service.
We do not sell your personal information to third parties.
3. Third-Party Services
Lapsi uses third-party providers to operate the service. These include:
- Stripe — payment processing. Subject to Stripe's Privacy Policy.
- SendGrid — email delivery.
- Twilio — SMS delivery.
- Third-party cloud infrastructure providers — secure hosting, database, and authentication services.
Each provider has their own privacy practices. We share only the minimum data necessary for each service to function.
4. Data Retention
We retain your account data for as long as your account is active. If you cancel your subscription and request deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (e.g., billing records).
5. Cookies and Tracking
Lapsi uses a single session cookie to keep you logged in. We do not use advertising cookies, third-party tracking pixels, or behavioral analytics tools. No data is shared with advertising networks.
6. Security
We take reasonable technical measures to protect your data, including encrypted connections (HTTPS), access controls, and secure credential storage. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
In the event of a data breach that affects your personal information, we will notify you by email within 72 hours of discovery, as required by applicable law.
7. Your Rights
You may request access to, correction of, or deletion of your personal data at any time. To submit a request, email privacy@lapsi.io with the subject line "Privacy Request" and include your account email address. We will respond within 30 days. We will not discriminate against you for exercising these rights.
8. Children
Lapsi is not directed at children under 13. We do not knowingly collect data from minors.
9. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via email or a notice on the site. Continued use of the service after changes constitutes acceptance.
10. Contact
Questions about this policy? Email us at privacy@lapsi.io.