1. Introduction
This Privacy Policy explains how Lease Monster ("we", "us") collects, uses, and protects your information when you use our web-based ASC 842 lease accounting service.
For questions about this policy, contact us at info@leasemonster.ai.
2. Information We Collect
Account Information
- Full name and email address
- Password (hashed by our authentication provider — we never store or see your plaintext password)
- If you sign up with Google OAuth: your Google profile name and email address
Company Information
- Company name
- Fiscal year end
- Reporting currency
- Entity names (subsidiaries or divisions)
Lease Data
- All lease terms entered manually or extracted from uploaded documents (lease name, dates, payment amounts, discount rates, escalations, etc.)
- Calculated amortization schedules, journal entries, and disclosure reports
- Lease modification history and audit log
Uploaded Documents
- PDF files you upload for AI extraction, stored in encrypted private cloud storage accessible only to authenticated members of your company
Billing Information
- Stripe customer ID and subscription status
- We do not store credit card numbers, bank account details, or other payment credentials. All payment processing is handled by Stripe, which is PCI DSS compliant.
Automatically Collected Data
- Authentication session cookies (for login persistence)
- Standard server logs may record IP addresses and request metadata (provided by our hosting provider)
- Product analytics and error-monitoring metadata, including page visits, browser/device information, and application error events
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide and operate the Service | Account info, company info, lease data, uploaded PDFs |
| AI extraction of lease terms | Uploaded PDFs (sent to Google or Anthropic AI) |
| Process payments | Stripe customer ID, subscription plan |
| Send transactional emails (team invitations) | Email addresses (via Resend) |
| Communicate about your account | Email address |
| Monitor product usage and site performance | Usage analytics and technical metadata |
| Detect and diagnose application errors | User identifiers, error events, and device/browser metadata |
We do not sell, rent, or share your personal information with third parties for marketing purposes.
We do not use your lease data or uploaded documents for training AI models. PDFs are sent to third-party AI providers (currently Google and/or Anthropic) solely for real-time extraction and are subject to each provider's data handling policies.
4. Third-Party Services
We share data with the following third-party services only as needed to operate Lease Monster:
- Supabase (authentication, database, file storage) — Stores your account data, lease data, and uploaded PDFs. Encrypted at rest with row-level security enforced. Supabase Privacy Policy
- Google (AI extraction) — Uploaded PDFs may be processed by Google's Gemini API. Google's data usage policies apply. Google Cloud Privacy Notice
- Anthropic (AI extraction) — Uploaded PDFs may be processed by Anthropic's Claude API. Anthropic's data usage policies apply. Anthropic Privacy Policy
- Stripe (payment processing) — Handles all payment transactions. We send your email address to Stripe; card details are handled directly by Stripe. Stripe Privacy Policy
- Resend (transactional email) — Sends team invitation emails only. Receives recipient email addresses and invitation content. Resend Privacy Policy
- Vercel (hosting) — Hosts the application. Standard server logs may include IP addresses and user agent data. Vercel Privacy Policy
- Vercel Analytics (product analytics) — Provides aggregated traffic and usage analytics to help us understand site performance and feature adoption. Vercel Privacy Policy
- Sentry (error monitoring) — Receives application errors and technical diagnostic metadata, and may include user ID and email when you are signed in so we can investigate issues. Sentry Privacy Policy
5. Data Security
We implement the following security measures:
- All data encrypted in transit (TLS/HTTPS)
- All data encrypted at rest
- Row-level security ensures complete tenant isolation — your company's data is inaccessible to other companies
- Uploaded PDFs stored in private encrypted storage buckets
- Email verification required for account activation
- Passwords hashed using industry-standard algorithms (bcrypt)
While we implement industry-standard security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.
6. Data Retention
Your data is retained as long as your account is active. You may delete individual leases (and their associated PDFs) at any time through the application.
For full account deletion, contact info@leasemonster.ai. All personal data, company data, leases, and uploaded documents will be permanently deleted within 30 days of your request.
Stripe retains payment records independently per their own retention policies. Server logs are retained per Vercel's standard retention periods.
7. Your Rights
- Access: You can view all your data within the application at any time.
- Correction: You can edit your lease data, company information, and profile within the app.
- Deletion: Delete individual leases in-app. For full account deletion, email info@leasemonster.ai.
- Export: Amortization schedules and journal entries can be exported to Excel/CSV from within the app.
California residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of data sales. We do not sell your personal information. Contact info@leasemonster.ai to exercise these rights.
EU/EEA residents (GDPR): You have additional rights including data portability, restriction of processing, and the right to lodge a complaint with a supervisory authority. Our legal basis for processing is contract performance (providing the Service you signed up for) and legitimate interest (operating and improving the Service). Contact info@leasemonster.ai to exercise these rights.
8. Cookies
We use essential cookies required for authentication (session cookies managed by Supabase). We also use analytics and diagnostic tooling, including Vercel Analytics and Sentry, to understand traffic patterns and investigate site issues.
We do not use advertising cookies or cross-site marketing trackers. Cookie-consent requirements can vary by jurisdiction, and you should review this policy together with your legal requirements before public launch.
9. Children's Privacy
Lease Monster is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at info@leasemonster.ai and we will delete it promptly.
10. International Data Transfers
The Service is hosted in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US.
PDF data sent to AI providers (Google, Anthropic) for extraction may be processed in their data centers globally, per each provider's infrastructure policies.
11. Changes to This Privacy Policy
We may update this policy from time to time. Material changes will be communicated via email or a notice within the Service. The "Last updated" date at the top will always reflect the latest version. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
12. Contact
For questions about this Privacy Policy, data requests, or account deletion, contact us at info@leasemonster.ai.
See also our Terms of Service.