Skip to content

Lyrion Privacy Policy

Our team promises to never sell your data and to protect your privacy at all times.

This Privacy Policy is designed to help you understand what information we collect, how we use it, and under what circumstances, if any, we share it.

  • We may update this Privacy Policy and other service-specific policies (1) to reflect changes to our products, services or operations, (2) to comply with relevant regulations and reflect new practices, or (3) to improve readability and make clarifications that our users request.

  • We may provide a more prominent notice (including email notifications) when we make material changes that all of our users should know about. This information was last updated on January 3, 2025.

Scope and Audience

(a) We at the Lyrion community ("Lyrion", "we" or "us") want this policy to be easy for everyone to understand. For this reason, the examples we provide are not exhaustive technical specifications, and we use general terms where possible.

(b) Most of our source code is publicly available on GitHub at https://github.com/LMS-Community, where it can be viewed at any time by anyone interested in implementation details and recent changes.

(c) Given the complexity of today's Internet infrastructure and the pace of technical innovation, it is impossible to provide a complete list of data types and field names for every conceivable use case. The data we can actually see (and theoretically store) largely depends on what external services and our users make available to us, as well as on the underlying protocols and libraries.

Guidelines for the Processing of Personal Data

(a) Protecting our users' privacy is part of our mission.

(b) We will always process your personal data confidentially, fairly, and in accordance with the law.

(c) We will avoid keeping personal data longer than necessary.

(d) Your personal data may only be used and disclosed when necessary to: * respond to your requests, validate and verify service requests, and provide the requested services * let you know about upcoming changes or improvements to our services * notify you of suspicious activity, quota limits, or other issues related to your account * protect our rights, property or safety, our users and the public * comply with applicable laws, regulations, legal process, or governmental requests * enforce our Privacy Policy and Terms of Service, including investigating potential violations * detect, prevent, or otherwise address fraud, security, or technical issues, including prevention of spam/malware

(e) When we share your information with external service providers or other business partners, we will ensure that they agree to obligations consistent with these guidelines and other appropriate confidentiality and security measures.

Your Rights and Choices

(a) You understand that by using the software and services we provide, you agree to the collection and use of this information, including the transfer of this information to the United States of America and/or other countries for storage, processing and use by us.

(b) If you agree not as an individual, but on behalf of your company, government, or other entity for which you are acting (e.g., as an employee or government official), then "you" or "Customer" means your entity and you bind your entity to this Privacy Policy and our Terms of Service. You warrant that you have the legal power and authority to do so.

(c) You can access much of our website without authentication and use basic features of our Software offline and/or without signing up, which limits the amount and type of information we collect.

(d) If you have signed up to our forums and/or receive newsletters and/or general product notifications, you can unsubscribe at any time. To do so, click the "unsubscribe" or "opt-out" link in the emails you receive, or go to your forum profile’s "Privacy" section to delete your account. Even if you opt out, we may continue to contact you if there are problems with your customer account, such as failed transactions, and to provide the services you have requested, help you resolve problems, answer questions, comply with applicable laws and regulations, and for similar purposes.

Third-Party Products

You may choose to use or procure third-party products or services in connection with Lyrion's Software. Lyrion is not responsible for any acts or omissions of third parties, including third party access to or use of your data.

Information Not Collected

Privately Hosted Data

(a) Self-hosting is the easiest way to stay in control and protect your privacy. Data that never leaves your private network cannot be collected by anyone, including us.

(b) Do not install our software on a public server outside your home network or expose it to the internet. Your files and passwords will otherwise be transmitted in clear text and can be intercepted by anyone, including your provider, hackers, and governments.

(c) It is your personal responsibility to make backup copies of your private data and ensure that they are kept secure. Do not upload unencrypted backup copies of your private data to the cloud.

(d) Using certain features requires communication with external services to retrieve the necessary data, such as music files, which are not included in the downloadable app due to high maintenance and system requirements as well as licensing restrictions.

Information Collected and Stored

1. Service Accounts

This applies only to user and customer accounts stored on our servers, not to your private servers. It is your decision whether you want to sign up to enjoy additional benefits. (a) In order to provide the requested products and services, we may collect personal information, potentially personally identifying information, and other confidential information (stored as a hash that cannot be reversed, if possible). This data may be provided by you, our partners or automatically generated by our backend services. It can include your full name, email addresses, phone numbers, home and billing address, handles and social media links, usernames, language preferences, registration date, date of last authentication, date of last data change, hashed passwords, unique IDs, IP addresses, and cryptographic tokens.

Use case example:

(1) Personal, request, and authentication data, including browser type, language preference, IP address, time, country, email, username, the URL of your GitHub profile, and cryptographic tokens may be collected when you authenticate with your GitHub account to prove that you are an existing sponsor.

(2) When a new service account is created in our backend database, it will generate one or more unique IDs that can be used to identify such account and related data in the future.

(3) After you assign such information to your private Lyrion instance, it can start retrieving missing location details from our backend services. Such backend requests consist of a body part (the location for which you want the details) and a header part containing the public IP address of your private server instance (can be the same as your public home IP address if you host it at home). HTTP request header data is usually stored for at least a short period of time, unless the request fails and your server cannot reach our backend. This is common to protect our infrastructure from denial-of-service attacks, to implement load balancing, or to limit the request rate. See the following sections to learn more about related use cases involving the same, similar, and other data.

2. Third-Party Subprocessors

2.1 Payment Processors

We have or have had business relationships with the following companies and service providers to process payments for or to manage our funds: * OpenCollective.com

If you would like to learn more about the data they collect and how it is processed, you can click on the corresponding link to view their privacy policy.

In general, the following applies:

(a) When you visit their website, the  same basic information as described in Section 9 may be collected, including your IP address for at least a limited time in order to (i) provide the requested services, (ii) perform load balancing or enforce rate limits, (iii) comply with applicable laws, and (iv) detect, prevent, or respond to fraud, security, or technical issues, including the prevention of spam/malware.

(b) When you sign up, you will be asked for your credit card and billing information, which may include your business name and contact information in addition to your personal name, address, birthday, email address, and phone number. Some of this information may be shared with us, specifically to set up your account, verify payment, and generate tax reports.

2.2 Email Processors

The following providers may process emails that we send and/or receive:

If you would like to learn more about the data they collect and how it is processed, you can click on the corresponding link to view their privacy policy.

In general, email messages are not end-to-end encrypted, and the following applies:

(a) Your provider, our providers, and any provider in between, in the case of forwarding, logs transactions for at least a short period of time.

(b) This data, which includes your email address and potentially personally identifiable information such as Internet Protocol (IP) addresses, is used to provide the service and may also be used to comply with applicable laws and to detect, prevent or address fraud, security or technical issues, including the prevention of spam/malware.

2.3 Hosting, Community Chat and Forums

We use the following providers to host our documentation, chats, demo instances, source code, installation packages, and Docker images:

If you would like to learn more about the data they collect and how it is processed, you can click on the corresponding link to view their privacy policy.

2.4 Content Delivery Networks (CDN)

(1) Our primary CDN provider is CloudFlare Inc. (https://cloudflare.com), which is based in the US and fully complies with the Visit https://www.cloudflare.com/trust-hub/gdpr/ to learn more about their privacy policy.

3. Communications and Feedback

When you contact us, we store your request to help you resolve issues, answer questions, or notify you when you request it:

(a) The information we collect includes personal information such as name, company name, country, language, telephone numbers and email addresses so that we can communicate directly with you even if you are not a customer.

(b) Depending on how you contact us, the data may include additional personal or potentially personally identifying information as described in Sections 2 and 7.

4. Newsletters and Product Notifications

(a) The registration for newsletters and product notifications takes place in a so-called double opt-in process. This means that after registration you will receive an email asking you to confirm your registration.

(b) This confirmation is necessary so that no one can register with foreign email addresses. The registration for the newsletter is logged to be able to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address.

(c) You should expect all requests to our email server as well as those of our service partners to be logged for security reasons and to prevent abuse.

5. Uploads, Public Forums, Referrals and Testimonials

This section ONLY APPLIES TO DATA THAT YOU INTENTIONALLY DISCLOSE to provide it to others, communicate with them, or make it available with your consent. To avoid misunderstandings, please read these terms carefully.

(a) Content Uploads. You are responsible for your use of our Services and for all content you provide, share, sync or upload, including compliance with applicable laws, rules and regulations. Please respect the rights and privacy of others as we respect them. By uploading your content to any of our Services, which can be accessed by anyone without a password, you grant us permission to use (e.g. host, display, or convert) that content in accordance with our Terms of Service.

(b) Content Removal. If you remove your content from our Services, our systems will no longer make that content publicly available within a reasonable period, unless you have already shared copies of your content with others before you removed it. If your content was publicly available, it is possible that search engines such as Google will continue to find your content and display it as part of their search results.

(c) Public Forums. We may link to discussion forums, blogs, social media sites, or chat rooms (collectively, "Forums") on our website, app and/or docs. Any personal information you provide in such Forums may be read, collected or used by other visitors to those forums and may be used to send you unsolicited messages. We are not responsible for the personal information you provide in these Forums.

(d) Testimonials. We may publish a list of users and testimonials on our website, app and/or docs that include personal information such as names and titles. We will obtain each user's consent before publishing any information in such list or testimonials.

6. Developer Tools

Lyrion developers might ask for log files or other information about your installation.

(a) Log file can contain personal information (IP addresses, access tokens, usernames). Be careful with whom you share those files. Prefer sharing privately, rather than in a public forum.

(b) We do not store such information any longer than needed to investigate a problem.

7. Web Analytics, Request Logs and Statistics

This section covers data that is submitted to us in the standardized HTTP request headers that Browsers and other HTTP clients automatically send as part of the protocol. You can use a VPN provider and host apps like ours outside your home network to avoid the request IP being personally identifiable.

7.1 Basic Information

This is the basic information that may be collected from anyone, regardless of whether they have an account with us:

  • the service requested
  • the date and time of the request
  • browser and operating system vendor
  • language preferences as configured in your Browser
  • referring website, if any

7.2 Internet Protocol (IP) Addresses

Information collected may also contain potentially personally identifying information such as Internet Protocol (IP) addresses:

(a) Your IP address may be stored, at least for a limited time, in memory and logs automatically created by Docker, Traefik or other applications and services that are part of our infrastructure. Unless otherwise stated, we do not routinely analyze it and use it only to (i) provide the requested services, (ii) perform load balancing or enforce rate limits, (iii) comply with applicable laws, and (iv) detect, prevent, or address fraud, security, or technical issues, including the prevention of spam/malware.

(b) The Third-Party Subprocessors listed in Section 2 may also collect and analyze information about each request. They generally store the IP address in memory or logs for at least a limited time in order to (i) provide the requested services, (ii) perform load balancing or enforce rate limits, (iii) comply with applicable laws, and (iv) detect, prevent, or respond to fraud, security, or technical issues, including the prevention of spam/malware.

8. Debug Information

Our apps and backend services may store information in case of software errors. This information is for internal use only and will not be shared with third parties under any circumstances. Your personal information will be removed from bug reports before they are submitted and will only contain technical details or an anonymous identifier.

Questions?

You may contact us at [email protected] if you have any questions about this Privacy Policy, our practices, or other privacy-related topics. Visit lyrion.org/contact to view our full contact information. We do our best to respond within five business days or less.