← Back to Home

Privacy Policy

Last Updated: January 19, 2026

TL;DR - The Short Version

  • Your candidate data stays on YOUR infrastructure - we never have access
  • This website uses privacy-friendly Vercel Analytics (no cookies)
  • We collect your email only if you book a demo
  • We don't sell data to anyone
  • You can request data deletion anytime

Two Different Things

This policy covers two separate situations:

  1. This marketing website (ats.lemonbrand.io) - what you're reading now
  2. The ATS software that gets deployed to your infrastructure

They're very different from a privacy perspective. Let's be clear about both.

1. This Marketing Website

What We Collect

Analytics (Automatic)

We use Vercel Analytics - a privacy-friendly analytics service. It collects:

  • Page views (which pages you visit)
  • Referrer (how you found us)
  • Country-level location
  • Device type (mobile/desktop)

What it doesn't collect: Personal information, cookies, IP addresses, or cross-site tracking. You're anonymous to us.

Demo Bookings (When You Book)

If you book a demo through Cal.com, we collect:

  • Your name
  • Your email address
  • Your timezone
  • Any notes you add to the booking

This is stored by Cal.com and used only to schedule and conduct the demo call.

Email Contact (When You Email Us)

If you email hello@lemonbrand.io, we receive your email address and message content. Standard email stuff.

What We Don't Collect

  • We don't use tracking cookies
  • We don't run retargeting ads
  • We don't collect payment info on this site (payments happen during onboarding)
  • We don't build profiles of visitors

Third-Party Services (Marketing Site)

ServicePurposeTheir Privacy Policy
VercelWebsite hosting & analyticsvercel.com/legal/privacy-policy
Cal.comDemo bookingcal.com/privacy

2. The ATS Software (Your Deployment)

The Key Point

We don't have access to your candidate data.

The ATS runs entirely on your infrastructure. Your Vercel account. Your Convex database. Your Clerk authentication. We deploy it, train you on it, and then step back. Your data never touches our servers.

What Data the ATS Stores (On Your Infrastructure)

The software you deploy will store:

  • Candidate information: Names, emails, resumes, application data
  • Job postings: Titles, descriptions, salary ranges, requirements
  • Interview records: Dates, notes, status changes
  • Notification history: When candidates were notified, email content
  • Audit logs: Who did what, when (for compliance)
  • User accounts: Your HR team's login information

Data Retention (Your Responsibility)

The ESA requires 3-year retention of hiring records. The ATS is configured to support this by default. You control retention policies. You can export or delete data according to your legal requirements.

Third-Party Services (Your ATS Deployment)

Your deployed ATS uses these services (accounts you create and control):

ServicePurposeData Stored
VercelFrontend hostingApplication code, no candidate data
ConvexDatabaseAll candidate and job data
ClerkAuthenticationHR team user accounts
Microsoft 365 (optional)Email & calendarIntegration tokens only

You have direct relationships with these providers. Review their privacy policies and terms for your compliance obligations.

Support Access

During your support period, you may grant us temporary access to troubleshoot issues. This access is:

  • Only granted when you explicitly request help
  • Limited to what's needed to resolve the issue
  • Revoked when the issue is resolved
  • Logged in your audit trail

We don't retain copies of your data from support sessions.

Your Rights

For Marketing Website Data

You can:

  • Request your data: Email us, we'll send what we have
  • Request deletion: We'll delete your booking info and any emails
  • Unsubscribe: If we ever email you, one-click unsubscribe

For ATS Data (Your Deployment)

You control this entirely. Export it, delete it, modify it - it's your system. We can't access it without your permission.

Candidate Rights (For Your ATS Users)

Note for employers: When you deploy the ATS, you become the data controller for candidate information. You're responsible for:

  • Having a privacy policy for your careers site
  • Responding to candidate data access requests
  • Complying with PIPEDA and provincial privacy laws
  • Proper data retention and deletion

The ATS includes features to help (data export, deletion tools), but compliance is your responsibility.

Security

Marketing Website

  • HTTPS encryption on all connections
  • Hosted on Vercel's secure infrastructure
  • No sensitive data stored

ATS Software

  • Role-based access control
  • Encrypted data at rest (Convex)
  • Encrypted data in transit (HTTPS)
  • Audit logging of all actions
  • Authentication via Clerk (supports 2FA)

International Transfers

Lemonbrand is based in Ontario, Canada. The marketing website and third-party services may process data in the United States (Vercel, Cal.com infrastructure).

For your ATS deployment, data location depends on your Convex configuration. Convex offers region selection for data residency requirements.

Children

This is B2B software for employers. We don't knowingly collect data from anyone under 18. If you're a minor, this service isn't for you.

Changes to This Policy

We may update this policy. Changes will be posted here with an updated date. Material changes will be announced via email to active customers.

Contact

Privacy questions or data requests:

Email: hello@lemonbrand.io

We'll respond within 48 hours.

Summary

Marketing Website

  • • Privacy-friendly analytics
  • • No tracking cookies
  • • Email only if you book a demo
  • • We control this data

Your ATS Deployment

  • • Runs on YOUR infrastructure
  • • We have no access
  • • You control all data
  • • You're the data controller