Privacy Policy

Lyra Recovery (a Lyra Technology Group company), established in South Carolina, United States, is the “controller” of personal information described in this Policy. Contact: info@lyrarecovery.com.

• Contact & intake data: name, company, email, phone, role, and any incident details you submit through our forms (Contact, Recovery Intake, Partner forms).
• Account data (staff/partner portal only): email, name, role, authentication identifiers.
• Technical data: IP address, browser/user agent, referring URL, pages viewed, timestamps. Collected via server logs and — only with your consent — Google Analytics.
• Cookies: strictly necessary cookies for session/security, and (only with consent) Google Analytics cookies.

We do not knowingly collect data from children under 16.

• Respond to inquiries and deliver incident response services — performance of a contract or pre-contract steps (Art. 6(1)(b)).
• Operate, secure, and protect the site — legitimate interests (Art. 6(1)(f)).
• Comply with legal, regulatory, and breach-notification obligations — legal obligation (Art. 6(1)(c)).
• Analytics — your consent (Art. 6(1)(a)). You can withdraw consent anytime.

We share personal information with:

• Service providers: hosting (Cloudflare, Lovable), database/auth (Supabase), email infrastructure, and analytics (Google) — only as needed to deliver our services.
• Affiliates within the Lyra Technology Group when engaged on your incident.
• Authorities when required by law, court order, or to protect rights and safety.

We do not sell personal information for money, and we do not use it for cross-context behavioral advertising. Sharing for analytics with your consent may qualify as “sharing” under CCPA/CPRA — you can opt out below.

We are based in the United States. If you contact us from the EEA, UK, or Switzerland, your information will be transferred to the US under appropriate safeguards (Standard Contractual Clauses with sub-processors where applicable).

We retain intake/contact data for as long as needed to provide services and meet legal/contractual obligations (typically up to 7 years for incident records), then delete or anonymize it. Analytics data uses Google’s default retention (up to 14 months).

Depending on where you live, you may have the right to access, correct, delete, port, restrict, or object to our processing; to withdraw consent; to opt out of sale/sharing and limit use of sensitive personal information; and to non-discrimination for exercising these rights. EEA/UK residents can lodge a complaint with a supervisory authority.

Submit a request at /privacy-request or email info@lyrarecovery.com. We’ll verify your identity and respond within 30 days (GDPR) or 45 days (CCPA), with one allowable extension.

In the last 12 months we have collected the categories of personal information listed in Section 2 (identifiers, professional/employment information, internet activity, geolocation derived from IP). We disclose those categories to the service providers in Section 4. We do not sell personal information; we may share analytics-cookie data with Google for site improvement, which you can opt out of via our cookie banner or the Do Not Sell or Share request.

We use industry-standard administrative, technical, and physical safeguards (encryption in transit, least-privilege access, audit logging, MFA). No method of transmission or storage is 100% secure.

We may update this Policy from time to time. We’ll change the effective date above and, for material changes, provide additional notice.

Lyra Recovery — Privacy Office, South Carolina, USA. info@lyrarecovery.com.