Privacy Policy

Last updated: March 28, 2026 · Lyra Labs · [email protected]

What We Collect

When an end user completes a LyraAuth challenge, we collect:

The challenge response (text or selection)
Response timing (milliseconds)
A random session identifier (not linked to any personal identity)
Browser user agent string

We do not collect: names, email addresses, IP addresses, cookies, or any cross-site tracking data.

How We Use It

Bot detection: Determine whether the respondent is human
AI training: Anonymized responses become training examples for Lyra AI models
Service improvement: Aggregate analytics to improve challenge quality

AI Training Disclosure

By answering a LyraAuth challenge, users consent to their anonymized response being used to train AI models operated by Lyra Labs. This disclosure is shown directly in the LyraAuth widget at the time of challenge completion.

Data Retention

Session tokens: deleted within 24 hours of verification
Anonymized training records: retained indefinitely (no personal data linkage)
User agent strings: retained for 30 days then deleted

Your Rights (GDPR / CCPA)

If you are in the EU, UK, or California, you have the right to access, correct, or delete your data. Since responses are anonymized and not linked to any identity, we cannot identify individual records. To exercise rights: [email protected]

No Third-Party Tracking

We do not sell data to third parties. We do not use advertising networks. We do not fingerprint users across websites. This is the opposite of Google reCAPTCHA.

Contact

[email protected]