Privacy

We collect only the information needed to operate Red Lion and to support the founders, reviewers, and partner organizations who use it. In practice that includes:

• Account information — name, email, password (stored hashed), and the role assigned by the invite code used to sign up.
• Access request information — the details submitted on the public Request Access form (organization, contact, role, program details, use case).
• Workspace content — ventures, drafts, tracker entries, module reviews, and any other content you produce while using the product.
• Comments and reviews — comments left on a venture analysis, including the section, the text, and (when the comment was made through a public share link) any optional name the commenter provided.
• Share-link activity — timestamps for when a share link was created, accessed, or revoked. We do not embed tracking pixels in shared content.
• Basic technical data — standard server logs (IP address, request path, status code, user agent) used to operate and secure the service.

• To provide the workspace, analysis, sharing, and review features.
• To authenticate users and enforce access controls.
• To respond to support and access-related correspondence.
• To diagnose problems, improve product quality, and protect the service from abuse.
• To communicate transactional information — for example, sending an invite code after an access request is approved.

We do not sell personal information, and we do not use workspace content for advertising.

• You and your collaborators. Founders see their own venture. Reviewers and program admins see the ventures within their cohort.
• People you share with. Anyone with a valid, unrevoked share link can view the venture analysis it points to. Revoking a link removes access.
• Service providers. We rely on a small number of infrastructure vendors to host data, send transactional email, and operate the underlying database. They process data on our behalf under contractual confidentiality obligations.
• Legal and safety. We may disclose information when required by law, to protect the service and its users, or to investigate suspected abuse.

We use standard practices to protect data: TLS in transit, encrypted storage at rest, role-scoped access, and minimum- privilege server credentials. No system is perfectly secure. We design for the realistic case and disclose meaningfully if something goes wrong.

To report a vulnerability, see our security page.

We retain account and workspace data for as long as your account is active. If you ask us to delete your account, we remove it and the associated workspace content within a reasonable period, except where we are required to retain records for legal or operational reasons (for example, audit trails of share-link activity).

Access requests are retained so we can review historical intake and audit who was granted access; you can ask us to remove a submitted request via the contact address below.

• You can update your profile and venture content at any time from inside the workspace.
• You can revoke any share link you created from the analysis view.
• You can request deletion of your account by emailing the address below.

Red Lion is intended for use by adults, and within secondary- education programs only under the supervision of the program. It is not directed at children under 13, and we do not knowingly collect personal information from them.

We may update this policy as the product evolves. Material changes will be reflected in the “Last updated” date at the top of this page. Continued use of Red Lion after a change constitutes acceptance of the updated policy.