← Back to Lizr
Lizr

Privacy Policy

Last updated: May 7, 2026

What Lizr does

Lizr works a bit like a VPN, but smarter. A normal VPN sends all of your internet traffic through one tunnel. Lizr only routes the specific domains you choose — for example AI tools, research sites, or work apps — through regional gateways operated by Lizr, so they reach those services from the right country.

Everything else — banking, streaming, email, regular browsing — keeps using your normal connection and never touches Lizr. We call this selective routing.

This policy covers the Lizr website, dashboard, Chrome extension, desktop app (macOS / Windows), command-line tool, and mobile configuration profiles.

Data we collect

  • Account: email address and a hashed password (we never see your plaintext password).
  • Sign in with Google (optional): if you choose Google sign-in, Google shares your email address and display name with us. We do not request any other Google data.
  • Subscription & billing: your plan tier, entitlements, and a Stripe customer reference. Card details are entered directly into Stripe and are never stored on Lizr servers.
  • Device sessions: a per-device key and a connection timestamp, used to enforce the device limit on your plan.
  • Usage signals: aggregate counts of routed connections per domain, per region, used for billing, abuse prevention, and capacity planning.
  • Connection logs (Pro and above, ad blocking only): when ad blocking is enabled, blocked domains are logged with a timestamp so you can see what was blocked. No content is logged.
  • Support correspondence: emails you send to us at hello@lizr.app.

Data we do NOT collect

  • The content of your requests, responses, messages, or files
  • The full URLs or query strings of pages you visit
  • Browsing activity on domains outside your routing rules
  • Government-issued IDs, phone numbers, or other identifying data beyond your email

How traffic is handled

Routed traffic stays end-to-end encrypted between your device and the destination. Lizr gateways pass it along; we cannot read what you send or receive.

DNS handling

For routed domains, the lookup happens at the gateway. We do not store DNS logs tied to your account. Everything else uses your device's normal DNS and never reaches us.

Client permissions

Chrome extension

proxy
Configures Chrome to send matched domains through Lizr gateways.
storage
Stores your authentication token and settings locally on your device.
webRequest / webRequestAuthProvider
Injects proxy credentials into gateway connections only.
host_permissions (<all_urls>)
Required by Chrome for the proxy API to evaluate each request against your domain rules. No page content is read from non-matched domains.

Desktop app (macOS / Windows)

Runs a local helper that maintains the authenticated tunnel and sets a system proxy for matched domains. Stores your auth token and device key in OS keychain / credential storage. Does not log or upload browsing activity.

Command-line tool

Stores credentials in ~/.lizr/config.json (file-permissioned to your user) and opens the same authenticated tunnel as the desktop app. No telemetry beyond the version-check ping.

Mobile configuration

On iOS and Android, Lizr provides a configuration profile your phone imports into a standard tunnelling client. Your phone connects directly to the gateway; we do not run a server-side agent on your device.

Third-party processors

We use trusted third-party services for hosting, payments, sign-in, and email delivery.

We do not sell, rent, or share your personal data with advertisers or data brokers.

Cookies & analytics

The website uses essential cookies to keep you signed in and to remember your language and consent choices.

If you accept analytics in the cookie banner, we load Google Analytics (GA4) on the public website to measure traffic and improve content. Analytics are loaded with consent denied by default and only enabled after you opt in. The dashboard does not load third-party analytics on your account pages.

Data retention

  • Account & billing records — kept while your account is active, plus a short retention window after deletion to satisfy tax and accounting law.
  • Aggregate usage counts — up to 90 days, then deleted or further aggregated.
  • Ad-blocking connection logs (Pro and above) — up to 90 days, then deleted.
  • Support emails — kept for up to 24 months, then deleted.

Your rights

Wherever you live, you can ask us to:

  • access a copy of the personal data we hold about you,
  • correct anything that is wrong,
  • delete your account and associated data,
  • export your data in a portable format,
  • object to or restrict certain processing.

If you are in the EU, UK, or California, you have these rights under GDPR, UK GDPR, and the CCPA respectively. Email hello@lizr.app from the address on your account and we will respond within 30 days. We do not sell personal information.

Children

Lizr is not intended for use by children under 13 (or under 16 in jurisdictions where that is the local minimum). We do not knowingly collect data from children. If you believe a child has signed up, please contact us and we will delete the account.

International transfers

Your data may be processed in any country where our gateways and service providers operate.

Changes to this policy

If we make material changes, we will update the “Last updated” date at the top and, for significant changes, notify you by email or in the dashboard before they take effect.

Contact

Questions or requests: hello@lizr.app.