HR conversations often involve sensitive employee information. Here's exactly how we handle it.
All data transmitted between your browser and LilyHR is encrypted using TLS 1.3. Data stored on our servers is encrypted at rest using AES-256 encryption. This includes your conversation history, any documents you generate, and your account information.
LilyHR is built on industry-standard cloud infrastructure. Our servers are located in Canada, ensuring your data does not leave Canadian jurisdiction.
All accounts are protected by secure authentication. We support sign-in via Google OAuth. Passwords (if used) are hashed using bcrypt and are never stored in plaintext.
Security concern? If you discover a potential vulnerability, please email us at security@lilyhr.ca. We take all reports seriously and respond within 48 hours.
Your conversations are never used to train or improve AI models, ours or anyone else's. What you type stays in your account.
LilyHR uses Anthropic's Claude API to power its AI responses. Each conversation is processed in real time and is not retained by Anthropic for training purposes under our enterprise agreement.
| Data Type | Used for AI Training? | Retained? |
|---|---|---|
| Chat conversations | ✗ Never | Yes, in your account only |
| Generated documents | ✗ Never | Yes, in your account only |
| Employee details entered | ✗ Never | Session only (not stored) |
| Account information | ✗ Never | Yes, for account management |
| Aggregated usage analytics | ✗ Not personally identifiable | Yes, anonymised |
We collect anonymised, aggregated usage data, such as which features are used most frequently, to improve the product. This data contains no personally identifiable information, no conversation content, and no employee data.
Sensitive conversations: We recommend not entering full names, SINs, or other unique identifiers when using the AI tool. The AI doesn't need this information to provide accurate HR guidance.
LilyHR complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private sector privacy law. We collect only the information necessary to provide the service, and we are transparent about how it is used.
As a Canadian resident, you have the right to:
To exercise any of these rights, contact us at privacy@lilyhr.ca. We respond within 30 days.
We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only with the service providers necessary to operate the platform (hosting, payment processing, authentication) and only under strict data processing agreements.
LilyHR provides AI-powered HR guidance and connects users with human HR professionals. All AI guidance is for informational purposes only and does not constitute legal advice. LilyHR is not a law firm and does not provide legal representation.
Important: Every AI response includes a disclaimer that it is not legal advice. For legally binding employment decisions, significant terminations, or any matter that could result in legal proceedings, we strongly recommend engaging a qualified employment lawyer or HR professional.
LilyHR is provided for legitimate business HR purposes. The platform must not be used to discriminate against employees, circumvent legal obligations, or engage in any activity contrary to Canadian law.
We aim for 99.5% uptime. Planned maintenance is communicated in advance. LilyHR is not liable for decisions made based on AI guidance, all users are responsible for verifying guidance with qualified professionals for high-stakes situations.
All paid plans are billed monthly in advance. Cancellation is effective at the end of the current billing period. Refunds are considered on a case-by-case basis within 7 days of billing, contact hello@lilyhr.ca.
Full Terms of Service available on request. Last updated: 2025. For questions, contact legal@lilyhr.ca.