Privacy Policy
How we collect, use, share, and protect personal data.
Privacy Policy
This Privacy Policy explains how Lucien AI, Inc. ("Lucien", "we", "us") collects, uses, shares, and safeguards information when you use our software and services (the "Services"). If you do not agree with this Policy or you are under 18 years of age, please do not use the Services. For EEA/UK residents, Lucien AI, Inc. is the controller for personal data as described here.
Overview
We use personal data to provide and improve the Services, keep accounts secure, comply with law, and communicate with you. We do not sell personal information or share it for targeted advertising. We do not use your Customer Data or Outputs to train foundation models unless you opt in in writing.
Data We Collect
We collect, and in the last 12 months have collected, the following categories of personal information:
| Information you provide | Description |
|---|---|
| Basic account info | Name, email, password (hashed), phone number (if provided). |
| Customer content | Inputs, uploads, repository metadata you connect, tickets, and feedback; Outputs generated by the Services may contain personal data you provide. |
| Communications | Support requests, survey responses, product feedback, and in‑product chats. |
| Collected automatically | Description |
|---|---|
| Device/browser data | IP address, user‑agent, OS, device identifiers, language, referrer. |
| Service usage data | Feature usage, clickstream, timestamps, performance logs, error data, diagnostics. |
| Cookies/SDK signals | Cookies and similar technologies to operate the Services and remember preferences. Your browser may send a "Do Not Track" signal; our Services are not designed to respond to it. |
Personal information does not include aggregated or de‑identified data. Where we de‑identify data, we maintain it in that form and do not attempt to re‑identify.
How We Use Data (and Legal Bases)
We use personal information to deliver, secure, and improve the Services, to communicate with you, and to comply with law. Where applicable, our legal bases include performance of contract, legitimate interests (e.g., securing and improving the Services), compliance with legal obligations, and consent where required.
| Purpose | Categories used | Legal basis (where applicable) |
|---|---|---|
| Create and maintain your account | Basic account info | Contract |
| Provide and operate the Services | Basic info, content, device/browser, usage data | Contract |
| Customer support | Basic info, communications, usage/diagnostics | Legitimate interests / Contract |
| Service communications (e.g., critical notices) | Basic info, usage data | Legitimate interests / Contract |
| Safety, security, integrity | Basic info, content, device/browser, usage data | Legitimate interests |
| Legal compliance and requests | Any relevant categories | Legal obligation |
| Improve and personalize the Services | Device/browser, usage data, feedback | Legitimate interests |
Customer Data and Outputs used for service delivery are not used to train foundation models or improve the Services for other customers unless you opt in in writing.
Sharing & Subprocessors
We do not sell personal information or share it for targeted advertising. We disclose personal data to service providers that process data on our behalf (e.g., hosting, analytics, support), to third parties you authorize (e.g., when you connect a Git hosting provider or issue tracker), to professional advisors and authorities to comply with law and protect rights and safety, to affiliates to help operate the Services, and in connection with a corporate transaction. Our current subprocessors list is available at /legal/subprocessors.
Cookies
We use cookies and similar technologies to run the Services and remember preferences. See our Cookie Policy at /legal/cookies for details on types and choices.
Security
We implement commercially reasonable technical, administrative, and organizational measures to protect personal information from loss, misuse, and unauthorized access or disclosure. No method of transmission or storage is 100% secure. Security program details are published at /security.
Retention & Deletion
We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and protect our rights and users. We delete or de‑identify data when no longer necessary for these purposes or upon your request, subject to legal holds and our backup/archival schedules.
Your Rights
Depending on where you live, you may have rights to access/know, correct, delete, port, restrict or object to certain processing, withdraw consent, appeal decisions, and lodge a complaint with a supervisory authority. To exercise rights, contact privacy@lucien.ai. We may take steps to verify your request and identity. We will not discriminate against you for exercising your rights.
Children
The Services are not intended for children. You must be 18 or older to use the Services. We do not knowingly collect personal data from children.
International Transfers
We and our service providers may process personal data globally, including in the United States. For EEA/UK transfers, we rely on appropriate safeguards such as the European Commission Standard Contractual Clauses and the UK International Data Transfer Addendum, as applicable.
Changes to this Policy
We may update this Policy from time to time. We will post changes here and, where required, provide additional notice. The "lastUpdated" date in the frontmatter reflects the effective date.
Contact
Questions or requests: privacy@lucien.ai. Security reports: security@lucien.ai.