Security and privacy by design

OAuth‑scoped integrations, least‑privilege access, auditability, and zero data retention by default.

Talk to SecurityFAQs
SOC 2 (in progress)GDPR alignedSSO/SAML & SCIMRBAC & audit logs

How Lucien connects & processes data

  • Connect via OAuth to tools you choose (e.g., Gmail, Slack, Notion, Linear, Stripe, PostHog)
  • Requests only minimum scopes; approval‑before‑execution is on by default
  • No credentials stored in plain text; tokens are encrypted and revocable
  • Data used solely to generate briefs and drafted actions; no training of shared models
  • Logs are minimized and redacted; short default retention with export/delete on request
  • All data encrypted in transit and at rest
Data boundaries

You control which accounts and workspaces are in scope. Lucien only sees what you allow, and processing is purpose‑limited to the brief and drafted actions.

Auditability

Every action is logged with metadata (who/what/when). We minimize PII and redact secrets from logs.

Principles

Least‑privilege access, isolation by default, auditable actions, and data minimization. Controls are surfaced to you: scope, retention, identity, and approvals.

Data handling & retention

What we ingest

Message content and metadata, calendar events, task and project metadata, billing and analytics signals — only from tools you connect.

Storage & encryption

Encrypted in transit and at rest. No secrets in logs.

Retention & deletion

Zero data retention by default. Brief items and actions keep minimal metadata; export and deletion are supported.

Model usage

No training of shared models on your data. Enterprise tenants may opt‑in to tenant‑isolated fine‑tuning.

Access & identity

SSO/SAML, SCIM for provisioning, and RBAC to govern actions. API tokens are scoped and revocable. Approval‑before‑execution is the default.

Logging & auditing

Brief generation and drafted actions emit structured audit logs with minimal metadata. Secrets are redacted. Default retention is short; export available on request.

Incident response

24/7 on‑call, rapid detection and containment, customer notifications per legal and contractual obligations, and public post‑mortems for qualifying incidents.

Shared responsibility

Lucien
  • Platform security, encryption, monitoring, and incident response
  • Audit logging and access controls for service components
  • Data minimization and purpose‑limited processing
Customer
  • Approve integrations and scopes; revoke when not needed
  • Configure SSO/SAML/SCIM and RBAC roles
  • Use MFA for human users and rotate API tokens periodically
Compliance

SOC 2 is in progress. We follow GDPR‑aligned practices. Our DPA is available here.

Request security packTalk to Security

Frequently asked questions

Do you train on our data?

No. Customer data is never used to train shared models. Enterprise tenants may optionally fine‑tune an isolated model on their own data.

What does Lucien access?

Only data you connect via OAuth (e.g., Gmail, Slack, Notion, Linear, Stripe, analytics). We request the least‑privilege scopes required for briefs and drafted actions.

Do you retain data?

Zero data retention by default. We store minimal metadata to render briefs and actions; you can export or delete at any time.

Do you have a DPA?

Yes — available here. We follow GDPR‑aligned practices.

Where is data processed?

Data is encrypted in transit and at rest. Processing occurs in-region where available; enterprise plans support regional data handling on request.

What permissions are required?

Least‑privilege OAuth scopes. Admins can review scopes, revoke access at any time, and set approval‑before‑execution.