Privacy Policy

Last updated: January 2026

Data Controller

Lucidant ("we", "our", or "us") is the data controller responsible for your personal data. For any privacy-related inquiries, contact us at privacy@lucidant.io.

Information We Collect

We collect the following categories of personal data:

  • Account information: Email address and name (provided via WorkOS authentication)
  • User-generated content: Tasks, notes, pages, and projects you create
  • Usage data: Timestamps, work session data, and feature interactions
  • Technical data: Browser type, device information, and IP address (for security purposes)
  • Waitlist information: Email address and signup source

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract: Processing necessary to provide the Lucidant service you requested
  • Consent: For marketing communications and optional analytics (you may withdraw consent at any time)
  • Legitimate interests: For security, fraud prevention, and service improvement

How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our service
  • Authenticate your identity and secure your account
  • Send transactional emails (account verification, password resets)
  • Send product updates and marketing (with your consent)
  • Respond to your inquiries and support requests
  • Analyze usage patterns to improve the product

Data Retention

We retain your data as follows:

  • Active account data: Retained while your account is active
  • Deleted content: Soft-deleted items are retained for 90 days for recovery purposes, then permanently deleted
  • Account deletion: Upon request, your data is deleted within 30 days (subject to legal retention requirements)
  • Waitlist data: Retained until you convert to a user or request removal

Third-Party Processors (Subprocessors)

We use the following third-party services to process your data:

  • WorkOS: Authentication and single sign-on (SSO) provider
  • Cloud hosting provider: Infrastructure and data storage (United States)
  • Google Analytics: Website analytics on our landing page only (not in the product)

All subprocessors are bound by data processing agreements that meet GDPR requirements.

International Data Transfers

Your data is stored and processed in the United States. For users in the European Economic Area (EEA), UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection of your data during international transfers.

Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Secure authentication via WorkOS with support for SSO and MFA
  • Multi-tenant data isolation at the database level
  • Rate limiting and abuse prevention
  • Regular security reviews

Your Rights

For All Users

You have the right to:

  • Access: Request a copy of your personal data (via Settings > Export Data)
  • Rectification: Update or correct your personal data
  • Deletion: Request deletion of your account and data (via Settings > Delete Account)
  • Portability: Export your data in a machine-readable format (JSON)

Additional Rights for EU/EEA Residents (GDPR)

  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent for marketing at any time
  • Lodge a complaint: File a complaint with your local data protection authority

California Residents (CCPA/CPRA)

In addition to the rights above, California residents have the right to:

  • Know: What personal information we collect, use, and disclose
  • Non-discrimination: Equal service regardless of privacy choices
  • Opt-out of sale: We do not sell your personal information

To exercise any of these rights, contact us at privacy@lucidant.io. We will respond within 30 days (45 days for CCPA requests).

Do Not Sell My Personal Information

We do not sell your personal information. We do not share your personal information with third parties for their direct marketing purposes. We only share data with service providers who help us operate Lucidant, and they are contractually bound to use your data only for that purpose.

Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication and security (session cookies). These cannot be disabled.
  • Analytics cookies: Google Analytics on our landing page to understand website traffic. These are only set with your consent.

The Lucidant application itself does not use third-party tracking cookies.

Children's Privacy

Lucidant is a business productivity tool designed for professional adults. Our service is not directed at children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at privacy@lucidant.io and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will provide additional notice (such as an email or in-app notification).

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: privacy@lucidant.io