LucidSpec – Privacy Policy

Effective Date: Dec 12, 2025

This Privacy Policy explains what information we collect, how we use it, how we protect it, and what rights you have when using LucidSpec. We wrote it in clear, simple language so it's easy to understand.

1. What Information We Collect

We collect only the information needed to operate LucidSpec safely and effectively.

Account & Authentication Data

  • Email, session tokens, basic profile details (via Supabase Auth)
  • Sessions stored in sessionStorage and cleared on browser close

Workspace Content

  • Task inputs, prompts, meeting transcripts, and notes
  • Files you upload (.txt, .md, .pdf, .doc, .docx)
  • Your generated tickets, briefs, and all AI outputs

Usage & Device Metadata

  • Request paths, timestamps, referrers, and user agent
  • Limited IP information for rate limiting and abuse prevention

Billing & Subscription Data

  • Plan selection and subscription status
  • Payments handled by Stripe (we never store card numbers)

Support Communications

  • Messages or emails you send us for help
2. How We Use Your Information

We use your information only to operate and improve LucidSpec, including:

  • Authenticating your account and managing sessions
  • Processing your inputs with AI models to generate tickets & meeting briefs
  • Showing your workspace history and allowing exports
  • Monitoring performance, reliability, and preventing abuse
  • Providing customer support and sending important service updates

We do not sell your data.

3. Backend Redaction & Safety Processing

For safety, reliability, and compliance, LucidSpec automatically redacts sensitive data before processing or storage.

We automatically mask:

  • Emails, phone numbers
  • API keys, tokens, JWTs
  • SSH/private key markers
  • Cloud credentials or access keys
  • URLs containing embedded credentials
  • Credit card numbers
  • Obvious PII-like patterns

Additional protections:

  • Inputs shorter than 8 characters may be rejected to prevent abuse
  • Meeting transcripts may be sanitized to remove binary noise
  • Only sanitized inputs and outputs are stored
4. Logging & Usage Telemetry

We do NOT log your raw prompts or raw AI outputs.

Our logs contain:

  • Latency
  • Timestamp
  • Outcome status
  • Model used
  • Token counts

We keep minimal telemetry only to ensure stability, reliability, and billing accuracy.

5. How AI Models Process Your Data

LucidSpec uses third-party AI providers such as OpenAI to process your inputs and generate structured outputs.

We apply:

  • Timeouts and retries
  • Moderation to block unsafe or abusive content
  • Automatic redaction before forwarding to AI providers

AI outputs may not always be accurate — always review before acting.

6. How We Share Your Information

We share your data only with trusted service providers that help operate LucidSpec:

  • Supabase — authentication, database, and storage
  • OpenAI & similar models — AI processing
  • Stripe — payments and billing
  • Render / Vercel — hosting, logging, and security monitoring

Optional integrations like Jira, Linear, or Airtable receive only sanitized ticket fields.

We disclose data only if required by law or to protect the service and its users.

7. Cookies, Storage & Retention

Cookies & Local Storage

  • No marketing cookies
  • Authentication stored only in sessionStorage
  • UI preferences (e.g., dismissed walkthroughs) stored in localStorage

Data Retention

  • Your tickets, transcripts, and outputs remain until you delete them or request deletion
  • Logs containing only metadata are kept for troubleshooting & security
  • Billing records are retained as legally required
8. Security Practices

We use modern security best practices, including:

  • Encryption in transit
  • Supabase Row-Level Security (RLS)
  • Role-based access controls
  • Redaction of sensitive content before storage
  • Time-limited, signed share links without user identifiers

No system is perfect — please avoid uploading sensitive production secrets or regulated personal data.

9. Your Rights

Depending on your location, you may have the right to:

  • Access your data
  • Correct or update your information
  • Export your data
  • Delete your workspace or your entire account

To exercise these rights, email us at support@lucidspec.app.

10. Children’s Privacy

LucidSpec is not intended for children under 13, or the minimum age in your country.

If you're under that age, please do not use the service.

11. Changes to This Privacy Policy

We may update this Policy as LucidSpec grows or changes. We will update the effective date when we make changes.

Your continued use of LucidSpec means you accept the updated Policy.

12. Contact Us

If you have any questions about this Policy or want to request data deletion, contact us:

📩 LucidSpecinfo@gmail.com