Privacy Policy

1. Introduction

Lucid Technology Labs ("we", "us", "our") operates the Lucidpic platform and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI image generation services.

We are a UK company registered at 71-75 Shelton Street, London, WC2H 9JQ, United Kingdom. For all privacy-related inquiries, please contact us at hello@lucidpic.com.

This policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws. By using our services, you consent to the practices described in this policy.

2. Information We Collect

We collect several categories of information to provide and improve our services:

2.1 Information You Provide

• Account registration data (email address, username, password)
• Profile information (name, profile picture, preferences)
• Payment and billing information (processed securely via Stripe)
• Content you create or upload (prompts, images, custom models)
• Communications with us (support tickets, feedback, surveys)

2.2 Information We Collect Automatically

• Device information (IP address, browser type, operating system)
• Usage data (features used, generation history, interaction patterns)
• Log data (access times, pages viewed, system activity)
• Location data (country-level based on IP address)
• Cookie data (see our Cookie Policy for details)

2.3 Information from Third Parties

• OAuth providers (Google) for authentication
• Payment processors (Stripe) for transaction verification
• Analytics providers for service improvement

3. Legal Basis for Processing

We process your personal data under UK GDPR Article 6 and, where applicable, Article 9. Here are the specific purposes and their lawful bases:

4. How We Use Your Information

We use your information for the following purposes:

4.1 Service Provision

• Process image generation requests and deliver results
• Manage your account and subscription
• Process payments and maintain billing records
• Provide customer support and respond to inquiries
• Send service-related notifications and updates

4.2 Service Improvement

• Analyze usage patterns to enhance features
• Develop new capabilities and services
• Conduct research and analytics
• Test and troubleshoot functionality

4.4 How We Use Your Data to Improve Our AI Services

We process prompts and generated content to improve our AI services with the following specific purposes and safeguards:

• Safety Model Training: We use prompts and outputs to train our content moderation and safety systems to detect and prevent harmful content generation
• Quality Improvement: We analyze generation patterns to improve image quality, prompt understanding, and style consistency
• Feature Development: We use aggregated usage data to develop new features and capabilities
• Legal Basis: This processing is based on our legitimate interests in improving service quality and safety
• Opt-Out: You can opt-out of having your data used for AI training by contacting hello@lucidpic.com
• Data Minimization: We anonymize or pseudonymize data where possible and delete training data after 90 days
• No Biometric Processing: We do not perform facial recognition or biometric identification on any images

4.3 Safety and Security

• Detect and prevent fraud, abuse, and harmful content
• Enforce our Terms of Service and Acceptable Use Policy
• Protect our users, employees, and platform
• Comply with legal obligations and law enforcement requests

5. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only in these circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who assist in operating our platform:

• Cloudflare (content delivery and security)
• Stripe (payment processing)
• Google Cloud (infrastructure and authentication)
• AI model providers (image generation services)

5.2 Legal Requirements

We may disclose information when required by law or in response to valid legal requests, including:

• Court orders, warrants, or subpoenas
• Requests from law enforcement or regulatory authorities
• To protect our legal rights or defend against claims
• To prevent harm or illegal activities

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you of such changes and any choices you may have regarding your information.

6. International Data Transfers

Your information may be transferred to and processed in countries outside the UK and European Economic Area (EEA). We ensure appropriate safeguards are in place for all international transfers:

6.1 Transfer Mechanisms

For transfers to our service providers in the United States and other countries, we use:

• UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses for all transfers outside the UK
• Transfer Risk Assessments (TRA) completed for each international processor to evaluate and mitigate risks
• Adequacy decisions where available (e.g., EEA countries, Switzerland)
• Additional contractual protections including encryption requirements and limited data access

6.2 Key International Processors

• Stripe (USA): Payment processing - UK Addendum to EU SCCs + TRA completed
• Google Cloud (USA): Infrastructure and authentication - UK IDTA + TRA completed
• Cloudflare (USA/Global): Content delivery and security - UK Addendum + TRA completed
• AI Model Providers (Various): Image generation - UK IDTA/Addendum + TRA as applicable

All international transfers are documented in our Data Processing Addendum (DPA), available upon request at hello@lucidpic.com.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for 30 days after deletion request
• Generated Content: Retained for 90 days after creation unless you delete it sooner
• Payment Records: Retained for 7 years for tax and accounting purposes
• Support Communications: Retained for 2 years or as needed for ongoing issues
• Marketing Data: Retained until you unsubscribe or withdraw consent
• Legal Holds: Data may be retained longer if subject to legal preservation requirements

8. Your Rights and Choices

Under UK GDPR, you have specific rights regarding your personal data:

8.1 Access and Portability

You can request a copy of your personal data in a structured, machine-readable format. We provide data export functionality in your account settings.

8.2 Correction and Updating

You can update your account information at any time through your profile settings. Contact us at hello@lucidpic.com if you need assistance.

8.3 Deletion and Erasure

You can request deletion of your account and personal data, subject to legal retention requirements. Use the account deletion option in settings or contact hello@lucidpic.com.

8.4 Restriction and Objection

You can object to certain processing activities or request restriction of processing while disputes are resolved.

8.5 Withdrawing Consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

8.6 Lodging Complaints

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have violated your data protection rights.

We encourage you to contact us first at hello@lucidpic.com so we can try to resolve your concerns directly.

9. Data Security

We implement comprehensive technical and organizational measures to protect your data:

• AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements
• Employee training on data protection and security
• Incident response procedures for potential breaches
• Regular backups and disaster recovery planning

If a personal data breach occurs, we will notify the ICO within 72 hours where required, and affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

10. Children's Privacy and Age Assurance

Our services are strictly limited to individuals aged 18 and over due to the nature of AI-generated content. We implement age assurance measures to prevent underage access.

10.1 Age Verification Process

• We may use age estimation or verification services to confirm users are 18+
• Age verification is processed on the basis of legitimate interests and legal obligations
• We conduct Data Protection Impact Assessments (DPIA) for any age assurance methods
• Verification data is minimized and deleted immediately after age confirmation
• We never store age verification documents or biometric data

10.2 Parental Concerns

If you are a parent or guardian and believe your child has accessed our services or provided personal information, please contact us immediately at hello@lucidpic.com. We will promptly investigate and delete any data belonging to individuals under 18.

11. Marketing and Communications

We may send you marketing communications if you have opted in or where we have a legitimate interest (for existing customers). You can manage your preferences:

• Click "unsubscribe" in any marketing email
• Update preferences in your account settings
• Contact us at hello@lucidpic.com

Service-related communications (account updates, security alerts, policy changes) cannot be opted out of while you maintain an account.

12. Cookies and Tracking

We use cookies and similar technologies to enhance your experience and analyze usage. For detailed information about our cookie practices, types of cookies used, and how to manage your preferences, please refer to our Cookie Policy.

13. Third-Party Links

Our services may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or prominent notice on our platform. The "Effective Date" at the top indicates the last revision. Your continued use after changes constitutes acceptance of the updated policy.

15. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days. For complex requests, we may need additional time and will keep you informed of our progress.