lucidengine.tech
Privacy Policy
Last updated: February 10, 2025 · Version 1.0
Protecting your personal data is a priority for LucidEngine. This privacy policy aims to inform you about how we collect, process, and use your personal data when using our SaaS platform accessible at lucidengine.tech, in compliance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and French Data Protection Act (Law No. 78-17 of January 6, 1978, as amended).
Data Controller
The data controller for personal data collected through lucidengine.tech is:
- Legal form: Sole proprietorship (Auto-entrepreneur)
- SIRET: [Numero SIRET]
- Legal representative: Marine Depoorter
- DPO / Personal data contact: marine.depoorter@lucidengine.tech
Data Collected
When using our platform, we collect the following categories of personal data:
| Category | Data involved |
|---|---|
| Identification data | Name, email address, password (hashed), company name |
| Billing data | Billing address, payment information (processed by our PCI-DSS certified payment provider) |
| Usage data | Connection logs, actions performed on the platform, API requests, usage volumes |
| Technical data | IP address, browser type, operating system, cookies and tracker data |
| Content data | Content submitted to our service (prompts, texts, configurations) as part of the LLM Visibility service |
Purposes and Legal Bases
Your data is processed for the following purposes, each based on a legal basis defined by Article 6 of the GDPR:
| Purpose | Legal basis |
|---|---|
| Account creation and management | Contract performance (art. 6.1.b) |
| SaaS service provision | Contract performance (art. 6.1.b) |
| Payment processing and billing | Contract performance (art. 6.1.b) |
| Customer support | Contract performance (art. 6.1.b) |
| Service improvement and optimization | Legitimate interest (art. 6.1.f) |
| Audience measurement and analytics | Legitimate interest (art. 6.1.f) |
| Marketing communications and newsletters | Consent (art. 6.1.a) |
| Legal and tax compliance | Legal obligation (art. 6.1.c) |
| Platform security and fraud prevention | Legitimate interest (art. 6.1.f) |
Data Retention Periods
Your personal data is retained for a period proportionate to the purpose for which it was collected:
| Data | Retention period |
|---|---|
| User account data | Duration of contract + 3 years after termination |
| Billing data | 10 years (legal accounting and tax obligation) |
| Content data (prompts, texts) | Duration of contract, deleted within 30 days after termination |
| Technical and connection logs | 12 months (legal obligation – LCEN) |
| Marketing data | 3 years from last contact |
| Cookies and trackers | 13 months maximum |
Beyond these periods, your data is deleted or irreversibly anonymized.
Data Recipients
Your personal data may be shared with the following categories of recipients, in strict compliance with the data minimization principle:
- -Authorized LucidEngine personnel (technical, support, administration teams)
- -Technical subcontractors: cloud hosting, payment provider, emailing tool, analytics service (all bound by contractual clauses compliant with GDPR Article 28)
- -LLM model providers: as part of service delivery, certain content data may be transmitted to language model API providers. These transmissions are strictly limited to service needs
- -Competent authorities: in case of legal obligation or judicial requisition
Important: Your personal data is never sold or transferred to third parties for commercial purposes.
Transfers Outside the EU
Some of our subcontractors may be located outside the European Economic Area (EEA). Where applicable, these transfers are governed by:
- -Adequacy decisions by the European Commission (e.g., EU-US Data Privacy Framework)
- -Standard Contractual Clauses (SCCs) adopted by the European Commission
- -Any other appropriate safeguard under Articles 46 et seq. of the GDPR
Data Security
We implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of your personal data:
- -Data encryption in transit (TLS/HTTPS) and at rest
- -Password hashing with robust algorithms (bcrypt / Argon2)
- -Strict access control based on the principle of least privilege
- -Continuous monitoring and access logging
- -Regular backups and disaster recovery procedures
Cookies and Trackers
Our site uses cookies and trackers. In accordance with Article 82 of the French Data Protection Act and CNIL recommendations, we distinguish:
Strictly necessary cookies
Exempt from consent, they enable essential site operation (authentication, session, security).
Analytics cookies
Used to measure audience and improve our services. Subject to your prior consent.
Personalization cookies
Allow us to remember your usage preferences. Subject to your prior consent.
Your Rights
In accordance with the GDPR and French Data Protection Act, you have the following rights over your personal data:
Right of access
Confirm that your data is being processed and receive a copy (art. 15 GDPR).
Right to rectification
Have your inaccurate data corrected or incomplete data completed (art. 16 GDPR).
Right to erasure
Obtain deletion of your data in cases provided by law (art. 17 GDPR).
Right to restriction
Request suspension of data processing in certain cases (art. 18 GDPR).
Right to portability
Receive your data in a structured, machine-readable format (art. 20 GDPR).
Right to object
Object to processing based on legitimate interest or direct marketing (art. 21 GDPR).
Withdrawal of consent
Withdraw your consent at any time, without affecting the lawfulness of prior processing (art. 7.3 GDPR).
Post-mortem directives
Define directives regarding the fate of your data after your death.
To exercise your rights, send your request with proof of identity to: marine.depoorter@lucidengine.tech
Complaint: If you have any difficulty, you may file a complaint with the CNIL – French Data Protection Authority (www.cnil.fr), 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France.
Content Data Processing
As part of our LLM Visibility SaaS service, you may provide us with content (texts, prompts, configurations, training data). Regarding this data:
- -You retain ownership of all content you submit to our platform
- -We do not use your content to train or improve third-party language models, unless you explicitly consent
- -Content is processed exclusively for the provision of the contractually agreed service
- -As a processor within the meaning of Article 28 of the GDPR for personal data contained in your content, we act only on your documented instructions
Policy Changes
We reserve the right to modify this privacy policy at any time. In the event of a substantial change, we will notify you by email or platform notification at least 30 days before the changes take effect.
Applicable Law and Jurisdiction
This privacy policy is governed by French law. In the event of a dispute relating to the interpretation or performance of this policy, and failing amicable resolution, the competent courts of Paris shall have exclusive jurisdiction.
Contact
For any questions regarding this policy or the exercise of your rights:
E-mail : marine.depoorter@lucidengine.tech
Site : lucidengine.tech
© 2025 LucidEngine · All rights reserved · lucidengine.tech