Privacy Policy

1. Introduction

Welcome to LucAId. This Privacy Policy explains how LucAId ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our mobile application (available on iOS and Android) and our website located at lucaid.app (collectively, the "Service").

We are committed to protecting your privacy and handling your data with care. Dream journal entries may contain sensitive personal information, and we treat all such data with the highest level of security and confidentiality.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use our Service.

2. Information We Collect

Information You Provide Directly

• Account Information: When you create an account, we collect your email address, username, and password (stored in hashed form).
• Dream Journal Entries: Text entries, voice recordings, and any other content you create within the app to document your dreams. This data may include sensitive personal information such as thoughts, emotions, and personal experiences from your dreams.
• User Preferences: Settings, preferences, and customizations you make within the app.
• Communications: Information you provide when contacting our support team or participating in surveys and feedback requests.
• Payment Information: If you purchase a subscription, payment processing is handled by third-party payment processors (Apple, Google, or Stripe). We do not store your full credit card details.

Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers, and mobile network information.
• Usage Data: Information about how you use the Service, including features accessed, session duration, and in-app actions.
• Log Data: IP address, browser type, access times, pages viewed, and referring URLs (for our website).
• Crash Reports: Technical information to help us diagnose and fix issues.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service: Operate the app, store your dream journals, and deliver the features you request.
• Personalize your experience: Customize the app based on your preferences and usage patterns.
• Provide AI-powered features: Analyze your dream entries (with your consent) to identify patterns, themes, and insights.
• Communicate with you: Send service-related notifications, respond to your inquiries, and provide customer support.
• Improve our Service: Analyze usage data to understand how our Service is used and make improvements.
• Ensure security: Detect, prevent, and address technical issues and protect against fraud or misuse.
• Comply with legal obligations: Meet our legal and regulatory requirements.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Consent (Article 9(2)(a) GDPR): We obtain your explicit consent before processing your dream journal entries, which may contain sensitive personal data (special category data). You may withdraw this consent at any time.
• Performance of a Contract: Processing your account information is necessary to provide you with the Service.
• Legitimate Interest: We may process usage data to improve our Service and ensure security, where our interests do not override your rights.
• Legal Obligation: We may process data to comply with applicable laws and regulations.

5. How We Share Your Information

We do not sell your personal information. We may share your information with:

Service Providers

We work with trusted third-party service providers who assist us in operating our Service. These providers are contractually obligated to protect your data and may only use it to provide services to us. Our current service providers include:

• Cloud Infrastructure: For secure data storage and hosting
• Analytics: Google Analytics (website) to understand how users interact with our Service
• Payment Processing: Apple App Store, Google Play, and Stripe for subscription payments
• Error Tracking: For crash reporting and technical issue diagnosis

Other Disclosures

• Legal Requirements: We may disclose your information if required by law, court order, or governmental request.
• Protection of Rights: To protect the rights, property, or safety of LucAId, our users, or others.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.
• With Your Consent: For any other purpose with your explicit consent.

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

• Account and Dream Journal Data: Retained while your account is active. Upon account deletion, your data will be permanently deleted within 30 days, except where we are required to retain it for legal purposes.
• Usage and Analytics Data: Retained in identifiable form for up to 26 months, then anonymized or deleted.
• Payment Records: Retained for up to 7 years to comply with accounting and tax regulations.

7. Data Security

We implement robust security measures to protect your personal information, including:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS.
• Encryption at Rest: Your dream journal entries and personal data are encrypted when stored.
• Access Controls: Strict access controls limit who can access your data.
• Regular Security Audits: We conduct regular security assessments and updates.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

If you are located in the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Transfers to countries with adequacy decisions
• Certifications under the EU-U.S. Data Privacy Framework where applicable

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Right to Access: Request a copy of the personal information we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Receive your data in a structured, commonly used format.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us at privacy@lucaid.app. We will respond within 30 days (or as required by applicable law).

Right to Lodge a Complaint: If you believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority.

10. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your California Privacy Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and share.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: Dream journal entries may constitute sensitive personal information. You may request that we limit our use of this data to what is necessary to provide the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Exercising Your Rights

To submit a request, email us at privacy@lucaid.app or use the privacy controls in the app settings. We may need to verify your identity before processing your request.

Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (email address, username, device identifiers)
• Internet or network activity (usage data, log data)
• Sensitive personal information (dream journal content)
• Commercial information (subscription and payment history)

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience:

Types of Cookies We Use

• Essential Cookies: Required for basic website functionality. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics). These require your consent.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that disabling cookies may affect website functionality.

For Google Analytics, you can opt out by installing the Google Analytics Opt-out Browser Add-on.

12. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@lucaid.app, and we will delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email and/or in-app notification
• For significant changes, we may require you to re-acknowledge the updated policy

Your continued use of the Service after such modifications constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@lucaid.app
• General Inquiries: hello@lucaid.app

We will respond to your inquiry as soon as possible, and no later than 30 days as required by applicable law.