LucidTrack Privacy Policy

Last updated: 4th December, 2025

This privacy notice tells you what to expect us to do with your personal information.

Contact Details

Email: privacy@lucidtrack.dev

What Information We Collect, Use, and Why

We collect or use the following information to provide services and goods, including delivery:

  • Names and contact details
  • Purchase or account history
  • Photographs (if you choose to upload them for your profile)
  • Education details (optional)
  • University affiliation (optional)

We collect or use the following information for the operation of customer accounts and guarantees:

  • Names and contact details
  • Account information, including registration details
  • Marketing preferences

We collect or use the following information for testimonials, feedback, and community building:

  • User testimonials and experience reviews
  • Star ratings and feedback scores
  • Application tips, interview advice, and resource recommendations
  • General feedback and suggestions for platform improvement
  • User consent preferences for public use of testimonials

When you provide explicit consent, we may use your testimonials publicly on our website, social media, and marketing materials to help other students discover and benefit from our platform.

Lawful Bases and Data Protection Rights

Under UK data protection law, we must have a 'lawful basis' for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO's website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO's website:

  • Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
  • Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
  • Your right to erasure - You have the right to ask us to delete your personal information.
  • Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information.
  • Your right to object to processing - You have the right to object to the processing of your personal data.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
  • Your right to withdraw consent - When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our Lawful Bases for the Collection and Use of Your Data

Our lawful bases for collecting or using personal information to provide services and goods are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.

Our lawful bases for collecting or using personal information for testimonials, feedback, and community building are:

  • Consent - we have explicit permission from you to collect your testimonials and feedback. For public use of testimonials, we obtain your separate explicit consent through a clear opt-in checkbox. All of your data protection rights apply, and you can withdraw your consent at any time.
  • Legitimate interests - for collecting anonymous feedback and suggestions to improve our services, which benefits both current and future users. Your fundamental rights and freedoms are protected, and you have the right to object to this processing.

Our lawful basis for processing anonymised data for service improvement and development is:

  • Legitimate interests - we process anonymised data to improve our services, develop new features, and enhance the user experience. This processing uses only anonymised data that cannot identify you personally. Your fundamental rights and freedoms are protected, and you have the right to object to this processing.

Where We Get Personal Information From

We collect personal information from the following sources:

  • Directly from you when you create an account or use our services
  • From LinkedIn when you choose to sign in using your LinkedIn account (including your profile information and email address)
  • From GitHub when you choose to sign in using your GitHub account (including your profile information and email address)
  • From Google when you choose to sign in using your Google account (including your profile information and email address)
  • From testimonials and feedback you provide through our feedback page, testimonial forms, or direct email communication
  • From GitHub issues when you report bugs, request features, or provide feedback through our community repository

Note: When you sign in through LinkedIn, GitHub, or Google, we only access the information you have explicitly authorized us to receive.

How We Use Testimonials and Feedback

We collect and may distribute testimonials and feedback to help improve our platform and assist other students in their application journey:

Testimonials and Reviews

  • We collect testimonials about your experience using LucidTrack
  • We may collect star ratings to measure user satisfaction
  • With your explicit consent, we may use your testimonials publicly on our website, social media platforms, and marketing materials
  • You can withdraw consent for public use of your testimonial at any time by contacting us

Community Feedback and Tips

  • We collect application tips, interview advice, and resource recommendations you choose to share
  • We may use this information to create community resources that help other students
  • We collect general feedback about the platform to identify improvements and new features
  • Feedback may be collected through our feedback page, email, or GitHub issues

Your Control: You have full control over what testimonials and feedback you provide. For testimonials, you explicitly choose whether to allow public use. You can request removal of your testimonials or withdraw consent for their public use at any time.

How We Process and Analyse Data

To improve our services and develop new features, we process and analyse anonymised data from our platform. This includes:

  • Using anonymised data to develop and train machine learning models and systems that help identify job opportunities and improve your experience
  • Analysing anonymised, aggregated data to understand usage patterns and improve our services
  • Using automated systems and tools to process anonymised data for service enhancement
  • Sharing anonymised or de-identified data with third parties where appropriate for service improvement

Important: All data used for these purposes is anonymised before processing, meaning it cannot be used to identify you personally. Your privacy is protected throughout this process.

Our lawful basis for this processing is legitimate interests - specifically, our interest in improving our services and developing new features that benefit our users. You have the right to object to this processing if you wish. To object, please contact us at privacy@lucidtrack.dev.

Data Storage, Third-Party Processing, and International Transfers

Where Your Data Is Stored

We store personal data using third-party cloud infrastructure providers. Our primary storage provider is Supabase, which acts as our data processor. Supabase may store data in data centres located in the United Kingdom or the European Economic Area (EEA), depending on the region selected. If your data is stored outside the UK or EEA, we apply the safeguards described below.

We retain full control over what personal data is collected, how it is used, and the purposes for which it is processed.

International Transfers

Some of our service providers may store or process personal data in countries outside the United Kingdom and the European Economic Area. Where this occurs, we ensure that appropriate safeguards are in place to protect your data, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office; or
  • A decision by the UK Government or European Commission that the destination country offers an adequate level of protection; or
  • Other legally recognised transfer mechanisms under UK GDPR.

You may request further details about the specific safeguards used for international transfers by contacting us atprivacy@lucidtrack.dev.

Third-Party Processors

We use carefully selected third-party service providers to help us operate our service. These providers act strictly under our instructions and may only process personal data for the purposes we specify. Our main categories of processors include:

  • Cloud hosting and database services (e.g., Supabase)
  • Analytics and performance monitoring services
  • Email delivery and communication tools
  • Error logging and security monitoring providers

We ensure each processor enters into a data-processing agreement requiring them to protect your personal data with appropriate technical and organisational measures.

A full list of current processors is available upon request.

How We Protect Your Data

We implement technical and organisational measures designed to safeguard personal data against unauthorised access, loss, misuse, or alteration. These measures include:

  • Encryption of data in transit using TLS
  • Access controls to limit who can view or process personal data
  • Regular monitoring for vulnerabilities and security incidents
  • Use of secure, reputable cloud providers who comply with industry standards
  • Periodic review of our internal policies and security practices

Despite these measures, no online service can guarantee complete security. We take all reasonable steps to protect your personal data and act promptly in the event of a security incident.

How Long We Keep Information

We retain personal data only for as long as necessary to provide our service and fulfil the purposes described in this policy. In general:

  • Data is retained while your account remains active.
  • When you delete your account, we permanently remove or irreversibly anonymise all associated personal data within 30 days, unless we are required to retain it for legal or regulatory reasons.

We may keep anonymised or aggregated data — which can no longer identify you — for analytical and service-improvement purposes.

How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.

The ICO's address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline:

0303 123 1113

Website:

Make a complaint to the ICO