LucidTrack Privacy Policy
Last updated: 24 January 2026
This privacy notice tells you what to expect us to do with your personal information.
Contact Details
Controller: LucidTrack LTD
Email: privacy@lucidtrack.dev
Children's Information
Our services are not specifically designed for children. However, we recognise that some users may be under the age of 18. Where this is the case, we apply the same data protection standards to all users and aim to present our privacy information in a clear and accessible way. If you have any questions about how personal information is used, you or a parent or guardian may contact us at any time.
What Information We Collect, Use, and Why
Providing Services
- •Names and contact details
- •Purchase or account history
- •Account information
- •Website user information (including user journeys and cookie tracking)
- •Information relating to compliments or complaints
Operating Customer Accounts
- •Names and contact details
- •Account information, including registration details
- •Information used for security purposes
Service Updates and Marketing
- •Names and contact details
- •Marketing preferences (including consent and unsubscribe records)
We only send essential transactional emails by default (for example account and billing notices). Marketing emails and non-essential product updates are opt-in.
Handling Queries, Complaints and Claims
- •Names and contact details
- •Account information
- •Purchase or service history
Lawful bases
Our lawful bases
We rely on the following lawful bases under UK data protection law:
Contract
where processing is necessary to provide the LucidTrack service, create and manage accounts, and deliver features users request (including subscription access where applicable).
Legitimate interests
where processing is necessary to keep the service secure and reliable, prevent fraud and misuse, monitor performance, troubleshoot issues, and improve the product. We limit this processing to what is necessary and consider the impact on users' rights.
Consent
where we send marketing messages or non-essential product updates. You can withdraw consent at any time (for example, by using the unsubscribe link or contacting us). We only send essential transactional emails by default; marketing emails are opt-in.
We do not rely on consent for core account operation or service delivery.
Your data protection rights
Under UK data protection law, you have the following rights:
Right of access
You have the right to ask us for copies of your personal information. You can request details about where we get information from and who we share it with.
Right to rectification
You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
Right to erasure
You have the right to ask us to delete your personal information.
Right to restriction of processing
You have the right to ask us to limit how we can use your personal information.
Right to object to processing
You have the right to object to the processing of your personal data.
Right to data portability
You have the right to ask that we transfer your personal information to another organisation, or to you.
Right to withdraw consent
When we use consent as our lawful basis, you have the right to withdraw your consent at any time.
Response timeframe
If you make a request, we must respond to you without undue delay and in any event within one month. To make a data protection rights request, please contact us at privacy@lucidtrack.dev.
Where We Get Personal Information From
- •Directly from you
- •Suppliers and service providers
How long we keep information
We keep personal information only for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and maintain the security of our systems. How long we keep information depends on the type of data and how it is used.
Account information
(such as name, email address, and login details): kept while the account is active and deleted or anonymised after account closure, subject to short technical, legal, or security requirements.
User-submitted content
(such as CVs, applications, and notes): kept while the account is active or until deleted by the user, and removed following account deletion unless retention is required for legal, security, or dispute-resolution purposes.
Billing and transaction records
retained for up to 6 years to comply with legal and accounting obligations. Payment card details are processed by our payment provider and are not stored by us.
Support communications and complaints
retained for up to 24 months after resolution, or longer where necessary to handle disputes or legal obligations.
Security and technical logs
retained for a limited period and reviewed regularly, typically no longer than 12 months, unless required to investigate security incidents or misuse.
Marketing preferences
retained until consent is withdrawn or the individual unsubscribes, with limited records kept to demonstrate compliance.
We regularly review the personal information we hold and securely delete or anonymise it when it is no longer required.
Who We Share Information With
Data Processors
Supabase
Supabase provides backend infrastructure for the service, including database hosting, user authentication, file storage, and access management. It processes personal information on our behalf in order to store and manage user accounts and application data securely.
GitHub
GitHub provides authentication services that allow users to sign in using their GitHub account. Limited personal information is processed to verify identity and facilitate secure login.
Google provides authentication services that allow users to sign in using their Google account. Limited personal information is processed to verify identity and facilitate secure login.
LinkedIn provides authentication services that allow users to sign in using their LinkedIn account. Limited personal information is processed to verify identity and facilitate secure login.
OpenAI
OpenAI provides artificial intelligence services for optional features within LucidTrack. Where users choose to use these features, relevant content (such as prompts and outputs) may be processed by OpenAI to provide the functionality. By default, OpenAI does not use API inputs and outputs to train or improve its models unless the customer opts in. OpenAI may retain limited API content for abuse monitoring for a limited period, unless legally required to retain it longer.
Automated decision-making
We may provide automated suggestions or feedback through optional AI features. These outputs are advisory and are not the sole basis for decisions that produce legal or similarly significant effects.
Rebase
Rebase provides email delivery services for transactional and service-related communications. Limited personal information is processed to deliver emails on our behalf.
Stripe
Stripe provides payment processing and billing services. Limited personal information is processed to securely process payments and manage billing records. Payment card details are collected and processed directly by Stripe and are not stored on our systems.
Others We Share Personal Information With
- •Relevant regulatory authorities (where required by law)
International transfers
Some of our service providers process personal information outside the UK. Where necessary, we transfer personal information outside of the UK and comply with the UK GDPR by ensuring appropriate safeguards are in place.
We use appropriate safeguards such as the UK Addendum to the EU Standard Contractual Clauses (SCCs) where required.
For further information or to obtain a copy of the appropriate safeguard for any transfers, please contact us at privacy@lucidtrack.dev.
How to Complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this notice.
If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.
Information Commissioner's Office
Wycliffe HouseWater Lane
Wilmslow
Cheshire
SK9 5AF
Helpline:
Website: