Legal
Privacy policy.
Last updated · May 5, 2026
This Privacy Policy describes how Lucid Model (“Lucid Model”, “we”, “us”, or “our”) collects, uses, and protects information in connection with our B2B AI intelligence platform for private equity firms (the “Services”).
The Services are intended for institutional users acting in their professional capacity. By using the Services, you agree to this Policy.
Customer Data
The handling of customer data submitted to the Services is governed by your subscription agreement and Data Processing Addendum (DPA), not by this Policy. This Policy primarily addresses Personal Data we collect about you as an individual user, prospect, or visitor.
Information We Collect
You provide: Your name, work email, and workspace name when you log in; the contents of any messages you send us; and information shared during sales, demos, and onboarding.
Collected automatically: Standard log and request metadata (IP address, request path, timestamps, request IDs, basic device/browser information) and operational telemetry (feature events, token-usage counts, error events) for monitoring and security. We do not log the contents of your prompts, AI completions, or chat messages.
What we don’t collect: We do not run analytics, advertising, or marketing trackers on the Platform; we do not enable session replay; the Platform has no file-upload surface; and we do not process payments inside the Platform.
How We Use Information
We use Personal Data to provide, secure, and improve the Services; to authenticate users and operate workspaces; to support customers; to communicate about your account, service changes, and security; and to comply with legal obligations.
We do not use Customer Data, prompts, or outputs to train AI models. Our enterprise agreements with our AI providers prohibit them from doing so.
How We Share Information
We do not sell Personal Data and we do not share it for advertising. We share information only with:
- Subprocessors that help us operate the Services, under written agreements (see below)
- Professional advisors (lawyers, auditors, insurers) under confidentiality
- Authorities, when required by law or to protect rights, safety, or property
- A successor entity in connection with a merger, acquisition, or sale of assets
Subprocessors
Our key subprocessors and their privacy policies:
- Google Cloud Platform (hosting and Vertex AI inference, including Gemini)
- Anthropic (Claude inference, served via Vertex AI)
- OpenAI (text embeddings)
- Auth0 (authentication)
A current full subprocessor list is available on request from info@lucidmodel.io.
Data Storage and International Transfers
The Services are hosted on Google Cloud Platform in Montréal, Canada. Personal Data may be transferred to, stored in, or accessed from other jurisdictions where we or our subprocessors operate. Where we transfer Personal Data from the EEA, the United Kingdom, or Switzerland, we rely on the European Commission’s Standard Contractual Clauses and the UK International Data Transfer Addendum. Copies are available on request.
Security
We use TLS for data in transit and at-rest encryption for data in storage. OAuth tokens for connected integrations are additionally encrypted at the application layer. Access to customer data is scoped per workspace, and authentication is handled by Auth0. No system is impenetrable; we will notify affected customers of any confirmed breach without undue delay and in accordance with applicable law and our DPA.
Data Retention
We retain Personal Data for as long as needed to provide the Services and to comply with legal obligations. Customer Data persists for the life of your workspace and is hard-deleted on workspace deletion. Operational logs and error monitoring data are retained per our vendors’ default retention windows.
Your Rights
Depending on your location (including under GDPR, UK GDPR, and CCPA/CPRA), you may have the right to access, correct, delete, port, restrict, or object to processing of your Personal Data, and to lodge a complaint with a supervisory authority. We do not sell Personal Data and we do not share it for cross-context behavioral advertising.
Where Personal Data is contained inside Customer Data, requests should be directed to your firm (the data controller); we will support your firm in responding under our DPA.
To exercise rights or ask a question, contact info@lucidmodel.io.
Children
The Services are not directed to anyone under 18, and we do not knowingly collect Personal Data from children.
Changes
We may update this Policy from time to time. We will post the updated version at the same URL and update the date above. For material changes, we will provide reasonable advance notice.