Privacy Policy

1. Introduction

Luka AI, Inc. ("Luka," "we," "us," or "our") operates an AI-powered founder intelligence platform that provides daily growth prioritization for solo founders and indie hackers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at luka.to (the "Service").

By using Luka, you consent to the data practices described in this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information: When you create an account, we collect your name and email address.

Payment Information: We use Stripe to process payments. We do not store your credit card details; Stripe handles this securely in compliance with PCI-DSS standards.

2.2 Information from Third-Party Integrations

Luka's core functionality involves connecting your third-party services to provide unified insights. When you connect integrations (such as analytics platforms, payment processors, marketing tools, or other SaaS applications), we may access and process data from those services according to the permissions you grant.

API Keys and Credentials: If you provide API keys or authentication credentials for third-party services, these are stored in an encrypted vault. Luka's team does not have access to view your stored credentials.

2.3 Automatically Collected Information

Usage Data: We collect information about how you interact with the Service, including features used, pages visited, and actions taken.

Device Information: We may collect device type, operating system, browser type, and IP address for security and analytics purposes.

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service
• Generate AI-powered growth recommendations based on your connected data
• Process payments and manage subscriptions
• Communicate with you about your account, updates, and support
• Improve and develop new features
• Comply with legal obligations
• Protect against fraud and unauthorized access

4. How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service Providers who assist us in operating the Service (such as Stripe for payments and Supabase for data hosting)
• Third-party integrations you authorize
• Legal authorities when required by law or to protect our rights
• Business successors in the event of a merger, acquisition, or sale of assets

5. Data Storage and Security

Your data is hosted on Supabase infrastructure located in the United States. We implement industry-standard security measures including:

• Encryption in transit (TLS) and at rest
• Secure credential storage in an encrypted vault
• Access controls and authentication
• Regular security assessments

While we strive to protect your information, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time by contacting us. Some information may be retained as required by law or for legitimate business purposes.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Delete your personal information
• Object to or restrict certain processing
• Data portability
• Withdraw consent where processing is based on consent

To exercise these rights, contact us at legal@luka.to.

8. Information for European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process your data based on:

• Contractual necessity (to provide the Service)
• Consent (for optional features)
• Legitimate interests (such as fraud prevention and service improvement)
• Legal obligations

International Transfers

Your data is transferred to and stored in the United States. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where applicable.

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

9. Cookies and Tracking

We use essential cookies to operate the Service and may use analytics cookies to understand usage patterns. You can control cookie preferences through your browser settings.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at: