Privacy Policy

Last updated: March 2026

This Privacy Policy describes how Lucid (“we”, “our”, or “us”) collects, uses, and shares information about you when you use our intelligent document processing platform.

Information We Collect

• Account data: Name, email address, and organization name provided during registration.
• Documents uploaded: Files you upload to the platform for processing (invoices, contracts, forms, and other documents).
• Usage data: API calls, document processing counts, validation results, and feature usage metrics.
• Payment information: Billing details are handled directly by Stripe. We do not store raw card data.

How We Use Your Information

• Processing: To classify, extract data from, and validate the documents you upload.
• Service improvement: Aggregate usage metrics to improve extraction accuracy and platform reliability.
• Billing: To manage your subscription and usage charges via Stripe.
• Communication: To send you service-related notices (e.g., billing receipts, account alerts).

Data Processing

Documents you upload are processed by AI language models to perform classification and data extraction. Depending on your configuration, documents may be sent to the following LLM providers:

• Groq (groq.com) — for fast inference
• OpenAI (openai.com) — for GPT-class models
• Anthropic or other LiteLLM-supported providers — depending on your configured model routing

Each provider has its own privacy policy governing how they handle data. We use LiteLLM as a routing proxy to abstract provider selection.

Third-Party Services

• Stripe — Payment processing. Stripe's Privacy Policy governs payment data.
• LLM providers — Document content is transmitted to the active LLM provider for AI inference.

Data Storage and Security

Your data is stored in PostgreSQL 16 with Row-Level Security (RLS) enforcing strict tenant isolation — your organization's data is never accessible to other organizations. Database backups are encrypted at rest. File uploads are stored on-disk at our hosting provider.

Cookies

We use session cookies to maintain your authenticated state. We do not use third-party tracking cookies or advertising pixels.

Data Retention

Documents and extracted data are retained until you delete them from your account or delete your organization. Account data is retained for 30 days after account closure before permanent deletion.

Your Rights

You have the right to:

• Access: Request a copy of your personal data.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of your account and associated data.
• Export: Download your extracted data in JSON format.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date.

Contact Us

If you have questions about this Privacy Policy, please contact us.