Privacy policy

Luceria is an AI workflow coach for UK students and graduates. We are the controller of personal data you provide when using the product at luceria.co.uk. If you have questions about this policy or your data, contact us at privacy@luceria.app.

• Account data — email address and a hashed password (handled by Supabase Auth). We never see your plaintext password.
• Profile data — first name, stage (school, university, graduate, etc.), year or level, field of study or work, a short goal summary, and any blockers you describe. You provide this during onboarding and can edit or clear it at any time.
• Workflow content — the goals, deadlines, tasks, artefacts, and notes you create inside the app.
• Documents you upload or paste — CVs, job descriptions, and similar material, stored in Supabase Storage under a path scoped to your user ID.
• Risk checks — the text you submit to the risk-check tool and the assessment returned to you.
• Usage counters — per-month totals of AI generations and risk checks, used to enforce free-tier limits.
• Operational logs — standard server logs (IP, user-agent, timestamps, error traces) retained for a short period for debugging and abuse prevention.
• Privacy-conscious site analytics — Luceria uses Vercel Analytics to understand public page visits and safe product events so we can improve the product. We do not send CV text, emails, names, uploaded filenames, job descriptions, interview answers, user IDs, employer names, or private account data.

We do not use third-party advertising, cross-site trackers, or behavioural profiling cookies. We do not sell your data.

• To give you an account and keep you signed in.
• To generate workflows, artefacts, and risk assessments you ask for.
• To personalise the tone and reading level of AI output based on your profile (e.g. explaining things differently for a first-year student versus a graduate).
• To enforce fair-use limits on the free tier.
• To fix bugs, investigate abuse, and improve the product based on aggregate patterns — never by reading an individual user's workflows for product development without consent.

When you generate a workflow or artefact, or run a risk check, Luceria sends the relevant prompt and context (your request plus a compact summary of the workflow and any documents you explicitly selected) to Anthropic's Claude API for inference. Anthropic processes that data as our subprocessor. Per Anthropic's current commercial terms, API inputs and outputs are not used to train their models. You can review Anthropic's practices at anthropic.com/legal.

Don't paste material into Luceria that you are not comfortable sending to a third-party AI provider under those terms.

Account records, profile data, workflows, tasks, artefacts, risk checks, and uploaded documents are stored with Supabase in a managed Postgres database and object storage bucket. Database rows are protected by row-level security scoped to your user ID.

Data leaves our providers' regions only for inference calls to Anthropic.

We keep your data while your account is active. If you delete your account from Settings, we delete your authentication record and everything attached to it — profile, workflows, tasks, artefacts, documents, risk checks, and usage counters — immediately. Short-lived operational logs are retained for a matter of weeks at most.

You can at any time:

• Access — export a complete JSON copy of your data from Settings.
• Rectify — edit your profile, workflows, and documents directly in the app.
• Erase — delete your account and all associated data from Settings.
• Object or restrict — email us at privacy@luceria.app.
• Complain — to the UK Information Commissioner's Office at ico.org.uk.

We use strictly-necessary cookies for authentication and session persistence. We also use Vercel Analytics for privacy-conscious site analytics and safe, non-sensitive product events. No Google Analytics, no advertising cookies, no cross-site trackers, and no private account content in analytics events.

Luceria is intended for UK users aged 16 or over. We don't knowingly collect data from anyone younger. If you believe a child has created an account, contact us and we'll remove it.

We'll update this page when anything material changes and adjust the "last updated" date. If a change meaningfully affects how we handle your data, we'll email you.