Skip to content
lacudelph

legal

Privacy Policy

Last updated 2026-05-17

This policy explains what personal data Lacudelph collects, why, how we use it, who we share it with, and the choices you have. Lacudelph is operated by Attius Digital Art, registered in Israel.

What we collect

From hosts (people with accounts):

  • Email address, name (if you provide one), and authentication tokens (Auth.js / Resend magic links; optionally Google OAuth profile basics: name + email).
  • Brief content you create — names, descriptions, objectives, audience descriptions, and any text you paste into the brief form or refinement chat.
  • Your organisation membership and role.
  • If you bring your own Anthropic API key (BYO-key mode on any paid plan): the key, encrypted at rest with AES-256-GCM. We never log it in plaintext.
  • Billing-related identifiers from our payments provider (Paddle): customer ID, subscription ID, billing-period dates. We do not see or store payment-instrument details.

From participants (people who take an interview):

  • The interview transcript — every utterance you send and every host turn the conductor produces.
  • Derived state: extraction snapshots, deployed meta-notices, the final takeaway artefact.
  • If you choose to “claim” your reflection by signing in with your email at the end of an interview: your email address, used only to link the interview to a lightweight participant account so you can revisit your reflections.
  • IP address, used only for rate-limiting and abuse prevention. The rate-limit window is 1 hour; unused buckets are cleared by a scheduled cleanup job that runs at least once a day.

Why we collect it

  • To provide the Service: render the dashboard, generate brief templates, run interviews, send takeaway artefacts, persist your work between visits.
  • To bill subscribers and apply per-organisation usage caps.
  • To prevent abuse (rate limits, daily spend caps).
  • To send transactional email (magic-link sign-in, takeaway delivery, billing receipts).

We do not: sell personal data, send marketing email you didn’t ask for, build advertising profiles, or use Your Content to train any general-purpose model.

Third parties

Operating the Service requires a small set of sub-processors, across the following categories: application hosting and edge delivery; managed database; large-language-model providers (text and, when voice input is enabled, audio transcription); transactional email; payments and tax (handled by our Merchant of Record); authentication (when you sign in with a federated provider); product analytics (when enabled); error monitoring; and optional outbound integrations (e.g. Slack) that a workspace chooses to install.

The current named listwith each sub-processor’s identity, location, and processing purpose lives in the Data Processing Addendum (§5) and is the canonical source of truth — we update it there first when sub-processors change, and existing paid customers get 14 days’ notice via that page’s “Last updated” date.

We’ve chosen providers that either contractually commit not to use your data for their own model training or advertising, or whose default API terms exclude API traffic from training.

Cookies and local storage

We use a single first-party session cookie set by Auth.js (“authjs.session-token”) to keep you signed in, and a short-lived per-interview cookie (“lx_int_…”) that lets your browser submit answers to the interview you started. For visit-volume measurement on the public surface (home, pricing, vertical landing pages) we use Vercel Analytics in cookieless mode — no advertising cookies, no third-party tracker cookies, and no profile attached to you.

When product analytics is enabled on this site, an anonymous identifier is stored in your browser’s localStorage so we can count unique visits and measure funnel completion. Participant transcripts and takeaway content are explicitly excluded from analytics capture. If you visit on a participant interview page, analytics is not initialised.

API access and the MCP connector

Hosts can issue per-organisation Bearer tokens from /org/settings for use with the Lacudelph Model Context Protocol (MCP) connector at mcp.lacudelph.com. A token presented to the connector authorises programmatic access to that organisation’s data — briefs, rounds, completed interview transcripts, and the aggregate / takeaway artefacts — and, on write-scope tokens, allows publishing briefs and creating rounds. The token is the credential; treat it like a password and revoke compromised tokens immediately.

When you attach the connector to a third-party AI client (e.g. Claude), tool-call inputs and outputs are sent to that client’s provider as part of the conversation. The provider’s data-use terms — not ours — govern what happens to that data on their side. We log only tool name, status, and latency per call; we do not log inputs or outputs. Revocation is immediate and per-token.

Your rights

Wherever you live, you can:

  • Access your data — request a copy via the contact details below.
  • Correct inaccurate data via your dashboard or by contacting us.
  • Delete your account; this cascades-deletes your briefs, interviews, transcripts, takeaways, organisation memberships, and llm-call telemetry. Some logs (e.g. billing records required for tax compliance) may be retained as required by law.
  • Export your briefs and takeaways via the dashboard (transcript download forthcoming).
  • Object to processing based on legitimate interest, where applicable under GDPR.
  • Withdraw consent at any time without affecting prior lawful processing.

Under the EU GDPR, you have the right to lodge a complaint with your local data-protection authority. Under the Israeli Privacy Protection Law, you can complain to the Privacy Protection Authority.

Data retention

We retain interview content for as long as the host organisation’s account exists. You can delete individual briefs (and all associated interviews + transcripts) at any time. Deleting your account triggers cascade deletion within 30 days. We retain billing records as required by Israeli tax law (currently up to 7 years for invoices).

Security

Connections to Lacudelph use HTTPS. Database access is authenticated with a connection-string secret rotated as needed. BYO Anthropic keys are encrypted at rest with AES-256-GCM, keyed off a server-side secret distinct from the session-signing key. Session cookies are HttpOnly + Secure. Rate limits and per-organisation daily spend caps protect against runaway usage.

No system is impenetrable; if we discover a security incident affecting your data, we’ll notify you without undue delay and within any timeframe required by applicable law.

International transfers

We’re a small Israeli company using US- and EU-hosted providers. Data may be transferred to the US, EU, and UK as part of the Service. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

Changes to this policy

Material changes will be announced by email to the account owner and posted at this URL with a new “Last updated” date.

Contact

For privacy-related questions or to exercise any of the rights above, get in touch. We’ll respond within 30 days.

cross-turn reasoning · rendered live