DevLucid Logo
DevLucid

Privacy Policy

How we protect and handle your personal data

Data Administrator

The administrator of personal data is:

Jakub Stolarski

ul. ks. Jerzego Popiełuszki 12A/10

37-450 Stalowa Wola, Polska

Contact: contact@devlucid.com

We inform you that the Administrator has not appointed a Data Protection Officer. For matters concerning data protection, please contact us directly at the email address provided above.

Legal Basis for Processing

We process your personal data on the basis of:

  • Article 6(1)(b) of GDPR - performance of a contract (provision of services)
  • Article 6(1)(c) of GDPR - compliance with a legal obligation (e.g., tax obligations)
  • Article 6(1)(f) of GDPR - legitimate interest (service improvement, security)
Data Security

We take the security of your personal data seriously. Passwords are securely stored and hashed by our authentication provider (Supabase Auth) using industry-standard encryption. We do not have access to your password in plain text, nor do we process it directly.

  • Passwords are securely hashed by our authentication provider using industry-standard encryption
  • Database connections are secured
  • We do not store plain text passwords
Data We Collect

We collect the following information when you use our service:

  • Name and email address (for account creation and authentication)
  • Questions and answers you submit (stored to provide you with access to your history)
  • Usage data (to improve our service)

Note: Our hosting provider (Vercel) may collect IP addresses for security and analytics purposes. We do not store IP addresses in our database.

Cookies and System Logs

The service uses cookies to maintain the User's session (necessary for the service to function) and for analytical purposes.

  • Session cookies: expire after logout or closing the browser.
  • Persistent cookies: stored for the time specified in the cookie parameters.

You can change your browser settings regarding cookies at any time, however this may make it difficult to use the Service.

Data Recipients

Your personal data is entrusted to specific, trusted entities that provide the technical infrastructure of the service:

  1. Vercel Inc. (USA) – hosting and serverless infrastructure provider. The application runs on Vercel servers and processes requests there.
  2. Supabase Inc. (USA/Singapore) – database provider. Your account, question history, and settings are securely stored there.
  3. Stripe, Inc. (USA) – payment processor. Processes card and transaction data. We do not see your full card number.
  4. OpenAI, L.L.C. (USA) – artificial intelligence provider. The content of your questions (without personal data, unless you include it) is sent to the API to generate responses.
  5. Resend Inc. (USA) – email service provider. Used to send transactional emails (e.g., welcome emails, password reset) and handle contact form submissions.
  6. Vercel Analytics (USA) – analytics tool. Collects anonymous data about page performance and visits to optimize the service.

Data Transfer Outside EEA:

All the providers mentioned above (Vercel, Supabase, Stripe, OpenAI, Resend, Vercel Analytics) have headquarters or main infrastructure in the USA. Data transfer is based on the Data Privacy Framework (DPF) or Standard Contractual Clauses (SCC), ensuring GDPR compliance and the security of your data.

Profiling

Your personal data is not subject to automated decision-making, including profiling, which would produce legal effects concerning you or similarly significantly affect you.

Links to Other Websites

Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's website. We strongly advise you to review the Privacy Policy and Terms of Service of every website you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We are not responsible for any damages or losses resulting from your use of third-party websites.

Your Rights

You have the right to:

  • Access your personal data
  • Update or correct your information
  • Delete your account and associated data
  • Export your data
  • Object to the processing of your personal data
  • Restrict the processing of your personal data

You have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if you believe that the processing violates the provisions of the law.

UODO contact: ul. Stawki 2, 00-193 Warsaw, Poland

Data Retention

We retain your personal data for as long as your account is active. You can delete your account at any time through the settings page, which will remove all associated data.

Contact Us

If you have any questions about this Privacy Policy, please contact us through the contact form or email.

Ask Lucid