DevLucid Logo
DevLucid

Privacy Policy

How we protect and handle your personal data

Data Administrator

The administrator of personal data is:

Jakub Stolarski

ul. ks. Jerzego Popiełuszki 12A/10

37-450 Stalowa Wola, Polska

Contact: contact@devlucid.com

We inform you that the Administrator has not appointed a Data Protection Officer. For matters concerning data protection, please contact us directly at the email address provided above.

Legal Basis for Processing

We process your personal data on the basis of:

  • Article 6(1)(b) of GDPR - performance of a contract (provision of services)
  • Article 6(1)(c) of GDPR - compliance with a legal obligation (e.g., tax obligations)
  • Article 6(1)(f) of GDPR - legitimate interest (service improvement, security)
Data Security

We take the security of your personal data seriously. Passwords are securely stored and hashed by our authentication provider (Supabase Auth) using industry-standard encryption. We do not have access to your password in plain text, nor do we process it directly.

  • Passwords are securely hashed by our authentication provider using industry-standard encryption
  • Database connections are secured
  • We do not store plain text passwords
Data We Collect

We collect the following information when you use our service:

  • Name and email address (for account creation and authentication)
  • Questions and answers you submit (stored to provide you with access to your history)
  • Usage data (to improve our service)
  • Data from social accounts (if you choose to sign in with Google or GitHub): your email address, name or username, and optionally your profile picture.
  • Approximate location (country): detected automatically, solely from your IP address by our server infrastructure, to tailor currency and language (we do not use precise device GPS location).

Note: Our hosting provider (Vercel) may collect IP addresses for security and analytics purposes. We do not store IP addresses in our database.

Cookies and System Logs

The service uses cookies to maintain the User's session (necessary for the service to function) and for analytical purposes. Our authentication provider (Supabase) sets session cookies required to keep you logged in; these are essential for the service to work.

Analytics tools (Google Analytics, Vercel Analytics) are loaded only after you grant consent in cookie settings.

  • Session cookies: expire after logout or closing the browser.
  • Persistent cookies: stored for the time specified in the cookie parameters.

You can change your browser settings regarding cookies at any time, however this may make it difficult to use the Service.

Data Recipients

Your personal data is entrusted to specific, trusted entities that provide the technical infrastructure of the service:

  1. Vercel Inc. (USA) – hosting and serverless infrastructure provider. The application runs on Vercel servers and processes requests there.
  2. Supabase Inc. (USA/Singapore) – database provider. Your account, question history, and settings are securely stored there.
  3. Stripe, Inc. (USA) – payment processor. Processes card and transaction data. We do not see your full card number.
  4. OpenAI, L.L.C. (USA) – artificial intelligence provider. We send to its API: (1) the text of your questions in the Lucid AI (Chatbot) feature; (2) your source code and the task description when you use the Arena Mentor (hints); (3) your source code when you use the AI Code Review feature. This data is processed to generate responses. We do not send your account credentials; any personal data you include in questions or code is your responsibility.
  5. Resend Inc. (USA) – email service provider. Used to send transactional emails (e.g., welcome emails, password reset) and handle contact form submissions.
  6. Google LLC (USA) – (1) Sign-in provider (Google OAuth). If you choose this method, Google processes the data necessary for authentication. (2) Google Analytics 4: when you have given consent in cookie settings, we load Google Analytics 4, which may collect data about your use of the site (e.g. pages visited, device type); we use IP anonymization where possible.
  7. GitHub Inc. (USA) – sign-in provider (GitHub OAuth). If you choose this authentication method, this entity processes the data necessary for authentication.
  8. Vercel Analytics (USA) – analytics tool. Collects anonymous data about page performance and visits to optimize the service.
  9. RapidAPI / Judge0 (Judge0 CE) – code execution service. When you run or submit solutions on the Task Arena, your source code and optional input data are sent to this service to execute the code and return results. This is necessary for the correct operation of the task verification feature.

Data Transfer Outside EEA:

All the providers mentioned above (Vercel, Supabase, Stripe, OpenAI, Resend, Vercel Analytics, Google, GitHub, RapidAPI/Judge0) have headquarters or main infrastructure outside the EEA (e.g. USA). Data transfer is based on the Data Privacy Framework (DPF) or Standard Contractual Clauses (SCC), ensuring GDPR compliance and the security of your data.

Profiling

Your personal data is not subject to automated decision-making, including profiling, which would produce legal effects concerning you or similarly significantly affect you.

Links to Other Websites

Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third-party's website. We strongly advise you to review the Privacy Policy and Terms of Service of every website you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We are not responsible for any damages or losses resulting from your use of third-party websites.

Your Rights

You have the right to:

  • Access your personal data
  • Update or correct your information
  • Delete your account and associated data
  • Export your data
  • Object to the processing of your personal data
  • Restrict the processing of your personal data

You have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if you believe that the processing violates the provisions of the law.

UODO contact: ul. Stawki 2, 00-193 Warsaw, Poland

Data Retention

We retain your personal data for as long as your account is active. You can delete your account at any time through the settings page, which will remove all associated data.

Account deletion is irreversible. All data associated with you is permanently removed from our databases (Hard Delete).

Contact Us

If you have any questions about this Privacy Policy, please contact us through the contact form or email.