Privacy Policy

1. Data Controller

Your data is controlled by Lucend SASU, 5 Parvis Alan Turing, 75013 Paris, France. For any questions regarding your data, contact us at [email protected].

2. Data We Collect

We collect data necessary to provide and improve our service:

Account Information

Email address, name, and authentication credentials (password hash, or OAuth tokens via Google/Apple sign-in).

Profile & Preferences

Interests, selected topics, connected sources (RSS feeds, subreddits, X accounts), content preferences, and listening history.

Contextual Data

Geolocation (for weather and commute information), connected calendars (Google Calendar, Outlook, Zoho, ICS feeds), and timezone.

Technical Data

Device type, OS version, app version, push notification tokens, and anonymized usage analytics on our website.

3. How We Use Your Data

We use your data to:

• Generate your personalized daily podcast briefings
• Provide weather, commute, and calendar-aware content
• Send push notifications for new episodes
• Send transactional emails (account, receipts)
• Improve our service and fix issues
• Comply with legal obligations

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties for their own marketing purposes.

4. Legal Basis (GDPR)

• Contract performance: processing necessary to deliver the service you signed up for
• Legitimate interest: analytics, security, and service improvement
• Consent: optional features like marketing communications

5. Third-Party Services

We use the following third-party services to operate Lucend:

• Hetzner (Germany/Finland/USA) — infrastructure hosting
• Cloudflare (USA) — CDN, static assets (R2), website hosting
• Google Cloud Platform (EU/USA) — AI processing (LLM, text-to-speech)
• RevenueCat — subscription management via App Store / Google Play
• Apple / Google — OAuth authentication, in-app purchases
• Resend — transactional emails
• Expo — push notifications

Each provider processes data under their own privacy policy and in accordance with applicable data protection agreements (DPAs).

6. International Data Transfers

For users in the EU, your data is primarily processed within the EU (Hetzner Germany/Finland, GCP EU regions). Some services (Cloudflare, RevenueCat, Expo) may process data in the USA under the EU-U.S. Data Privacy Framework or Standard Contractual Clauses.

For users in the US, your data is processed on US-based infrastructure (Hetzner US, GCP US regions).

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion, your personal data is permanently removed within 30 days, except where retention is required by law.

8. Cookies & Analytics

Our website uses privacy-friendly analytics that do not require cookies or personal data collection. We may in the future use tracking pixels (e.g., Meta, TikTok) for marketing measurement — if so, these will only be activated with your explicit consent.

9. Your Rights

Under GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Request deletion of your data
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

To exercise these rights, contact us at [email protected]. You also have the right to file a complaint with the French data protection authority (CNIL).

10. Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, VPC isolation, and access controls. While no system is 100% secure, we take reasonable steps to protect your data.

11. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or in-app notification. Continued use of the service after changes constitutes acceptance.