This Privacy Policy explains how LucidVia ("we", "us", or "the Service") collects, uses, and shares information when you use our website and the AI-readiness scanning service.
1. Information we collect
Account information
When you sign up we collect your email address, a password (stored hashed via Supabase Auth), and — if you sign in with Google — your name and profile picture.
Scan inputs & results
When you submit a URL we fetch publicly accessible pages from that URL, analyze them, and store the resulting report (overall score, category scores, recommendations, page-level insights). We retain a small markdown/HTML excerpt of each scanned page for analysis and quality auditing; we do not retain full archives of scanned sites.
Billing
If you subscribe to a paid plan, payment is processed by Paddle, our merchant of record — Paddle is the seller of record for the transaction and handles applicable sales tax/VAT. We never see or store your card details. We retain a Paddle customer ID, subscription status, and the plan you are on.
Usage
We collect basic, aggregated usage analytics (page views, conversion events, performance metrics) via Vercel Analytics. These do not include personally identifying content and are not used to build advertising profiles.
2. How we use your information
- To run AI-readiness scans you request and deliver the resulting reports.
- To authenticate you and enforce plan limits.
- To bill you for paid plans and prevent abuse.
- To send transactional emails (signup confirmation, password reset, billing receipts).
- To improve the product (aggregate analytics, error monitoring).
3. Third-party services
We share data only with the third parties strictly required to operate the Service:
- Supabase — database and authentication.
- Firecrawl — fetches the public pages of the URL you submit.
- OpenAI — analyzes scanned content to produce recommendations. Per OpenAI's API policy, content submitted via the API is not used to train their models.
- Paddle — payment processing (merchant of record).
- Vercel — hosting and analytics.
4. Public reports & sharing
By default, your reports are private to your account. If you choose to enable a public share link for a report, anyone with that link can view the report. You can disable the share link at any time from the report page.
5. Data retention
We retain account data for as long as your account is active. Scan reports are retained while your account exists. You can request deletion of your account and associated data at any time by emailing us; we will fulfill the request within 30 days, subject to legal retention obligations.
6. Your rights
Depending on your jurisdiction (e.g. GDPR in the EU/UK, CCPA in California), you may have rights to access, correct, export, or delete your personal data, and to object to or restrict processing. To exercise these rights, email us at support@lucidvia.com.
7. Security
We use industry-standard practices: TLS in transit, encrypted-at-rest databases, Row-Level Security policies isolating each user's data, signed Paddle webhooks, and rate limiting against abuse. No system is perfectly secure; we will notify you of a breach affecting your data without undue delay.
8. Children
The Service is not intended for children under 16. We do not knowingly collect personal data from children.
9. International transfers
We process data in the United States and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for international transfers.
10. Changes
We may update this Policy. Material changes will be highlighted on this page and, where required, sent to you by email. The "Last updated" date at the top reflects the current version.
11. Contact
Questions or requests: support@lucidvia.com.