Lucid360Back to home

Privacy policy

Last updated: 18 mai 2026

This document is provided in French. In case of linguistic discrepancy, the French version shall prevail.

This policy describes how iclics SRL processes your personal data within the Lucid360 service, in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable Belgian legislation.

1. Data Controller

The data controller is iclics SRL, Chemin du Beau Vallon 42, 5100 Wépion, Belgique (enterprise number 0548.813.132). For any questions regarding your data: info@lucid360.eu.

2. Data We Process

  • Account data: email address, first/last name if applicable, password (stored in encrypted/hashed form), verification status, preferred language.
  • Project data: information about your entrepreneurial profile, your sector, your situation, and the data (including economic and financial) you enter to populate your file.
  • Content: conversations, messages, imported documents, and generated documents, stored in your file's "memory."
  • Billing data: subscribed plan and subscription information (payment data is processed directly by Stripe; we do not store your card numbers).
  • Usage and technical data: usage events, logs, IP address, timestamps, data necessary for security and abuse prevention.

We ask you not to enter sensitive data or data relating to third parties without an appropriate legal basis.

3. Purposes and Legal Bases

  • Provide and operate the Service, including AI content generation — contract performance (Art. 6.1.b).
  • Manage accounts, support, and transactional communications — contract performance.
  • Security, fraud and abuse prevention, captcha, rate limiting — legitimate interest (Art. 6.1.f).
  • Aggregated audience measurement and Service improvement — legitimate interest.
  • Billing and compliance with accounting and tax obligations — legal obligation (Art. 6.1.c).
  • Potential non-essential communications — consent, revocable at any time.

4. Processing by AI Models

To produce responses and documents, your content is transmitted to artificial intelligence model providers acting as processors (see section 5). These providers process the content only to generate the requested response. The professional offers/APIs we use generally stipulate that your content is not used to train their models.

5. Recipients and Processors

We use service providers subject to contractual confidentiality and security commitments (processing agreements within the meaning of Art. 28 GDPR):

  • Supabase — database and backend hosting (EU servers).
  • Netlify — web application hosting and delivery.
  • Anthropic, OpenAI, Google, Perplexity — AI model and monitoring providers.
  • Stripe — payment and subscription processing.
  • Resend — transactional email sending.
  • Cloudflare — anti-robot protection (Turnstile captcha).
  • Internal audience measurement (Umami) — self-hosted statistics, cookie-free and without individual profiling.

6. Transfers Outside the European Union

Some processors may process data outside the EEA. In such cases, these transfers are governed by appropriate safeguards, including the European Commission's standard contractual clauses and, where applicable, complementary technical and organizational measures.

7. Retention Periods

  • Account and project data: for the entire duration of Service use, then deletion or anonymization within a reasonable period after account closure.
  • Accounting and billing documents: retained in accordance with Belgian legal obligations (up to 10 years).
  • Technical and security logs: limited duration, proportionate to the purpose.

8. Security

We implement appropriate technical and organizational measures (encryption in transit, access control, logging, password hashing) to protect your data against unauthorized access, loss, or disclosure.

9. Your Rights

In accordance with GDPR, you have the rights of access, rectification, erasure, restriction, objection, portability, and the right to withdraw your consent at any time. You can also define directives regarding the fate of your data after your death.

To exercise these rights: info@lucid360.eu. You also have the right to lodge a complaint with the Data Protection Authority:

Data Protection Authority (Belgium)

Rue de la Presse 35, 1000 Brussels — autoriteprotectiondonnees.be

10. Minors

The Service is not intended for minors and is not knowingly offered to them.

11. Modifications

This policy may be updated. Any substantial modification will be notified to you by an appropriate means. The date of the last update appears at the top of the page.