Privacy Policy
Last updated: May 2026
1. Data Controller
Lugnås is the data controller for personal data processed through the Lugnås Business Builder platform.
2. Personal Data We Collect
| Category | Data | Source |
|---|---|---|
| Account data | Email address, password (hashed), account type, approval status | Directly from you at signup |
| Signup metadata | IP address, country, city, region at registration | Automatically via Cloudflare edge |
| Business profile | Business name, description, industry, target market, value proposition, website, legal entity name, registry details | Directly from your input |
| Contact / team data | Person name, team member names, roles, LinkedIn URLs, suggested contacts | Your input + AI-generated research |
| Payment data | Stripe customer ID, payment method brand/last4 | Stripe (PCI-compliant) |
| Usage data | Credit balance, daily usage, tokens purchased | Platform activity |
| Communication | Email addresses for invites, send logs, unsubscribe tokens | User actions + email infra |
| Research data | AI-generated assessments: scores, network assessments, fit scores, impact ratings | AI processing of your business data |
3. Purpose and Legal Basis
| Purpose | Legal basis |
|---|---|
| Provide the commercialization workspace (research, analysis, storage) | Contract (paid) / Legitimate interest (trial) |
| Authentication and account security | Legitimate interest |
| Trial verification and fraud prevention | Legitimate interest |
| Token/credit metering and billing | Contract |
| Transactional emails (approvals, account notifications) | Contract / Legitimate interest |
| AI-powered business research and analysis | Legitimate interest (your provided business data) |
| Admin oversight and platform improvement | Legitimate interest |
4. Sub-processors
| Processor | Role | Notes |
|---|---|---|
| Lovable Cloud | Hosting, database, auth, file storage | Managed cloud infrastructure |
| Lovable AI Gateway | LLM processing for research & analysis | Business data sent for AI analysis |
| Perplexity AI | Web research & real-time info retrieval | Business queries via API |
| Stripe | Payment processing, billing | PCI-compliant; no card data stored locally |
| Cloudflare | CDN, DDoS protection, IP geolocation | IP & geo headers captured at edge |
5. Cross-Border Data Transfers
AI processing (via Lovable AI Gateway) and cloud hosting may involve data transfers outside the European Economic Area (EEA). Appropriate safeguards, including Standard Contractual Clauses where applicable, are in place with our sub-processors.
6. Automated Decision-Making
The platform uses AI to generate evaluative inferences, including commercial scores for leads, network strength assessments, fit scores, product-market fit ratings, impact ratio scores, and SDG alignment ratings. These are algorithmic assessments based on your business data. You may request human review of any such score by contacting us at sales@lugnas.ai.
7. Data Retention
- Active accounts: retained until account deletion.
- Trial accounts: purged after 90 days of inactivity unless converted.
- Snapshots and research data: retained while the account is active; deleted upon account erasure.
- Email logs: retained for 1 year for deliverability and compliance.
- Payment records: retained per applicable tax/accounting laws.
8. Your Rights (GDPR)
You have the right to:
- Access your personal data and AI-generated inferences
- Rectify inaccurate business or contact data
- Erase your account and all associated research/snapshots
- Export/Port your business model and snapshots in a machine-readable format
- Object to processing based on legitimate interest
- Restrict processing where accuracy is contested
- Request human review of AI-generated scores
To exercise any of these rights, email sales@lugnas.ai.
9. Security Measures
- Row-Level Security (RLS) enforces per-user data isolation
- Admin access restricted to specific staff with role-based controls
- Approval-gated signup prevents unauthorized account creation
- Encryption in transit (HTTPS) and at rest
- Anonymized trial accounts use generated email addresses
10. Cookies and Storage
Lugnås uses Supabase authentication cookies to maintain your session. Trial mode uses a single localStorage flag (lugnas_trial_mode) to track trial state. We do not use third-party tracking cookies or analytics cookies.
11. Contact
For privacy-related questions or to exercise your rights, contact: sales@lugnas.ai