Privacy Policy
This Privacy Policy explains how LucentStar AI collects, uses, stores, and protects your personal data when you visit our website at lucentstar.ai or use the LucentStar AI platform. It applies to both our marketing website and our authenticated SaaS application.
1. Who We Are
LucentStar AI is the data controller responsible for your personal data. We are a UK-based digital software and AI services business, the operator of lucentstar.ai and the LucentStar AI platform.
Trading name
LucentStar AI
Company number
[COMPANY REGISTRATION NUMBER — TO BE CONFIRMED]
Registered address
[REGISTERED ADDRESS — TO BE CONFIRMED ON COMPANY FORMATION]
hello@lucentstar.ai
Telephone
[TELEPHONE NUMBER — TO BE CONFIRMED]
Company registration details will be updated on this page once LucentStar AI Limited is formally incorporated. In the interim, hello@lucentstar.ai is the primary point of contact for all data protection enquiries.
2. What Data We Collect
2.1 Data you provide directly (website)
Name and contact details (email address, phone number, postal address)
Business name and job title
Messages or enquiries submitted via contact forms
Information provided when signing up to our mailing list
Any other information you choose to share with us
2.2 Data you provide when creating a LucentStar AI account
Full name and email address (used for authentication and communications)
Password (stored as a one-way bcrypt hash — we never store your password in plain text)
Marketing communications preference (opt-in, recorded at registration)
2.3 Data you create inside the LucentStar AI application
Post content you draft, generate, save, schedule, or export
Ghost writing profile data (your professional identity, tone preferences, audience details)
Brand voice files you upload (.txt or .md format)
Prompts and topics you submit to the content generation system
Content calendar entries and scheduled dates
2.4 Data collected automatically
IP address and device information
Browser type and version
Pages visited and time spent on the site
Referring website or search terms used to find us
Session identifiers (stored in our PostgreSQL database via secure session cookies)
Application usage data (post generation counts, plan status, subscription events)
Cookie and tracking data (see our Cookie Policy)
2.5 Billing and subscription data
Subscription plan and status (Free, Creator, or Pro)
Stripe customer identifier and subscription identifier
Payment event history (subscription created, upgraded, downgraded, payment failed, payment recovered)
We do not store your full payment card details. All payment processing is handled by Stripe. We receive only a customer reference and event notifications from Stripe.
3. How We Use Your Data
We process your personal data for the following purposes:
To respond to your enquiries and provide customer support
To create and manage your LucentStar AI user account
To authenticate you and maintain secure sessions
To generate AI-powered content on your behalf using your submitted prompts
To enforce your subscription plan entitlements (post limits, feature access)
To process subscription payments and manage billing events via Stripe
To send transactional emails (account confirmation, password reset, usage alerts, billing notifications)
To send marketing communications where you have given consent
To improve our website, application, and user experience
To comply with our legal obligations
To prevent fraud and maintain security
4. AI Processing — How Your Prompts Are Used
LucentStar AI uses the Claude API, operated by Anthropic PBC, to generate content on your behalf. When you submit a topic, ghost writing profile, or brand voice instruction to the generator, that input is transmitted to Anthropic's API for processing.
You should be aware that:
Your prompts and generation inputs are sent to Anthropic as part of the API call
Anthropic processes these inputs in accordance with its own privacy policy and API usage policies, available at anthropic.com/privacy
LucentStar AI does not use your content to train AI models
Anthropic's data processing terms apply to the processing of your inputs at the model level
AI-generated outputs may contain inaccuracies or errors — you are responsible for reviewing content before publishing
We recommend you do not include sensitive personal data or confidential information in the content prompts you submit to the generator.
5. Legal Basis for Processing
Under UK GDPR, we rely on the following legal bases:
Contract
Processing necessary to provide the LucentStar AI service under your subscription agreement, including account management, content generation, billing, and quota enforcement.
Legitimate interests
Processing for our business purposes where these do not override your rights — including security monitoring, fraud prevention, application performance, and service improvement.
Consent
Where you have given clear consent — specifically, for marketing emails (opt-in at registration or via account preferences).
Legal obligation
Where we are required to process or retain data to comply with applicable law, including financial records.
6. Marketing Communications
We will only send you marketing emails if you have opted in to receive them at registration or subsequently via your account settings. You can unsubscribe at any time by clicking the unsubscribe link in any email or by updating your preferences in the LucentStar AI account page. We do not pass your contact details to third parties for marketing purposes.
7. Our Data Processors (Subprocessors)
We use the following third-party processors to operate LucentStar AI and LucentStar AI. All processors are required to process your data securely and in accordance with applicable data protection law.
Anthropic PBC
AI content generation. Receives prompt inputs submitted to the LucentStar AI generator. USA (Standard Contractual Clauses).
Stripe Inc.
Subscription billing and payment processing. Receives billing-related data and payment events. USA (Standard Contractual Clauses / UK Addendum).
Resend Inc.
Transactional and marketing email delivery. Receives name and email address for sending. USA (Standard Contractual Clauses).
Railway Corporation
Application hosting and managed PostgreSQL database. Stores all application data including user accounts, posts, and sessions. USA (Standard Contractual Clauses).
We maintain a current list of subprocessors at lucentstar.ai/legal/subprocessors. We will provide reasonable notice of any material changes to our subprocessor list.
8. International Transfers
Some of our processors are based outside the UK (see Section 7). Where we transfer personal data internationally, we ensure appropriate safeguards are in place. For transfers to the USA, we rely on Standard Contractual Clauses approved by the UK ICO (or equivalent international data transfer agreements), supplemented where necessary by transfer impact assessments.
9. Data Retention
We retain your personal data only for as long as necessary for the purposes described in this policy, or as required by law.
Active account data (profile, posts, ghost profile, brand voice)
Retained for the duration of your account and for 90 days following account closure, then deleted.
Session data
Deleted on logout or after 7 days of inactivity.
Billing and financial records
7 years from the date of the relevant transaction (legal obligation).
Marketing consent records
Retained until you withdraw consent.
Password reset tokens
Deleted immediately after use or after 1 hour if unused.
Enquiry and contact form data
2 years from the date of last contact.
Website analytics data
26 months (in line with ICO guidance).
10. Your Rights
Under UK GDPR, you have the following rights:
Right of access: to request a copy of the personal data we hold about you
Right to rectification: to ask us to correct inaccurate or incomplete data
Right to erasure: to ask us to delete your data in certain circumstances
Right to restriction: to ask us to limit how we use your data
Right to data portability: to receive your data in a structured, machine-readable format — you can export your saved posts from the LucentStar AI dashboard at any time
Right to object: to object to processing based on legitimate interests or for direct marketing
Rights related to automated decision-making: to not be subject to solely automated decisions that significantly affect you
To exercise any of these rights, please contact us at hello@lucentstar.ai. We will respond within one calendar month. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.
11. Account Deletion and Data Erasure
You may request deletion of your LucentStar AI account and associated personal data at any time by contacting hello@lucentstar.ai with the subject line "Account deletion request". We will process your request within 30 days.
On account deletion, we will:
Delete your account credentials, ghost writing profile, brand voice data, and all saved posts
Cancel any active subscription via Stripe
Retain billing and financial records for the legally required 7-year period
Retain anonymised usage statistics that cannot be linked back to you
A self-service account deletion option within the LucentStar AI account settings page is planned for a future release.
12. Security
We take the following measures to protect your personal data:
Passwords are hashed using bcrypt with a high cost factor — we never store passwords in plain text
Sessions are stored server-side in a PostgreSQL database with secure, HTTP-only, same-site cookies
Session IDs are rotated on login and registration to prevent session fixation attacks
Password reset invalidates all active sessions for your account
All data transmission uses HTTPS/TLS encryption
Access to production systems is restricted to authorised personnel only
No data transmission over the internet is completely secure, and we cannot guarantee the absolute security of data you send to us. Please notify us immediately at hello@lucentstar.ai if you suspect any unauthorised access to your account.
13. Cookies
Our website and application use cookies. For full details, please see our Cookie Policy at lucentstar.ai/cookie-policy. The LucentStar AI application uses strictly necessary session cookies only and does not require cookie consent from authenticated users.
14. EU Users and Representative
LucentStar AI is accessible to users in the European Union. At the current stage of the business, we do not have a formally appointed EU representative under Article 27 of the EU GDPR. If you are an EU-based user with a data protection query, please contact us at hello@lucentstar.ai. We will update this section on appointment of an EU representative.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Any material changes will be communicated to registered users by email. Changes will also be posted on this page with a revised effective date. This policy was last updated on 6 May 2026.
16. Contact Us
For any queries relating to this Privacy Policy or your personal data, please contact:
hello@lucentstar.ai
Address
[REGISTERED ADDRESS — TO BE CONFIRMED ON COMPANY FORMATION]
Telephone
[TELEPHONE NUMBER — TO BE CONFIRMED]