Just Lucy
GitHubSign in

Privacy Policy

Last updated: June 30, 2026

This Privacy Policy explains how JustLucy (“Lucy”, “we”, “us”) collects, uses, stores, and protects your information when you use the Lucy application and the website at justlucy.ai (the “Service”). By using the Service you agree to the practices described here.

Who we are

The Service is operated by JustLucy. For privacy questions, contact us at support@justlucy.ai. For users in the EEA/UK, JustLucy is the data controller for the personal data described below.

Information we collect

  • Account information — your email address and name when you register or sign in (including via Google sign-in). Passwords are stored only as salted hashes.
  • Content you create — your chats and messages, the memories Lucy keeps to personalize your experience, personas, workflows, and any knowledge or files you add.
  • Provider & integration credentials — API keys for the AI providers you choose to use, and access tokens for services you connect (e.g. Google, Microsoft, Slack). These are encrypted at rest and used only to perform the actions you request.
  • Usage & device data — basic logs, approximate device/browser information, and security events (such as sign-in activity and two-factor status) needed to operate and secure the Service.

How we use your information

  • To provide, maintain, and secure the Service and your account.
  • To personalize Lucy using your memories and preferences.
  • To authenticate you and enforce security features such as two-factor authentication.
  • To carry out the actions and integrations you explicitly request.
  • To communicate with you about your account, security, and support.
  • To comply with legal obligations and enforce our Terms.

We do not sell your personal data, and we do not use it to serve third-party advertising.

AI providers and your prompts

Lucy is a “bring-your-own-key” assistant: when you send a message, your prompt and the context needed to answer it are transmitted to the AI provider you have configured (for example OpenAI, Anthropic, or Google) — or to a local model on your own machine if you choose one. Your use of those providers is also governed by their respective privacy policies and terms. We do not use your content to train our own models.

Connected services and Google user data

When you connect a third-party account (such as Google, Microsoft, or Slack), you authorize specific permissions (scopes). Lucy accesses that data onlyto provide the features you ask for — for example, searching your Google Drive, drafting an email, or checking your calendar — and stores the access tokens in encrypted form. You can disconnect any service at any time from Settings, which revokes Lucy’s access.

Lucy’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, data obtained from Google is used only to provide or improve the user-facing features you request; it is never sold, never used for advertising, and never used to train generalized AI/ML models. We do not transfer this data to others except as necessary to provide the feature, to comply with applicable law, or as part of a merger or acquisition with prior notice. Human access to Google user data is not permitted except with your explicit consent, for security or to comply with law, or in aggregated/anonymized form for operations.

Service providers (subprocessors)

We rely on a small number of trusted providers to run the Service:

  • Hosting & database — our self-hosted Supabase (PostgreSQL) infrastructure.
  • AI providers — the model providers you configure, to generate responses.
  • Email — our transactional email provider, for account and security emails.
  • Payments — Stripe and PayPal process payments where you purchase a paid plan (see our Payments page).

Data retention

We retain your account data and content for as long as your account is active or as needed to provide the Service. You may request deletion of your account and associated data at any time; we will delete or anonymize it except where we must retain certain records to comply with law.

Security

We protect your data with encryption in transit (HTTPS) and encryption at rest for sensitive secrets such as API keys and integration tokens, along with access controls and authentication safeguards. No method of transmission or storage is completely secure, but we work to protect your information using industry-standard measures.

Your rights

Depending on where you live, you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. EEA/UK users have these rights under the GDPR; California residents have rights under the CCPA/CPRA, including the right to know and to delete and the right not to be discriminated against for exercising them. To exercise any right, contact support@justlucy.ai.

International transfers

Your data may be processed in countries other than your own. Where required, we use appropriate safeguards for such transfers.

Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version here and revise the “Last updated” date above; significant changes may also be communicated by email.

Questions? Contact us at support@justlucy.ai.

All providers

One interface

Run local

Your control

Built for teams

Built for scale

Open today

Unlimited tomorrow

© 2026 Lucy AI·Download·Docs·Privacy·Terms·Payments