Privacy Policy
Last updated: 2026-07-05
Lucien (“we”, “us”) operates an AI phone concierge that places outbound calls to businesses on your behalf. This policy explains what we collect, why, and your rights. If you are in the EU/EEA or UK, we act as the data controller for your account data.
Information we collect
Account data you provide: name, email, password (stored hashed), and optional settings (preferred language, currency). With Google sign-in we receive your name, email, and profile image from Google.
Saved booking details you choose to store: a contact phone number, email, or address. The agent shares them with a business only when the task needs it — a reservation in your name, a callback, a delivery.
Request & call data: the tasks you ask us to perform, the numbers/businesses to call, and the conversations our AI agent has on your behalf — including call audio recordings, transcripts, AI summaries, and collected results. Calls our agent places may be recorded. Recordings necessarily capture the voice and words of the people who answer; we process that data solely to deliver your results, and you must only instruct calls you may lawfully make.
Billing data: your prepaid credit balance and ledger. Card details are processed and stored by Stripe — we never see or store full card numbers.
Technical data: with your consent, anonymous, aggregated usage analytics; error reports when something breaks; and the cookies described below.
How we use it
To provide the service (place and reconcile calls, return results), to bill prepaid credit, to secure accounts and prevent abuse, to send transactional email (verification, password reset, receipts), and — only with consent — to measure and improve the site. Where the GDPR applies, we rely on performance of a contract (running the service), legitimate interests (security and fraud prevention), legal obligations (accounting), and consent (analytics).
Teams & organizations
If your account belongs to an organization, its owners and admins can see the organization’s requests, results, and billing. If you use our API, requests made with your API keys are processed like any other, and webhook events are delivered to the endpoints your organization configures.
Service providers (sub-processors)
We share the minimum data necessary with providers who help us run the service: telephony and voice (Telnyx; ElevenLabs and Twilio on the voice path), AI models that generate the agent’s speech and analysis (Anthropic, OpenAI, Google, and models hosted by our voice providers), business search (Google Places, which receives your search queries in discovery mode), payments (Stripe), email (Mailtrap), authentication (Google), error monitoring (Sentry), and hosting/storage/analytics (Vercel, including recording storage). Call content is necessarily shared with the telephony and AI providers to place the call.
Call recordings & consent
You are responsible for ensuring you have the right to instruct calls to the numbers you provide, and to comply with recording and calling laws in the relevant jurisdictions. Where required by law, the agent plays a recording notice at the start of the call. Recordings and transcripts are stored so you can review the outcome.
Cookies
We use a small set of first-party cookies: NEXT_LOCALE remembers your language; hp_ab remembers which version of our homepage you saw so it stays consistent; and if you start a request from the homepage, cai_funnel/cai_prompt carry your entry point and the text you typed into the app for up to 24 hours — by cookie rather than in the URL, so it stays out of logs and browser history. Analytics run only after you accept them in the consent banner (your choice is stored in your browser); you can decline without losing functionality.
Retention & deletion
We keep account and call data — including recordings and transcripts — for as long as your account is active and as needed to provide the service and meet legal and accounting obligations. You can delete individual requests, and you can ask us to delete your account, after which we delete or anonymize your data except what we are legally required to keep.
Your rights
Subject to applicable law (including the GDPR), you may request access, correction, deletion, restriction, portability, or object to processing, and withdraw consent at any time. To exercise these, contact us below. You also have the right to complain to your local data protection authority (in France, the CNIL).
International transfers & security
Some providers process data outside your country, including in the United States; where required we rely on appropriate safeguards such as the EU Standard Contractual Clauses. We use industry-standard measures to protect your data — encryption in transit, hashed passwords, access controls — though no method is perfectly secure.
Children
The service is not directed to anyone under 16.
Changes & contact
We may update this policy and will revise the date above; material changes will be communicated in the app or by email. Questions or requests: privacy@asklucien.com.