Privacy
Effective 2026-05-16
Short version
Your prompts, your generations, the contents of every chat and image — these never leave your machine. They go from your browser to your local LU Bridge, to whichever AI backend you have installed (Ollama, LM Studio, ComfyUI). Nothing in that path touches our cloud.
What we do store, in the cloud
- Your email address (for account login).
- A Stripe customer and subscription reference. Stripe processes the payment; we never see your full card details.
- Your bridge’s public key (used to verify it’s really your bridge when you connect).
- Optional anonymous bridge pings (opt-in, switched off by default).
What we explicitly do not store
- Chat content, prompts, replies.
- Images, videos, code generated by the AI.
- Which model you used, which file you uploaded.
- IP addresses beyond what’s strictly required to serve a request.
Sub-processors
- Microsoft Azure — hosting of this website (EU region).
- Supabase — auth + database (EU region).
- Stripe — payment processor (Stripe Payments Europe, Ireland).
- Resend — transactional email (EU).
- Cloudflare — DNS (global).
Cookies
We split cookies into three categories. You can change your choice any time from the banner that appears at the bottom of the page on your first visit.
- Essential — Supabase auth session, CSRF protection, and the consent record itself. Cannot be switched off; without them you can’t log in or pair a bridge.
- Analytics — opt-in. If enabled, anonymous product analytics (which views get opened, where errors happen). No identifying data.
- Marketing — opt-in. LU does not currently load any marketing pixels; the toggle exists so this notice stays honest if that changes.
Your rights (GDPR)
Email privacy@lu-labs.ai to get a data export, correct, or delete your account. We’ll act within 30 days. You also have the right to lodge a complaint with your data-protection authority (Art. 77 GDPR).
Lawful basis
Account + license data: Art. 6 (1) (b) GDPR — performance of a contract. Optional analytics: Art. 6 (1) (a) GDPR — your consent, revocable at any time via the banner.
Retention
Account data: as long as your account exists. Stripe billing records: 7 years (German tax law). Optional telemetry: 30 days. Consent records: 1 year after the last update.
Data-processing agreements
Where required, we have signed data-processing agreements (AVV) with the sub-processors listed above per Art. 28 GDPR.
Plain-language summary. The legally binding text is in the Terms.