Login

New user? Create an account
Forgot your password? Get it back!

Sign up

Password Policy
Already a member? Login

2FA

2-Factor Authentication is enabled for this account
Login with a different user

Email Confirmation

Send confirmation email to the following
Login with a different user
Privacy Policy
Last updated: 13 February 2026

In the course of serving our customers, Symbient AI, also referred to simply as Symbient, may collect certain nonpublic personal information relating to you and your business. We recognize this information is sensitive and that its privacy should be protected and maintained. In this Privacy Policy, we explain what information we collect about you and why, the limited way we may share that information with affiliates and non-affiliated companies, and how we protect and maintain the privacy and security of that information.

This "Privacy Policy" describes the practices of Lucus Labs, LLC, the owning company of the product Symbient ("Lucus Labs", "Symbient AI", "LuLa", "we", "our" or "us"), and the use of Personal Data. Personal Data means any information that relates to an identifiable individual and/or business. Lucus Labs cares about the security and privacy of the Personal Data that is entrusted to us. We may collect and use Personal Data when we do business with you or when you do business with those who use our services. Some of our services may be accessed directly by you, including through our websites that reference this policy (collectively "Sites"). Many of our services are provided to others in connection with their own business and activities, and you may engage with Symbient services as part of another's service, such as when you interact with Symbient-powered AI, including our embeddable LuLa Bot (chatbot) from another website or product (collectively, we refer to Sites and direct and indirect services as "Services"). This policy applies to Symbient's own Services. Websites, products, and services of third parties and some affiliates of Symbient are subject to their own separate privacy policies.

This Privacy Policy includes important information about your Personal Data and we encourage you to read it carefully. This Privacy Policy applies globally to the extent permitted by applicable law, with additional jurisdiction-specific provisions provided where required (see "Controllers and Jurisdiction-specific Provisions").

  1. Overview

    Symbient obtains Personal Data about you from various sources. "You" may be a visitor to one of our Sites ("Visitor"), a user of one or more of our Services ("User" or "Symbient User"), or a direct or indirect customer of a User ("Customer"). If you are a Customer, your agreement with the relevant Symbient User should explain how the Symbient User shares your Personal Data with Symbient. If you have questions about this sharing, then you should direct those questions to the Symbient User. For more detail on the respective roles of Symbient as a Data Controller or Data Processor, please see the section "Controllers and Jurisdiction-specific Provisions."

  1. Personal Data We Collect

    Personal Data we collect about you
    Personal Data is any information that relates to an identified or identifiable individual or business and can include information about how you engage with our Services (e.g., device information, IP address, etc.). Examples of Personal Data we may collect directly include your name, business contact details, login credentials, communications with us (via email, phone, or chat), and information you choose to provide in surveys, support requests, or through marketing interactions.

    When you interact with Symbient AI or related chatbots, we may process the information you provide (such as names, business contact details, or contextual content). This information is used only to deliver the requested functionality and is not used to train AI models unless explicitly disclosed and consented to.


    Symbient AI is intended for business and organizational use. Accordingly, the Personal Data we collect typically relates to professional or business contacts rather than individual consumer use.


    Information we collect automatically on our Sites and through marketing of our products
    Symbient-controlled Sites utilize cookies and other technologies. These technologies may record information about you, including:

    • Browser and device data, such as IP address, device type, operating system name and version, Internet browser type, screen resolution, device manufacturer and model, locale and language, plug-ins, add-ons, and the language version of the Sites you are visiting.

    • Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.

    • Online activities, including information about your interactions across websites, devices, apps, and other online services.

    • Engagement data, such as when you interact with our marketing messages or click on links in advertisements for our products.

    We use Google Analytics on our Sites to help us analyze your use of our Sites and diagnose technical issues.

    To learn more about the cookies that may be served through our Sites and how you can control our use of cookies and third-party analytics, please see our Cookie Policy. Where required by law, we will request your consent before placing non-essential cookies or similar technologies on your device.

  1. How We Use Personal Data

    We rely on several legal grounds to process your Personal Data, including the performance of a contract, compliance with legal and regulatory obligations, our legitimate business interests, and your consent where required by law.


    Legal bases for processing
    We process Personal Data on the following bases:

    • To perform a contract with you (e.g., delivering requested Services).

    • To comply with legal or regulatory obligations (e.g., financial regulations, fraud prevention).

    • Based on our legitimate business interests (see below).

    • With your consent, where required by law (e.g., for marketing or cookies).


    Legitimate business interests

    We rely on legitimate business interests to:

    • Determine eligibility for and offer new Lucus Labs products and services

    • Respond to inquiries, send Service notices, and provide customer support

    • Promote, analyze, modify, and improve our Services and develop new offerings

    • Manage and improve the performance of our Sites and Services

    • Analyze and advertise our Services

    • Conduct aggregate analysis and business intelligence

    • Share Personal Data with third-party service providers and business partners

    • Enable network and information security throughout Symbient and our Services

    • Share Personal Data among our affiliates for administrative purposes


    Use of AI processing

    When you interact with Symbient AI or related Services, we process the information you provide to deliver the requested response or automation. We do not use Customer Data to train or improve AI models that are accessible to other users. The only exception is when a customer has entered into a separate written agreement with us for dedicated fine-tuned models developed specifically for their business use.


    Marketing and communications

    We may send you marketing communications about Lucus Labs products and services, invite you to participate in events or surveys, or otherwise contact you for marketing purposes, in accordance with applicable law. You may opt out of receiving marketing communications at any time by following the unsubscribe instructions included in our emails or by contacting us directly.

  1. How We Disclose Personal Data

    Lucus Labs, owner of Symbient, does not sell or rent Personal Data to marketers or unaffiliated third parties. We only share your Personal Data with trusted entities as outlined below, and only to the extent necessary for the purposes described in this Privacy Policy. We do not "sell" or "share" Personal Data for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Rights Act (CPRA).

    Lucus Labs and Symbient

    We may share Personal Data with other Lucus Labs and Symbient affiliated entities in order to provide our Services and for our own administrative purposes.


    Service providers

    We may share Personal Data with certain service providers subject to contract terms that limit their use of Personal Data. Service providers engaged by us may include identity verification, website hosting, data analysis, marketing services, IT and related infrastructure, customer service, email delivery, payment processing, and auditing. These providers may need to access certain Personal Data to perform or provide their services to us and/or on our behalf. We authorize such service providers to use or disclose the Personal Data only as necessary to perform services on our behalf or to comply with legal requirements. They are required by contract to protect the security and confidentiality of Personal Data they process on our behalf and to implement appropriate technical and organizational measures. Our service providers are currently located in the United States. If we engage providers in other jurisdictions in the future, we will ensure compliance with applicable data protection laws, including the use of Standard Contractual Clauses or equivalent safeguards where required.


    Business partners

    We may share certain Personal Data with third party business partners in connection with our Services to our Users. Examples of third parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks) when we provide payment processing services, and the professional services firms that we partner with. Symbient utilizes Opta Pay, a Lucus Labs service, for processing debit and credit card payments. Please refer to the Opta Pay Privacy Policy at https://optapay.com/policies/privacy for details regarding Personal Data collected by or shared with Opta Pay.


    Our Users and third parties authorized by our Users

    We may share certain Personal Data with Users to maintain a User account and provide the Services and third party services they require from us. We may also share Personal Data with parties directly authorized by a User to receive it. This may include sharing Personal Data of Customers with Users to assess fraud risk associated with attempted misuse or abuse by Customers, or when a User authorizes a third party to access the User's Symbient account. The use of Personal Data by such authorized third parties is governed by their own privacy policies.


    Resale partners

    We may share certain Personal Data with authorized resale partners who distribute and support Symbient Services to their own customers under separate Partner Agreements. These partners are contractually obligated to protect Personal Data in accordance with this Privacy Policy and applicable data protection laws. These use of Personal Data by resale partners and their customers is governed by the partner's own privacy policies and customer agreements.


    Corporate transactions

    In the event we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your Personal Data subject to the terms of this Privacy Policy.


    Compliance and harm prevention

    We may share Personal Data as we believe necessary:

    • to comply with applicable law, or rules imposed by any of our affiliated partners

    • to enforce our contractual rights

    • to protect the Services, rights, privacy, safety and property of Lucus Labs, Symbient, you or others

    • to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence

  1. Your Rights and Choices

    You may have choices regarding our collection, use and disclosure of your Personal Data.
    • How you can see or change your Personal Data
      If you would like to review, correct, or update Personal Data you have previously disclosed to us, you may do so by signing in to your Symbient account or by contacting us.
    • Your data protection rights
      Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:

      • The right to request confirmation of whether Symbient processes Personal Data relating to you, and if so, to request a copy of that Personal Data.

      • The right to request that Symbient rectifies or updates your Personal Data that is inaccurate, incomplete or outdated.

      • The right to request that Symbient erase your Personal Data in certain circumstances provided by law.

      • The right to request that Symbient restrict the use of your Personal Data in certain circumstances, such as while Symbient considers another request you have submitted.

      • The right to request we export your Personal Data that we hold to another company, where technically feasible.

      • Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time.

      • In some cases, you may also have the right to object to the processing of your Personal Data.

      • In certain jurisdictions (such as California, Virginia, and Colorado), the right to appeal our decision regarding a data rights request and the right to be free from discrimination for exercising your privacy rights.

    • Process for exercising data protection rights
      To exercise your data protection rights, we will comply with your request to the extent required by applicable law. If we no longer hold your Personal Data, we will inform you accordingly. If you feel that you have not received a satisfactory response from us, you may have the right under applicable laws to consult with the data protection authority in your country.

      For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.

      We endeavor to respond to all valid requests within 30 days (or 45 days where allowed by law), subject to applicable extensions. Requests can be submitted by contacting us at contact us.

      If you are a Customer of a Symbient User, please direct your requests directly to the User. For example, if you have interacted with a Symbient powered chatbot, such as LuLa, from a Symbient Users website and you have a request that is related to the information you provided as part of the interaction, then you should address your request directly to the Symbient User.

    1. Security and Retention

      We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing and storage of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data covered by this Privacy Policy against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessed by a limited number of Lucus Labs personnel whose job role requires access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe your interaction or information with us is no longer secure (e.g., you feel the security of your account has been compromised), please contact us immediately.

      All Personal Data, including PII and certain non-PII data, is encrypted in transit (via TLS) and at rest (using AES-256 or equivalent encryption standards). We also implement monitoring, access controls, and incident response procedures designed to protect data integrity and confidentiality.

      We retain your Personal Data as long as we are providing the Services to you or our Users (as applicable). Even after we stop providing Services directly or indirectly to you, and even if you close your Symbient account or engage in interactions with another Symbient User, we keep your Personal Data in order to comply with our legal and regulatory obligations. We may also keep it to assist with our fraud monitoring, detection and prevention activities. In all cases where we keep data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

      Where Personal Data is no longer required, we will securely delete, de-identify, or anonymize it in accordance with applicable laws and industry best practices.

    1. Use by Minors

      Symbient AI and related Services are intended solely for use by individuals who are at least eighteen (18) years of age and are engaged in business, professional, or organizational activities. The Services are offered to businesses and other organizations and are not for personal, family, or household use. We do not knowingly collect Personal Data from, or market to, individuals under eighteen (18). If we learn that we have collected Personal Data from an individual under 18, we will delete such information and take reasonable steps to deactivate the related account. If you believe an individual under 18 has provided Personal Data to us, please contact us using the information in the "Contact Us" section. By using the Services, you represent and warrant that you meet these requirements.

    1. Payment Methods

      Certain functionality provided by Symbient Services require prepayments paid by debit or credit card. Symbient utilizes Opta Pay, a Lucus Labs service, for processing debit and credit card payments. Opta Pay is certified for compliance with the Payment Card Industry Data Security Standard (PCI DSS).
      Your payment card details are not stored on Symbient's servers. Only limited transaction reference data (such as tokens or confirmation identifiers) may be retained for recordkeeping, fraud prevention, or compliance purposes, and always in accordance with applicable law.

      Please see Opta Pay's Privacy Policy at https://optapay.com/policies/privacy for more information about how payment data is processed and protected.

    1. Updates To this Privacy Policy and Notifications

      We may change this Privacy Policy from time to time to reflect new services, changes in our Personal Data practices, or relevant laws. The "Last updated" legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Services.

      We may provide you with disclosures and alerts regarding this Privacy Policy or Personal Data collected by posting those disclosures on our website and, if you are a Symbient User, by contacting you through the email address we have on file for you.

      If applicable law requires that we obtain your consent or provide notice in a specified manner prior to making any changes to this Privacy Policy applicable to you, we will provide such required notice and will obtain your required consent.

      For material changes, we will provide more prominent notice (for example, by email). Your continued use of the Services after the effective date of any revised Privacy Policy constitutes your acceptance of the updated terms.

    1. Links To Other Online Services

      The Services may provide the ability to connect to other online services. These online services may operate independently from us and/or may have their own privacy notices or policies, which we strongly suggest you review. If any online service linked to our Services is not owned or controlled by us, or does not claim to be covered by this Privacy Policy, our Privacy Policy does not apply, and we are not responsible for the content, security, or privacy practices of that service.

      Your use of other sites is subject to that site's own rules of use and privacy statement, and you should review them before browsing those sites. The inclusion of a link to another service does not imply endorsement or affiliation by Symbient.

    1. Controllers and Jurisdiction-specific Provisions

      Depending on the activity, Symbient acts as a Data Controller and Data Processor.

      The "Data Controller" is the entity that determines the purposes and means of the data processing taking place. The "Data Processor" is an entity acting on behalf and under the instructions of a controller in processing personal data.

      Symbient acts as a Data Controller when it determines the purposes and means of the processing taking place. These data processing activities include:
      • Providing the Symbient products and services.
      • Monitoring, preventing and detecting fraudulent or malicious activity on the Symbient platform.
      • Complying with legal or regulatory obligations applicable to the industry.
      • Analyzing, developing and improving Lucus Labs' products and services.

      Symbient acts as a Data Processor when it facilitates interactions on behalf of and under the instructions of a Symbient User. Symbient Users direct us to provide AI-related services, such as providing chatbots that engage and interact with their customers, and where certain Personal Data may be shared by the customer with Symbient and Symbient's Users. In these cases, the Symbient User is responsible for providing appropriate notices and obtaining any required consents from their Customers.

      As a platform provider, we need to ensure consistency across our platform, and that includes consistency with respect to the commitments that we give about how we operate our platform. We contract with all of our Users on this basis.

      Lucus Labs, LLC, domiciled in the State of Georgia, United States, is the Data Controller for processing activities where Symbien determines the purposes and means of processing. In the event we provide Services to customers or users in the European Economic Area or United Kingdom, we will comply with GDPR and UK GDPR requirements and may appoint an EU representative as required by applicable law.

      United States - California

      If you are a consumer located in California, we process your Personal Data in accordance with the California Consumer Privacy Act (CCPA, as amended by the California Privacy Rights Act (CPRA)). This section provides additional details about the personal information we collect and use for purposes of the CCPA/CPRA.
      • How We Collect, Use, and Disclose Your Personal Information
        The 'Personal Data We Collect' section describes the personal information we may have collected about you, including the categories of sources of that information. We collect this information for the purposes described in the 'How We Use Personal Data' section. We share this information as described in the 'How We Disclose Personal Data' section. Further, Symbient uses cookies, including tracking cookies, as described in our Cookie Policy.
      • Your CCPA /CPRA Rights and Choices
        As a California consumer and subject to certain limitations under the CCPA /CPRA, you have choices regarding our use and disclosure of your personal information:
        • Exercising the right to know: You may request the following information about the personal information we have collected about you:
          • The categories and specific pieces of personal information we have collected about you.
          • The categories of sources from which we collected the personal information.
          • The business or commercial purpose for which we collected the personal information.
          • The categories of third parties with whom we shared the personal information.
          • The categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.
        • Exercising the right to delete: You may request that we delete any personal information we have collected from you, subject to certain limitations under applicable law.
        • Non-discrimination: The CCPA provides that you may not be discriminated against for exercising these rights.
        • Right to correct: You may request that we correct inaccurate personal information we maintain about you.
        • Right to opt out of "sale" or "sharing": We do not "sell" or "share" Personal Data for cross-context behavioral advertising as those terms are defined under the CPRA. If that were to change, we would provide a method to opt out and honor applicable opt-out preference signals.

      2. To submit a request to exercise any of the rights described above, please contact us.

      When exercising your rights, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may also be required. If you are a customer of a Symbient User, please direct your requests directly to the Symbient User with whom you shared your personal information.

    1. Contact Us

      Have a question for us?
      If you have questions about this Privacy Policy, you may contact us by:

    For specific data rights requests, please include sufficient detail to allow us to verify your identity and process you request.

    Data Retention Policy

    Purpose and Scope

    At Symbient AI, developed by Lucus Labs, we take the security and privacy of our user's data seriously. We understand that our users entrust us with sensitive information and it is our top priority to ensure that this data is protected and managed responsibly. This Data Retention Policy outlines our commitment to safeguarding user data through robust retention and disposal practices. Data collected through our AI services, websites, and related business activities is retained only for as long as necessary to fulfill its intended purposes, comply with legal or regulatory requirements, and support legitimate business needs. This policy applies to all data collected, providing clear guidelines on the types of data we collect, retention periods, user rights, data security measures, and our procedures for policy review and updates.

    Overview

    Symbient obtains Personal Data about you from various sources. "You" may be a visitor to one of our Sites ("Visitor"), a user of one or more of our Services ("User" or "Symbient User"), or a direct or indirect customer of a User ("Customer"). If you are a Customer, your agreement with the relevant Symbient User should explain how the Symbient User shares your Personal Data with Symbient. If you have questions about this sharing, then you should direct those questions to the Symbient User.

    Personal Data We Collect

    Personal Data we collect about you

    Personal Data is any information that relates to an identified or identifiable individual or business, and can include information about how you engage with our Services (e.g. device information, IP Address, etc). In most cases, the Personal Data you provide directly to us through our Services will be apparent from the context in which you provide the data. For example:

    • When you register for a Symbient account on our Site we collect your full name, email address, and account log-in credentials.

    • When you fill-in our online form to contact our support team, we ask for your name and contact information.

    • When you authorize us to store information about you in connection with Symbient, we collect your name and contact information.

    • When you respond to Symbient emails or surveys, we collect your email address, name and any other information you choose to include in the body of your email or responses. If you contact us by phone, we will collect the phone number you use to call us, as well as any other information you may provide during the call. If you are a Symbient User or Customer, when you contact us, we may collect additional information in order to verify your identity and for referencing your user account.

    • When you engage with our Symbient AI and provide Personal Data such as your name, email address, or other Personal Data. Depending on the Symbient AI service you engage with, where you engage it from (such as from another website), and the scope of your interaction with the AI, certain other Personal Data may be recorded. Please be cognizant of any Personal Data you share with our AI.


    You may also choose to submit information to us via other methods, including: (i) in response to marketing or other communications, (ii) through participation in an offer, program or promotion, (iii) through social media or online forums, (iv) in connection with an actual or potential business relationship with us, or (v) by giving us your business card or contact details in connection with trade shows or other events.

    Information that we collect automatically on our Sites and through marketing of our products

    Symbient controlled Sites utilize cookies and other technologies. These technologies may record information about you, including:

    • Browser and device data, such as IP address, device type, operating system name and version, Internet browser type, screen resolution, device manufacturer and model, locale and language, plug-ins, add-ons and the language version of the Sites you are visiting.

    • Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.

    • Online activities: We may collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online services.

    • Engagement data: We may collect information when you engage with our marketing messages and when you click on links included in ads for our products. We use Google Analytics on our Sites to help us analyze your use of our Sites and diagnose technical issues.


    To learn more about the cookies that may be served through our Sites and how you can control our use of cookies and third-party analytics, please see our Cookie Policy.

    1. Types of Data Collected

    Symbient AI, developed by Lucus Labs, collects various types of data to provide, maintain, and enhance our services. The types of data collected are categorized as follows:
    • 1.1 Personal Data
      Personal Data refers to any information that can be used to identify an individual or business. This includes, but is not limited to:

      • Full name: Used for identification and personalization of services, ensuring that communications and services are correctly directed to the right individual.

      • Email address: Used for communication, account verification, and service-related notifications. This ensures users receive important updates and can recover their accounts if needed.

      • Contact information: Includes phone numbers and addresses, used for customer support and service-related communications. This helps us provide timely assistance and resolve issues effectively.

      • Other identifiable information: Any additional information that identifies an individual or business, such as user IDs and account credentials. This is necessary for secure access to services and to maintain the integrity of user accounts.

    • 1.2 Payment Method Information
      Payment Method Information pertains to the details collected to facilitate financial transactions, including:

      • Payment Details: Information related to payment methods (e.g., credit card information) collected during membership payments.

      • Storage Practices: Symbient AI does not store payment method information on its own servers. Instead, payment details are processed and securely stored by Opta Pay, our PCI DSS-compliant payment processor. See https://optapay.com/policies/privacy for more information.

    • 1.3 Usage Data
      Usage Data includes information about how users interact with our services, which helps us improve user experience and service functionality:

      • Interaction Data: Details about user interactions with our services, including time spent on sites, pages visited, and links clicked.

      • Engagement Data: Logs of interactions with marketing messages and campaigns.

      • API Interaction Logs: Records of API calls and responses, which are used to monitor and improve service performance.

    • 1.4 User-Entered Data
      User-entered data refers to information users provide directly through our services, which includes:

      • Sensitive Information: User credentials (e.g., for email servers, cloud storage providers, third-party APIs, or Lucus Labs solutions) are collected only when a user configures an Operator or integration in their Automations. Such credentials are used solely for the purpose of enabling and managing those user-defined automations. Credentials are stored securely, encrypted in transit and at rest, and are never used for any purpose other than executing the user's configured Automations.

      • AI Training Data: In cases where a customer has entered into a separate written agreement for dedicated fine-tuned AI models, customer-provided training data is used exclusively for that customers' models and is never shared with or used to improve models accessible to other users. Such data is subject to the specific terms outlined in the customer's fine-tuning agreement.

      • Audio Files: Uploaded audio files and corresponding transcripts.

      • Custom Configurations: Custom settings and configurations for bots and AI services.

      • User-Generated Content: Feedback, queries, task details, configuration data for automations, and other content provided by users.

      • Activity Data: Instructions and configurations provided for activities such as running specific tasks or automated actions within the platform.

    2. Retention Periods

    Symbient AI, developed by Lucus Labs, retains data for specific periods based on its type and purpose. These retention periods are designed to comply with legal requirements and to meet business needs. The specifics for different types of data are as follows:
    • 2.1 Personal Data
      Personal Data is retained for as long as the user maintains an active account. Upon account closure or a verified user deletion request, Personal Data will be deleted from active systems within ninety (90) days, except where retention is legally required or necessary for legitimate business purposes (such as dispute resolution or fraud prevention). Personal Data may persist in backup systems for up to two (2) years after account closure for disaster recovery purposes, but will not be actively used or accessible during this period unless required by law or for the legitimate business purposes stated above.
    • 2.2 Payment Method Information
      Payment method information is not stored on Symbient AI servers. It is processed and securely stored by our PCI DSS–compliant payment processor (e.g., Opta Pay). Symbient AI retains access only as long as necessary to complete the transaction and comply with financial, tax, or audit obligations. Cardholder data is encrypted and handled exclusively by the processor in accordance with PCI DSS standards.
    • 2.3 Usage Data
      Usage Data (such as interaction logs, engagement data, and API logs) is retained for up to twelve (12) months to improve services, perform aggregate analysis, ensure security, and maintain the functionality of our AI services. After this period, Usage Data is either anonymized or securely deleted.
    • 2.4 User-Entered Data
      User-Entered Data (such as credentials, transcripts, activities, automations, and configurations) is retained for the duration of the user's account. Users may delete certain User-Entered Data directly through self-service features in the platform. Deletions may occur immediately or on a user-specified schedule, depending on the configuration chosen. All deletions are processed in a manner that is permanent and irreversible unless retention is legally required.
      If a user closes their account, any remaining User-Entered Data will be securely deleted or anonymized within ninety (90) days, unless retention is legally required or necessary for legitimate business purposes.
    • 2.5 Specific Data Retention
      Certain categories of data are retained only as required to comply with applicable laws and regulations (e.g., GDPR, UK GDPR, CPRA, tax, or financial reporting laws). Data may also be retained temporarily for business continuity purposes, such as ensuring proper payment processing, disaster recovery, and service availability. Certain records may be retained for historical audit purposes to support internal or external audits, compliance checks, or investigations. Retention in these cases is limited to the minimum period necessary.

    3. User Rights

    Symbient AI, developed by Lucus Labs, is committed to upholding the rights of our users concerning their personal data. The rights described below apply to users to the extent required by applicable data protection laws (such as GDPR, UK GDPR, or CPRA). Availability of specific rights may vary depending on your jurisdiction. Users generally have the following rights:
    • 3.1 Access and Correction
      • Right to Access: Users have the right to access their personal data held by us.
      • Right to Correction: Users have the right to request corrections to any inaccuracies in their personal data.
      • Processing Time: Requests for access or correction are processed within 30 days, or longer if permitted by applicable law, with notification to the user if additional time is required.
    • 3.2 Deletion Requests

      • Right to Deletion ("Right to be Forgotten"): Users can request the deletion of their personal data at any time, subject to legal, regulatory, or contractual retention obligations.

      • Processing Time: Deletion requests are processed within 30 days, except where retention is required by law.

    • 3.3 Objections

      • Right to Object: Users can object to the processing of their data under certain conditions, including for direct marketing purposes.

      • Evaluation: Objection requests are evaluated and processed in accordance with legal requirements (e.g., GDPR, CPRA).

    • 3.4 Data Portability

      • Right to Data Portability: Users may request a copy of the personal data they have provided to us in a structured, commonly used, and machine-readable format, and may request that we transmit this data to another controller where technically feasible.

    • 3.5 Restriction of Processing

      • Right to Restrict Processing: Users may request that we restrict the processing of their personal data under certain circumstances (e.g., while a correction request is pending, or where processing is contested). During a restriction period, personal data will only be processed with the user's consent, for legal claims, or for the protection of others' rights.

    4. Policy Review and Updates

    This policy is reviewed annually and updated as necessary to ensure compliance with legal requirements and industry best practices. Updates will be posted on our website, and where required by law or material changes are made, users will be notified (for example, by email or through their account).

    5. Contact Information

    For any questions or concerns regarding this Data Retention Policy, you may contact us by: