Legal

Privacy Policy

We believe in being transparent about how we handle your data. This policy explains exactly what we collect, why, and how you can control it.

Contents

  1. 01Overview
  2. 02Information We Collect
  3. 03How We Use Your Information
  4. 04Third-Party Services
  5. 05Data Retention
  6. 06Your Rights
  7. 07Security
  8. 08Cookies & Tracking
  9. 09Children's Privacy
  10. 10Changes to This Policy
  11. 11Contact Us

Overview

Lukra AI, Inc. ("Lukra," "we," "our," or "us") operates an AI-powered automated trading platform at lukra.ai. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what rights you have regarding your data. By using our platform, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services. Last updated: May 6, 2026

Information We Collect

Account & Identity Information

  • Name and email address (collected at registration)
  • Password (stored as a salted hash — we never store plaintext passwords)
  • Account type and subscription tier
  • Beta access code (if applicable)

Trading & Financial Information

  • Brokerage account connection details (OAuth tokens via Alpaca — we do not store your brokerage username or password)
  • Portfolio holdings, positions, and balances fetched from your connected brokerage
  • Trade history and execution records generated by Lukra models
  • Risk tolerance settings and trading preferences you configure

Usage & Technical Data

  • Pages visited, features used, and session duration
  • Device type, browser, operating system, and IP address
  • Clickstream data and interaction events (e.g., button clicks, dashboard navigation)
  • API request logs for debugging and rate-limit enforcement
  • Error logs and crash reports

Communications

  • Messages you send to our AI assistant (stored to maintain conversation context)
  • Support requests and correspondence with our team
  • Feedback and survey responses

How We Use Your Information

  • Operate and improve the Lukra trading platform and AI models
  • Execute and monitor automated trades on your behalf via connected brokerage accounts
  • Authenticate your identity and protect your account from unauthorized access
  • Send transactional emails (account confirmation, password reset, trade alerts)
  • Provide customer support and respond to your inquiries
  • Analyze aggregate usage patterns to improve product features
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with applicable laws, regulations, and legal obligations
  • Enforce our Terms of Service

We do not sell your personal information to third parties. We do not use your data to train external AI models or share it for advertising purposes.

Third-Party Services

Alpaca Markets

We integrate with Alpaca's brokerage API to execute trades and retrieve portfolio data. When you connect your Alpaca account, Alpaca's Privacy Policy governs the handling of your brokerage credentials. Lukra only stores OAuth access tokens required to make API calls on your behalf.

View Alpaca Markets Privacy Policy →

Polygon.io

We use Polygon.io to retrieve real-time and historical market data (prices, volume, indicators) used by our trading models. No personally identifiable information is shared with Polygon.

View Polygon.io Privacy Policy →

Stripe

Subscription billing is processed by Stripe. When you enter payment information, it is transmitted directly to Stripe and never passes through or is stored on Lukra servers. Stripe's Privacy Policy governs the handling of your payment data.

View Stripe Privacy Policy →

Fly.io

Our backend infrastructure runs on Fly.io. Your data is processed and stored on servers managed by Fly.io. Data is encrypted in transit (TLS) and at rest.

View Fly.io Privacy Policy →

Umami Analytics

We use Umami for website analytics. Umami is privacy-first and does not use cookies or collect personally identifiable information. It collects only anonymous page view counts and referrer data.

Data Retention

We retain your data for as long as your account is active or as needed to provide our services. Specific retention periods: - Account information: retained until you request deletion, plus 30 days to allow for account recovery - Trade history and execution logs: retained for 7 years to comply with financial recordkeeping requirements - AI assistant conversation history: retained for 12 months, then automatically purged - Usage logs and analytics: retained for 24 months in aggregate form - Support communications: retained for 3 years When you delete your account, we delete or anonymize your personal data within 30 days, except where longer retention is required by law (e.g., financial transaction records).

Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate or incomplete data
  • Deletion — request that we delete your account and associated personal data
  • Export — request your data in a portable, machine-readable format (JSON or CSV)
  • Restriction — request that we limit processing of your data in certain circumstances
  • Objection — object to processing of your data for direct marketing or profiling
  • Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email us at joe@lukra.ai with the subject line 'Data Request — [Your Right]'. We will respond within 30 days. We may need to verify your identity before fulfilling the request.

Security

We implement industry-standard security measures to protect your data: - All data in transit is encrypted using TLS 1.2 or higher - Passwords are hashed using bcrypt with a random salt - API keys and OAuth tokens are encrypted at rest using AES-256 - Access to production systems is restricted to authorized personnel with MFA - We conduct regular dependency vulnerability scans and security audits No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you as required by applicable law.

Cookies & Tracking

We use minimal cookies strictly necessary for platform operation: - Session cookie: maintains your authenticated session (expires when you log out or after 24 hours of inactivity) - CSRF token: protects against cross-site request forgery attacks We do not use advertising cookies, tracking pixels, or third-party analytics cookies. Our analytics provider (Umami) is cookieless. You can configure your browser to refuse cookies, but doing so will prevent you from logging into the platform.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at joe@lukra.ai and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will: - Update the "Last updated" date at the top of this page - Send an email notification to registered users - Display a notice on the platform for 30 days after the change takes effect Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: joe@lukra.ai Subject line: Privacy Inquiry We aim to respond to all privacy-related inquiries within 5 business days.

© 2026 Lukra AI, Inc. All rights reserved.