Privacy Policy

1. Overview

This Privacy Policy describes how Hey Luca processes personal data when you use the service. Contact: diegojohnson46@gmail.com.

2. Data We Collect

• Account and profile data: name, email, authentication records, session metadata.
• Financial data: transactions, budgets, recurring entries, preferences, and usage counters.
• Conversation data: chat messages, assistant responses, memory records, and tool outputs.
• Attachments and derived outputs: receipt images, uploaded files, voice notes, transcripts, and extracted structured fields.
• Messaging link data: WhatsApp and Telegram channel identifiers and verification link state.
• Operational events: webhook payload metadata, delivery statuses, and anti-abuse telemetry.

3. How We Use Data

• Provide core product functions, including transaction tracking, budgeting, notifications, and conversational assistance.
• Operate integrations across web, WhatsApp, and Telegram.
• Improve reliability, security, and abuse prevention.
• Deliver billing and subscription operations when paid features are enabled.
• Comply with legal obligations and enforce product terms.

4. Processors and Infrastructure

Hey Luca uses third-party processors that handle data on our behalf:

• Lemon Squeezy: payment and subscription processing as merchant of record.
• Vercel: hosting, serverless execution, blob storage, and AI Gateway routing.
• Neon: managed PostgreSQL database hosting.
• Model providers used through current stack: Moonshot (Kimi), OpenAI, Mistral, and Google fallback where configured.
• Meta (WhatsApp Cloud API) and Telegram (Bot API): messaging transport and webhook operations.

5. Data Retention

Product data is retained until you delete your account or request deletion, except where longer retention is required for legal, fraud prevention, accounting, or security reasons.

Some infrastructure or processor logs may have independent retention periods controlled by those providers.

6. International Processing

Hey Luca and its processors may process data in multiple countries. By using the service, you understand that your data may be processed outside your home country subject to applicable safeguards.

7. Security

We use reasonable technical and organizational measures to protect personal data, including managed infrastructure security controls and encryption at rest from hosting providers.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, and to request portability where applicable.

Submit requests by email to diegojohnson46@gmail.com. We target a response within 30 calendar days where required by law.

9. Account Deletion

If you want your data deleted, use the in-app account deletion flow from your dashboard.

• Sign in to your Hey Luca account.
• Open Dashboard Settings.
• Go to the account section and click the Delete Account button.
• Confirm deletion when prompted.

After confirmation, we begin deleting user-scoped data from Hey Luca systems, including messaging link records, subject to required legal, accounting, fraud-prevention, or security retention exceptions.

If you cannot access your account, email diegojohnson46@gmail.com from your registered email and request account deletion.

10. Children

Hey Luca is not intended for users under 18 years old, and we do not knowingly collect personal data from children.

11. Policy Updates

We may update this Privacy Policy to reflect operational, legal, or product changes. Updates are posted with an updated effective date.

12. Contact

Privacy questions or requests: diegojohnson46@gmail.com.