← Back to SmartLuke

Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller for SmartLuke is IPSTAND, a company registered in France.

Contact: contact@smartluke.com

2. Data We Collect

We collect the following personal data:

  • Account information: name, email address, and password (encrypted)
  • Authentication data: OAuth tokens when using Google or Apple Sign-In
  • Usage data: prompts sent, AI responses received, conversation history
  • Transaction data: purchase history, token balance, payment identifiers (processed by Stripe)
  • Technical data: device type, operating system, IP address, app version

3. Purpose of Data Processing

Your data is processed for the following purposes:

  • Account creation and authentication
  • Providing the AI comparison service (sending prompts to AI providers)
  • Managing token purchases and balance
  • Improving the service and user experience
  • Communicating important updates about the service
  • Preventing fraud and ensuring platform security

4. Legal Basis (GDPR)

We process your data based on:

  • Contract performance: processing necessary to provide the service you signed up for
  • Consent: when you accept these terms and create an account
  • Legitimate interest: for security, fraud prevention, and service improvement
  • Legal obligation: for financial record-keeping requirements

5. Data Sharing

Your prompts are shared with the AI providers you select (OpenAI, Anthropic, Google, Mistral, xAI) in order to generate responses. Each AI provider has its own privacy policy governing their processing of this data.

We also share data with:

  • Stripe: for secure payment processing
  • Hosting providers: for server infrastructure (OVH)

We do not sell your personal data to third parties.

6. Data Retention

Your account data and conversation history are retained for as long as your account is active. Transaction records are kept for the legally required period (typically 10 years for financial records in France). Upon account deletion, personal data is removed within 30 days, except where retention is required by law.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption of passwords, secure HTTPS connections, JWT-based authentication, and regular security reviews.

8. Your Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing of your data
  • Port your data to another service
  • Object to processing based on legitimate interest
  • Withdraw consent at any time

To exercise these rights, contact us at contact@smartluke.com.

9. Cookies

SmartLuke uses essential cookies and local storage for authentication (JWT tokens) and user preferences (language, AI selection). We do not use tracking or advertising cookies.

10. Children's Privacy

SmartLuke is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or in-app notification.

12. Contact & Complaints

For questions about this Privacy Policy or to exercise your rights, contact us at: contact@smartluke.com

You also have the right to lodge a complaint with the French data protection authority (CNIL): www.cnil.fr

© 2026 SmartLuke - IPSTAND. All rights reserved.