Dark Mode

Color Scheme

Reset Color

Privacy Policy

Effective Date: Jan 1, 2020
Last Updated: Jan 1, 2025

This Privacy Policy explains how Lucid DAM (“Lucid DAM”, “we”, “our”, “us”) collects, uses, shares, and protects personal information when you visit our websites, create an account, or use our services (collectively, the “Services”).

If you do not agree with this Policy, please do not use the Services. Capitalized terms used but not defined here have the meanings in our Terms of Use.

1. Introduction

We are a digital asset management platform. We process personal information as a controller when we determine the purposes and means of processing (for example, when you create a Lucid DAM account), and as a processor when we host or process content and data on behalf of our customers. This Policy applies to information we collect online via our websites and apps and offline (for example, at events).

2. Personal Information We Collect

2.1 Information you provide to us
  • Account & profile data: Name, email address, password, job title, company name, team/project names, profile photo, time zone, and preferences.
  • Billing & payment data: Billing contact details, company tax/VAT ID, plan selections, purchase history; if you pay by card, payment details are processed directly by our payment processor (we don’t store full card numbers).
  • Content you upload: Digital assets, tags, metadata, comments, labels, folders, and any other information you include in your projects.
  • Support & communications: Messages, tickets, feedback, survey responses, or information you provide during onboarding and training.
2.2 Automatic data collection

When you use the Services, we automatically collect:

  • Usage data: Actions taken in the product (e.g., sign-ins, upload, rename, share, export), device and app identifiers, feature use, timestamps, referring/exit pages, and crash logs.
  • Log & device data: IP address, browser type, operating system, language, cookie identifiers, and approximate location derived from IP.
  • Analytics data: Aggregated metrics such as page views, session duration, conversion and adoption rates; we may use analytics providers (e.g., Google Analytics) to help us measure and improve the Services.
2.3 User comments and content

If you post comments, tag collaborators, or share assets publicly, that information may be visible to others according to your workspace and link-sharing settings.

2.4 Information from other sources

We may receive personal information from:

  • Single sign-on (SSO) providers (e.g., Google, Microsoft, Okta) to authenticate your account.
  • Integration partners (e.g., Slack, Zapier, Google Drive) when you connect your account.
  • Marketing partners and event hosts for lead generation (where permitted by law).
  • Your organization (if you use a corporate account or are invited by a workspace admin).

3. Types of Information

Depending on the context, the personal information we process can include identifiers (name, email), commercial information (plan, transactions), internet/network activity (usage logs), geolocation (coarse IP-based region), professional information (role, company), and content you upload. We do not intentionally collect sensitive personal information unless you include it in your content.

4. How We Use Personal Information

We process personal information to:

  • Provide, operate, secure, and maintain the Services.
  • Create and manage accounts, authenticate users, and provide customer support.
  • Process transactions, send invoices and payment confirmations.
  • Analyze usage to improve features, performance, and reliability.
  • Personalize the experience (e.g., recommended assets, recent activity).
  • Send administrative notices (e.g., security, service updates), and—where permitted—product updates, announcements, surveys, and marketing communications (you can opt out at any time).
  • Prevent fraud, abuse, and violations of our Terms of Use.
  • Comply with legal obligations and enforce our agreements.

Legal bases (EEA/UK): Contract performance, legitimate interests (product improvement, security, marketing to business contacts), legal obligations, and consent where required.

5. In-product emails and contact forms

When you contact support, sign up for newsletters, or use in-product messaging, we process the information you submit to respond and keep a record of our communications.

6. Price and Taxes

For billing, we process limited personal information (e.g., billing contact name and email, address, VAT/Tax ID) to calculate taxes, issue invoices, and meet accounting/audit obligations.

7. Children’s Privacy

The Services are not intended for children under 16 (or the age required by local law). We do not knowingly collect personal data from children. If you believe a child has provided personal information to us, contact us at privacy@luciddam.com and we will take appropriate steps.

8. Data Shared with Third Parties

We may share personal information with:

  • Service providers acting on our behalf (cloud hosting, analytics, email delivery, payment processing, customer support).
  • Integration partners you connect (e.g., Slack, Google Drive, Dropbox); sharing is controlled by you and subject to the partner’s privacy terms.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets.
  • Legal and safety: to comply with law, respond to lawful requests, or protect rights, safety, and property of Lucid DAM, our users, or the public.

We do NOT sell personal information as defined under CCPA.

9. Security Measures

We use administrative, technical, and organizational measures appropriate to the risk, including encryption in transit, least-privilege access, SSO/2FA support, network segmentation, logging/monitoring, vulnerability management, and regular backups. No method of transmission or storage is 100% secure; you are responsible for maintaining the confidentiality of your credentials.

10. International Data Transfers

We may process data in the United States and other countries where we or our service providers operate. When transferring personal data from the EEA/UK/Switzerland, we rely on an adequate mechanism (e.g., Standard Contractual Clauses and relevant safeguards).

11. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Workspace admins can delete projects/assets; we may retain limited logs/backups for a defined period.

12. Your Rights & Choices

Depending on your location, you may have rights to:

  • Access, correct, or delete your personal information.
  • Object to or restrict processing; request portability.
  • Withdraw consent (where processing is based on consent).
  • Opt out of marketing communications.
  • Lodge a complaint with a supervisory authority (EEA/UK).

To exercise rights, contact hello@luciddam.com. If your data is controlled by your organization, contact your admin first.

13. California Notice

California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive information. We do not sell or share personal information for cross-context behavioral advertising. You can exercise your rights by emailing hello@luciddam.com

14. Changes to this Privacy Policy

We may update this Policy from time to time. We’ll post the new date at the top and, where appropriate, notify you via email or in-app notice. Your continued use of the Services after changes indicates acceptance.

15. How to Contact Us