Legal

Privacy Policy

Last updated: April 14, 2026

1. Who We Are

This Privacy Policy describes how Lukian CORP SRL ("Lukian", "we", "our" or "us") collects, uses, shares and protects information in connection with the Lukian CRM application and the related website at lukian.ai (together, the "Service").

  • Legal entity: Lukian CORP SRL
  • Registration: CUI 45484296
  • Registered office: Aleea Murelor nr. 10A, Sp. Com. 1, Romania
  • Contact: [email protected]
  • Product website: https://lukian.ai
  • Application: Lukian CRM — customer relationship management software for real estate professionals

Lukian CORP SRL is the data controller for personal data processed in connection with the Service, in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection law.

2. Information We Collect

We collect only the information that is necessary to provide the Service. Depending on how you use Lukian CRM, this may include:

2.1 Account data

Name, email address, phone number, password hash, agency name, role within the agency, language preference.

2.2 Business data you upload

Property listings, photos, contacts, leads, contracts, and other CRM content that you or members of your workspace create inside the Service.

2.3 Data obtained through Meta Platforms (Facebook, Instagram)

If you choose to connect a Facebook Page or Instagram Business account to Lukian CRM for social media publishing, we request and store only the data required to operate that integration:

  • Your Facebook Page ID, Page name and Page profile picture;
  • The Instagram Business account ID connected to that Page;
  • Page access tokens needed to publish content and read post metrics on your behalf;
  • Aggregated engagement metrics for posts you publish through Lukian CRM (impressions, reach, likes, comments count).

We do not request or store private messages, friend lists, follower lists, personal profiles of people who interact with your Page, or any data not strictly necessary to publish and measure content you authored in Lukian CRM.

2.4 Technical data

IP address, browser type, device information, pages visited, and timestamps. This is used for security, abuse prevention and service reliability.

2.5 Cookies

We use strictly-necessary cookies for authentication and a language preference cookie (lukian_lang). See our Cookies policy for details.

3. How We Use Your Information

We use the information above strictly to:

  • Provide and operate the Lukian CRM service;
  • Authenticate users and secure accounts;
  • Publish content to your connected Facebook Page or Instagram Business account when you explicitly request it;
  • Display engagement metrics for posts you publish through Lukian CRM;
  • Provide customer support and respond to requests;
  • Comply with legal obligations (accounting, tax, lawful requests).

We do not sell your personal data. We do not use data obtained from Meta Platforms for advertising, profiling, or any purpose other than providing the integration you requested.

4. How We Share Your Information

We only share personal data in the following limited cases, and always under appropriate contractual safeguards:

  • Infrastructure providers we rely on to host the Service (Hetzner Online GmbH for servers and object storage, Cloudflare for DNS and CDN);
  • Meta Platforms when you explicitly publish content to your Facebook Page or Instagram Business account via Lukian CRM;
  • AI model providers (OpenAI, Anthropic, ElevenLabs) only when you use AI features of the Service — content sent for processing is limited to what is strictly needed to fulfil that feature;
  • Authorities when we are legally required to disclose information.

We do not share, rent, or sell your personal data to advertisers or data brokers.

5. Data Retention

We retain your account data and workspace data for as long as your account is active. Access tokens for connected Facebook/Instagram accounts are kept only as long as the connection is active in Lukian CRM and are deleted immediately if you disconnect the integration. Technical logs are retained for up to 90 days for security and reliability purposes. You can request earlier deletion at any time using the procedures in Section 7.

6. Your Rights (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request deletion of your data ("right to be forgotten");
  • Restrict or object to certain processing activities;
  • Receive your data in a portable format;
  • Withdraw consent at any time, without affecting the lawfulness of prior processing;
  • Lodge a complaint with a supervisory authority — in Romania, the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro).

To exercise any of these rights, email [email protected].

7. Data Deletion Instructions

You can delete data from Lukian CRM at any time. Choose the method that fits your case:

7.1 Disconnect a Facebook / Instagram account

  1. Log in to your Lukian CRM account at crm.lukian.ai.
  2. Open Social Media from the sidebar.
  3. Click Manage accounts and select Disconnect next to the Facebook Page or Instagram account you want to remove.

When you disconnect, we immediately delete the corresponding access tokens and any cached metadata (Page ID, Page name, profile picture, engagement metrics).

7.2 Delete your entire Lukian CRM account

  1. Log in to crm.lukian.ai.
  2. Go to Settings → Account.
  3. Click Delete account and confirm.

7.3 Request deletion by email

If you cannot access the CRM, send an email from the address associated with your Lukian account to [email protected] with the subject line Data deletion request. We will verify your identity and complete the deletion within 30 days.

In all cases, stored tokens, page connections and associated personal data are permanently removed from our production systems within 48 hours of the deletion request. Routine encrypted backups expire within 30 days, after which the data is irrecoverable.

8. Security

We protect personal data with industry-standard safeguards: TLS 1.2+ in transit, access-controlled databases, encrypted secrets, least-privilege server access, and monitored audit trails. No online service can be guaranteed 100% secure, but we continuously review and improve our security posture.

9. International Transfers

Our servers are located in the European Union (Hetzner, Germany). Where personal data is transferred to processors outside the EEA (e.g. AI model providers in the United States), we rely on the European Commission's Standard Contractual Clauses and on the vendors' own certifications under the EU-U.S. Data Privacy Framework, where available.

10. Children's Privacy

Lukian CRM is a business tool and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you by email or in-app notice before the changes take effect.

12. Contact

For any question about this Privacy Policy or about how your personal data is handled by Lukian CRM, contact us at:

  • Email: [email protected]
  • Postal address: Lukian CORP SRL, Aleea Murelor nr. 10A, Sp. Com. 1, Romania