Legal

Privacy Policy

Last updated: April 22, 2026

1. Who We Are

This Privacy Policy describes how Lukian CORP SRL ("Lukian", "we", "our" or "us") collects, uses, shares and protects information in connection with the Lukian CRM application, its social media publishing feature Lukian Social (which supports TikTok, Meta and LinkedIn), and the related website at lukian.ai (together, the "Service").

  • Legal entity: Lukian CORP SRL
  • Registration: CUI 45484296
  • Registered office: Aleea Murelor nr. 10A, Sp. Com. 1, Romania
  • Contact: [email protected]
  • Product website: https://lukian.ai
  • Applications: Lukian CRM — customer relationship management software for real estate professionals; Lukian Social — social media publishing feature of Lukian CRM for TikTok, Meta (Facebook, Instagram) and LinkedIn

Lukian CORP SRL is the data controller for personal data processed in connection with the Service, in accordance with Regulation (EU) 2016/679 ("GDPR") and applicable Romanian data protection law.

2. Information We Collect

We collect only the information that is necessary to provide the Service. Depending on how you use Lukian CRM, this may include:

2.1 Account data

Name, email address, phone number, password hash, agency name, role within the agency, language preference.

2.2 Business data you upload

Property listings, photos, contacts, leads, contracts, and other CRM content that you or members of your workspace create inside the Service.

2.3 Data obtained through Meta Platforms (Facebook, Instagram)

If you choose to connect a Facebook Page or Instagram Business account to Lukian CRM for social media publishing, we request and store only the data required to operate that integration:

  • Your Facebook Page ID, Page name and Page profile picture;
  • The Instagram Business account ID connected to that Page;
  • Page access tokens needed to publish content and read post metrics on your behalf;
  • Aggregated engagement metrics for posts you publish through Lukian CRM (impressions, reach, likes, comments count).

We do not request or store private messages, friend lists, follower lists, personal profiles of people who interact with your Page, or any data not strictly necessary to publish and measure content you authored in Lukian CRM.

2.4 Data obtained through TikTok (via Lukian Social)

If you choose to connect a TikTok account to Lukian Social — the social media publishing feature of Lukian CRM — we request and store only the data required to operate that integration:

  • Your TikTok open ID / user ID, display name, username and avatar URL;
  • OAuth access and refresh tokens needed to publish videos and photo posts on your behalf;
  • Metadata for content you create through Lukian Social (caption, privacy level, post ID, permalink, publish status);
  • Basic publish-state information returned by TikTok (processing progress, success/failure).

We do not request or store private messages, follower lists, comments, or any personal data about people who interact with your TikTok content. Lukian Social only requests the TikTok scopesuser.info.basic,video.publish,video.list andvideo.upload— strictly for publishing content you authored inside Lukian CRM.

2.5 Technical data

IP address, browser type, device information, pages visited, and timestamps. This is used for security, abuse prevention and service reliability.

2.6 Cookies

We use strictly-necessary cookies for authentication and a language preference cookie (lukian_lang). See our Cookies policy for details.

3. How We Use Your Information

We use the information above strictly to:

  • Provide and operate the Lukian CRM service;
  • Authenticate users and secure accounts;
  • Publish content to your connected Facebook Page or Instagram Business account when you explicitly request it;
  • Publish videos and photo posts to your connected TikTok account through Lukian Social when you explicitly request it;
  • Display publish-state and engagement metrics for posts you publish through Lukian CRM and Lukian Social;
  • Provide customer support and respond to requests;
  • Comply with legal obligations (accounting, tax, lawful requests).

We do not sell your personal data. We do not use data obtained from Meta Platforms, TikTok or any other connected social network for advertising, profiling, or any purpose other than providing the integration you requested.

4. How We Share Your Information

We only share personal data in the following limited cases, and always under appropriate contractual safeguards:

  • Infrastructure providers we rely on to host the Service (Hetzner Online GmbH for servers and object storage, Cloudflare for DNS and CDN);
  • Meta Platforms when you explicitly publish content to your Facebook Page or Instagram Business account via Lukian CRM;
  • TikTok when you explicitly publish content to your connected TikTok account via Lukian Social;
  • AI model providers (OpenAI, Anthropic, ElevenLabs) only when you use AI features of the Service — content sent for processing is limited to what is strictly needed to fulfil that feature;
  • Authorities when we are legally required to disclose information.

We do not share, rent, or sell your personal data to advertisers or data brokers.

5. Data Retention

We retain your account data and workspace data for as long as your account is active. Access and refresh tokens for connected Facebook, Instagram, TikTok and LinkedIn accounts are kept only as long as the connection is active in Lukian Social and are deleted immediately if you disconnect the integration or revoke Lukian Social's access from the respective platform. Technical logs are retained for up to 90 days for security and reliability purposes. You can request earlier deletion at any time using the procedures in Section 7.

6. Your Rights (GDPR)

If you are in the European Economic Area or the United Kingdom, you have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request deletion of your data ("right to be forgotten");
  • Restrict or object to certain processing activities;
  • Receive your data in a portable format;
  • Withdraw consent at any time, without affecting the lawfulness of prior processing;
  • Lodge a complaint with a supervisory authority — in Romania, the National Supervisory Authority for Personal Data Processing (www.dataprotection.ro).

To exercise any of these rights, email [email protected].

7. Data Deletion Instructions

You can delete data from Lukian CRM at any time. Choose the method that fits your case:

7.1 Disconnect a social media account (Facebook, Instagram, TikTok, LinkedIn)

  1. Log in to your Lukian CRM account at crm.lukian.ai.
  2. Open Social Media from the sidebar (this is the Lukian Social feature).
  3. Click Manage accounts and select Disconnect next to the Facebook Page, Instagram account, TikTok account or LinkedIn account you want to remove.

When you disconnect, we immediately delete the corresponding access and refresh tokens and any cached metadata (Page / user ID, name, profile picture, post metadata and engagement metrics). You can also revoke Lukian Social's access directly from TikTok at tiktok.com/setting/manage-connected-apps.

7.2 Delete your entire Lukian CRM account

  1. Log in to crm.lukian.ai.
  2. Go to Settings → Account.
  3. Click Delete account and confirm.

7.3 Request deletion by email

If you cannot access the CRM, send an email from the address associated with your Lukian account to [email protected] with the subject line Data deletion request. We will verify your identity and complete the deletion within 30 days.

In all cases, stored tokens, page connections and associated personal data are permanently removed from our production systems within 48 hours of the deletion request. Routine encrypted backups expire within 30 days, after which the data is irrecoverable.

8. Security

We protect personal data with industry-standard safeguards: TLS 1.2+ in transit, access-controlled databases, encrypted secrets, least-privilege server access, and monitored audit trails. No online service can be guaranteed 100% secure, but we continuously review and improve our security posture.

9. International Transfers

Our servers are located in the European Union (Hetzner, Germany). Where personal data is transferred to processors outside the EEA (e.g. AI model providers in the United States), we rely on the European Commission's Standard Contractual Clauses and on the vendors' own certifications under the EU-U.S. Data Privacy Framework, where available.

10. Children's Privacy

Lukian CRM is a business tool and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you by email or in-app notice before the changes take effect.

12. Contact

For any question about this Privacy Policy or about how your personal data is handled by Lukian CRM, contact us at:

  • Email: [email protected]
  • Postal address: Lukian CORP SRL, Aleea Murelor nr. 10A, Sp. Com. 1, Romania