At Lukrio, your financial data is sacred. This policy explains exactly what we collect, why we collect it, who we share it with, and what rights you have over it. We have written it to be clear and honest — not buried in legalese.
1. Who We Are
Lukrio ("we", "our", "us") is a personal finance service operated via the WhatsApp Business API. Our website is lukrio.com. We are the data controller for the personal information you provide when using our service.
For privacy-related inquiries, you can reach us at: info@lukrio.com
2. What Data We Collect
We collect the following categories of data:
Account Information
Full name, WhatsApp phone number, and email address — collected when you sign up.
Financial Data
Expense and income records, categories, notes, and budgets that you register through the service. This is the core of what Lukrio stores and processes on your behalf.
Messages and Media
Text messages, photos of receipts, PDF documents, and voice notes you send to Lukrio via WhatsApp. These are processed to extract transaction details and then may be stored in encrypted cloud storage.
Conversation History
A history of your interactions with Lukrio's AI assistant is retained to provide context-aware responses and improve the service.
Payment Data
Subscription and billing information. We do not store your card details — all payment processing is handled by Stripe, our PCI-compliant payment provider.
Usage Data
Information about how you use the service (e.g., transaction counts, feature usage) for internal analytics and cost monitoring. We do not use third-party advertising trackers.
3. How We Use Your Data
We use your data exclusively to:
- Provide and operate the Lukrio service — categorizing transactions, answering financial queries, generating reports.
- Send you WhatsApp messages as part of the service (activation, transaction confirmations, summaries).
- Manage your account, subscription, and billing via Stripe.
- Improve the accuracy and quality of our AI financial assistant.
- Comply with applicable laws and regulations.
We never sell your data, use it for advertising, or share it with third parties for their own marketing purposes.
4. Third-Party Services We Use
To operate Lukrio, we work with the following trusted third-party providers. Your data may pass through or be processed by these services:
| Provider | Purpose | Data shared |
|---|---|---|
| Twilio | WhatsApp message delivery (Business API) | Phone number, message content |
| OpenAI | AI processing (text, image OCR, voice transcription) | Message text, receipt images, voice notes |
| Amazon Web Services | Cloud infrastructure (servers, database, file storage) | All data stored encrypted at rest |
| Stripe | Payment processing and subscription management | Name, email, billing information |
Each of these providers is bound by data processing agreements and their own privacy commitments. We select providers that meet high security and compliance standards.
5. How We Protect Your Data
- Encryption in transit: All communications between your device, WhatsApp, and our servers use TLS/HTTPS encryption. WhatsApp messages are end-to-end encrypted by WhatsApp itself.
- Encryption at rest: Your financial data, files, and conversation history are stored encrypted on AWS infrastructure.
- Access control: Access to production data is strictly limited and logged. We apply the principle of least privilege internally.
- Isolation: Each user's data is logically isolated (multi-tenant architecture). Your data is never mixed with another user's data.
Despite these measures, no system is 100% impenetrable. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.
6. Data Retention
We retain your account and financial data for as long as your account is active. If you cancel your account, we will delete your personal data within 30 days, unless we are legally required to retain it for a longer period (e.g., for tax or fraud prevention purposes).
Media files (receipt images, PDFs, voice notes) are deleted from our storage after processing, or within 90 days of upload, whichever comes first.
7. Your Rights
You have the following rights over your personal data:
- Access: Request a copy of all personal data we hold about you.
- Export: Download your financial history in a portable format (CSV/JSON).
- Correction: Ask us to correct inaccurate data.
- Deletion: Request full deletion of your account and all associated data, no questions asked.
- Objection: Object to certain types of processing, including AI-assisted categorization.
- Portability: Receive your data in a machine-readable format to transfer to another service.
To exercise any of these rights, message us on WhatsApp or email info@lukrio.com. We will respond within 30 days.
8. Children's Privacy
Lukrio is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has registered, we will immediately delete their data and close the account.
9. International Data Transfers
Lukrio operates globally. Your data may be processed in countries other than your own, including the United States, where our cloud infrastructure and key service providers are based. We ensure that transfers are made with appropriate safeguards (e.g., Standard Contractual Clauses where applicable).
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via WhatsApp and update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact Us
For any privacy concerns, data requests, or questions about this policy: