Privacy Policy

Who we are

LucidArc is a strategic growth agency based in Mumbai, India. We provide performance marketing, search & AI visibility (SEO, GEO, AEO), web development, and custom software services to founder-led teams across India, the GCC, the United Kingdom, the United States, and Southeast Asia.

For the purposes of this policy, "LucidArc," "we," "us," and "our" refer to the agency. "You" refers to anyone who visits our website, fills out a contact form, or engages our services.

We are the data controller for personal information collected through this website and our client engagements. Our registered point of contact for data matters is [email protected].

What we collect

We collect only what we need. There are three sources of information:

Information you give us directly

When you fill out a form on this site — the hero brief, the floating CTA, the contact page form, or by emailing us — you provide:

• Your name
• Your email address
• Your mobile number (when provided)
• Your company name (when provided)
• Your service interest, vertical, and budget band (when provided)
• The brief or message you write to us

Information collected automatically

When you visit our site, our hosting provider and analytics tools may automatically collect:

• Your IP address and approximate location (city or region)
• Browser type and version, device type, operating system
• Pages visited, time spent on each, referrer URL
• Cookies and similar tracking identifiers (see Section 05)

Information collected during client engagements

If you become a client, we may collect additional information needed to deliver the service — for example access to your Google Ads, Meta Ads, GA4, or CRM accounts; campaign performance data; customer feedback you choose to share with us. This data is used solely to deliver the engagement and is governed by the separate Master Services Agreement we sign with you.

How we use your information

Your information is used for these purposes, and these only:

1. To respond to your enquiry. When you submit a brief or fill a form, we use your contact details to reply, schedule a strategy call, or send relevant materials.
2. To deliver our services. If you engage us, we use the information to manage your account, communicate about the work, and execute the deliverables.
3. To improve our website and services. Aggregated, anonymised analytics data helps us understand which pages help founders, where they get stuck, and what to write next.
4. To send occasional updates — case studies, new playbooks, or notable launches — but only if you've opted in or are an existing client. You can unsubscribe from any of these at any time, in any single email.
5. To meet legal obligations — for example responding to lawful requests from courts or regulators, or maintaining records required by tax law.

Who we share your information with

We do not sell your personal data. Ever. We share it only with the third parties strictly needed to operate the business:

• Formspree — the form processor that delivers form submissions from this website to our inbox. Their privacy policy is at formspree.io/legal/privacy-policy.
• Google Workspace — we use Gmail for business email correspondence with you.
• Analytics providers — Google Analytics 4 and / or privacy-friendly alternatives may be installed for anonymised traffic measurement. We do not enable advertising tracking through GA without your consent.
• Hosting provider — our website is served via a CDN (such as Vercel, Cloudflare, or similar). They may log basic request data (IP address, timestamp) for security and performance.
• Professional advisers — accountants, lawyers, and bankers where strictly required for compliance or dispute resolution, under appropriate confidentiality.
• Authorities — when required by law (court order, lawful regulatory request).

We do not share your personal information with advertising networks, data brokers, or any party outside the list above without your explicit consent.

Cookies & analytics

This site uses a small number of cookies:

• Essential cookies — required for the site to function (e.g. remembering your dismissed floating-CTA preference during a session). These are always active.
• Analytics cookies — set by Google Analytics 4 (or equivalent) to measure aggregate site traffic. These store an anonymous identifier and do not identify you personally.

We do not use cookies for advertising or cross-site tracking. We do not install Meta Pixel, Google Ads remarketing tags, or similar tools unless explicitly required for a client campaign — and never on this corporate website.

You can disable cookies at any time in your browser settings. The site will still work; some analytics data will simply not be recorded.

How long we keep your data

We keep personal information only as long as we need it:

• Form submissions that do not convert into engagements — retained for 24 months, then deleted. We may reach back out within this window if relevant.
• Active client records — retained for the duration of the engagement and 36 months after, for support, references, and statutory record-keeping (Indian Income Tax Act, GST records).
• Marketing-list subscribers — retained until you unsubscribe. One click in any email; we honour it immediately.
• Analytics data — typically retained for 14 months at the provider level, then aggregated.
• Records required by law (invoices, tax, contracts) — retained for the period mandated by applicable law (typically 7–10 years in India).

Your rights

Wherever you live, you have these rights over your personal data:

• Right to access — ask us what we hold on you, and get a copy
• Right to rectification — correct any inaccurate information
• Right to deletion — ask us to delete your data ("right to be forgotten")
• Right to restrict processing — ask us to pause specific uses of your data
• Right to data portability — receive a copy of your data in a portable format
• Right to object — to marketing communications or to processing based on legitimate interest
• Right to withdraw consent — at any time, for anything you previously consented to
• Right to lodge a complaint — with India's Data Protection Board (under the DPDP Act 2023) or your local supervisory authority (for EU/UK residents under the GDPR / UK GDPR)

To exercise any of these rights, email [email protected] with the subject line "Privacy request." We respond within 30 days, and faster if the request is straightforward.

Security & international transfers

Security

We protect your information using industry-standard measures: HTTPS for all site traffic, encrypted email and file storage, access controls on shared accounts, two-factor authentication on critical systems, and the principle of least privilege within the team. No system is perfect; if a security incident affects your data we will notify you within 72 hours of discovering it, as required by law.

International transfers

Our servers and some of our processors (Formspree, Google) may be located outside India. When personal data is transferred internationally, we rely on the destination country's recognised adequacy or on standard contractual clauses to ensure equivalent protection. EU/UK residents: transfers happen under the GDPR's Article 46 standard contractual clauses where applicable.

Changes to this policy

We will update this policy when our practices or the law change. The "Last updated" date at the top of this page always reflects the most recent version. Material changes will be highlighted on the homepage for at least 30 days, and existing clients will be notified by email.

Continued use of the site or our services after a change indicates acceptance of the updated policy.

Contact us

Privacy requests, complaints, questions, or anything in between:

• Email — [email protected] (subject: "Privacy request")
• Postal address — LucidArc, Mumbai 400001, Maharashtra, India
• Response window — within 30 days, usually within 5 business days

If you are in the EU or UK and feel we have not addressed your concern adequately, you may also lodge a complaint with your local data protection authority.