Privacy Policy

LAST UPDATED: 15 APRIL 2026

1. Who we are

Luck Lab (“we”, “us”) is a research platform for studying luck, synchronicity, and serendipity. You can reach us at hallo@lucklab.app.

This policy explains what personal data we collect, how we use it, and the rights you have over it. It is written for clarity, not legal theatre. If anything is unclear, write to us.

2. What we collect

When you take the Reading (free)

We collect your diagnostic answers (10 multiple-choice inputs), your first name, and optionally your birthdate and a short current-life question. These stay in your browser’s session storage by default and are sent to our servers only when you click “Consult Tyche”.

When you subscribe to the Convergence Index

We collect your email address. We use it to deliver the Index and a short five-step email sequence over the following week. You can unsubscribe from any email.

When you purchase a Reading

Payment is processed by Stripe, which handles all card data — we never see it. Stripe provides us with your email, the amount paid, and a session ID. We attach your diagnostic answers to that session so we can generate your Reading.

What we do not collect

We do not track you across other websites. We do not sell data. We do not use advertising cookies. The only analytics we run is Plausible, a privacy-first analytics service that does not use cookies and does not collect personal data at all.

3. How we use it

• To generate your Reading (OpenAI’s API, see below).
• To deliver purchases and the email sequence you opted into.
• To improve the product in aggregate (e.g. “most common growth edge”).
• For legal and tax obligations (invoices, VAT).

4. Third parties

Your data may be shared with these service providers, all bound by data-processing agreements:

• OpenAI— processes your diagnostic answers and personal context to generate the Reading. Under OpenAI’s current API terms, your data is not used to train their models.
• Stripe— payment processing. Their privacy policy: stripe.com/privacy.
• Resend — email delivery. Their privacy policy: resend.com/legal/privacy-policy.
• Vercel — hosting. Their privacy policy: vercel.com/legal/privacy-policy.
• Plausible Analytics— if enabled. Cookieless, EU-hosted, GDPR-compliant by design.

5. Data retention

• Readings: kept for seven years (legal/tax requirement for the associated payment records).
• Subscribers: until you unsubscribe, then deleted within 30 days.
• Analytics: aggregated only, no personal data stored.

6. Your rights (GDPR)

You can at any time:

• Request a copy of what we hold on you.
• Ask us to correct or delete it.
• Withdraw consent (unsubscribe, cancel).
• Lodge a complaint with your local data-protection authority.

Email hallo@lucklab.app and we will respond within 30 days.

7. International transfers

Some of our service providers (OpenAI, Stripe, Vercel) are based in the United States. They are either covered by the EU-US Data Privacy Framework or operate under Standard Contractual Clauses.

8. Changes

We’ll announce material changes to this policy by email to subscribers and on this page. The “last updated” date at the top always reflects the current version.