Lurko
ConnexionPlan gratuit
← Back to home

Privacy Policy

Last updated: March 1, 2026

1. Overview

Lurko ("we," "our," or "us") is a community marketing intelligence platform that helps SaaS founders and indie hackers discover relevant conversations across Reddit, Hacker News, IndieHackers, and YouTube. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service.

By creating an account or using Lurko, you agree to the practices described in this policy. If you do not agree with this policy, please do not use our service.

2. Data We Collect

2.1 Account Information

When you create an account, we collect your email address, display name, and authentication credentials. If you sign in with Google OAuth, we receive your Google profile name and email address. We do not store your Google password.

2.2 Product Information (Brand Brain)

When you provide your product URL during onboarding, our system analyzes publicly available content on your website (homepage, pricing page, about page, and features page) to generate your Brand Brain profile. This includes your product name, value proposition, target personas, pain points, tone, keywords, and competitor information. You can review, edit, and regenerate this data at any time.

2.3 Usage Data

We collect data about how you interact with the platform, including which drafts you copy, which threads you open, which drafts you ignore, and your feature usage patterns. This helps us improve the quality of our AI-generated responses and the relevance of detected opportunities.

2.4 Analytics Data (Optional)

If you choose to connect Google Analytics 4, we access click and signup data filtered specifically to UTM parameters generated by Lurko (utm_source=lurko). We do not access your full analytics data. This connection is optional and can be disconnected at any time from your settings.

3. How We Process Your Data

3.1 AI Analysis

We use Anthropic Claude (claude-sonnet-4-20250514 model) to analyze your product information and generate Brand Brain profiles, score the relevance of community threads, and draft suggested responses. Your Brand Brain data is sent to Anthropic's API for processing. Anthropic does not use API data to train their models. For more information, see Anthropic's Privacy Policy.

3.2 Data Storage

All data is stored in Google Cloud Firestore, hosted in the europe-west1 (Frankfurt, Germany) region. This ensures your data remains within the European Union for GDPR compliance purposes.

3.3 Website Scraping

During Brand Brain generation, we use Firecrawl to scrape publicly available pages on your product website. This data is used solely to build your Brand Brain profile and is not shared with third parties.

4. Data Retention

We retain different categories of data for different periods:

  • Account data: Retained for as long as your account is active. Deleted upon account deletion request.
  • Brand Brain data: Retained for as long as the associated project exists. Deleted when the project or account is deleted.
  • Threads and drafts: Automatically deleted 90 days after creation. This automated cleanup runs weekly.
  • Analytics reports: Retained for 12 months, then automatically deleted.
  • UTM click logs: Retained for 90 days, then automatically deleted.

5. Third-Party Services

We rely on the following third-party services to operate Lurko:

ServicePurposeData shared
Google FirebaseAuthentication, database, hosting, cloud functionsAccount data, application data
Anthropic ClaudeAI analysis, scoring, and response generationBrand Brain data, thread content for analysis
FirecrawlWebsite scraping for Brand Brain generationYour product URL
Reddit APIFetching public Reddit threadsNone (read-only access to public data)
Hacker News APIFetching public HN storiesNone (read-only access to public data)
YouTube Data APISearching videos and reading commentsNone (read-only access to public data)

We do not sell, rent, or share your personal data with third parties for advertising purposes. We do not display ads on Lurko.

6. GDPR Compliance

Lurko is designed with GDPR compliance as a core requirement. Our infrastructure is hosted in the European Union (Frankfurt, Germany).

6.1 Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: You can request a copy of all personal data we hold about you.
  • Right to rectification: You can update or correct your data through your account settings or by contacting us.
  • Right to erasure: You can delete your account and all associated data at any time from Settings > Account > Delete my account. This permanently removes all your data including user profile, projects, Brand Brain data, threads, drafts, and analytics reports.
  • Right to data portability: You can request an export of your data in a machine-readable format by contacting us.
  • Right to object: You can object to our processing of your data by contacting us. Note that this may require account closure as the processing is necessary to provide the service.

6.2 Legal Basis for Processing

We process your data on the following legal bases:

  • Contract performance: Processing necessary to provide the Lurko service as described in our Terms of Service.
  • Legitimate interest: Processing for service improvement, security, and fraud prevention.
  • Consent: Optional analytics connection (GA4) is based on your explicit consent, which can be withdrawn at any time.

6.3 Data Protection Officer

For any GDPR-related inquiries, data access requests, or to exercise your rights, please contact us at privacy@lurko.com. We will respond to all requests within 30 days as required by law.

7. Cookies

Lurko uses a minimal number of cookies, strictly necessary for the service to function:

  • Firebase Authentication cookies: Used to maintain your login session. These are strictly necessary cookies and cannot be disabled while using the service.

We do not use any tracking cookies, advertising cookies, or third-party analytics cookies. We do not use Google Analytics, Facebook Pixel, or any similar tracking technology on our own platform.

8. Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS 1.3.
  • Data at rest is encrypted using Google Cloud's default encryption.
  • Firestore Security Rules enforce strict per-user data isolation — users can only access their own data.
  • All API keys and secrets are stored securely using environment variables and are never exposed to the client.
  • HTTP security headers (HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) are enforced on all responses.

9. Children's Privacy

Lurko is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a prominent notice in the application. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, please contact us: