New user? Create an account
Forgot your password? Get it back!

Sign up

Already a member? Login


2-Factor Authentication is enabled for this account
Login with a different user

Email Confirmation

Send confirmation email to the following
Login with a different user
Privacy Policy
Last updated: 29 December 2023

In the course of serving our customers, Symbient may collect certain nonpublic personal information relating to you and your business. We recognize this information is sensitive and that its privacy should be protected and maintained. In this Privacy Policy, we explain what information we collect about you and why, the limited way we may share that information with affiliates and non-affiliated companies, and how we protect and maintain the privacy and security of that information.

This "Privacy Policy" describes the practices of Lucus Labs, LLC, the owning company of the product Symbient ("Lucus Labs", "Symbient", "Symbient", "LuLa", "we", "our" or "us"), and the use of Personal Data. Personal Data means any information that relates to an identifiable individual and/or business. Lucus Labs cares about the security and privacy of the Personal Data that is entrusted to us. We may collect and use Personal Data when we do business with you or when you do business with those that use our services. Some of our services may be accessed directly by you, including through our websites that reference this policy (collectively "Sites"). Many of our services are provided to others in connection with their own business and activities, and you may engage with Symbient services as part of another's service, such as when you interact with Symbient-powered AI, including our embeddable LuLa Bot (chatbot) from another website or product (collectively, we refer to Sites, and direct and indirect services as "Services"). This policy applies to Symbient's own Services. Websites, products and services of third-parties and some affiliates of Symbient are subject to their own separate privacy policies.

This Privacy Policy includes important information about your Personal Data and we encourage you to read it carefully. All materials have been prepared for general information purposes only. The information presented is not legal advice, is not to be acted on as such, may not be current, and is subject to change without notice.

  1. Overview
    Symbient obtains Personal Data about you from various sources. "You" may be a visitor to one of our Sites ("Visitor"), a user of one or more of our Services ("User" or "Symbient User"), or a direct or indirect customer of a User ("Customer"). If you are a Customer, your agreement with the relevant Symbient User should explain how the Symbient User shares your Personal Data with Symbient. If you have questions about this sharing, then you should direct those questions to the Symbient User.

  2. Personal Data We Collect
    1. Personal Data we collect about you
      Personal Data is any information that relates to an identified or identifiable individual or business, and can include information about how you engage with our Services (e.g. device information, IP Address, etc). In most cases, the Personal Data you provide directly to us through our Services will be apparent from the context in which you provide the data. For example,

      • When you register for a Symbient account on our Site we collect your full name, email address, and account log-in credentials.
      • When you fill-in our online form to contact our support team, we ask for your name and contact information.
      • When you authorize us to store information about you in connection with Symbient, we collect your name and contact information.
      • When you respond to Symbient emails or surveys, we collect your email address, name and any other information you choose to include in the body of your email or responses. If you contact us by phone, we will collect the phone number you use to call us, as well as any other information you may provide during the call. If you are a Symbient User or Customer, when you contact us, we may collect additional information in order to verify your identity and for referencing your user account.
      • When you engage with our Symbient AI and provide Personal Data such as your name, email address, or other Personal Data. Depending on the Symbient AI service you engage with, where you engage it from (such as from another website), and the scope of your interaction with the AI, certain other Personal Data may be recorded. Please be cognizant of any Personal Data you share with our AI.
    2. You may also choose to submit information to us via other methods, including: (i) in response to marketing or other communications, (ii) through participation in an offer, program or promotion, (iii) through social media or online forums, (iv) in connection with an actual or potential business relationship with us, or (v) by giving us your business card or contact details in connection with trade shows or other events.
    3. Information that we collect automatically on our Sites and through marketing of our products
      Symbient controlled Sites utilize cookies and other technologies. These technologies may record information about you, including:

      • Browser and device data, such as IP address, device type, operating system name and version, Internet browser type, screen resolution, device manufacturer and model, locale and language, plug-ins, add-ons and the language version of the Sites you are visiting.
      • Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites.
      • Online activities. We may collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online services.
      • We may collect information when you engage with our marketing messages and when you click on links included in ads for our products. We use Google Analytics on our Sites to help us analyze your use of our Sites and diagnose technical issues.
      To learn more about the cookies that may be served through our Sites and how you can control our use of cookies and third-party analytics, please see our Cookie Policy.
  3. How We Use Personal Data
    1. Our Services
      We rely upon a number of legal grounds to enable our use of your Personal Data. We use Personal Data to facilitate the business relationships we have with our Partners and Users, to pursue our legitimate business interests, and to comply with our financial regulatory and other legal obligations.
    2. Encryption
      • Personal Identifiable Information (PII) is defined as: Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.

        All PII data (and several other non-PII data) are encrypted using AES-256 encryption.
      • All data traveling across our network (in-flight) is required to be submitted over TLS and, as such, is also further encrypted.
    3. Legitimate business interests
      Where allowed under applicable law, we rely on our legitimate business interests to process Personal Data about you. When we do so, we balance our legitimate interests against the interests and rights of the individuals whose Personal Data we process. The following list sets out the business purposes we have identified as legitimate:

      • Determine eligibility for and offer new Lucus Labs products and services
      • Respond to inquiries, send Service notices and provide customer support
      • Promote, analyze, modify and improve our Services, systems, and tools, and develop new products and services, including reliability of the Services
      • Manage, operate and improve the performance of our Sites and Services by understanding their effectiveness and optimizing our digital assets
      • Analyze and advertise our Services
      • Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business
      • Share Personal Data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business
      • Enable network and information security throughout Symbient and our Services
      • Share Personal Data among our affiliates for administrative purposes
    4. Marketing and events-related communications
      We may send you email marketing communications about Lucus Labs products and services, including but not limited to Symbient, invite you to participate in our events or surveys, or otherwise communicate with you for marketing purposes, provided that we do so in accordance with applicable law, including any consent requirements. For example, when you submit your contact information to us or when we collect your business contact details through our participation at trade shows or other events, we may use the information to follow-up with you regarding an event, send you information that you have requested on our products and services and, with your permission, include you on our marketing information campaigns.
  4. How We Disclose Personal Data
    Lucus Labs, owner of Symbient, does not sell or rent Personal Data to marketers or unaffiliated third parties. We only share your Personal Data with trusted entities as outlined below.

    1. Lucus Labs and Symbient
      We may share Personal Data with other Lucus Labs and Symbient affiliated entities in order to provide our Services and for our own administrative purposes.
    2. Service providers
      We may share Personal Data with certain service providers subject to contract terms that limit their use of Personal Data. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, marketing services, information technology and related infrastructure, customer service, email delivery, debit & credit card payment processing, and auditing services. These service providers may need to access certain Personal Data to perform or provide their services to us and/or on our behalf. We authorize such service providers to use or disclose the Personal Data only to perform services on our behalf or to comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the United States of America and follow all U.S. laws, rules, and regulations.
    3. Business partners
      We may share certain Personal Data with third party business partners in connection with our Services to our Users. Examples of third parties to whom we may disclose Personal Data for this purpose are banks and payment method providers (such as credit card networks) when we provide payment processing services, and the professional services firms that we partner with. As of the date listed above, Symbient utilizes Opta Pay for processing all debit & credit card payments for usage of the Symbient Services. Opta Pay is a product of, and is owned and operated by Lucus Labs. Please refer to the Opta Pay Privacy Policy regarding any Personal Data collected by or shared with Opta Pay.
    4. Our Users and third parties authorized by our Users
      We may share certain Personal Data with Users to maintain a User account and provide the Services and third party services they require from us. We may share data with parties directly authorized by a User to receive Personal Data. This includes sharing Personal Data of Customers with Users to assess the fraud risk associated with attempted misuse or abuse by Customers, or when a User authorizes a third party to access the User's Symbient account. The use of Personal Data by an authorized third party is subject to the third party's privacy policy.
    5. Corporate transactions
      In the event we enter into, or intend to enter into, a transaction that alters the structure of our business, such as a reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity which buys us or part of our business will have the right to continue to use your Personal Data subject to the terms of this Privacy Policy.
    6. Compliance and harm prevention
      We may share Personal Data as we believe necessary: (i) to comply with applicable law, or rules imposed by any of our affiliated partners; (ii) to enforce our contractual rights; (iii) to protect the Services, rights, privacy, safety and property of Lucus Labs, Symbient, you or others; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.
  5. Your Rights and Choices
    You may have choices regarding our collection, use and disclosure of your Personal Data.

    1. How you can see or change your Personal Data
      If you would like to review, correct, or update Personal Data you have previously disclosed to us, you may do so by signing in to your Symbient account or by contacting us.
    2. Your data protection rights
      Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:

      • The right to request confirmation of whether Symbient processes Personal Data relating to you, and if so, to request a copy of that Personal Data.
      • The right to request that Symbient rectifies or updates your Personal Data that is inaccurate, incomplete or outdated.
      • The right to request that Symbient erase your Personal Data in certain circumstances provided by law.
      • The right to request that Symbient restrict the use of your Personal Data in certain circumstances, such as while Symbient considers another request you have submitted.
      • The right to request we export your Personal Data that we hold to another company, where technically feasible.
      • Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time.
      • In some cases, you may also have the right to object to the processing of your Personal Data.
    3. Process for exercising data protection rights
      To exercise your data protection rights, we will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may have the right under applicable laws to consult with the data protection authority in your country.

      For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.

      If you are a Customer of a Symbient User, please direct your requests directly to the User. For example, if you have interacted with a Symbient powered chatbot, such as LuLa, from a Symbient Users website and you have a request that is related to the information you provided as part of the interaction, then you should address your request directly to the Symbient User.
  6. Security and Retention
    We make reasonable efforts to provide a level of security appropriate to the risk associated with the processing and storage of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data covered by this Privacy Policy against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessed by a limited number of Lucus Labs personnel whose job role requires access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe your interaction or information with us is no longer secure (e.g., you feel the security of your account has been compromised), please contact us immediately.

    We retain your Personal Data as long as we are providing the Services to you or our Users (as applicable). Even after we stop providing Services directly or indirectly to you, and even if you close your Symbient account or engage in interactions with another Symbient User, we keep your Personal Data in order to comply with our legal and regulatory obligations. We may also keep it to assist with our fraud monitoring, detection and prevention activities. In all cases where we keep data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

  7. Use by Minors
    Symbient does not solicit data from children and does not market to children, where "children" being anyone under the age of eighteen (18).

  8. Payment Methods
    Certain functionality provided by Symbient Services require prepayments paid by debit or credit card. Symbient utilizes Opta Pay, another property of Lucus Labs, for processing debit and credit card payments. Your payment methods and other payment related information is never stored on Symbient's servers. Please see Opta Pay's Privacy Policy for more information.

  9. Updates To this Privacy Policy and Notifications
    We may change this Privacy Policy from time to time to reflect new services, changes in our Personal Data practices, or relevant laws. The "Last updated" legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes are effective when we post the revised Privacy Policy on the Services.

    We may provide you with disclosures and alerts regarding this Privacy Policy or Personal Data collected by posting those disclosures on our website and, if you are a Symbient User, by contacting you through the email address we have on file for you.

    If applicable law requires that we obtain your consent or provide notice in a specified manner prior to making any changes to this Privacy Policy applicable to you, we will provide such required notice and will obtain your required consent.

  10. Links To Other Online Services
    The Services may provide the ability to connect to other online services. These online services may operate independently from us and/or may have their own privacy notices or policies, which we strongly suggest you review. If any online service linked to our Services is not owned or controlled by us, or does not claim to be covered by this Privacy Policy, we are not responsible for it and/or it is not covered by this Privacy Policy. Your use of other sites is subject to that site's own rules of use and privacy statement, and you should review them before browsing those sites.

  11. Controllers and Jurisdiction-specific Provisions
    Depending on the activity, Symbient acts as a Data Controller and Data Processor.

    The "Data Controller" is the entity which determines the purposes and means of the data processing taking place. The "Data Processor" is an entity acting on behalf and under the instructions of a controller in processing personal data.

    Symbient is a Data Controller when it determines the purposes and means of the processing taking place. These data processing activities include (i) providing the Symbient products and services, (ii) monitoring, preventing and detecting fraudulent or other mischievous activity on the Symbient platform, (iii) complying with legal or regulatory obligations applicable to the industry to which Symbient is subject, and (iv) analyzing, developing and improving Lucus Labs' products and services.

    Symbient is a Data Processor where it is facilitating user interactions on behalf of and at the direction of a Symbient User. Symbient Users direct us to provide AI-related services, such as providing chatbots that engage and interact with their customers, and where certain Personal Data may be shared by the customer with Symbient and Symbient's Users.

    As a platform provider, we need to ensure consistency across our platform, and that includes consistency with respect to the commitments that we give about how we operate our platform. We contract with all of our Users on this basis.

    United States - California
    If you are a consumer located in California, we process your Personal Data in accordance with the California Consumer Privacy Act (CCPA). This section provides additional details about the personal information we collect and use for purposes of CCPA.

    1. How We Collect, Use, and Disclose your Personal Information
      The 'Personal Data We Collect' section describes the personal information we may have collected about you, including the categories of sources of that information. We collect this information for the purposes described in the 'How We Use Personal Data' section. We share this information as described in the 'How We Disclose Personal Data' section. Further, Symbient uses cookies, including tracking cookies, as described in our Cookie Policy.
    2. Your CCPA Rights and Choices
      As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal information:

      • Exercising the right to know: You may request the following information about the personal information we have collected about you:
        • The categories and specific pieces of personal information we have collected about you;
        • the categories of sources from which we collected the personal information;
        • the business or commercial purpose for which we collected the personal information;
        • the categories of third parties with whom we shared the personal information;
        • the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.
      • Exercising the right to delete: You may request that we delete any personal information we have collected from you, subject to certain limitations under applicable law.
      • Non-discrimination: The CCPA provides that you may not be discriminated against for exercising these rights.
    To submit a request to exercise any of the rights described above, please contact us.

    When exercising your rights, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may also be required. If you are a customer of a Symbient User, please direct your requests directly to the Symbient User with whom you shared your personal information.

  12. Contact Us
    Have a question for us?

    If you have questions about this Privacy Policy, please contact us.