iLuk

Privacy Policy

Last Updated: Nov 7, 2025

Effective Date: Nov 7, 2025

This Privacy Policy describes how iLuk SAPI de CV ("iLuk," "we," "our," or "us") collects, uses, discloses, and protects Personal Data when you visit iluk.ai or use our products and services, including AI Personas (Selves), Arena, Edge, and Deal (collectively, the "Services").

By using the Services, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Services.

1. Scope & Roles

This Policy covers Personal Data processed as a controller (when iLuk determines the purposes and means of processing, e.g., site analytics, marketing, communications) and as a processor/service provider (when we process data on behalf of business clients under their instruction and Data Processing Addendum (DPA)).

When we act as a processor, we follow customer instructions and contractual terms.

2. Data We Collect

a) Data You Provide

  • Account and Business Data: name, email, company, role, password, or SSO identifiers.
  • Billing Data: billing contact, payment method, transaction information (handled through PCI-compliant providers).
  • Content and Uploads: files, catalogs, metadata, or campaign assets you submit.
  • Communications: chat, email, support tickets, and feedback.

b) Data We Collect Automatically

  • Log and Usage Data: IP, browser, OS, device, timestamps, pages visited, features used.
  • Cookies and Tags: to authenticate users, remember preferences, and analyze performance.
  • Approximate Location: derived from IP for fraud prevention and service optimization.

c) Data from Third Parties

Publicly available sources used for building AI Personas, simulations, and visibility analysis.

We never ingest or access private, gated, or login-protected data.

3. How We Use Data

We use Personal Data to:

  • Provide and maintain our Services.
  • Authenticate and secure accounts.
  • Respond to inquiries, requests, and support issues.
  • Improve and personalize user experience.
  • Comply with legal obligations and enforce agreements.

Model Training Restriction

We do not use Personal Data to train iLuk's AI models or third-party models without explicit, written consent. Consent, when given, may be withdrawn at any time.

4. Product-Specific Notices

AI Personas (Selves)

  • Personas use aggregated, public behavioral signals or approved customer data.
  • Customer data remains siloed and isolated per tenancy.
  • Outputs are simulations for ideation and analysis, not factual statements about real individuals.

Arena

  • Generates aggregated insights based on user-defined projects, audiences, and assets.
  • Reports are anonymized or de-identified unless users publish identifiable data.

Edge

  • Tracks how AI assistants and search engines reference your brand or products using public data.
  • We do not inject confidential or sensitive customer data into external systems.

Deal

  • When active, uses customer-connected data (catalogs, CRMs, analytics) to automate commerce decisions.
  • Connected data remains private to your tenancy.

5. Disclosures of Personal Data

We do not sell or share Personal Data for advertising or profiling. We may disclose data:

  • To subprocessors (e.g., hosting, cloud, analytics, email) bound by confidentiality and data protection agreements.
  • As required by law or to protect the rights, safety, and security of iLuk, our customers, or others.
  • With your authorization or integration request.

We will never permit third parties to train AI models, build user profiles, or conduct targeted advertising with iLuk's customer data.

6. Data Retention

We retain Personal Data only as long as necessary for service delivery, compliance, dispute resolution, and legal obligations.

  • User or tenant content may be deleted upon termination or per admin request.
  • Backups are deleted on a rolling 90-day schedule.

7. Security Measures

  • Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest, managed through AWS/GCP KMS.
  • Access Control: Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), least privilege, and access audits.
  • Audit Logs: all access, system, and admin events logged and monitored via SIEM tools.
  • Penetration Testing: annual third-party security assessments.
  • Incident Response: prompt notification (within 72 hours) of confirmed personal data breaches.
  • Employee Awareness: annual security training and confidentiality agreements.

8. International Data Transfers

Data may be processed outside your jurisdiction (e.g., U.S., EU, Latin America).

Transfers use approved mechanisms like Standard Contractual Clauses (SCCs) or equivalent safeguards.

9. Your Rights

Depending on your location, you may have rights to:

  • Access, correct, delete, restrict, or port your Personal Data.
  • Withdraw consent or object to specific processing.
  • File a complaint with a supervisory authority (e.g., GDPR, CCPA, LGPD, UK DPA).

You can exercise these rights by contacting privacy@iluk.ai.

10. Data Governance & AI Ethics

  • All AI processing is ephemeral and stateless; we do not store prompts or outputs unless part of customer projects.
  • Any opt-in model improvement program will require separate, explicit consent.
  • iLuk's AI governance aligns with global frameworks (e.g., EU AI Act, NIST AI Risk Framework).
  • We prohibit use of our systems for generating or disseminating harmful, deceptive, or discriminatory outputs.

11. Cookies & Tracking

  • Strictly Necessary Cookies: essential for login, authentication, and load balancing.
  • Functional Cookies: remember user preferences and session state.
  • Analytics Cookies: collect anonymized usage metrics.

Users can manage cookies via browser settings. Blocking may affect service functionality.

Our Services do not respond to "Do Not Track" signals.

12. Children's Privacy

We do not knowingly collect Personal Data from children under 13 (or applicable local age threshold). If we learn of such data, we will delete it promptly.

13. Third-Party Links & Integrations

  • Integrations (e.g., Google, Meta, HubSpot) process data under their own policies.
  • iLuk processes only minimal, necessary data for functionality.
  • We honor third-party platform restrictions, including Google API Services User Data Policy.

14. Data Subject Requests & Verification

  • We may require identity verification for data requests to prevent unauthorized access.
  • Authorized agents may act on behalf of individuals with written proof of consent.

15. Changes to this Policy

  • We may update this Privacy Policy from time to time.
  • Material changes will be communicated via email or in-product notice at least 15 days before taking effect.
  • Continued use of Services after updates indicates acceptance.

16. Contact Information

Company: iLuk SAPI de CV

Email: privacy@iluk.ai

Address: Aniceto Ortega 650, Casa 3, Col. Del Valle Centro, Benito Juárez, Ciudad de México, C.P. 03100