Good Vibes. Good Notes. Good Luck. Good Vibes. Good Notes. Good Luck. Good Vibes. Good Notes. Good Luck.

Privacy Policy

What we collect, why we collect it, what we do with it, and how to control it.

Effective May 1, 2026 · Last updated May 1, 2026
Plain-English summary. We collect what we need to run the Service, and not much else. We don't sell your data. We use AI to write notes — that processing happens on our servers and trusted vendors, not for advertising. You can see, export, or delete your data anytime.

01Overview

This Privacy Policy describes how ClubLucky, Inc. ("ClubLucky," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use clublucky.ai, the ClubLucky mobile app, and related services (collectively, the "Service"). By using the Service, you consent to the practices described below. If you do not agree, please do not use the Service.

02Information We Collect

Information you provide

  • Account information. Name, email, password (hashed), profile photo, optional birthday.
  • Contacts. Names, contact methods (email or phone), and notable dates you save in Smart Contacts. Imported contacts are stored only with your action.
  • Recipient information. When you send a note, we collect the recipient's contact method to deliver it.
  • Content. Messages you write, AI prompts you submit, Wall of Luck posts, Rally entries.
  • Family Account. For sub-profiles you create (kids, teens, partners), you provide name, age, and approved-contact relationships.
  • Payment information. Processed by our payment processor (Stripe). We receive a token and the last four digits — we do not store full card numbers.

Information collected automatically

  • Device & usage. IP address, browser type, OS, referring URL, pages viewed, actions taken, timestamps.
  • Cookies & similar. See Section 6.
  • Approximate location. Derived from IP for fraud prevention and analytics.

Information from third parties

  • OAuth providers. If you sign in with Google or Apple, we receive name, email, and a unique identifier as authorized by you.
  • Payment processor. Stripe shares billing status, charge confirmations, and dispute notifications.

03How We Use Information

We use personal information to:

  • Provide, maintain, and improve the Service;
  • Authenticate accounts and prevent fraud;
  • Process payments and Coin transactions;
  • Generate AI notes (subject to Section 5);
  • Deliver notes to recipients via email or SMS;
  • Send transactional communications (receipts, security alerts, Drop confirmations) and, with your consent, marketing communications;
  • Operate Lucky Drop and verify eligibility;
  • Comply with legal obligations and enforce our Terms;
  • Conduct analytics and product research using aggregated or de-identified data.

04How We Share Information

We do not sell your personal information. We share information only as described below:

  • Service providers. Vendors that help us operate the Service (cloud hosting, payment processing, email/SMS delivery, customer support, analytics, AI inference). These vendors are contractually limited to processing data on our behalf.
  • Recipients you send to. The recipient sees the note, your name (or chosen sender label), and any optional handwritten line.
  • Lucky Drop partners. If you win a drop, we share shipping name and address with the brand sponsor solely for fulfillment.
  • Legal & safety. If required by law, subpoena, or to protect rights, property, or safety.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality protections.
  • With your consent. Any other sharing you authorize.

05AI Processing

To generate AI notes, your prompts and contextual inputs (such as recipient name, occasion, and vibe selection) are sent to our AI inference vendors. We have contractual commitments with these vendors that prohibit using your data to train their general-purpose models without our authorization. AI inputs and outputs are retained on our infrastructure to operate the Service, debug, and improve quality. We do not use the content of personal notes for advertising or for sale to third parties.

06Cookies & Similar Technologies

We use cookies, local storage, and similar technologies for the following purposes:

  • Strictly necessary. Authentication, session management, security.
  • Functional. Remembering preferences and settings.
  • Analytics. Understanding aggregated usage so we can improve the Service.

You can manage cookie preferences through your browser settings. Some features of the Service may not work if you disable strictly-necessary cookies.

07Data Retention

We retain personal information for as long as your account is active, and for a reasonable period thereafter to comply with legal obligations, resolve disputes, prevent fraud, and enforce our agreements. Specific retention windows include:

  • Account data. Until deletion is requested, then deleted within 30 days from production systems and within 90 days from backups.
  • Notes & messages. Retained while your account is active. Recipients retain copies they have received.
  • Transaction records. Retained for at least 7 years for tax and accounting purposes.
  • Logs. 90 days for security and debugging.

08Your Rights & Choices

Depending on your jurisdiction, you may have rights to:

  • Access the personal information we hold about you;
  • Correct inaccuracies;
  • Delete personal information;
  • Restrict or object to certain processing;
  • Receive a portable copy of your data;
  • Withdraw consent;

To exercise any of these rights, email hello@clublucky.ai from the email associated with your account, or use the in-product Settings → Privacy controls. We will respond within the timeframe required by applicable law (typically 30 days). California residents have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of "sharing" — we do not "sell" personal information as defined under those laws.

09Children's Privacy

The Service is not intended for children under 13 except through a parent-administered Family Account. For Family Account child profiles, the parent or legal guardian provides verifiable parental consent and controls all settings, contacts, and data access. We collect only the personal information necessary for the child to use the limited features available, in accordance with the Children's Online Privacy Protection Act ("COPPA"). Parents may review, delete, or revoke their child's data at any time from the Family Account settings, or by contacting hello@clublucky.ai.

10Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), encryption at rest for sensitive fields, access controls, vendor security reviews, and incident-response procedures. No system is perfectly secure; you are responsible for keeping your account credentials confidential and notifying us promptly of any unauthorized access.

11Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice at least 14 days before they take effect, except where a shorter period is required by law. The "Last updated" date at the top of this page reflects the most recent revision.

12Contact

Questions, requests, or complaints? Email hello@clublucky.ai or write to ClubLucky, Inc., Attn: Privacy, [Address Placeholder], United States.

Placeholder note for legal review. This document is a working draft. Mailing address, sub-processor list, state privacy disclosures (CCPA/CPRA, VCDPA), and retention schedules should be confirmed by counsel before launch.