Skip to main content
Back to Home

Privacy Policy

Last updated: March 31, 2026

1. Introduction

Lulosa ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform that connects content creators with clippers for video distribution.

Please read this privacy policy carefully. By using Lulosa, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly to us, including:

  • Name and email address when you create an account
  • Profile information (bio, profile image)
  • Payment information processed through Stripe (we do not store full card details)
  • Content you upload (videos, clips, thumbnails)
  • Communications with us or other users through the platform

2.2 Automatically Collected Information

When you use our platform, we automatically collect:

  • Device information (browser type, operating system)
  • IP address and approximate location
  • Usage data (pages visited, features used, time spent)
  • Cookies and similar tracking technologies

2.3 Third-Party Information

If you sign in using Google OAuth, we receive your name, email, and profile picture from Google. We may also receive view count data from social media platforms where clips are posted.

When you connect your TikTok account via OAuth, we receive your display name, avatar, bio, verification status, follower/following/likes/video counts, and a list of your public videos with metrics. We store encrypted OAuth access and refresh tokens to maintain this connection.

We use Apify, a third-party scraping service, to collect publicly available video metrics (views, likes, comments, shares) from TikTok and Instagram for submissions on our platform.

We send submission content (video keyframes, captions, hashtags) to Anthropic's Claude AI for automated content compliance review.

2.4 Demographic & Analytics Data

We collect the following demographic and analytics data:

  • Self-reported demographics (country, languages, audience regions)
  • Auto-detected demographics from social profiles (region, language detected from bio text)
  • Marketing attribution data (UTM source, medium, campaign parameters)
  • Follower count snapshots captured periodically for campaign tracking

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Connect creators with clippers and facilitate campaigns
  • Track view counts and calculate earnings for clippers
  • Send you technical notices, updates, and support messages
  • Respond to your comments and questions
  • Detect, prevent, and address fraud and abuse
  • Comply with legal obligations
  • Perform automated AI content compliance review on submissions
  • Detect fraud through engagement analysis, account age verification, and behavioral pattern scoring
  • Send targeted email communications including onboarding sequences and re-engagement campaigns
  • Moderate community chat content and enforce platform guidelines
  • Generate demographic insights from your social media profiles to improve campaign targeting
  • Provide agency dashboard services for client accounts

4. Information Sharing

We may share your information in the following circumstances:

  • With other users: Creators can see clipper profiles and submission data; clippers can see campaign details
  • Service providers: We share data with Stripe and PayPal for payment processing and Sentry for error tracking
  • Legal requirements: We may disclose information if required by law or to protect our rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets
  • Service providers (additional): Anthropic (AI content review), Apify (social media metrics collection), Amazon Web Services (email delivery via SES, file storage via S3, content delivery via CloudFront), and Cloudflare (DNS and security)

We do not sell your personal information to third parties.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Specific retention periods are as follows:

  • Financial records (transactions, payouts, deposits): 7 years
  • View snapshots: 45 days
  • Email send logs and webhook events: 90 days
  • Dismissed notifications: 30 days; read notifications: 90 days
  • Audit logs: 365 days
  • Fraud reports: 180 days
  • Soft-deleted messages: 90 days
  • Follower snapshots: 180 days
  • Push notification subscriptions unused for 180 days: deleted

You can request deletion of your account at any time through your account settings. Upon deletion, your personal data will be removed, though some information may be retained in anonymized form for analytics or as required by law.

6. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Update or correct inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Portability: Export your data in a machine-readable format
  • Right to Object: Object to certain processing of your data
  • Right to Restrict Processing: Request limited processing of your data

To exercise these rights, visit your account settings or contact us at privacy@lulosa.com.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption in transit (HTTPS), secure password hashing, and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

  • Encryption at rest for sensitive data (OAuth tokens encrypted with AES-256-GCM)
  • Access controls and role-based permissions
  • Rate limiting and account lockout after failed login attempts
  • Regular security audits and automated vulnerability scanning

8. Cookies

We use the following cookies and similar technologies:

  • Session cookie: Keeps you signed in (httpOnly, secure)
  • CSRF token: Prevents cross-site request forgery
  • Client portal cookie: Agency dashboard authentication (httpOnly, secure)
  • Maintenance bypass cookie: Allows access during maintenance (httpOnly, secure)
  • Google Analytics cookies (if configured): Website usage analytics

You can control cookies through your browser settings. Disabling cookies may affect the functionality of our platform.

9. Community Chat

When you use our community chat features, we collect and store:

  • Messages, reactions, and @mentions for platform communication
  • Message edit history retained for moderation purposes
  • Deleted messages retained for 90 days before permanent removal
  • User blocking and reporting data stored for safety
  • Channel read positions tracked for unread indicators

10. Automated Decision-Making

We use automated systems to assist in the following decisions:

  • AI Content Review: Submissions are automatically reviewed by AI for compliance with campaign guidelines. Scores and recommendations are generated but final decisions may involve human review.
  • Fraud Detection: Engagement metrics, account characteristics, and behavioral patterns are automatically analyzed to generate fraud risk scores. Flagged submissions receive manual admin review.
  • Auto-Approve: Submissions may be automatically approved based on AI compliance score, fraud risk assessment, and submission age thresholds.

You may request human review of any automated decision by contacting support@lulosa.com.

11. Push Notifications

If you enable push notifications, we store your browser's push subscription endpoint and encryption keys. Subscriptions unused for 180 days are automatically deleted. You can disable push notifications at any time through your notification settings.

12. Children's Privacy

Lulosa is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 18, we will delete that information promptly.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the platform after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@lulosa.com
Address: Lulosa LLC, 7901 4th St N, STE 300, St. Petersburg, FL 33702

Terms of ServiceBack to Home
    Privacy Policy | Lulosa