Privacy Policy

Last updated: April 16, 2026

1. Who We Are

Luca Flow is a creative studio operated by Dr. Mohamed Khaled Eid, based in Egypt. This policy explains how we collect, use, and protect your personal data when you use our website (lucaflow.com) and services.

2. What Data We Collect

Information you provide

  • Name and email address (via contact forms, intake forms, or direct communication)
  • Project details and business information you share during engagement
  • WhatsApp number (if you contact us via WhatsApp)

Payment information

Payment data (card numbers, billing address) is collected and processed by Paddle, our Merchant of Record. We do not store your payment details on our servers. See Paddle's Privacy Policy for how they handle payment data.

Automatically collected data

  • Page views, clicks, and navigation patterns (via PostHog analytics)
  • Device type, browser, and approximate location
  • Performance metrics (via Vercel Speed Insights)

3. How We Use Your Data

  • To deliver the services you purchased or requested
  • To communicate about your project (updates, questions, deliveries)
  • To improve our website and services based on usage patterns
  • To send relevant updates about Luca Flow (only if you opted in)

We do not sell your data to third parties. Ever.

4. Third-Party Services

We use the following third-party services that may process your data:

  • Paddle -- payment processing, invoicing, tax compliance
  • PostHog -- website analytics (privacy-focused, self-hostable)
  • Vercel -- website hosting and performance monitoring

Each service has its own privacy policy. We only share the minimum data necessary for each service to function.

5. Data Retention

We keep your project data and communication history for as long as our business relationship is active, plus a reasonable period after (typically 24 months) for reference and support purposes. Analytics data is retained according to PostHog's default retention settings.

You can request deletion of your data at any time (see Section 6).

6. Your Rights

You have the right to:

  • Access -- request a copy of the personal data we hold about you
  • Correction -- ask us to update or correct inaccurate data
  • Deletion -- ask us to delete your personal data
  • Portability -- receive your data in a structured, commonly used format

To exercise any of these rights, email us at info@lucaflow.com. We will respond within 30 days.

7. Cookies

Our website uses minimal cookies for analytics (PostHog) and essential site functionality. We do not use advertising cookies or tracking pixels from ad networks.

8. Changes to This Policy

We may update this privacy policy from time to time. Changes take effect when posted on this page. We will not materially reduce your rights under this policy without giving you notice.

9. Echo OS -- Connected Social Platforms

Echo OSis the internal application Luca Flow uses to schedule and publish content across the social platforms our clients and brand portfolio operate on. When a brand owner authorizes Echo OS to act on their account, Echo OS accesses the platform via the platform's official APIs (TikTok Content Posting API, Meta Graph API, X API, LinkedIn API, YouTube Data API).

What Echo OS accesses

For each authorized account, Echo OS may access:

  • Permission to upload and publish videos, images, and text posts
  • Basic profile information (display name, username, avatar) for verification
  • OAuth access and refresh tokens issued by the platform to authorize the above

What Echo OS does NOT access

  • Direct messages or private conversations
  • Follower lists or relationship graphs
  • Analytics beyond the published posts Echo OS itself created
  • Payment, billing, or financial information held by the platform

Storage and security

OAuth tokens are stored on Luca Flow's controlled infrastructure with restricted access. Tokens are used solely to fulfill scheduled posting tasks the brand owner has approved. Echo OS does not share any platform-derived data with third parties.

Revoking Echo OS access

You may revoke Echo OS's access at any time by:

  • Removing the connection in your TikTok / Meta / X / LinkedIn / YouTube app settings under "Connected apps" or "Authorized apps"
  • Emailing info@lucaflow.com -- we will delete stored tokens and credentials within 7 days

TikTok-specific disclosure

Echo OS uses the TikTok Content Posting API to publish videos to authorized TikTok creator accounts. TikTok user data accessed via Echo OS is processed in accordance with TikTok's Terms of Service and TikTok API Platform Terms. Echo OS does not retain TikTok-derived content beyond what is required to complete the authorized publishing task.

10. Contact

For privacy-related questions or requests, contact us at info@lucaflow.com.

Also see

Terms of ServiceRefund Policy