Lupid/Privacy
§ LEGAL·Effective 2026-05-06

Privacy policy.

What we collect, what we don't, and how to reach us with questions. Plain English where we can. Last updated 6 May 2026.

The short version

Lupid does not collect personal data on this website beyond what's needed to understand visitor patterns. We use Google Analytics 4 for aggregate page views, scroll depth, and outbound clicks. We don't run ad pixels, retargeting, session replay, or any third-party tracker beyond GA4. We don't sell or share what little data we collect.

If you contact us — via the contact page form, the booking calendar, or email — your message and email address are used only to respond to you.

Who we are

This site is operated by Lupid, Inc. ("Lupid", "we", "us"), a Delaware corporation. The "data controller" for the purposes of GDPR/UK GDPR is Lupid, Inc. Reach us at [email protected] or via the contact page.

What we collect on this website

1. Analytics (Google Analytics 4)

We use Google Analytics 4 (measurement ID G-6JYBKBQFTG) to understand how visitors navigate the site. GA4 records:

  • Page views and the path of pages visited.
  • Approximate location (country/region, derived from IP — IP itself is not stored).
  • Browser, operating system, screen resolution, language.
  • Referring URL (the site that linked you here).
  • Engagement signals: scroll depth, outbound link clicks, file downloads.

GA4 sets cookies named _ga and _ga_G-6JYBKBQFTG to identify return visitors anonymously. You can opt out by enabling Google's GA opt-out browser add-on, by blocking the GA cookies in your browser, or by enabling Do Not Track (which most modern blockers respect).

2. Server logs

Our hosting provider (Cloudflare) records standard request logs for security and abuse detection: IP address, user agent, request path, timestamp, response code. Cloudflare retains these for a short rolling window per their privacy policy.

3. Direct contact

If you email us or book a call via the calendar embed on the contact page, we receive your name, email address, and whatever message you send. The booking calendar is provided by Google Calendar — your booking data flows through Google's systems per their privacy policy.

What we don't collect

  • No advertising or retargeting. No Meta Pixel, no LinkedIn Insight, no Google Ads remarketing, no TikTok Pixel.
  • No session replay. No FullStory, Hotjar, or similar — we don't record clicks, mouse movements, or video of your session.
  • No A/B testing tools that fingerprint visitors.
  • No data brokers. We don't sell, rent, or share what we collect with third parties for marketing.
  • No "agent data". The Lupid runtime is self-hosted in your infrastructure — agent calls, audit records, and policies stay in your cluster. We do not have a managed-data offering, and we cannot see your agents' activity.

Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you.
  • Ask us to correct or delete it.
  • Object to processing or restrict it.
  • Export your data in a portable format.
  • Withdraw consent (where consent is the legal basis).
  • Lodge a complaint with your local data protection authority.

Email [email protected] with the subject line "Privacy request" and we will respond within 30 days. We won't ask you to prove your identity beyond what's strictly necessary to handle the request.

Retention

  • Analytics data: retained by Google for the period set in our GA4 property (currently 14 months).
  • Email correspondence: retained as long as needed for the conversation, plus a reasonable period for record-keeping.
  • Server logs: retained per Cloudflare's policy (typically days to weeks).

Changes to this policy

If we change this policy, we'll update the "last updated" date at the top, and meaningful changes will be flagged on the homepage or in the brief. Previous versions are available in git history.

Contact

Privacy questions: [email protected]
Security disclosures: [email protected]
RFC 9116 metadata: /.well-known/security.txt