Privacy Policy

Effective: pending launch · Last updated: 2026-05-10

Draft for review. This document describes the data practices of the Lulu service as designed and built. It has not been reviewed by counsel. The final version posted at launch may differ in wording, jurisdiction-specific clauses, and the named legal entity. Use this draft to understand the data flows; do not rely on it as a binding contract.

Who we are

Lulu is a private, invite-only AI connector for the music and creator industry, operated by the Lulu operating entity (final entity name pending). Contact: privacy@hilulu.ai.

What data we collect

We collect only what we need to make warm introductions between members:

Identity. Your display name, pronouns (if you share them), city/country, and primary languages.
Work context. Your role in the industry, career stage, genres and scenes you operate in, current company or project, public proof links you choose to share (Spotify, IG, IMDB, etc.), short and long bio in your own words.
Network state. What kinds of introductions you're looking for, what you offer, your active briefs, your introduction frequency preference, members you explicitly don't want to be introduced to.
WhatsApp/SMS messages. The conversations you have with Lulu. These are the source of most of the data above — we extract structured fields from what you tell us in natural language.
System data. Your WhatsApp number (required to message you), timestamps for messages and activity, intro proposals you receive, your accepts/declines, decline reasons you share, and outcomes you report.
Vouch context. The member who vouched you in and the justification they provided. The members you vouch in and your justifications.

We do not collect, infer, or attempt to derive: physical appearance, perceived identity, perceived attractiveness, or any personal attribute you have not professionally volunteered.

How we use it

Matching. Your profile is read by our AI matching engine (Claude Opus via Vercel AI Gateway) to propose introductions to other members. The matching engine's output is reviewed by a human curator before sending in most cases (always for the first 100 introductions per member).
Conversation. Inbound messages are processed by our conversation AI (Claude Sonnet via Vercel AI Gateway) to understand context, extract profile updates, and generate appropriate replies in Lulu's voice.
Curation. A human curator reviews your profile during onboarding, reviews high-stakes match proposals, and reviews member-flagged concerns.
Internal analytics. We compute aggregate metrics (acceptance rate, outcome rate, retention) to evaluate matching quality. These metrics are not tied to your identity in public reporting.
Trust calibration. Decline patterns and outcomes feed into a private trust score used internally by the matching engine. The score is never visible to you or to other members.

Who sees your data

You and Lulu. Your full profile is visible to the Lulu system and to the human curator(s) responsible for member approval and match review.
Other members. Only in the specific introduction where you are the proposed counterparty. The intro message contains a short professional summary (role, location, one credibility marker) drawn from your profile, plus the specific reason for the match. Your contact number is exchanged only after both parties accept.
Service providers (processors). Anthropic (AI models, via Vercel AI Gateway), Twilio (WhatsApp/SMS delivery), Supabase (database and infrastructure), Vercel (hosting). Each is bound by a Data Processing Agreement. None receives data beyond what is required for their function.
Nobody else. We do not sell member data. We do not share individual data with advertisers, brands, labels, or other industry parties. Aggregated, anonymized industry trend reporting is permitted; individual data is not.

What industry customers see (Phase 2+)

When industry customers (brands, labels) submit briefs through our Phase 2 program, the matching engine identifies fitting members and sends them the brief privately. The customer sees nothing about you until you opt in to the specific brief. If you decline, the customer never knew you were considered.

How long we keep it

Profile data: for the duration of your membership, then anonymized within 30 days of removal. An anonymized record may be retained for up to 2 years for aggregate matching-quality analytics.
Conversation history (WhatsApp/SMS messages): retained for up to 3 years for matching context, quality calibration, and operational records. You may request earlier deletion at any time.
Intro and outcome records: retained for up to 3 years in identifiable form, then anonymized. These records feed the matching engine's long-term calibration.
Curator action logs: retained indefinitely as audit records (curator identity, action type, timestamp). Not deleted on member removal.
Website analytics: aggregated only; no per-visitor data retained beyond 90 days.

Legal bases for processing (GDPR)

If you are in the European Economic Area or UK, we rely on the following legal bases under GDPR Article 6:

Consent (Art. 6(1)(a)) — for marketing communications and any data use you have explicitly opted into.
Contract performance (Art. 6(1)(b)) — to operate the membership service, run matching, and deliver introductions.
Legitimate interests (Art. 6(1)(f)) — to maintain the integrity of the network, prevent abuse, and improve matching quality. Balanced against your rights and freedoms.
Legal obligation (Art. 6(1)(c)) — where required to comply with applicable law.

You have the rights described under GDPR Articles 15–22 (access, rectification, erasure, restriction, portability, objection, automated decision-making). Contact privacy@hilulu.ai to exercise them; we respond within one month.

Data breach notification

If a breach affecting your personal data occurs and is likely to result in a high risk to your rights or freedoms, we will notify you without undue delay and within 72 hours of becoming aware, in line with GDPR Article 33–34 requirements. Notification will describe the nature of the breach, the categories of data affected, and the steps we have taken or recommend.

What we deliberately don't do

The following practices are common in adjacent products but are not used by Lulu. This list is a positive commitment, not a routine disclosure:

No Meta Pixel, Facebook Custom Audiences, Google Ads, TikTok Pixel, or any other ad-platform tracking.
No hashed contact matching to advertising platforms. Member contact information is never sent to ad networks in any form.
No lookalike audiences derived from member data.
No session replay on this website. No recording of mouse movement, clicks, scroll, or visible text.
No selling, renting, or trading of member data. Ever.
No cross-platform "partner network" sharing of member profiles.
No auto-activation of members into the matching pool — every new profile requires curator approval before matching begins.
No revealing of member identity to industry customers without explicit member opt-in for that specific brief.

Your rights

You may, at any time:

Pause introductions (just tell Lulu: "pause me for a while").
Update or correct any part of your profile (just tell Lulu).
Request a full export of your data, sent to your contact on file within 30 days.
Request deletion of your account and data. Email privacy@hilulu.ai or tell Lulu directly. We process deletions within 30 days. Some logs may persist in anonymized form for the operational and legal reasons described in How long we keep it.
If you are in California or the EU, exercise the rights granted by CCPA/CPRA or GDPR respectively, including the right to opt out of any sale of personal information. We do not sell personal information.

Security

Data is encrypted in transit (TLS) and at rest (Supabase default). Service-role access to our database is limited to the Lulu operating entity and is rotated periodically. We follow the WhatsApp Business API opt-in and 24-hour messaging window requirements.

About this website

The website (hilulu.ai) uses privacy-respecting analytics (Plausible) that do not place cookies, do not record IP addresses, and do not identify visitors across sites. No third-party tracking pixels are loaded. No session replays are recorded. The CTA click event is captured as an anonymous count, not a per-user identifier. No data from this website is shared with advertising networks.

Changes to this policy

We may update this policy as the product evolves. Material changes will be announced to active members via WhatsApp at least 30 days before they take effect. Where GDPR or other applicable law requires renewed consent, we will obtain it before the change applies to you. The effective date at the top of this page reflects the most recent revision.

Contact

Questions: privacy@hilulu.ai