| Field | Detail |
|---|---|
| Effective Date | [DATE] |
| Last Updated | February 2026 |
| Version | 1.0 |
| Owner | LookAI Studio (operated by Mindware Global Corporation) |
| Contact | privacy@lookai.studio |
| Applies To | All users of the LookAI Studio platform and websites |
Privacy Notice
1. Who We Are
This Privacy Notice describes how LookAI Studio, operated by Mindware Global Corporation (“LookAI,” “we,” “us,” or “our”), collects, uses, shares, and protects personal data when you use our platform, websites, and related services (collectively, the “Platform”).
LookAI Studio is an AI-powered software development platform that uses autonomous AI agents to transform business requirements into production-ready applications. This notice covers personal data processing across all LookAI services, including our websites, APIs, and the AI agent platform.
2. Our Role in Processing Your Data
LookAI acts in two distinct capacities depending on the type of data involved:
Data Controller
We are the data controller for personal data we collect directly from you for our own business purposes, including:
- Account registration and management (name, email, credentials)
- Billing administration and invoicing (payment card data is handled exclusively by Stripe)
- Platform usage analytics and service improvement
- Marketing communications (with your consent where required)
- Customer support interactions
Data Processor
We act as a data processor when handling data that our customers (“Clients”) submit to the Platform for processing by our AI agents. This includes business requirements, technical specifications, proprietary logic, and other project data that Clients provide. We process this data solely on behalf of and under the instructions of our Clients, as governed by our Data Processing Agreement (DPA).
Important: If you are an end user whose data has been submitted to LookAI by a Client, please contact the Client directly regarding your data rights. We will assist the Client in fulfilling your requests as required by our DPA.
3. Personal Data We Collect
3.1 Data We Collect Directly
When you interact with LookAI as a platform user, we may collect the following categories of personal data:
| Category | Examples | Purpose |
|---|---|---|
| Identity Data | Name, job title, company name, username, account ID | Account creation and management |
| Contact Data | Email address, phone number, mailing address | Communications, support, billing |
| Financial Data | Billing address, transaction confirmations, invoice records. Payment card data is collected and processed exclusively by Stripe and never touches LookAI systems. | Invoicing, billing administration |
| Authentication Data | Passwords (hashed), SSO tokens, MFA identifiers | Platform access and security |
| Device and Usage Data | IP address, browser type, session data, pages visited, feature usage, log data | Platform operation, security monitoring, service improvement |
| Communications Data | Support tickets, feedback, chat transcripts with our team | Customer support, service improvement |
3.2 Data Processed on Behalf of Clients
When Clients use our Platform, they may submit data that could include personal data of their own employees, customers, or other individuals. This “Client Project Data” may include business requirements documents, technical specifications, database schemas, and other inputs to the AI agent workflow. We process Client Project Data only as instructed by the Client and as described in our DPA.
We do not use Client Project Data to train AI models. Client data is processed solely to deliver the requested services and is subject to strict isolation, encryption, and access controls.
3.3 Data from Third Parties
We may receive limited personal data from third-party sources such as identity providers (when you authenticate via SSO/SAML/OIDC), payment processors (transaction confirmations and billing status from Stripe; we never receive or store payment card numbers), and publicly available business contact information.
4. How We Use Your Data
4.1 Lawful Basis for Processing (EU/EEA and UK)
We process personal data only where we have a lawful basis to do so. The following table summarizes our processing activities and their corresponding legal bases:
| Processing Activity | Lawful Basis | Details |
|---|---|---|
| Account creation and management | Contract performance | Necessary to provide the Platform services you have requested |
| Billing and invoicing | Contract performance | Necessary to administer billing under our service agreement. Payment card data is handled exclusively by Stripe and never enters LookAI systems. |
| Platform security and fraud prevention | Legitimate interest | Protecting the Platform, our Clients, and their data from threats |
| Service improvement and analytics | Legitimate interest | Understanding usage patterns to improve Platform functionality |
| Customer support | Contract performance / Legitimate interest | Responding to your requests and resolving issues |
| Marketing communications | Consent / Legitimate interest | Consent for new prospects; legitimate interest for existing customers (with opt-out) |
| Legal compliance | Legal obligation | Meeting regulatory, tax, and reporting requirements |
| AI agent processing of Client data | Contract performance (processor) | Processing Client data as instructed under the DPA |
4.2 What We Do Not Do
- We do not sell personal data to third parties.
- We do not use Client Project Data to train or fine-tune AI models.
- We do not use personal data for automated decision-making that produces legal or similarly significant effects without human oversight.
- We do not process special category data (health, biometric, political opinions, etc.) unless a Client submits such data, in which case it is processed strictly under the DPA.