Privacy Policy - Lucidworks

Privacy Policy

last updated 9/9/2025

We take the privacy of personal information seriously and understand how important the protection of your personal data is to you, where “you” references any individual person identified or identifiable by personal data as relevant to the context in which it is used in this Privacy Policy.

The following Privacy Policy describes the privacy practices of Lucidworks, Inc. (collectively, “Lucidworks,” “we,” “our,” and “us”) as they relate to the following:

Personal data

“Personal data” refers to any data that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable individual or, where applicable, a household (“Data Subject”).

Personal data does not include aggregated or deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual or household, nor data that relates solely to a non-human entity.

The categories of personal data listed below have been processed within the last 12 months, wherein “processing” refers to any operation or set of operations performed upon personal data, automatically or by other means, such as collecting, recording, structuring, storing, altering, retrieving, using, disclosing by transmitting, disseminating, erasing, or destroying.

Data collection

We collect personal data directly from a Data Subject (such as when a Data Subject submits a form via our websites), indirectly from a Data Subject (from data analytics software, cookies, and web beacons that we may use on our websites), or via third parties or sources (such as our clients, vendors, or partners).

We do not knowingly collect sensitive data, special categories of personal data, protected classification characteristics under applicable laws, or personal data from children under the age of 16. We put forth our best efforts to prohibit and block such use and, in case of unwilling collection, promptly delete any such personal data.

If you provide personal data to us about someone else (e.g., your directors or employees, someone with whom you have business dealings), you must ensure that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use, and disclose that personal data as described in this Privacy Policy.

Categories and sources of personal data

Data category	Types of personal data	Source	Purpose and legal basis of processing
Job applicant data: job candidates/applicants to Lucidworks, whether as an employee, contractor, or consultant.	When you apply for employment with Lucidworks (whether as an employee, contractor, or consultant) and when we evaluate your employment application and related materials (e.g., results of pre-employment screenings), we obtain job applicant data about you. The job applicant data we collect and process varies by by the role and responsibilities of the position you are applying for with Lucidworks and may include: ● Individual data: legal name, address, telephone and/or mobile telephone number, email address, gender, marital status, date of birth/age, citizenship, relevant tax identification number(s), passport number, education, prior employment history, including salary information, results of criminal background screening, visa information, emergency contact information, name change information, CVs. ● Additional data: any other personal data that may be included on documents you submit or we obtain as part of your employment application, such as information contained on any employment application or cover letter, CV or resume, diploma, educational transcripts, license(s), statement of good behaviour, background screening, employment contract, any related documents, reference check, identification card, request for leave, benefits, as well as information collected from publicly available sources, professional license databases, and credit agencies, where applicable, or data that you voluntarily submit concerning your sexual orientation, veteran status, and disability status.	We obtain job applicant data about you (a) directly from you; (b) from our employees (e.g., employees who refer you to Lucidworks or who have worked with you in the past); and (c) from third parties, such as government agencies, recruiters, employment agencies, screening companies, and references that you provide to us, as well as from publicly available sources, such as websites.	Job applicant data is processed for the purpose of establishing and maintaining an employment relationship with Lucidworks (whether as an employee, contractor, or consultant); the data is necessary for (a) entering into or performing an employment relationship with Lucidworks; (b) complying with one or more legal obligations to which Lucidworks is subject (e.g., reporting to governmental or taxing authorities); and (c) legitimate business interests pursued by Lucidworks.
Website data: users of Lucidworks’ websites.	You do not have to submit any personal data to use our websites. When you visit our websites, we may collect personal data that you voluntarily provide and information related to your activities on our website automatically collected as you interact with the website (website usage information). ● The personal data we collect is business-oriented data typically limited to contact information necessary for the relationship, such as name, company name, job title, and email address. We may collect such information when you fill out and submit a form, such as if you register for an event or sign up to receive newsletter or email communication; submit an inquiry or request via a form or email address link on our websites; or send an email to a Lucidworks’ address or email list included on our websites. In such case, we will collect whatever personal data you voluntarily provide in response to our request. ● In connection with registration for an event or the provisioning of access to our software (e.g., for testing purposes), we may ask for specific information. Any use of such information is based on your consent. If you do not provide any such consent, we may not be able to give you access to our software or services.	Information you voluntarily provide in response to requests we may make at various places and through various mechanisms on our websites, as well as website usage information.	Website data is processed for the purposes of building relationships with existing and potential clients and other interested parties, communicating with such parties, and analyzing and improving our websites. This includes keeping interested parties informed of the latest updates of our products and services. Such processing is done in furtherance of and is necessary for the legitimate business interests pursued by Lucidworks.
Contact data: individuals who are, or are associated with, Lucidworks’ clients, vendors, or other business contacts with whom we interact or seek to establish a relationship.	We collect, receive, and process contact data related to our clients, potential clients, and other third parties (e.g., vendors and other business and professional contacts) with whom we may interact from time to time. Contact data that we collect and process typically consists of information such as name, title, position, employer, email address, and other business contact information. Such contact data may also include details of your visits to our physical headquarters.	We obtain contact data about you from (a) you directly, such as when you seek services from us, attend a seminar or another event, sign up to receive newsletters, emails, or other information from us, or when you or your organization offer to provide services to us; (b) others; (c) third parties, such as government agencies; and (d) publicly available sources, such as websites (e.g., LinkedIn, business website).	Contact data is processed for the purposes of providing services to clients, building and managing relationships with existing and potential clients and other interested parties, communicating with such parties, and generally operating our business. Such processing is done in furtherance of and is necessary for the legitimate business interests pursued by Lucidworks. It may also be done to comply with our legal obligations (e.g., record-keeping), compliance screening or recording obligations, and financial and credit checks completed for fraud crime prevention and detection purposes.
Client-sourced data: individuals identified in data provided by or on behalf of clients in connection with services provided by Lucidworks.	The extent of client-sourced data that we collect and process is typically determined by the client and the nature and scope of the relationship and services involved.	In the course of representing and providing services to our clients, we may receive certain client-sourced data from them or from third parties providing such data on their behalf, as necessary or relevant to the services we are providing.	Client-sourced data is processed for the purposes of providing services to our clients. Such processing is done in furtherance of and is necessary for the legitimate business interests pursued by Lucidworks, and in some cases, because it is necessary for the performance of a contract to which the Data Subject is party. As a matter of policy, our employees or contractors may use or disseminate client-sourced data only for the purpose of providing services to our clients. Lucidworks believes in transparency as to the collection, use, and dissemination of client-sourced data, and the reasons therefor.

Data category

Types of personal data

Source

Purpose and legal basis of processing

Job applicant data: job candidates/applicants to Lucidworks, whether as an employee, contractor, or consultant.

When you apply for employment with Lucidworks (whether as an employee, contractor, or consultant) and when we evaluate your employment application and related materials (e.g., results of pre-employment screenings), we obtain job applicant data about you.

The job applicant data we collect and process varies by by the role and responsibilities of the position you are applying for with Lucidworks and may include:

● Individual data: legal name, address, telephone and/or mobile telephone number, email address, gender, marital status, date of birth/age, citizenship, relevant tax identification number(s), passport number, education, prior employment history, including salary information, results of criminal background screening, visa information, emergency contact information, name change information, CVs.

● Additional data: any other personal data that may be included on documents you submit or we obtain as part of your employment application, such as information contained on any employment application or cover letter, CV or resume, diploma, educational transcripts, license(s), statement of good behaviour, background screening, employment contract, any related documents, reference check, identification card, request for leave, benefits, as well as information collected from publicly available sources, professional license databases, and credit agencies, where applicable, or data that you voluntarily submit concerning your sexual orientation, veteran status, and disability status.

We obtain job applicant data about you (a) directly from you; (b) from our employees (e.g., employees who refer you to Lucidworks or who have worked with you in the past); and (c) from third parties, such as government agencies, recruiters, employment agencies, screening companies, and references that you provide to us, as well as from publicly available sources, such as websites.

Job applicant data is processed for the purpose of establishing and maintaining an employment relationship with Lucidworks (whether as an employee, contractor, or consultant); the data is necessary for (a) entering into or performing an employment relationship with Lucidworks; (b) complying with one or more legal obligations to which Lucidworks is subject (e.g., reporting to governmental or taxing authorities); and (c) legitimate business interests pursued by Lucidworks.

Website data: users of Lucidworks’ websites.

You do not have to submit any personal data to use our websites. When you visit our websites, we may collect personal data that you voluntarily provide and information related to your activities on our website automatically collected as you interact with the website (website usage information).

● The personal data we collect is business-oriented data typically limited to contact information necessary for the relationship, such as name, company name, job title, and email address. We may collect such information when you fill out and submit a form, such as if you register for an event or sign up to receive newsletter or email communication; submit an inquiry or request via a form or email address link on our websites; or send an email to a Lucidworks’ address or email list included on our websites. In such case, we will collect whatever personal data you voluntarily provide in response to our request.

● In connection with registration for an event or the provisioning of access to our software (e.g., for testing purposes), we may ask for specific information. Any use of such information is based on your consent. If you do not provide any such consent, we may not be able to give you access to our software or services.

Information you voluntarily provide in response to requests we may make at various places and through various mechanisms on our websites, as well as website usage information.

Website data is processed for the purposes of building relationships with existing and potential clients and other interested parties, communicating with such parties, and analyzing and improving our websites.

This includes keeping interested parties informed of the latest updates of our products and services. Such processing is done in furtherance of and is necessary for the legitimate business interests pursued by Lucidworks.

Contact data: individuals who are, or are associated with, Lucidworks’ clients, vendors, or other business contacts with whom we interact or seek to establish a relationship.

We collect, receive, and process contact data related to our clients, potential clients, and other third parties (e.g., vendors and other business and professional contacts) with whom we may interact from time to time.

Contact data that we collect and process typically consists of information such as name, title, position, employer, email address, and other business contact information. Such contact data may also include details of your visits to our physical headquarters.

We obtain contact data about you from (a) you directly, such as when you seek services from us, attend a seminar or another event, sign up to receive newsletters, emails, or other information from us, or when you or your organization offer to provide services to us; (b) others; (c) third parties, such as government agencies; and (d) publicly available sources, such as websites (e.g., LinkedIn, business website).

Contact data is processed for the purposes of providing services to clients, building and managing relationships with existing and potential clients and other interested parties, communicating with such parties, and generally operating our business.

Such processing is done in furtherance of and is necessary for the legitimate business interests pursued by Lucidworks.

It may also be done to comply with our legal obligations (e.g., record-keeping), compliance screening or recording obligations, and financial and credit checks completed for fraud crime prevention and detection purposes.

Client-sourced data: individuals identified in data provided by or on behalf of clients in connection with services provided by Lucidworks.

The extent of client-sourced data that we collect and process is typically determined by the client and the nature and scope of the relationship and services involved.

In the course of representing and providing services to our clients, we may receive certain client-sourced data from them or from third parties providing such data on their behalf, as necessary or relevant to the services we are providing.

Client-sourced data is processed for the purposes of providing services to our clients. Such processing is done in furtherance of and is necessary for the legitimate business interests pursued by Lucidworks, and in some cases, because it is necessary for the performance of a contract to which the Data Subject is party.

As a matter of policy, our employees or contractors may use or disseminate client-sourced data only for the purpose of providing services to our clients. Lucidworks believes in transparency as to the collection, use, and dissemination of client-sourced data, and the reasons therefor.

Data location

We and our third-party service providers maintain, store, and process personal data in the United States (US) and may also maintain, store, and process such data in the United Kingdom (UK), the European Economic Area (EEA), and other locations as reasonably necessary for the purpose of processing as specified above or as required by law. We do not transfer client data to other regions unless specifically requested we do so by the client.

While privacy laws may vary between jurisdictions, Lucidworks and our service providers are committed to handling the transfer of personal data in accordance with any appropriate lawful mechanisms and contractual terms, including, where appropriate, standard contractual clauses or similar mechanism adopted by the EU or the UK, to ensure an adequate level of protection.

Data retention

We retain personal data for as long as we deem reasonably necessary to fulfill the purposes of processing listed above, taking into account the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and applicable legal and regulatory requirements.

Data security

We implement systems, applications, policies, and procedures to safeguard personal data and minimize the risks of theft, damage, loss, or unauthorized access or use of information. Such measures provide robust, industry-standard security, as outlined in our Technical & Organizational Security Measures. To learn more about our cybersecurity program, visit our Trust Center.

Data disclosure

We may share selected personal data about you with the following parties or in the following circumstances:

Intra-company: Lucidworks may share personal data about you amongst its international subsidiaries as necessary for the conduct of our business.

Third-party service providers: We may share personal data about you with third parties who perform services for us or on our or our clients’ behalf for the limited purpose of carrying out such services. This includes, without limitation, third parties who assist in managing our organization, hosting or administering our websites or other systems, sending communications on our or our clients’ behalf, maintaining or analyzing our or our clients’ data, providing marketing assistance, or providing other services to us or our clients.

It also includes third parties providing services for money-laundering checks, credit risk reduction, and fraud and crime prevention, including financial institutions, credit reference agencies, and regulatory bodies.

Clients and other parties: We may share selected personal data about you with clients, experts, consultants, and other persons or entities to the extent reasonably necessary or appropriate in the context of providing services to our clients.

Corporate changes: We reserve the right to disclose and transfer personal data about you in connection with a merger, consolidation, restructuring, financing, sale of substantially all assets, or other organizational change.

Government and law enforcement authorities: We may disclose personal data (a) if we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request; (b) to enforce our agreements, policies, and terms of service; (c) the disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; and/or (d) such disclosure is required to protect our legitimate business interests, including the security or integrity of our assets, personnel, and rights.

Consent: We may share personal data about you in accordance with any express consent you or your authorized agent give us that is specific to the purposes of the processing you will be informed about at the time we request such consent. You do not have to give such consent. If you do give consent, you may withdraw it at any time by contacting us (see Contact Details below); however, be aware that such withdrawal will not affect the lawfulness of personal data collected and processed prior to the date of your withdrawal of consent.

Data selling and sharing practices

We do not and will not sell your personal information to third parties for their commercial use.

Cookies and data collection technologies

Our websites uses cookies for analytical and functional purposes that allow us to improve our website based on visitor experience. Our cookies do not collect any personal data.

We use the following types of cookies:

● Necessary cookies required for the operation of our websites (e.g., cookies that enable the website to perform as intended, cookies needed to access secure areas of our websites).

● Analytical/performance cookies that allow us to improve the way our websites work and collect standard internet log information and details of visitor behaviour patterns. This information is processed in a way that does not identify an individual.

Website users can manage their cookie preferences, including whether or not to accept cookies and how to remove them, through their browser settings or by clicking on our cookie banner, which provides additional information about the cookies used.

For more information about cookies, please visit: www.allaboutcookies.org, www.youronlinechoices.co.uk.

Note that if you choose to change your cookie settings, you may not be able to use the full functionality of our website.

Data subject rights

To the extent available in the appropriate jurisdiction, Data Subjects may have rights concerning their personal data. To exercise these privacy rights, email privacy@axonius.com.

When Data Subjects ask us to exercise any of their privacy rights, we may require additional information, including certain personal data, to authenticate and process the request. Such additional information may be then retained by us for legal purposes (e.g., as proof of the identity of the person submitting the request).

US data protection rights

Depending on the US state of residence and applicable laws, Data Subjects may have the right to:

● know whether or not we currently process (or have processed in the last 12 months) their personal data;

● obtain information regarding our privacy practices related to the handling of personal data and, where applicable, a list of specific third parties to whom the personal data has been disclosed;

● access and receive a copy of the personal data we have collected in the prior 12 months;

● request that we correct inaccuracies in personal data;

● request the deletion of personal data that we have collected, subject to certain conditions and exceptions;

● opt-out of targeted advertising;

● opt-out of sale or sharing of personal data (we do not sell personal information);

● opt out of automated decision-making or profiling in furtherance of decisions that produce a legal or similarly significant effect, where applicable (we currently do not process personal information in this manner);

● receive a copy of their personal data in a portable and readily usable format;

● not be subject to discrimination for the exercise of these privacy rights;

● appeal if we decline to take action regarding a Data Subject’s request, where applicable;

● designate someone as an authorized agent to submit requests and act on Data Subject’s behalf.

EEA and UK data protection rights

Subject to applicable laws, Data Subjects may have the right to:

● request access to or receive copies of their personal data, as well as information regarding our privacy practice related to the handling of personal data;

● request rectification of any inaccuracies in personal data;

● request, on legitimate grounds, the erasure of personal data;

● request, on legitimate grounds, the restriction of personal data processing activities;

● object, on grounds relating to their particular situation, to the processing of personal data by us or on our behalf;

● object to the processing of personal data for direct marketing purposes;

● have their personal data transferred to another controller, to the extent applicable;

● withdraw consent, where we process the personal data on the basis of it;

● not be subject to automated decision making, including profiling, which produces legal effects concerning the Data Subject, under certain conditions (we currently do not process personal information in this manner);

● lodge complaints with a data protection authority regarding the processing of personal data by us or on our behalf.

Switzerland data protection rights

Subject to applicable laws, Data Subjects may have the right to:

● request access to or receive copies of their personal data, as well as information regarding our privacy practice related to the handling of personal data;

● request rectification of any inaccuracies in personal data;

● request the erasure, deletion, destruction, or anonymization of personal data, to the extent applicable;

● object to the processing of personal data by us or on our behalf, including the right to restrict or prohibit the processing;

● request the prohibition of a specific disclosure, to the extent applicable;

● have the personal data transferred to another controller, to the extent applicable;

● not be subject to automated decision making, including the right to be heard in the case of automated decision making, to the extent applicable (we currently do not process personal information in this manner);

● have the personal data marked as being disputed;

● lodge complaints with a data protection authority regarding the processing of personal data by us or on our behalf;

● request that any judgment be communicated to third parties or published.

Provided we interact with Data Subjects only in a commercial context, some of the above rights may not apply.

Data protection framework

Lucidworks has certified to the US Department of Commerce that it adheres to the EU-US DPF, the UK Extension, and the Swiss-US Data Privacy Framework (DPF) Principles for personal data received from the EU, the UK (including Gibraltar), and Switzerland in reliance on the relevant part(s) of the DPF program and commits to be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If there is any conflict between the terms in this privacy policy and the DPF Principles, the Principles shall govern. To view our certification, please search for Lucidworks in the DPF List.

Additional information about the following is available in the relevant sections of this Privacy Policy: types of third parties to whom Lucidworks discloses personal data; purpose and legal basis of processing personal data; the rights of Data Subjects to access their personal data; and the choices Lucidworks offers to limit the use and disclosure of personal data. Acting as controller, Lucidworks commits to be liable for onward personal data transfers to third parties.

EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-US DPF, the Swiss-US DPF, or the UK Extension to the EU-US DPF should first contact Lucidworks by email or post as indicated below. We will respond to your request within 45 days.

Lucidworks commits to refer unresolved complaints to JAMS, an alternative dispute resolution provider. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to the Data Subject.

The Data Subject can, under certain conditions, invoke binding arbitration for complaints regarding DPF complia. nce not resolved by any of the other DPF mechanisms described above. For additional information, refer to the ANNEX I introduction.

Additional information

Third-party links

Our websites may contain links to third-party events, webinars, or other similar activities. For information about how third-parties may use or access your personal data, refer to the third-party’s privacy policy.

Updates and amendments

We may update and amend this Privacy Policy occasionally by posting an updated version on our websites. The amended version is effective as of the date it is published.

Contact details

For any questions, concerns, or complaints around this Privacy Policy, contact us via email at privacy@lucidworks.com or post at:

● Lucidworks, Inc., 235 Montgomery St., Suite 500, San Francisco, CA 94103, USA

● Lucidworks UK Limited, Mantle Business Centre, 9 Hills Road, Cambridge, UK, CB2 1GE