Lacuna Labs is a company registered in England and Wales, with registered address at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.
We operate the Gap Intelligence Platform and its three product lines — Lacuna Core, Lacuna Signal, and Lacuna Scope — accessible at lacunalabs.eu and associated subpages.
For the purposes of the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Lei Geral de Proteção de Dados (LGPD), Lacuna Labs Intelligence Ltd is the data controller for personal data collected through our services.
Data Protection contact: hello@lacunalabs.eu
| Data type | Where it is processed | Transmitted to servers? |
|---|---|---|
| PDF and text file contents | Browser only (PDF.js, local) | Never |
| Document text and full corpus | Browser only | Never |
| Research article content | Browser only | Never |
| BibTeX, RIS, and CSV import data | Browser only | Never |
| Word frequency matrices | Browser only | Never |
| Heat maps and analysis results | Browser only | Never |
| Word groups and blacklists | Browser localStorage only | Never |
| Web content fetched via URL (Web tab — URL mode) | Passes through our proxy server in transit to bypass browser security restrictions — never stored or logged | Not stored |
| AI Advisor — term statistics summary | Sent only to your chosen AI provider, after your explicit confirmation | Only to your chosen provider |
The optional Gap Intelligence Advisor feature transmits a statistical summary of your corpus (term names and frequency counts only — never document content) to a third-party AI provider of your choice. Before any transmission occurs, the platform displays the exact text to be sent for your review and requires your explicit confirmation. You control which AI provider receives this data and may use your own API key.
Because document content never leaves your device, Lacuna Labs is architecturally compatible with the processing of commercially sensitive, legally privileged, and classified or restricted information. Organisations operating under national security classifications, professional secrecy obligations, or strict trade secret protection programmes may use the core analysis platform without any departure from their information security requirements. Institutional clients requiring formal assurance documentation should contact us at hello@lacunalabs.eu.
When you create an account, we collect your name, email address, and password (stored as a cryptographic hash). We use this data to provide access to the service, send transactional communications, and, with your consent, inform you of product updates.
Payment processing is handled exclusively by Paddle.com (Paddle Payments Ltd, Judd House, 18-29 Mora Street, London EC1V 8BT, UK), acting as Merchant of Record. Lacuna Labs does not store card numbers, banking details, or payment credentials. We receive from Paddle only a payment confirmation, subscription status, and anonymised billing metadata. Because Paddle acts as Merchant of Record, they are an independent data controller for payment and tax data — their own Privacy Policy governs payment data processing.
We collect aggregate, anonymised usage statistics (pages visited, features used, error logs) to improve the platform. This data does not identify individual users and is not linked to account data. Country codes are derived from IP addresses which are discarded immediately after derivation — the IP itself is never stored. In low-volume contexts, a country code may constitute indirect personal data; we retain country-level data only in aggregated form (combined with tier and date) and never linked to individual accounts.
If you contact us by email, we retain the content of that correspondence for the purpose of responding to your enquiry and for up to 36 months thereafter.
| Processing activity | Legal basis (UK GDPR) | Legal basis (EU GDPR) | Legal basis (LGPD) |
|---|---|---|---|
| Account creation and service delivery | Contract (Art. 6(1)(b)) | Contract (Art. 6(1)(b)) | Contract (Art. 7, II) |
| Payment processing | Contract (Art. 6(1)(b)) | Contract (Art. 6(1)(b)) | Contract (Art. 7, II) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) | Legitimate interest (Art. 6(1)(f)) | Legitimate interest (Art. 7, IX) |
| Product communications (opted-in) | Consent (Art. 6(1)(a)) | Consent (Art. 6(1)(a)) | Consent (Art. 7, I) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) | Legal obligation (Art. 6(1)(c)) | Legal obligation (Art. 7, II) |
We retain account data for the duration of the active account relationship and for up to 36 months following account closure, unless a longer retention period is required by applicable law. Payment records are retained for 7 years in accordance with the UK Companies Act 2006 and HMRC requirements. You may request earlier deletion subject to Section 6 below.
Depending on your jurisdiction, you have the following rights with respect to your personal data:
To exercise any of these rights, contact us at hello@lacunalabs.eu. We will respond within 15 business days. EU and UK residents have the right to lodge a complaint with their national supervisory authority. Brazilian residents may contact the Autoridade Nacional de Proteção de Dados (ANPD).
Lacuna Labs Intelligence Ltd is incorporated in the United Kingdom. The platform is hosted by Infomaniak SA in Switzerland, which benefits from an EU adequacy decision under GDPR Art. 45. UK personal data transferred to Switzerland is covered by UK adequacy regulations. For users in the European Economic Area, transfers to the UK are covered by the EU adequacy decision for the UK (valid until June 2027, subject to review). For Brazilian users, transfers are covered by contractual safeguards consistent with LGPD Chapter V and ANPD guidance. We will update this section if the applicable adequacy frameworks change.
The platform allows you to connect external APIs including AI providers (DeepSeek, OpenAI, Anthropic, Google Gemini), news sources (The Guardian, NewsData.io), patent databases (Lens.org, EPO OPS, PatentsView), and institutional databases.
API keys you enter in Settings are stored exclusively in your browser's localStorage. They are never transmitted to or stored by Lacuna Labs servers. Lacuna Labs has no technical access to your API keys.
When you use a connected service, your API key and any query data are transmitted directly from your browser to that provider, outside Lacuna Labs infrastructure. Each provider's own privacy policy and terms of service govern that data. Lacuna Labs is not responsible for how third-party providers collect, store, process, or share data you transmit to them, nor for their compliance with LGPD, UK GDPR, EU GDPR, or other applicable law.
When activated, the AI Advisor transmits corpus term statistics (term names and frequency counts only — never document content) directly to your chosen AI provider. This is processed under that provider's privacy policy. Do not use the Advisor if your corpus contains classified information, legally privileged material, or personal data of third parties, unless you have verified the provider's data handling practices are compatible with your obligations.
We use essential cookies only. We do not use advertising cookies, tracking pixels, or third-party analytics. The following data is stored in your browser's local storage:
All local storage data remains on your device and is not transmitted to our servers. You may clear this data at any time by clearing your browser's local storage or site data.
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include TLS encryption for all data in transit, cryptographic hashing of passwords, and access controls on all systems. Because document content is processed locally on your device, it is not subject to server-side data breaches. In the event of a personal data breach affecting account data, we will notify affected users and relevant supervisory authorities within the timeframes required by applicable law.
Lacuna Labs is not directed at children. We apply a minimum age of 16 as a deliberate policy choice, consistent with the more protective standard available under UK GDPR Art. 8 and EU GDPR Art. 8, notwithstanding that the UK Data Protection Act 2018 permits a minimum age of 13 in certain contexts. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
Data controller: Lacuna Labs Intelligence Ltd
Trading as: Lacuna Labs
Email: hello@lacunalabs.eu
Address: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom
We take privacy complaints seriously and will respond within 15 business days. If you are not satisfied with our response, you have the right to escalate to the relevant supervisory authority in your jurisdiction.