Privacy Policy

Last updated: 5 May 2026

Lucro Limited ("Lucro", "we", "us") is an Irish software company that builds and operates a portfolio of consumer and business products, including PostOnce, Adorna, PartyBundle, and OwnTheSite. This Privacy Policy explains how we handle personal data in connection with our website at lucro.ie and our products.

For each product, a product-specific privacy notice (linked from that product's website or app) describes the data processing for that product in detail. This policy is the umbrella policy for Lucro as the operating company.

1. Who we are (Data Controller)

The data controller for personal data processed under this policy is:

Lucro Limited
Registered in the Republic of Ireland
Company Number: 811725
Registered Office: Nicholastown, Kilcullen, Co. Kildare, R56 NT73, Ireland
Email: privacy@lucro.ie

We are not required to appoint a Data Protection Officer, but our founder and director, Sven van Staden, is the point of contact for all privacy matters.

2. Scope of this policy

This policy covers:

The Lucro corporate website at lucro.ie;
Email and other direct communications with Lucro;
How Lucro acts as the operating entity behind our products.

Each Lucro product has its own privacy policy that describes the data processing for that product:

PostOnce — social media scheduling SaaS
Adorna — AI fashion platform
PartyBundle — offline mobile party games (no personal data collected)
OwnTheSite — website service for small businesses

3. What we collect on lucro.ie

The Lucro corporate website is a static informational site. We do not use third-party advertising, behavioural tracking, or cross-site analytics on lucro.ie.

The only personal data we may receive through this site is:

Email correspondence: if you email us at any address ending in @lucro.ie, we receive your email address and the contents of your message.
Standard server logs: our hosting provider records IP address, request URL, user-agent, and timestamps for security and operational reasons. These logs are retained for up to 30 days.

4. What our products collect

Our products collect personal data necessary to provide the service. Typical categories include:

Account data: name, email address, password hash;
Billing data: handled by Stripe (we do not store full card numbers);
Content you create or upload (e.g. social media posts, photos, wardrobe items);
Connected third-party account tokens (e.g. when you connect a Facebook, Instagram, Google, or LinkedIn account to PostOnce);
Usage and diagnostic data needed to operate and improve the service.

Each product's own privacy policy is the authoritative description of its data practices.

5. Meta Platforms (Facebook & Instagram) data

Our product PostOnce integrates with Meta Platforms via the Facebook Graph API and Instagram Graph API to allow users to publish content to their own Pages and Instagram Business accounts. When a user connects a Meta account:

We receive only the access token and the data necessary to perform the user's requested actions (e.g. list Pages, post content, retrieve post status).
We do not sell, rent, or share Meta-derived data with third parties for advertising or profiling.
Tokens are encrypted at rest and revoked when the user disconnects the account or deletes their PostOnce account.
Users can disconnect a Meta account at any time from PostOnce settings, or by removing the PostOnce app from Facebook Business Integrations.

For deletion of Meta-related data, see our Data Deletion Instructions.

6. Legal bases for processing (GDPR)

We rely on the following lawful bases under Article 6 of the GDPR:

Performance of a contract — to provide the product or service you've signed up for;
Legitimate interests — to operate, secure, and improve our products, and to communicate with users about service changes;
Consent — where required (e.g. optional marketing emails);
Legal obligation — to comply with Irish and EU law, including tax and accounting obligations.

7. Sub-processors and sharing

We use a small set of trusted sub-processors to operate our products. We do not sell personal data. Typical sub-processors include:

Hetzner / Hosting providers — application and database hosting (EU);
Stripe — payment processing;
Resend — transactional email delivery;
Cloudflare — DNS and content delivery;
Bunny CDN — media delivery;
Google (Gemini API, OAuth) — AI features and sign-in;
Meta Platforms, TikTok, LinkedIn, X, Pinterest, YouTube, Bluesky — social platform integrations, used only when you explicitly connect an account.

We may also disclose data when required by law, court order, or to protect our rights or the safety of users.

8. International transfers

Where personal data is transferred outside the European Economic Area (e.g. to providers based in the United States), we rely on Standard Contractual Clauses approved by the European Commission, the EU-US Data Privacy Framework where applicable, or other lawful transfer mechanisms.

9. Retention

We keep personal data only as long as needed for the purposes described, including any legal, accounting, or reporting requirements. When you delete your account in one of our products, we delete or anonymise your personal data within 30 days, except where we are required to retain it (e.g. invoices for tax purposes — typically 6 years under Irish law).

10. Your rights

Under the GDPR you have the right to:

Access the personal data we hold about you;
Have inaccurate data corrected;
Have your data erased (the "right to be forgotten");
Restrict or object to processing;
Receive your data in a portable format;
Withdraw consent at any time, where processing is based on consent;
Lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority.

To exercise any of these rights, email privacy@lucro.ie. We will respond within one month.

11. Cookies

The lucro.ie corporate site does not set tracking or advertising cookies. Our individual products use only cookies that are strictly necessary for the service to function (e.g. session and authentication cookies), as described in each product's privacy policy.

12. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact privacy@lucro.ie so we can delete it.

13. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be highlighted on this page or notified by email where appropriate.

14. Contact

For any privacy questions, requests, or complaints, email privacy@lucro.ie.