Task Management for
Finance Teams

The first platform to integrate your email and chat with your accounting software to make it easier to manage those tedious tasks

Integrates with...


Join the accounting revolution


Data Security

  • Access monitoring: Luka has enabled logging on all critical systems. Logs include failed/successful logs & application access. 2FA is enforced internally across all critical third-party applications.

  • Backups enabled: Luka is built on Bubble.io, which is hosted by Amazon Web Services (AWS). By default, Bubble.io and AWS provide durable infrastructure to store important data. Automated point-in-time backups of customer data occurs with each change to the database. The backups are encrypted in the same way as live production data, and are monitored and alerted.

  • Data erasure: Luka customers are Controllers of their data. Each customer is responsible for the information which is provided to Luka. Luka customers have the ability to request data deletion, when data is not subject to regulatory or legal retention periodicity requirements.

  • Encryption at rest: Customer data is encrypted at rest using AES-256.

  • Encryption in transit: Data sent in-transit via HTTPS is encrypted using SSL.

  • Physical security: Luka is hosted on AWS, and defers all data centre physical security controls to them. Please refer to AWS’s physical security controls.

  • AI Model: Luka uses OpenAI's GPT-4 API to interact with unstructured qualitative information. As mentioned in OpenAI's data usage policy:
    "OpenAI will not use data submitted by customers via our API to train or improve our models, unless you explicitly decide to share your data with us for this purpose.".

Please refer to our Privacy Policy for more information on how we process data.

Privacy Policy

Luka’s Privacy Policy describes how Luka collects, uses, and discloses your information.This Privacy Policy also explains your choices surrounding how we use your personal information, which include how you can object to certain uses of the information and how you can access and update certain information.Here are some important definitions to help you understand our terms and this Privacy Policy:Luka HQ Ltd., and our relevant affiliates are referred to as “Luka”, “we”, “us”, and “our”.Our public websites, including www.lukahq.com, are referred to as the “Website”.Our online software-as-service platform including any related APIs provided by Luka, are collectively referred to as the “Services”.

1. Information we collect

We collect information when you provide it to us, when you use our Website or Services, and when other sources provide it to us, as further described below.A. Information You Provide to UsAccount Creation: When you create an account or otherwise use the Services, we collect information such as your name, email address, password.
Your Communications with Us: We collect information from you such as email address, phone number, or mailing address when you request information about our Services, request customer or technical support, or otherwise communicate with us. We also collect the contents of messages or attachments that you may send to us, as well as other information you choose to provide, and that may be associated with your communications.
Payment Information: When you purchase a subscription to the Services, you will need to provide payment information (e.g., financial account details, shipping information) to process your subscription. We use third-party payment providers to process payments on the Services. We may receive information associated with your payment information, such as billing address and transaction information, but we do not directly store payment information on the Services. Payment information is stored and processed by our payment providers on our behalf.Feedback: We may contact you to provide feedback about the Services. If you decide to participate, you may be asked to provide certain information which may include contact information and other information about you.
Conferences, Trade Shows, and Other Events: We may attend conferences, trade shows, and other events where we collect contact information from individuals who interact with or express an interest in the Services.
Job Applications. We may post job openings and opportunities on the Website or Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information to assess your qualifications.
B. Information Collected AutomaticallyAutomatic Data Collection: We keep track of certain information about you when you visit and interact with our Website or Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information (including inferred general location based off of your IP address), Internet service provider, pages that you visit before, during and after using the Website or Services, information about the links you click, information about how you interact with the Website or Services, including the frequency and duration of your activities, and other information about how you use the Website or Services. Information we collect may be associated with accounts and other devices.Cookies, Pixel Tags/Web Beacons, and Analytics Information: We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Website or Services. Technologies are essentially small data files placed on your devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.Analytics: We may also use third-party service providers to collect and process analytics and other information on our Website or Services. These third-party service providers may use Technologies to collect and store analytics and other information. They have their own privacy policies addressing how they use the analytics and other information and we do not have access to, nor control over, third parties’ use of cookies or other tracking technologies.C. Information from Other SourcesWe may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Website or Services through a third-party application, such as a social networking site or a third-party login service, we may collect information about you from that third party that you have made available via your privacy settings. In addition, if you register a Luka account or associate a Luka account with an email address provisioned by your organization, we may obtain information from third party data enrichment providers to help us to better tailor business-to-business marketing and sales outreach to you.

2. How we use your information

We use your information for a variety of business purposes, including to:Provide the Services or Requested Information, such as:
    - Fulfilling our contract with you;
    - Identifying and communicating with you, including providing newsletters and marketing materials;
    - Managing your information;
    - Processing your payments (which are processed and stored by our third-party payment processors on our behalf) and otherwise servicing your purchase orders;
    - Responding to questions, comments, and other requests;
    - Providing access to certain areas, functionalities, and features of our Services; and
    - Answering requests for customer or technical support.
Serve Administrative and Communication Purposes, such as:
    - Pursuing legitimate interests, such as research and development (including marketing research), network and information security, and fraud prevention;
    - Sending communications about new product features, promotions, Luka's strategic partners, and other news about Luka;
    - Measuring interest and engagement in our Services, including analyzing your usage of the Services;
    - Developing new products and services and improving the Services;
    - Ensuring internal quality control and safety;
    - Authenticating and verifying individual identities;
    - Carrying out audits;
    - Communicating with you about your account, activities on our Services and Privacy Policy changes;
    - Preventing and prosecuting potentially prohibited or illegal activities;
    - Enforcing our agreements; and
    - Complying with our legal obligations
Marketing of Products and Services: In accordance with applicable legal requirements, we may use your information to tailor and provide you with content and advertisements. If you have any questions about our marketing practices or if you would like to opt out of the use of your information for marketing purposes, you may contact us as set forth below.Consent: We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.De-identified and Aggregated Information Use: We may use de-identified and/or aggregated information that can no longer be reasonably linked to you or your device from the information we collect. De-identified and/or aggregated information is not subject to this Privacy Policy, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.Subprocessors: For the purposes of GDPR, we may act as a sub processor to you. In order to provide our services, Luka engages various subprocessors; Bubble.io, OpenAI, PaperTrail, Cloudfare.
How We Use Automatic Collection Technologies: Our uses of Technologies fall into the following general categories:
    - Operationally Necessary;
    - Performance Related;
    - Functionality Related; and
    - Marketing Related.
Cross-Device Tracking: Your browsing activity may be tracked across different websites and different devices or apps. For example, we may attempt to match your browsing activity on your mobile device with your browsing activity on your laptop. To do this our technology partners may share data, such as your browsing patterns, geo-location and device identifiers, and will match the information of the browser and devices that appear to be used by the same person.

3. Disclosing your information

We may disclose your information to the following categories of third parties:Service Providers: We may disclose information we collect about you to our third-party service providers. The categories of service providers to whom we entrust your information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested, including Non-Luka Services as that term is defined in the Agreement; (iii) marketing and advertising; (iv) payment and transaction processing; (v) customer service activities; (vi) the provision of IT and related services; and (vii) fraud prevention and user authentication.Business Partners: At your request, we may provide information to business partners to provide you with a product or service of interest to you. We may also provide information to business partners with whom we jointly offer products or services.
Affiliates: We may disclose information to our affiliated entities, who are under common ownership and/or control with us.
We may disclose your information to other third parties, including other users, in the following circumstances:Disclosures to Protect Us or Others: We may access, preserve, and disclose any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.Disclosure in the Event of Merger, Sale, or Other Asset Transfer: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of some or all assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

4. International Data Transfers

All information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. When we engage in such transfers, we endeavor to safeguard your information consistent with the requirements of applicable laws.

5. Your Choices

General: You may have the right to object to or opt out of certain uses of your information. Where you have consented to the processing of your information for a specific purpose, you may withdraw that consent at any time by contacting us as described below. Even if you opt out, we may still collect and use your information for other purposes that were not based on your consent.Email Communications: If you receive an email from us and do not want to receive future emails from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Policy).“Do Not Track”: Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications that you do not wish such operators to track certain of your online activities over time and/or across different websites. Like most online services, we do not currently respond to Do Not Track signals. However, as discussed below in the “Your Privacy Rights” section, we do honor legally-recognized browser-based mechanisms (such as the Global Privacy Control designed to signal your opt out choices under certain state laws).

6. Your Privacy Rights

Depending upon your location and in accordance with applicable laws, you may have the right to:
    - Access information about you consistent with legal requirements. In addition, you may have the right in some cases to receive or have your electronic information transferred to another party.
    - Request Correction of your information where it is inaccurate or incomplete.
    - Request Deletion of your information, subject to certain exceptions prescribed by law.
    - Request Restriction or Object to Processing of your information.
    - Not be Discriminated Against by us for exercising your privacy rights.
If you would like to exercise any of these rights, please contact us as set forth below. We will process such requests in accordance with applicable laws, and in some circumstances may need to deny your request in whole or in party (e.g., if we have a legal obligation to maintain your information for a certain purpose). To protect your privacy, we will take steps to verify your identity before fulfilling your request, such as by requiring you to submit your request via your account. You have the right to submit a request through an authorized agent, but we will require the agent to provide us with your written permission, and we may need to confirm your identity before processing the agent’s request.Depending on your location of residence, you may have the right to appeal our response to your request. In such circumstances, we will inform you of the right to appeal and the appeal process.

7. Data Retention

We store the information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

8. Security of your Information

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.By using the Services or providing information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security system’s breach, we may will notify you within 48 hours by email.

9. Third-Party Websites/Applications

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

10. Children's Information

Our Services are intended for general audiences and are not directed at children. If we become aware that we have collected data without legally valid parental consent from children under an age where such consent is required, we will take reasonable steps to delete it as soon as possible.

11. Supervisory Authority

If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your information violates applicable law.

12. Changes to Our Privacy Policy

We may revise this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.

Contact us:
If you have any questions about our privacy practices or this Privacy Policy, please contact us at: [email protected]

The finance stack with a built in accountant

Give your team

Super Powers

Free

£0 /m

Includes:

  • 1,000 Emails

  • 50 Invoices processed

  • 100 Query responses

  • 50+ Languages

Plus

£30 /m

Includes:

  • 2,000 Emails

  • 100 Invoices processed

  • 200 Query responses

  • 50+ Languages

Pro

£100 /m

Includes:

  • 4,000 Emails

  • 200 invoices processed

  • 400 Query responses

  • 50+ Languages

Enterprise

Custom

Includes:

  • Unlimited emails

  • Unlimited invoices

  • Unlimited responses

  • 50+ Languages