What we hold,
and what we
don't.

We collect three buckets of information, all of which are required to operate the marketplace: account data you give us, billing data your payment provider gives us, and operational telemetry generated by using the product.

Account & identity

1. Email address and password hash (we never store plaintext).
2. Display name and optional profile photo.
3. Business name and tax identification, where required for invoicing.
4. Verification documents only when you exercise a rent-to-own buyout.

Billing

1. Last four digits of the card and brand. The full PAN never touches our servers.
2. Billing address and country, for sales tax / VAT.
3. Transaction history: rentals, renewals, refunds, payouts.

Operational telemetry

1. DNS records you publish and updates you make.
2. Login events: timestamp, IP, user-agent string.
3. Marketplace search queries and viewed listings (used to improve recommendations).
4. Support transcripts when you write to us.

Every use of personal data at Luckiest maps to one of four lawful bases under GDPR Article 6: contract performance, legitimate interest, legal obligation, or your explicit consent.

Contract

Provisioning your rental, taking payment, providing DNS, sending receipts.

Interest

Security monitoring, fraud detection, internal product analytics on aggregated data.

Obligation

Tax records, ICANN/registrar compliance, lawful court orders, anti-money-laundering checks.

Consent

Marketing email, the newsletter, and any optional research surveys you opt into.

We do not use your data to train machine-learning models that are offered to third parties. The internal models that score brandability and detect typo-squatting are trained only on public domain metadata, never on your private DNS records or login activity.

We share data with a small, named set of subprocessors that help us run the marketplace. Each one is contractually bound by a Data Processing Agreement; each one is listed below with a public link to their own privacy policy.

Stripe

Card processing and payouts. Cardholder data is tokenized; we never see full PANs.

AWS

Compute and managed databases. EU-region for EU customers, US for everyone else.

Cloudflare

Anycast DNS resolution and DDoS protection on rented domains.

Postmark

Transactional email: receipts, password resets, expiry notices.

Sentry

Error monitoring. PII is scrubbed before transmission.

Linear

Internal support ticket tracking. Only used when you write to us.

Law enforcement requests are reviewed by counsel. We require a valid subpoena, court order, or equivalent legal process.

We extend GDPR-grade rights to every Luckiest user worldwide, irrespective of which jurisdiction protects you on paper. The controls live on your Profile page under Privacy & Data.

Access

Download a full export of your account, billing, DNS, and support history as JSON.

Correction

Edit any inaccuracy directly, or write to us if you can't reach the UI.

Deletion

Close your account; we purge personal data within 30 days, save legal-hold records.

Portability

Take your export and bring it to anyone you like. The schema is documented.

Objection

Opt out of marketing, recommendations, or operational analytics in one click.

Restriction

Pause processing while a complaint is being investigated.

Residents of California (CCPA / CPRA), the EEA and UK (GDPR), Brazil (LGPD), and Virginia (VCDPA) have specific additional protections; those rights are honored without requiring proof of residency. To exercise a right, use the dashboard or email get+privacy@luckiest.co.

We hold data only as long as we need to. The table below is the governing schedule. Exceptions exist only where law requires longer retention (tax, sanctions, fraud).

Account

Until you delete it. After deletion, 30 days in cold storage before purge.

DNS Logs

90 days of rolling history; aggregated stats beyond that.

Billing

7 years, as required by US and EU tax authorities.

Support

3 years from last interaction, then anonymized.

Backups

Encrypted at rest; rotated out within 35 days.

We run a SOC 2 Type II program audited annually by a Big Four firm. The latest report is available under NDA on request.

What we do

1. TLS 1.3 in transit; AES-256 at rest on every primary store.
2. Least-privilege production access, hardware-key 2FA required for staff.
3. Quarterly penetration tests and an always-on bug-bounty program.
4. Customer 2FA via authenticator app or hardware key, free on every account.

What you should do

1. Enable 2FA on day one. The 30 seconds is worth it.
2. Use a unique password. A password manager makes this painless.
3. Be skeptical of any email asking you to 'verify' DNS via a link. We never do that.

We will notify affected users of any confirmed breach within 72 hours of discovery, in accordance with GDPR Article 33, regardless of whether you reside in the EU.

Luckiest is not directed at children under 16. We don't knowingly collect personal data from anyone under 16. If you believe a minor has registered, write to get+privacy@luckiest.co and we'll close the account and purge the data.

Material changes are announced by email at least 30 days before they take effect, and the change log lives below this document. The version number above the masthead bumps on every release (major.minor.patch). Patch releases are typos.

4.2.0 (May 12, 2026)

Added Brazil (LGPD) to the named jurisdictions. Clarified backup retention.

4.1.0 (Mar 1, 2026)

Switched transactional email subprocessor from Mailgun to Postmark.

4.0.0 — Jan 14, 2026

Complete rewrite for plain-English readability. No substantive changes.