What Luota stores, why it is processed, and how to leave cleanly.

Luota is a founder-operated workflow monitoring service. For account, billing, and service operations data, Luota acts as controller. For workflow payloads, run output, monitor events, alert routing, and incident evidence sent by a customer workspace, Luota acts as processor for that customer.

Privacy, deletion, export, DPA, and security requests go to support@luota.dev. Customers that need formal legal-entity details for procurement receive them through the signed DPA and invoice process.

Account and workspace data: email address, workspace name, workspace membership, active plan, billing state, and support messages.

Product data: monitor definitions, schedules, owner labels, runbook URLs, alert-channel configuration, heartbeats, runs, incident state, timeline events, deploy SHA, host/environment metadata, payload JSON, and output snippets.

Operational data: request metadata, rate-limit counters, application logs, error telemetry, Core Web Vitals samples, and privacy-constrained public page-view analytics used to operate and improve the service.

Service delivery: to detect missed, failed, late, stuck, slow, or stale workflow events and show the related incident evidence.

Billing and account administration: to keep Stripe subscription state, invoices, plan limits, account access, password reset, and customer support working.

Security and reliability: to prevent abuse, rate-limit ingest endpoints, investigate errors, verify backups, and maintain service integrity.

Contract: account access, monitor storage, alerts, billing, support, retention, and export/delete handling needed to provide the service.

Legitimate interests: abuse prevention, rate limiting, security logging, service diagnostics, and privacy-friendly performance measurement.

Legal obligation: invoice, tax, accounting, and compliance records that Luota or its processors must keep.

Monitor evidence follows the active plan: 7 days on Free and 30 days on Operator unless a written agreement says otherwise. Downgrades apply the shorter retention window on the next retention sweep.

Daily encrypted Postgres backups follow the documented backup cadence. Deletion requests remove live workspace data first; encrypted backup expiry follows the normal backup retention window.

Stripe billing records and legally required accounting records may be retained for the period required by payment, tax, and accounting obligations.

Primary application and database hosting is in the EU. Some processors operate outside the EU; those transfers rely on the processor's published safeguards such as SCCs, the EU-US Data Privacy Framework, or equivalent contractual measures.

The canonical subprocessor list is published at /subprocessors. A signed DPA is available at /dpa for customers that need Article 28 processor terms.

Depending on your role and jurisdiction, you may request access, correction, deletion, restriction, portability, or objection. Workspace customers can also request export of the workspace evidence Luota controls.

If your employer or customer controls the workspace data, Luota may route the request through that customer as controller. You can also contact your local supervisory authority.