1. Introduction
This Privacy & Security Policy (the "Policy") explains how the Lucio Outlook Add-in (the "Add-in") collects, processes, stores, and protects information when you use it inside Microsoft Outlook. The Add-in is a front-end to the Lucio web application; it shares the same backend, the same Azure-hosted infrastructure, and the same controls as the Lucio web app.
The Add-in is built for lawyers and helps you summarise email threads, brief whole matters, analyse attachments, draft replies in your own voice, and turn sent emails into timesheet-ready narratives. To do this it must read mailbox content on your behalf. This Policy sets out exactly what is read, where it goes, how it is secured, and the rights you have over it.
Capitalised terms not defined here have the meaning given in the Lucio Master Services Agreement ("MSA") and Data Processing Addendum ("DPA") between you (or your firm) and Lucio. In the event of conflict, the MSA and DPA prevail.
2. Scope of this Policy
This Policy applies to:
The Lucio Outlook Add-in distributed via the Microsoft AppSource / Microsoft Store and installed in Microsoft 365 Outlook (desktop, web, and mobile clients);
All features delivered through the Add-in, including the Assistant, Narrative, Profile, History, voice input, and document upload;
Content that the Add-in reads from your mailbox via the Microsoft Graph API, and content you explicitly upload to it.
It does not change the privacy practices of Microsoft Outlook itself, of your firm's Microsoft 365 tenant, or of any third-party services you separately use.
3. Who we are and our role
Lucio is the provider of the Add-in. When the Add-in is used inside a law firm or other organisation under a subscription, the firm is the data controller of the mailbox content and Lucio acts as a data processor under the DPA. When the Add-in is used by an individual on their own account, Lucio acts as controller for that account's data.
Questions about this Policy can be sent to the contact addresses in Section 17.
4. Information we collect
The Add-in collects only the information it needs to deliver the features described in the product documentation. The categories are set out below.
4.1 Account and identity information
Microsoft work or school account identity used to sign in via Azure Single Sign-On (SSO);
User profile attributes returned by Azure AD: name, email address, tenant ID, object ID;
Authorisation tokens issued by Clerk Auth, our identity and authorisation provider for the application layer;
Language and regional dialect preferences (English (Indian), English (US), English (UK), or Japanese) and any personalisation rules you save in Profile.
4.2 Mailbox content accessed via the Microsoft Graph API
When you install the Add-in, Lucio is granted read and write permissions on your Outlook mailbox via the Microsoft Graph API. Lucio acts on behalf of the authenticated user using OAuth-issued tokens. Access is scoped to that user's mailbox and can be revoked at any time by you or by your tenant administrator. The Add-in reads:
Email messages: sender, recipients, subject, body (HTML and plain text), timestamps, conversation/thread identifiers, folder location, and read/unread state;
Email attachments in supported formats (.pdf, .doc, .docx), so the Assistant can analyse clauses, dates, parties and obligations on your behalf;
Folder structure metadata (folder names and hierarchy) so you can scope a question to a single matter folder;
Items in your Sent folder, so the Narrative feature can produce timesheet-ready descriptions of work you have already done.
On first sign-up, up to 10,000 of your most recent emails are synced to Lucio's Azure database via Microsoft Graph. Your mailbox is then kept in sync as new mail arrives.
4.3 Content you explicitly provide
Documents you upload via the paperclip control (.pdf, .doc, .docx) to bring your own files into a session;
Writing samples you upload in Profile (old timesheet narratives, sample emails) to teach the Add-in your style;
Prompts you type or dictate into the Ask Lucio box, including voice audio captured for transcription;
Drafting rules and preferences you save (for example, "always use British English").
4.4 Generated and derived data
Replies, summaries, narratives, and other outputs produced by the Add-in;
Embeddings and indexed representations of your emails and documents, used for retrieval inside Lucio's tenancy;
Chat history. Every session is saved so you can reopen it; you can delete any session from the History panel.
4.5 Operational and technical data
Application logs (timestamps, error traces, request IDs) generated by the Add-in and the Backend API;
Add-in version, Outlook client type, and minimal device/runtime information needed to diagnose issues;
Audit records of administrative actions, sign-ins, and token issuance.
The Add-in does not place any persistent local storage on your device beyond what Outlook itself caches in the normal course of operation.
5. How we use your information
We use the information listed in Section 4 strictly to:
Deliver the Add-in's features (read the open email, brief a folder, answer a question, draft a reply, analyse an attachment, generate narratives, save and reopen sessions);
Apply your Profile to make drafts and narratives sound like you, not a generic AI;
Authenticate you, authorise your actions, and enforce per-user tenant isolation;
Operate, secure, monitor, and improve the service, including detecting abuse, debugging, and capacity planning;
Comply with legal obligations and respond to lawful requests.
We do not sell your data. We do not use your mailbox content, attachments, or prompts to train foundation models or any model that is shared across customers. AI features operate over your data only to produce a response to you in your own session.
6. Where your data goes
When you take an action in the Add-in, content travels from Outlook to Lucio via the Microsoft Graph API and is sent to Lucio's Backend API over Transport Layer Security (TLS). From the Backend API onwards, your data sits in the same architecture that has been previously assessed for the Lucio web application.
6.1 Data flow
Outlook session to Microsoft Graph API (acting on behalf of you under OAuth);
Microsoft Graph API to Lucio Backend API (TLS in transit);
Backend API to persistent storage in Lucio's Azure tenancy (encrypted at rest);
Background workers index content and, when you ask, route relevant chunks to Azure OpenAI / Azure AI services for generation;
The response is returned to your Outlook side panel with citations back to the source email or attachment.
6.2 Storage
Structured data (chats, sessions, metadata, narratives) is stored in MongoDB hosted on Azure;
Documents and attachments are stored in Azure Blob Storage, encrypted at rest;
All persistent storage sits inside Lucio's Azure account. Customers occupy a logical tenancy within that account, isolated from other customers.
7. Security measures
Lucio operates an information security programme certified to ISO/IEC 27001 and attested under SOC 2. Controls include:
7.1 Encryption
TLS 1.2 or higher for all traffic between Outlook, Microsoft Graph, and the Lucio Backend API;
Encryption at rest for both MongoDB and Azure Blob Storage using industry-standard algorithms;
Secrets and signing keys held in a managed key vault with role-scoped access.
7.2 Identity, authentication, and authorisation
Azure Single Sign-On (SSO) for authentication into the Outlook Add-in;
Clerk Auth for application-layer authorisation, mirroring the identity flows used by the Lucio web app;
OAuth-issued tokens scoped to the individual user's mailbox; tokens are short-lived and rotated;
Tenant administrators can revoke the Add-in's consent at any time through the Microsoft 365 admin centre.
7.3 Tenancy and isolation
Plug-in users sit in the same logical tenancy model used by web users;
Application-level access checks enforce that a user can only read data belonging to their own account and, where applicable, their firm's tenant;
Production data is segregated from non-production environments.
7.4 Operational security
Continuous monitoring and centralised logging;
Vulnerability management, periodic penetration testing, and dependency scanning;
Background-checked engineering staff, role-based access to production, and least-privilege principles;
Documented incident response process with defined notification timelines under the DPA.
7.5 Microsoft Store vetting
As part of onboarding to the Microsoft Store, the Add-in has been independently vetted and approved by Microsoft. This vetting is in addition to, not a replacement for, Lucio's own certifications and contractual commitments.
8. AI processing and sub-processors
AI features in the Add-in (summaries, replies, narratives, attachment analysis) are powered by the same Azure OpenAI / Azure AI services used by the Lucio web app, with the same data-handling commitments.
Prompts and the minimum context required to answer them are sent to the AI service over an encrypted channel;
Prompts and content are not used by the underlying model provider to train foundation models;
Voice input is transcribed to text and treated thereafter as a typed prompt; audio is not retained beyond what is needed to deliver the transcription.
A current list of sub-processors is maintained as part of Lucio's DPA and is available on request. Material additions to the sub-processor list are communicated in line with the DPA.
9. Data retention
Mailbox content and uploaded documents are retained for as long as your subscription is active, to support features such as cross-inbox search, citations, and history;
Chat sessions and narratives are retained until you delete them or until your account is terminated;
On termination, customer data is deleted from production systems within the period specified in the DPA, subject to short backup-rotation windows and any legal hold;
Operational logs are retained for the period needed to support security monitoring and forensics, and then deleted on a rolling schedule.
You can delete individual chat sessions at any time from the History panel. Bulk export or deletion requests can be made through the contacts in Section 17.
10. Permissions granted to the Add-in
The Add-in requests the minimum permissions needed to function. The table below summarises them.
Permission | Why it is needed | How to revoke |
Read and write the signed-in user's Outlook mailbox (Microsoft Graph) | To read open emails, threads, folders, and attachments; to draft replies and (where applicable) save Add-in metadata back into the user's context. | Tenant admin: remove the Add-in from the Microsoft 365 admin centre. End user: uninstall the Add-in or contact Lucio support. |
Sign in with Azure SSO | To authenticate the user via the firm's identity provider, without storing passwords. | Revoke consent in the user's Microsoft account or via the tenant admin. |
Use Clerk Auth tokens | To authorise specific actions within the Lucio application layer. | Token lifetimes are short; sign-out invalidates the session. |
Read content of files uploaded by the user | To let the Assistant answer questions about your own draft contracts and memos. | Files can be removed from a session, or the session itself deleted, from the History panel. |
11. Web app vs. Outlook Add-in
The only material difference between the Lucio web app and the Outlook Add-in is the method of data ingress.
Aspect | Lucio Web App | Lucio Outlook Add-in |
Backend & infrastructure | Lucio Azure account | Lucio Azure account (identical) |
Authentication | Clerk Auth | Azure SSO + Clerk Auth |
Storage | MongoDB + Azure Blob (encrypted) | MongoDB + Azure Blob (encrypted) (identical) |
AI services | Azure OpenAI / Azure AI | Azure OpenAI / Azure AI (identical) |
Certifications | ISO 27001, SOC 2 | ISO 27001, SOC 2 + Microsoft Store vetting |
Contracts (DPA, MSA, Privacy Policy) | Apply | Apply (identical) |
Data ingress | User uploads via React front-end | Microsoft Graph API on behalf of the user; up to 10,000 most recent emails on first sign-up, then synchronous updates; plus any user-uploaded documents. |
12. Confidentiality and lawyer-specific considerations
The Add-in is built for lawyers and is designed to respect the confidentiality obligations that apply to legal practice.
Mailbox content is processed only to deliver features you have invoked; it is not surfaced to other customers and is not used to train shared models;
Folder scoping and the Custom filter let you narrow the Add-in's view to a single matter when ethical walls or matter-level confidentiality require it;
Citations on every answer let you verify a date, a name, or a clause against the underlying email or attachment before relying on it;
Narratives are drafting aids only. Lucio is not a replacement for your firm's time-recording system, and final billable narratives remain under the lawyer's review and control.
13. Your rights
Depending on the jurisdiction in which you are located, you may have rights to access, correct, export, restrict, or delete your personal data, and to object to certain processing. Where Lucio acts as a processor on behalf of your firm, requests are normally routed through your firm's privacy team in line with the DPA. Where Lucio acts as controller, requests can be sent directly to the contacts in Section 17.
In all cases you can:
Delete individual chat sessions from the History panel;
Disable Personalisation in Profile to stop the Add-in adapting to your writing style;
Uninstall the Add-in at any time, or ask your tenant administrator to revoke its consent.
14. International data transfers
Lucio stores customer data in the Azure region(s) agreed in the customer's order or DPA. Where personal data is transferred across borders, Lucio relies on appropriate safeguards (such as the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms) as set out in the DPA.
15. Children's privacy
The Add-in is a professional tool intended for use by lawyers and other adult professionals. It is not directed at children and Lucio does not knowingly collect personal data from children under the age of 16.
16. Changes to this Policy
Lucio may update this Policy from time to time to reflect changes to the Add-in, to legal requirements, or to our practices. Material changes will be communicated through the Add-in or by email to the firm's designated contact. The effective date at the top of this document indicates when the current version took effect.
17. Contact us
For questions about this Policy, to exercise rights described above, or to report a security concern, contact:
Privacy enquiries: [email protected]
Security disclosures: [email protected]
General support: [email protected] (or the chat inside the Add-in)
If you believe your firm has a Data Protection Officer or equivalent contact, please raise privacy concerns with them in the first instance; they will engage Lucio under the DPA.