Headlines— AI-generated summaries of transcript segments that help you quickly understand what each part of a session is about.

Suggested Findings — AI-suggested research findings linked to your defined stakeholder goals.
​
​Eureka Button — A button in the player that lets you flag a moment during a live session or while reviewing a recording. When pressed, Eureka uses the surrounding transcript to understand and summarize what you wanted to capture.

Discover — A conversational AI assistant that lets you ask questions about your research data across sessions.

Transcription — Automatic speech-to-text transcription of session audio.

These features are available on all plans that include AI capabilities.

Both providers are accessed via secured, authenticated API connections with TLS 1.2+ encryption.

Processing regions: United States and Ireland.

Raw audio, video, screen recordings, and camera feeds are never sent to OpenAI. Only text data is sent.

Your data is not used for model training. Both OpenAI and AssemblyAI are contractually obligated not to train or fine-tune their models on data submitted via their APIs. Lookback does not build, fine-tune, or train its own models.

Discover conversations: OpenAI retains conversational data until deleted by your team or upon termination of your agreement with Lookback.

Other AI processing (Headlines, Suggested Findings, etc.): OpenAI retains API request data for up to 30 days.

AssemblyAI: Deletes audio data upon transcription job completion.

Session data, transcripts, and AI-generated content (summaries, findings, headlines) are retained until manually deleted by your team or upon agreement termination.

If no action is taken, data is retained for 90 days after subscription end to allow for export or reactivation. After that, data is removed from primary systems within 30 days, and from backups within a further 90 days.

If your team manually deletes the organization before the 90-day window ends, data is removed from primary systems within 30 days, and from backups within a further 90 days.

Enterprise customers can configure automatic recording deletion after a set number of days. Recordings past the retention period are deleted from primary systems immediately, and from backups within 90 days. Users receive email notifications before recordings reach the retention threshold.

Discover conversations are not automatically removed when individual recordings or sessions are deleted, and may still contain information from those sessions. Conversations can be deleted individually by the user who created them. When a conversation is deleted, it is also removed from OpenAI.

We log that AI processing took place (metadata such as timestamps and token counts), but not the content of prompts or outputs.

AI-generated content assists researchers — it is not used for autonomous decision-making. All AI outputs are clearly labeled and editable. Researchers make the final determination on what constitutes a valid finding.

Access to AI-generated results and Discover chat history follows the same role-based access model as all platform data. Only authenticated members of your organization can access your data.

Enterprise customers have additional controls:

- Observer role — view-only access for stakeholders

- Default to Private projects — restrict access to specific project members

- SAML SSO — centralized authentication and access management

Lookback provides an MCP server that allows you to connect external LLMs to your Lookback data for research analysis.

What MCP exposes: Session transcripts, session names and metadata, project names, task instructions and answers. Video and audio are not exposed — MCP provides links to the Lookback player instead.

Authentication: Connecting your own LLMs uses your standard Lookback credentials via OAuth.

Logging: Prompts and outputs are not logged when MCP is used.

Based on our assessment, Lookback's AI features are classified as **limited risk** and **minimal risk** under the EU AI Act (Regulation (EU) 2024/1689). None of Lookback's AI systems fall into the high-risk categories defined in Annex III of the Act. Those categories cover systems used for consequential decisions about people, such as employment screening, credit scoring, or education assessment. Lookback's AI is a research analysis tool: it helps researchers summarize and organize qualitative data, but does not score, rate, or evaluate research participants.

- Limited risk (transparency obligations apply): Discover and AI Moderator, because they interact directly with users. These features clearly indicate that the user is interacting with AI.

- Minimal risk (no specific regulatory requirements): Headlines, Suggested Findings, Eureka summaries, and Transcription. These are assistive features that support researcher analysis without replacing human judgment.

All AI-generated content in Lookback is clearly labeled as AI-generated and is fully editable and deletable by researchers.

The EU AI Act and GDPR apply independently and in parallel. Lookback's existing GDPR compliance (DPA/SCC with providers, data minimization, deletion lifecycle, lawful processing basis) continues to apply to all AI processing. The AI Act does not change data protection obligations or introduce new legal bases for processing personal data.

Lookback maintains a formal AI Governance and Risk Management Policy covering trustworthy AI principles, AI system inventory, periodic auditing, risk tolerance, and personnel training.

All AI sub-processors operate under Data Processing Agreements with Standard Contractual Clauses and are reviewed at least annually.

Your organization is responsible for collecting any required consent from research participants, including consent related to AI-based analysis.

- Processors & Sub-processors

- Security Overview

- Security FAQ

- GDPR Compliance

For questions, reach out to your account manager or contact security@lookback.io.

Lookback's AI features are opt-out. Your organization can disable them in their organization settings. When disabled, no data is sent to AI providers.
​