Privacy Policy

Last Updated: November 5, 2025

At Lumi, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our AI chat agent platform.

1. Information We Collect

1.1 Information You Provide

When you use Lumi, you directly provide us with:

Account Information:

Name and email address
Password (encrypted)
Organization/workspace details
Payment information (processed through Stripe)

Content and Data:

System prompts and chat agent configurations
Conversation data between your chat agents and end users
Customer information and enrichment data
Files and documents uploaded for RAG (knowledge base)
Custom memory entries
Integration credentials (Gitbook, LINE, etc.)

Support Communications:

Messages sent to our support team
Feedback and feature requests

1.2 Information Collected Automatically

Usage Data:

IP address and device information
Browser type and version
Pages visited and features used
Time and date of access
Referring website
Click and interaction data

Performance Data:

API response times
Error logs and debugging information
Chat agent performance metrics
Usage statistics and analytics

Cookies and Tracking:

We use cookies and similar technologies for authentication, preferences, and analytics
You can control cookies through your browser settings

1.3 Information from Third Parties

OAuth Providers (Google):

When you sign in with Google, we receive your name, email, and profile picture
We only request necessary permissions

Payment Processor (Stripe):

Payment method details (we do not store full credit card numbers)
Transaction history and billing information

API Providers:

We send your prompts and queries to Groq API and Google AI for processing
These providers have their own privacy policies

2. How We Use Your Information

We use your information to:

2.1 Provide Services

Create and manage your account
Deploy and operate your chat agents
Process conversations and generate AI responses
Store and retrieve knowledge base content (RAG)
Enable integrations with third-party services
Process payments and manage subscriptions

2.2 Improve and Develop

Analyze usage patterns to improve features
Debug issues and optimize performance
Develop new capabilities and integrations
Conduct research and analytics

2.3 Communicate

Send service updates and announcements
Respond to support requests
Notify about account or billing issues
Share feature releases and tips (you can opt out)

2.4 Security and Compliance

Detect and prevent fraud or abuse
Enforce our Terms and Conditions
Comply with legal obligations
Protect our rights and property

We do NOT sell your personal information. We may share your data in these limited circumstances:

3.1 Service Providers

We work with third-party vendors who help us operate our service:

Supabase: Database and authentication infrastructure
Stripe: Payment processing
Groq: AI language model processing
Google AI: Embedding generation for RAG
Cloud hosting providers: Infrastructure and storage

These providers are contractually obligated to protect your data and use it only for specified purposes.

3.2 Your Chat Agent End Users

Conversations between your chat agents and end users are visible to you (the workspace owner)
You control what data your chat agents collect and how they respond

3.3 Legal Requirements

We may disclose information if required to:

Comply with laws, regulations, or court orders
Protect rights, property, or safety
Detect or prevent fraud or security issues
Enforce our Terms and Conditions

3.4 Business Transfers

If Lumi is acquired or merged, your information may be transferred to the new entity. We will notify you of such changes.

We may share information for other purposes with your explicit consent.

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored in secure cloud infrastructure powered by Supabase
Data centers are located in [specify regions]
We use industry-standard encryption in transit (TLS/SSL) and at rest

4.2 Security Measures

We implement security measures including:

Encrypted data transmission and storage
Regular security audits and updates
Access controls and authentication
Secure API key management
Monitoring for suspicious activity
Regular backups

4.3 Data Retention

Active accounts: Data is retained as long as your account is active
Deleted accounts: Data is permanently deleted within 30 days
Legal retention: Some data may be retained longer for compliance purposes
Backups: Deleted data in backups is removed according to our backup rotation schedule

4.4 Your Responsibilities

You are responsible for:

Keeping your password secure
Controlling access to your workspace
Managing team member permissions
Reviewing chat agent responses for compliance

5. Your Rights and Choices

Depending on your location, you may have the following rights:

5.1 Access and Portability

Request a copy of your personal data
Export your chat agent configurations and conversation data
Download your knowledge base content

5.2 Correction and Updates

Update your account information at any time
Correct inaccurate data
Modify chat agent settings and prompts

5.3 Deletion

Delete individual conversations or memory entries
Delete your entire account through account settings
Request complete data deletion (contact support)

5.4 Opt-Out

Unsubscribe from marketing emails
Disable certain types of data collection
Opt out of analytics (may limit functionality)

5.5 Object and Restrict

Object to certain data processing activities
Restrict how we use your data
Withdraw consent where processing is based on consent

5.6 Exercise Your Rights

To exercise these rights, email us at: [email protected] or use your account settings.

6. Children's Privacy

Lumi is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it immediately.

7. International Data Transfers

If you are located outside the region where our servers are located, your data may be transferred internationally. We ensure appropriate safeguards are in place for such transfers.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

Essential cookies: Required for authentication and core functionality
Preference cookies: Remember your settings and preferences
Analytics cookies: Help us understand how you use the service
Marketing cookies: Currently not used (future optional)

8.2 Managing Cookies

You can control cookies through:

Your browser settings
Our cookie consent banner
Opt-out links for analytics services

Note: Disabling essential cookies may affect functionality.

9. Third-Party Links and Services

Our service may contain links to third-party websites or integrate with external services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies:

10. AI and Machine Learning

10.1 How We Use AI

We use Groq API and Google AI to power chat responses
Your prompts and queries are sent to these providers
AI models may learn from aggregated, anonymized data (per provider policies)

10.2 Your Control

You control what data is included in prompts
You can configure system prompts and memory settings
You can enable/disable specific AI features

10.3 AI Accuracy

AI-generated content may contain errors or inaccuracies
You are responsible for reviewing AI outputs
We do not guarantee correctness of AI responses

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

11.1 Right to Know

Categories of personal information collected
Sources of information
Purposes for collection
Third parties we share with

11.2 Right to Delete

Request deletion of your personal information (subject to exceptions).

11.3 Right to Opt-Out

We do not sell personal information, so no opt-out is needed for sales.

11.4 Non-Discrimination

We will not discriminate against you for exercising your rights.

11.5 Authorized Agent

You may designate an authorized agent to make requests on your behalf.

Contact for CCPA requests: [email protected]

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation:

12.1 Legal Basis for Processing

We process your data based on:

Contract performance: To provide our service
Legitimate interests: To improve and secure our service
Consent: For optional features (you can withdraw anytime)
Legal obligations: To comply with laws

12.2 Data Protection Officer

For GDPR inquiries, contact: [email protected]

12.3 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically
We will notify you of material changes via email or service notification
The "Last Updated" date will reflect the latest revision
Continued use after changes constitutes acceptance
You may request previous versions by contacting us

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

Email: [email protected] Support: [email protected]

For data subject access requests, account deletion, or privacy inquiries, please include:

Your name and email address
Description of your request
Proof of identity (if required for security)

We will respond to requests within 30 days.

Summary (TL;DR)

What we collect: Account info, chat data, usage stats, and content you provide How we use it: To run your chat agents, improve the service, and provide support Who we share with: Service providers only (Supabase, Stripe, Groq, Google AI) - we never sell your data Your control: You can access, export, modify, or delete your data anytime Security: We encrypt data and follow industry best practices Questions?: Contact [email protected]

By using Lumi, you consent to this Privacy Policy. Thank you for trusting us with your data!

PreviousReference NextTerms and Conditions

Last updated 1 month ago

Good evening