Privacy Policy

Last Updated: January 1, 2025

Lumify AI, Inc. ("Lumify," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we handle information when you access or use our website, SaaS platform, APIs, browser extensions, integrations, and any related online services (collectively, the "Services").

Lumify is designed to operate with minimal data collection, and we do not collect or share personally identifiable information ("PII") except where explicitly provided by customers for account setup or troubleshooting. We do not sell or share personal information for advertising or commercial cross-context purposes.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

Lumify is engineered to limit the collection of personal information. We collect only what is necessary to operate the Services and support customers.

1.1 Information You Provide Voluntarily

You may provide limited personal information when you:

  • Create an account or sign in
  • Submit a support request
  • Communicate with us via email or chat
  • Configure your Lumify workspace

This may include:

  • Name
  • Email address
  • Organization name
  • Troubleshooting logs or diagnostic data you choose to send

We do not require or request personal information from end users of your website, and we do not ingest or enrich personal data as part of search indexing, analytics, or service delivery.

1.2 Information Collected Automatically (Non-PII)

We collect minimal technical information to operate the Services, such as:

  • Browser type, device type, operating system
  • IP address (stored transiently for security and rate limiting, not linked to identity)
  • System performance metrics
  • Query volume counts
  • Technical logs for debugging

We do not build user profiles, track individuals, or combine usage data across customers.

1.3 Customer Data

"Customer Data" means information you submit to the Lumify platform, including:

  • Website content
  • Search indexes
  • Q&A pairs
  • Custom flows, models, or configurations

Lumify processes Customer Data solely to provide the Services and does not use Customer Data for advertising, marketing, or unrelated purposes.

2. How We Use Information

We use limited personal or technical information only to:

  • Operate and maintain the Services
  • Authenticate users and secure accounts
  • Detect and prevent misuse or security threats
  • Provide customer support or troubleshoot issues
  • Improve system performance and reliability
  • Comply with legal obligations

We do not:

  • ❌ Sell personal information
  • ❌ Share personal information with third parties for marketing
  • ❌ Use Customer Data or limited personal information for AI training unless fully de-identified or explicitly authorized by the customer

We may generate aggregate, de-identified data (e.g., performance metrics) for internal analytics and product improvement.

3. How We Share Information

Lumify only shares information when necessary for service delivery or when required by law.

We may share non-PII or limited user-provided data with:

3.1 Service Providers

Examples include:

  • Cloud hosting providers (e.g., AWS, GCP, Azure)
  • Error monitoring and diagnostics
  • Billing processors
  • Customer support tools

Service providers act under data-processing agreements and may not use data for their own purposes.

3.2 Legal Compliance

We may disclose information when required to:

  • Comply with applicable law
  • Respond to lawful requests
  • Protect the security or integrity of the Services

3.3 Business Transfers

If Lumify participates in a merger, acquisition, financing, or sale, Customer Data and system logs may be transferred under confidentiality terms.

4. Cookies and Tracking Technologies

Lumify uses minimal and non-intrusive cookies, primarily for:

  • Authentication
  • Session management
  • Security and rate limiting
  • Product functionality

We do not use:

  • ❌ Third-party advertising cookies
  • ❌ Behavioral tracking technologies
  • ❌ Cross-site tracking

Users may control cookies through their browser settings.

5. Customer Data Responsibilities (SaaS Model)

For Customer Data processed through the Services:

  • You are the "data controller."
  • Lumify is the "data processor."
  • Lumify acts solely according to customer instructions.
  • You are responsible for ensuring you have the right to submit Customer Data.
  • Lumify does not access Customer Data except for troubleshooting or maintaining system performance.

Lumify provides a Data Processing Addendum (DPA) for customers subject to GDPR, CPRA, UK GDPR, and other data protection laws.

6. Data Retention

Lumify retains:

  • Account information only while your account is active
  • Troubleshooting logs for the minimum feasible duration
  • Customer Data only as required to provide the Services

We delete Customer Data in accordance with:

  • Account settings
  • Contract terms
  • Customer instructions
  • Applicable laws

7. Data Security

We implement appropriate administrative, technical, and physical safeguards, including:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Network and application firewalls
  • Regular security assessments
  • Monitoring for anomalies and abuse

No system is completely secure, and we cannot guarantee absolute security.

8. International Data Transfers

Lumify may transfer data to the United States or other jurisdictions where our systems operate. We implement safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • DPAs with subprocessors
  • Additional technical measures where required

9. Your Rights

Depending on your location, you may have rights to:

  • Access information we hold
  • Request correction or deletion
  • Opt out of marketing
  • Restrict or object to processing
  • Request portability of your data
  • File a complaint with a regulator

To exercise your rights, contact: privacy@lumify.ai

Lumify will never discriminate against users for exercising privacy rights.

10. Children's Privacy

Lumify does not target or knowingly collect personal information from children under 16.

11. Third-Party Links

The Services may contain links to third-party websites or integrated tools. Lumify is not responsible for those third parties' privacy practices.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by:

  • Updating the "Last Updated" date
  • Posting the revised policy
  • Providing in-product or email notice (for changes that materially affect your rights)

Continued use of the Services constitutes acceptance of updates.

13. Contact Us

Lumify AI, Inc.
Email: legal@lumify.ai

Contact us if you have any questions about this Privacy Policy.