Privacy Policy

Effective: April 1, 2026

Your trust matters. This Privacy Policy explains how Lumer AI LLC ("Lumer", "we", "us") collects, uses, and protects your information when you use our personal assistant service (the "Service").

1. What Information We Collect

1.1 Account Information

When you sign up for early access or create an account, we collect your name, email address, and authentication credentials. We use this to identify you, communicate with you, and secure your account.

1.2 Connected Account Data

With your explicit permission, Lumer connects to your email, calendar, and other apps you authorize. We read this data to provide our core features — surfacing what matters, tracking deadlines, and managing your mental load.

Specific permissions we request:

  • Email: Read access to messages, sender/recipient data, timestamps, and attachments (to identify deadlines, important updates, and action items)
  • Calendar: Read access to events, attendees, locations, and metadata (to track appointments and commitments)
  • Contacts: Read access to names and email addresses (to understand relationships and prioritize communications)

Important: This data is processed to help you. We never use it for advertising. We never sell it to third parties. You can disconnect any service at any time from your account settings, and we'll immediately stop accessing that data.

1.3 Questionnaire Responses

During onboarding, we ask about your mental load, household, and priorities. These responses help us tailor Lumer to your needs. They're stored securely and used only to improve your experience.

1.4 Usage & Analytics Data

We collect anonymized usage data (feature interactions, performance metrics, crash reports) to understand how people use Lumer and where we can improve. This data contains no personally identifiable information.

1.5 Device Information

We collect standard device data: IP address, browser type, operating system, device identifiers. This helps us provide technical support and secure your account.

2. How We Use Your Information

  • To provide the Service. Everything Lumer does — reading your inbox, tracking deadlines, sending reminders — requires processing your data.
  • To improve Lumer. We analyze usage patterns to build better features and fix issues.
  • To communicate with you. We send product updates, security alerts, and support responses.
  • To keep things secure. We monitor for fraud, abuse, and security threats.
  • To comply with legal obligations. Sometimes the law requires us to retain or disclose information.

3. AI Processing & Third-Party Services

Lumer uses AI models (including third-party providers like OpenAI, Anthropic, and others) to understand your emails, calendar events, and connected data. When we send your data to these providers for processing:

  • It's encrypted in transit (TLS 1.3+) and at rest (AES-256)
  • It's used only to generate responses and insights for you
  • It is never used to train AI models — we maintain strict data processing agreements with all AI providers that explicitly prohibit using your data for model training or improvement
  • Data is processed in secure, isolated environments with no cross-customer data access

Your data, your control: If you have concerns about specific AI providers, contact us at privacy@lumer.ai to discuss your options.

4. OAuth & Third-Party Authorization

When you connect your email, calendar, or other services to Lumer, we use OAuth 2.0 — an industry-standard authorization protocol that lets you grant us access without sharing your passwords.

How it works:

  • You authenticate directly with your service provider (Gmail, Outlook, etc.)
  • You explicitly approve the specific permissions Lumer requests
  • We receive a secure access token — never your password
  • You can revoke access anytime from your account settings or the service provider

We only request the minimum permissions needed to provide our service. We never request write access unless absolutely necessary for a specific feature you enable.

5. Data Sharing & Disclosure

We do not sell your personal data.

We share limited information only in these situations:

  • Service providers. Hosting, analytics, and infrastructure providers who help us run Lumer. They're bound by strict data protection agreements.
  • Legal requirements. If compelled by law, court order, or government request.
  • Business transfers. If Lumer is acquired or merged, your data may transfer to the new entity (with the same privacy protections).
  • With your consent. If you explicitly authorize us to share your data.

6. Data Retention & Deletion

We retain your account data while your account is active. If you delete your account, we permanently remove your personal data within 30 days.

Some anonymized usage data may be retained longer for analytics, but it cannot identify you.

7. Your Privacy Rights

Depending on where you live, you may have these rights:

  • Access. Request a copy of your personal data.
  • Correction. Update inaccurate or incomplete information.
  • Deletion. Request deletion of your account and data (we'll complete this within 30 days).
  • Export. Download your data in JSON or CSV format.
  • Opt-out. Unsubscribe from marketing emails (product updates and security alerts are required).
  • Restrict processing. Limit how we use your data in certain situations.
  • Object. Object to processing based on legitimate interests.

7.1 California Residents (CCPA)

If you're a California resident, you have additional rights under the California Consumer Privacy Act:

  • Know. What personal information we collect, use, disclose, and sell (we don't sell)
  • Delete. Request deletion of your personal information
  • Opt-out. Opt out of the sale of personal information (not applicable — we don't sell)
  • Non-discrimination. We won't discriminate against you for exercising your rights

To exercise any of these rights, email us at privacy@lumer.ai. We'll respond within 30 days.

8. Security

We implement industry-standard security measures:

  • Encryption: TLS 1.3+ in transit, AES-256 at rest
  • Access controls: Role-based permissions, multi-factor authentication, and least-privilege principles
  • Regular audits: Security audits, vulnerability scanning, and penetration testing
  • Monitoring: 24/7 monitoring for suspicious activity and automated threat detection
  • Secure infrastructure: Data hosted with SOC 2 Type II certified providers
  • Employee training: Regular security awareness training for all team members

8.1 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

  • Notify you within 72 hours of discovering the breach
  • Explain what data was affected and what we're doing to address it
  • Provide guidance on steps you can take to protect yourself
  • Notify relevant authorities as required by law

No system is perfectly secure, but we take your data protection seriously and continuously work to improve our security posture.

9. Cookies & Tracking

Our website uses cookies for:

  • Essential functionality. Authentication, security, and preferences.
  • Anonymous analytics. Understanding how people use our site.

We do not use advertising or cross-site tracking cookies. You can disable cookies in your browser, but some features may not work.

10. International Data Transfers

Lumer operates globally. If you're outside the United States, your data may be transferred to and processed in the US or other countries where our service providers operate.

We ensure adequate protections through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all third-party processors
  • EU-U.S. Data Privacy Framework compliance (when applicable)
  • Equivalent protections regardless of where data is processed

If you have questions about international data transfers, contact privacy@lumer.ai.

11. Children's Privacy

Lumer is not intended for users under 13. We do not knowingly collect data from children. If you believe we've collected data from a child, contact us immediately at privacy@lumer.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we'll notify you at least 30 days before they take effect — via email or a prominent notice in the Service.

Continued use after changes means you accept the updated policy.

13. Contact Us

Questions, concerns, or privacy requests? Reach us at:

Lumer AI LLC
Email: privacy@lumer.ai
General inquiries: hello@lumer.ai