Lumari's Privacy Policy and Terms of Use

This Privacy Policy and Terms of Use describe how Lumari ("we," "us," or "our") collects, uses, stores, and shares information when you use our platform. This policy applies to all users of our platform. We do not sell your data or use your content to train AI models without explicit consent. If you do not agree with our policies and practices, please do not use our services.

For our enterprise customers: We understand you may have specific compliance requirements and data protection needs. We are committed to working closely with enterprise customers to address your unique privacy and security concerns. Please contact us at enterprise@lumari.com to discuss custom data processing agreements or modifications to these terms.

1. Information We Collect

We collect and use the following types of information when you use our platform. Our platform may integrate with third-party services that operate independently from us. This Privacy Policy does not apply to such third parties, and their data practices are subject to their own privacy policies.

a. Account Information

When you register for our platform, we collect necessary information such as name, password, and email. We also maintain records of correspondence, customer support interactions, and information you provide when filling out forms or configuring your account.

b. Customer Data

To provide our services, we process customer data that you choose to input into our platform, including but not limited to information about your business operations, workflows, and application configurations. You are responsible for ensuring you have appropriate consent from your customers or end-users for sharing their data with our service. We treat all customer data as confidential and process it solely for the purpose of providing our services to you.

c. Usage Information

We collect information regarding your use of the platform (e.g., date and time you log in, features you use, platform interactions) to maintain, support, and improve our services. This usage data is collected in an aggregated and anonymized form wherever possible and is used primarily for service optimization and troubleshooting.

d. Technical Information

We collect certain technical information such as IP address, browser type, device information, and system logs to ensure optimal platform performance and security. We use cookies and authentication tokens for secure login sessions and to provide a consistent user experience. You can manage cookie preferences through your browser settings.

2. How We Use Your Information

We use the information we collect only for the following specific purposes:

• To provide, maintain, and improve our platform and services
• To authenticate users and secure access to your account
• To respond to your requests and provide customer support
• To send service notifications and essential communications
• To detect and prevent security incidents and protect against fraudulent activity
• To comply with applicable legal obligations
• To measure and improve platform performance and user experience

3. Data Sharing

We limit the sharing of your data to what is necessary to provide our services. We do not sell, rent, or trade your personal information or customer data to third parties. We may share your information in the following limited circumstances:

• With service providers who help us operate our platform, subject to confidentiality agreements
• When required by law or to protect our legal rights
• In connection with a business transaction such as a merger or acquisition, with appropriate confidentiality safeguards

a. LLM Integration

We use the OpenAI, Gemini, and Anthropic API to power certain AI features in our platform. When you use these features, your prompts and related content are shared with OpenAI, Gemini, and Anthropic solely for the purpose of generating responses. This data is subject to OpenAI's Enterprise Privacy policy, Gemini's Enterprise Privacy policy, and Anthropic's Enterprise Privacy policy.

4. Data Storage and Security

We implement industry-standard technical, administrative, and physical safeguards to protect your information. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and employee training on data protection.

We store your data in secure cloud environments with leading providers that maintain stringent security certifications. Lumari is SOC 2 compliant, demonstrating our commitment to security, availability, and confidentiality. While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We continuously evaluate and enhance our security practices to protect your data.

Your Data is Your Data: We do not use your customer data to train AI models or for any purpose other than providing our services to you, unless we receive your explicit consent. Enterprise customers can request additional data protection terms through a custom Data Processing Agreement.

5. Minors

Our platform is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect information from minors. If we discover that we have inadvertently collected personal information from a minor, we will promptly delete that information. If you believe we might have information from or about a minor, please contact us at privacy@lumari.com.

6. Your Data Ownership and Rights

You retain all rights, title, and interest in and to your data. We process this data solely on your behalf and in accordance with your instructions. Depending on your location, you may have specific rights regarding your personal information:

• Access: You can request copies of your personal information
• Correction: You can request that we correct inaccurate information
• Deletion: You can request that we delete your personal information
• Data portability: You can request a copy of your data in a structured, machine-readable format
• Objection: You can object to certain types of processing

To exercise these rights, please contact us at privacy@lumari.com. We will respond to all legitimate requests within the timeframes required by applicable law. We retain your data only for as long as necessary to provide our services and fulfill the purposes outlined in this policy, or as required by law.

7. Enterprise Data Protection

For enterprise customers with specific compliance needs, we offer custom Data Processing Agreements (DPAs) that may include:

• Additional data processing terms
• Enhanced security commitments
• Data residency options
• Specific breach notification procedures
• Return or deletion of data upon contract termination

To request a DPA or discuss specific compliance requirements, please contact us at enterprise@lumari.com.

8. Contact Us

If you have any questions or concerns about our Privacy Policy or data practices, please contact:

Privacy Team
Lumari, Inc.
Email: privacy@lumari.com

9. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes through the platform or via email before they take effect. The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of our platform after any changes indicates your acceptance of the updated policy. For significant changes, we may request a renewed consent.

10. Account Termination

We reserve the right to terminate accounts for violations of our Terms of Use, including breach of security, abuse of our platform, or illegal activities. Upon termination:

• We will provide notice when possible, except in cases of serious violations
• You may request export of your data before account closure, subject to technical limitations
• We will retain your data only as required by law or as necessary to protect our legal interests

11. Governing Law

These Terms of Use and your use of the platform are governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles. For enterprise customers, governing law may be specified in your service agreement.

12. Consent

By using our platform, you consent to the collection, use, and processing of your information as described in this Privacy Policy. You have the right to withdraw consent for future processing by contacting us, though this may affect our ability to provide certain services. Enterprise customers may negotiate different consent requirements in their service agreements.

13. Pricing and Billing

a. Pricing Changes

We will provide at least 30 days' notice for any price changes to existing subscriptions. Changes will take effect at the beginning of your next billing cycle after the notice period. Enterprise customers with fixed-term contracts will maintain their agreed pricing until renewal.

b. Enterprise Agreements

Enterprise customers may negotiate custom pricing, payment terms, and volume discounts. These terms will be specified in your Enterprise Service Agreement and will supersede the standard terms in this policy.

14. Feedback and Intellectual Property

When you provide feedback on our platform, you grant us a license to use that feedback to improve our services. However:

• We will obtain your permission before using your feedback in external marketing
• You can request removal of testimonials or case studies at any time
• Confidential information shared during feedback remains protected under our confidentiality obligations

15. Communications

We send three types of communications:

• Service communications (essential for platform use, such as security alerts)
• Account communications (related to your subscription and usage)
• Marketing communications (which you can opt-out of at any time)

To manage your communication preferences or opt out of marketing communications, adjust your settings in the platform or contact privacy@lumari.com