Privacy Policy

Last Updated: 3 May 2025

At Lumman.ai, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered services.

1. Who We Are

Lumman.ai is operated by Lumman Ltd, a company incorporated in England and Wales (Company Number: 15425759) with its registered office at 1 Kings Avenue, London, N21 3NA, United Kingdom.

Contact Information:

• Contact Form: https://www.lumman.ai/contact
• Address: 1 Kings Avenue, London, N21 3NA, United Kingdom

For the purposes of data protection law, Lumman Ltd is the data controller of your personal data.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, username, and password when you create an account
• Payment Information: Billing details processed securely through our payment processor Stripe
• Communications: Messages you send to our support team
• Content: Text, images, or other content you input into our AI services

2.2 Information We Collect Automatically

• Usage Data: How you interact with our services, features used, and time spent
• Technical Data: IP address, browser type, device information, and operating system
• Analytics Data: Website performance metrics collected through Vercel Analytics
• Chat History: Conversations with our AI services (which you can delete at any time)

2.3 Information We Don't Collect

• We do not collect data to train our own AI models
• We do not use tracking pixels from Google, Facebook, or other social media platforms
• We do not sell your personal data to third parties

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 Service Provision (Legal Basis: Contract Performance)

• Providing access to our AI-powered services
• Processing your requests and generating AI responses
• Managing your account and subscriptions
• Processing payments securely

3.2 Service Improvement (Legal Basis: Legitimate Interest)

• Analyzing usage patterns to improve our services
• Developing new features and capabilities
• Ensuring service security and preventing abuse

3.3 Communication (Legal Basis: Contract Performance/Legitimate Interest)

• Sending service-related notifications
• Providing customer support
• Sending important updates about our services

3.4 Legal Compliance (Legal Basis: Legal Obligation)

• Complying with applicable laws and regulations
• Responding to legal requests when required

4. Third-Party AI Services

Our platform integrates with various AI service providers including:

• OpenAI
• Anthropic (Claude)
• Google (Gemini)
• Flux
• Kling AI
• Eleven Labs
• Mistral AI

Important: When you use our services, your inputs may be processed by these third-party providers. Each provider has their own privacy policies and data handling practices. We encourage you to review their policies:

• OpenAI Privacy Policy
• Anthropic Privacy Policy
• Google Privacy Policy

We do not control how these providers process your data, but we select providers who maintain appropriate data protection standards.

5. Data Sharing and Disclosure

We may share your information in the following limited circumstances:

5.1 Service Providers

• Vercel: Hosting and analytics services (USA)
• Stripe: Payment processing (secure handling of payment data)
• AI Providers: As necessary to provide AI services (see Section 4)

5.2 Legal Requirements

We may disclose your information if required by law, court order, or to:

• Protect our rights and property
• Prevent fraud or abuse
• Comply with legal obligations
• Protect the safety of users or the public

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction.

6. International Data Transfers

Our services are hosted on Vercel infrastructure in the United States. When you use our services, your data may be transferred to, stored, and processed in the US and other countries where our service providers operate.

For EU/UK Users: We ensure appropriate safeguards are in place for international transfers, including:

• Adequacy decisions where available
• Standard Contractual Clauses (SCCs)
• Additional technical and organizational measures

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Account Data: Until you delete your account
• Chat History: Until you delete it or close your account
• Payment Data: As required for tax and accounting purposes (typically 7 years)
• Analytics Data: Aggregated data may be retained for up to 2 years

8. Your Rights

You have the following rights regarding your personal data:

8.1 Access and Portability

• Request a copy of your personal data
• Download your chat history and account data

8.2 Correction and Updates

• Correct inaccurate or incomplete information
• Update your account details

8.3 Deletion

• Delete individual chats or conversations
• Delete your entire account and associated data
• Request deletion of specific data categories

8.4 Control and Objection

• Object to certain processing activities
• Withdraw consent where processing is based on consent
• Restrict processing in certain circumstances

8.5 Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affects you. Our AI services provide suggestions and content, but final decisions remain with you.

Exercising Your Rights: Use our contact form at https://www.lumman.ai/contact to exercise any of these rights.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: Data in transit and at rest
• Access Controls: Limited access on a need-to-know basis
• Regular Security Reviews: Ongoing assessment of our security practices
• Secure Infrastructure: Industry-standard hosting and security measures

10. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

11. Cookies and Tracking

We use minimal cookies and tracking technologies:

11.1 Necessary Cookies

• Authentication and session management
• Security and fraud prevention
• Basic functionality and preferences

11.2 Analytics

• Vercel Analytics for performance monitoring
• No personally identifiable information in analytics data

We do not use advertising cookies or third-party tracking pixels. See our [Cookie Policy] for more details.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make significant changes, we will:

• Post the updated policy on our website
• Send notification via email for registered users
• Update the "Last Updated" date

Continued use of our services after changes indicates acceptance of the updated policy.

13. Regional Specific Information

13.1 For EU/UK Residents

• Legal Basis: We process your data based on contract performance, legitimate interest, consent, or legal obligation
• Data Protection Officer: For privacy matters, use our contact form at https://www.lumman.ai/contact
• Supervisory Authority: You may lodge complaints with your local data protection authority

13.2 For California Residents (CCPA)

You have additional rights under the California Consumer Privacy Act:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (we don't sell your data)
• Right to non-discrimination for exercising CCPA rights

14. AI-Specific Considerations

14.1 AI-Generated Content

• AI responses may not always be accurate or appropriate
• You should verify important information independently
• We are not responsible for decisions made based on AI outputs

14.2 Training Data

• We do not use your conversations to train AI models
• Third-party AI providers may have different practices
• Your inputs help improve our service recommendations only

15. Contact Us

If you have any questions about this Privacy Policy or our data practices:

• Contact Form: https://www.lumman.ai/contact
• Address: Lumman Ltd, 1 Kings Avenue, London, N21 3NA, United Kingdom

For urgent privacy matters, please mark your message as "URGENT - Privacy Request" when using our contact form.

---

This Privacy Policy is designed to comply with UK GDPR, EU GDPR, CCPA, and other applicable privacy laws. It reflects our commitment to transparency and your privacy rights.