Lumenfall
Log In
Sign Up

Legal

Privacy Policy

Last updated: December 11, 2025

At Lumenfall, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services. Please read this policy carefully to understand our practices regarding your personal data.

1. Information We Collect

Information You Provide

We collect information you voluntarily provide when using our Service:

  • Account Information: Name, email address, and password when you create an account
  • Organization Information: Company name, billing address, and team member details
  • Payment Information: Payment card details (processed securely through Stripe)
  • Communications: Messages you send to our support team or through feedback forms

Information Collected Automatically

When you use our Service, we automatically collect:

  • Usage Data: API call metadata, including timestamps, models used, request/response sizes, and processing times
  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Log Data: Server logs including access times, pages viewed, and referring URLs
  • Cookies: Session cookies and authentication tokens necessary for the Service to function

Information from Third Parties

We may receive information about you from:

  • Authentication providers if you sign in using a third-party service
  • Payment processors regarding transaction status
  • AI providers regarding usage and compliance

2. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Process API requests, manage your account, and deliver our core functionality
  • Process Payments: Handle billing, invoicing, and payment processing
  • Improve the Service: Analyze usage patterns, optimize performance, and develop new features
  • Communicate with You: Send service updates, security alerts, and respond to support requests
  • Ensure Security: Detect and prevent fraud, abuse, and unauthorized access
  • Comply with Legal Obligations: Meet regulatory requirements and respond to legal requests

3. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Account Data: Retained while your account is active and for a reasonable period thereafter
  • API Request Logs: Retained for 90 days for operational purposes, then aggregated for analytics
  • Billing Records: Retained for 7 years to comply with financial regulations
  • Support Communications: Retained for 2 years after resolution

You may request deletion of your data at any time, subject to legal retention requirements.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share data with trusted third-party service providers who assist us in operating the Service:

  • Cloud Infrastructure: Cloudflare for hosting and CDN services
  • Payment Processing: Stripe for secure payment handling
  • AI Providers: Google, OpenAI, and others to process your API requests
  • Analytics: To understand usage patterns and improve our Service

Legal Requirements

We may disclose your information if required by law, court order, or government request, or if we believe disclosure is necessary to protect rights, property, or safety.

Business Transfers

If Lumenfall is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements for all systems
  • Employee training on data protection and security practices
  • Incident response procedures for potential security breaches

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at [email protected]. We will respond within 30 days.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and security (cannot be disabled)
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use the Service

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect functionality.

8. International Data Transfers

We operate globally and may transfer your information to countries outside your residence. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with all service providers
  • Compliance with applicable data protection frameworks

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.

10. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at [email protected] or call us at the number provided in the Contact section.

11. European Privacy Rights

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the GDPR:

  • The right to lodge a complaint with your local data protection authority
  • The right to know the legal basis for processing your data
  • The right to data portability in a commonly used format

Our legal bases for processing include: performance of contract, legitimate interests, compliance with legal obligations, and consent (where applicable).

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last updated" date
  • Sending an email to the address associated with your account
  • Displaying a notice in our dashboard

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

We aim to respond to all inquiries within 30 days.