Protecting Your Data on Lumika

1. Scope & Overview

This Privacy Policy explains how Lumika Inc., a Delaware corporation (“Lumika”, “we”, “us”, or “our”), collects, uses, and protects information when you use our AI-powered customer engagement platform to build AI assistants, connect third-party channels, or upload knowledge. It covers all hosted products (dashboard, APIs, widgets, MCP endpoints, and integrations) for marketing automation and customer support across multiple channels.

2. Information We Collect

We collect the minimum data required to provide reliable automations and safeguards:

• Account & workspace details: name, email, role, invitation history, authentication identifiers, and access logs.
• Assistant settings & integrations: assistant names, instructions, LLM options, capability flags, integration tokens/secrets for Telegram, Slack, Meta (Facebook, Instagram, WhatsApp), Discord, API keys, widget tokens, and verification strings.
• Conversation & interaction data: user messages, attachments, summaries, reminder payloads, card drafts, authorization decisions, and delivery metadata produced when Lumika responds on your behalf.
• Knowledge base sources: uploaded PDFs, Notion links, extracted text, embeddings, and document diagnostics tied to each assistant.
• Operational telemetry: feature usage, timestamps, device attributes, IP-based region, error traces, and security events that help us maintain availability.
• Third-party identifiers: workspace IDs, page IDs, phone numbers, and other handles returned by Meta, Slack, Telegram, Discord, or Threads APIs when you connect those services.
• Cookies & local storage: we use essential cookies and browser local storage to maintain your authenticated session, remember workspace preferences, and store consent choices. We do not use advertising or tracking cookies.

3. How We Use Information

• Provide, customize, and maintain the Lumika dashboard, APIs, widgets, reminders, cards generator, and MCP interfaces.
• Generate AI responses by routing your prompts, knowledge base snippets, and instructions to large language models.
• Manage integrations, verify tokens, set webhooks, and sync metadata with Telegram, Slack, Meta, WhatsApp, Discord, and similar networks.
• Detect misuse, enforce workspace permissions, investigate outages, and secure tokens and uploaded content.
• Provide customer support, release notices, billing or audit artifacts, and other communications tied to your account.
• Comply with legal requirements, respond to lawful requests, and protect our rights and the safety of creators and end users.

4. Legal Bases (EEA/UK)

• Performance of a contract: delivering the services you or your workspace have requested.
• Legitimate interests: securing the platform, improving reliability, preventing abuse, and analyzing anonymized usage.
• Consent: processing optional data (e.g., uploaded knowledge bases, cards generation, or promotional messaging) where you have provided explicit permission.
• Legal obligations: maintaining necessary records, honoring data-subject rights, and responding to regulators.

5. Sharing & Disclosure

We do not sell personal data. We share information only with trusted partners who enable core functionality:

• Infrastructure & storage providers (e.g., AWS, managed databases, logging vendors) that host our application and encrypt secrets at rest.

• AI inference providers (OpenAI, Anthropic, xAI/Grok, or comparable LLM APIs) that receive the prompts, instructions, and knowledge segments needed to generate responses. These providers act as processors on our instructions.

• Connected communications platforms (Telegram, Slack, Meta/Facebook, Instagram, WhatsApp, Discord, email, or SMS gateways) solely to deliver the messages, cards, or reminders you authorize.

• Security, compliance, and professional advisors who support audits, incident response, or corporate transactions and who are bound by confidentiality obligations.

• Regulators or law-enforcement agencies when required by applicable law or to protect users, recipients, or Lumika.

6. International Transfers & Retention

Lumika is operated from the United States and uses globally distributed infrastructure. When data is transferred from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses or other recognized safeguards. We retain personal data only for as long as needed to provide the services, comply with legal duties, resolve disputes, and enforce agreements. Workspace owners can delete assistants, integrations, or uploaded knowledge at any time, which triggers our standard removal workflows and downstream cache purges.

7. Security

We protect data in transit via TLS, encrypt tokens and secrets at rest, segregate workspaces, review access logs, and run automated monitoring for anomalous activity. Despite these measures, no system can guarantee absolute security; please notify us immediately if you suspect unauthorized access to your workspace or connected channels.

8. Your Rights & Choices

Depending on where you live, you may have rights to access, correct, delete, export, or object to certain processing. Workspace admins can self-service many requests by editing assistants, rotating tokens, deleting knowledge, or disabling integrations. For requests that require our assistance, contact us at support@lumika.ai and we will respond within the timelines required by law. You can opt out of non-essential communications by using unsubscribe links or adjusting notification preferences.

9. Children & Sensitive Data

Lumika is designed for business use and is not intended for children under 16. You must not upload or stream protected health information, payment card data, government IDs, or other sensitive personal data unless you have documented consent and are legally permitted to process such information.

10. Changes to This Policy

We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will post the revised version with a new “Last Updated” date and, when appropriate, notify workspace owners or admins via email or in-product banners. Continued use of Lumika after the update constitutes acceptance of the revised policy.

11. Contact

For privacy questions, data-subject requests, or security reports, email support@lumika.ai. Please include your workspace ID, the assistant or integration in question, and any relevant jurisdictional deadlines.