Privacy policy
Last updated:
We'll keep this simple.
At Lumio, we believe you should know exactly what data we collect, why we collect it, and what we do with it — in language that doesn't require a law degree. This policy covers everything.
If you have questions after reading it, email us at privacy@lumio.so. A real person will respond.
1. Who we are
Lumio, Inc. ("Lumio," "we," "us," or "our") operates the Lumio platform, available at lumio.so. We provide a no-code interface builder that allows founders to create, launch, and grow AI-powered products.
2. What data we collect
Data you give us directly
Name and email address when you create an account
Billing information (processed and stored by Stripe — we never see or store your full card details)
Profile information you choose to add
Support messages and communications you send us
Data we collect automatically
Log data: your IP address, browser type, pages visited, time spent, and referring URLs
Device information: device type, operating system, and browser version
Usage data: which features you use, how often, and how you navigate the platform
Cookies and similar tracking technologies (see Section 6)
Data from your AI product and its users
When you build a product on Lumio and your users interact with it, we process the inputs and outputs of those sessions in order to deliver the service. We do not use your users' data to train our models or for any purpose beyond operating your product. You are the data controller for your users' data. We are the processor.
3. How we use your data
We use the data we collect to:
Create and manage your Lumio account
Deliver and improve the platform and its features
Process your subscription payments
Send transactional emails (receipts, password resets, product updates you've opted into)
Provide customer support
Understand how the platform is being used so we can make it better
Detect and prevent fraud, abuse, or security incidents
Comply with our legal obligations
We do not sell your data. We do not share your data with advertisers. We do not use your product's user data for any purpose other than running your product.
4. How we share your data
We share data only in the following limited circumstances:
Service providers — We work with trusted third-party companies to operate the platform. These include Stripe (payments), AWS (infrastructure), Postmark (transactional email), and analytics tools. Each is bound by a data processing agreement and may only use your data to perform services for us.
AI model providers — When your product processes a user request, that input is sent to your connected model provider (e.g. OpenAI, Anthropic). Your use of those providers is governed by their own terms and privacy policies.
Legal requirements — We may disclose data if required to do so by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights or safety of Lumio, our users, or the public.
Business transfers — If Lumio is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before that happens and give you the option to delete your account.
We will never sell your personal data. That is not a business model we will ever pursue.
5. Data retention
We keep your account data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required by law to retain it longer (for example, billing records, which we retain for seven years for tax compliance).
Session data from your AI product is retained for 90 days by default and can be configured in your account settings.
6. Cookies
We use cookies to keep you logged in, remember your preferences, and understand how people use Lumio. We use three categories:
Essential cookies — Required for the platform to function. Cannot be disabled.
Analytics cookies — Help us understand how features are being used. No personally identifying information is shared with analytics providers.
Preference cookies — Remember your settings and customizations across sessions.
You can manage cookie preferences in your browser settings. Disabling analytics or preference cookies will not affect your ability to use Lumio.
7. Your rights
Depending on where you live, you may have the right to:
Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data
Object to or restrict how we process your data
Export your data in a portable format
Withdraw consent where processing is based on consent
To exercise any of these rights, email privacy@lumio.so. We will respond within 30 days. We do not charge for these requests.
If you are in the European Economic Area, you have rights under the GDPR. If you are in California, you have rights under the CCPA. We honor both regardless of where you are located.
8. Data security
We take security seriously. All data is encrypted in transit (TLS) and at rest (AES-256). Access to production systems is restricted to a small number of employees and requires multi-factor authentication. We conduct regular security reviews.
No system is perfectly secure. If you discover a vulnerability, please report it to security@lumio.so before disclosing it publicly. We take all reports seriously and will respond within 48 hours.
9. Children's privacy
Lumio is not intended for children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, contact us at privacy@lumio.so and we will delete it immediately.
10. Changes to this policy
If we make material changes to this policy, we will notify you by email at least 14 days before the changes take effect. Minor changes (such as clarifications) will be updated with a revised "last updated" date. Continued use of Lumio after changes take effect constitutes acceptance of the updated policy.
11. Contact
Questions, concerns, or requests: Email: privacy@lumio.so Address: Lumio, Inc., 340 Pine Street, Suite 800, San Francisco, CA 94104