This Privacy Policy describes how LumenQube (“we”, “us”, “our”) collects, uses, and shares information when you use the LumenQube platform, websites, and related services (the “Service”). It applies to information about visitors to lumenqube.com and to the customer accounts that use our application at app.lumenqube.com.
1. Information we collect
1.1 Information you provide
- Account information — name, email, organization, password hash, billing details
- Customer content — the data you connect to the Service, the dashboards, metrics, and automations you build
- Communications — emails to support, sales, and security
1.2 Information we collect automatically
- Usage data — pages visited, features used, error reports, performance metrics
- Device and log data — IP address, browser type, OS, request timestamps
- Cookies — for authentication, preferences, and basic analytics. We do not use third-party advertising cookies.
2. How we use information
- Operate, maintain, and improve the Service
- Process payments and manage subscriptions (via Stripe)
- Send transactional email (verification, password reset, alerts you configure)
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We do not sell your data, share it with advertisers, or use customer content to train third-party AI models without your written consent.
3. AI processing
When you use AI features (Ask Agent, Dashboard Agent, etc.), we send a portion of your data and your prompt to a large-language-model provider (currently Anthropic) for processing. The provider acts as a sub-processor under their own data-handling commitments. Inputs and outputs are not used to train their models.
Row-level and column-level security policies are applied before any data leaves our environment, so the AI never receives data the requesting user could not see directly.
4. Sharing & sub-processors
We share data only with the sub-processors needed to run the Service:
- Google Cloud Platform — hosting, storage, compute, networking
- Anthropic — AI model inference (Claude)
- Stripe — payment processing
- Mailjet — transactional email delivery
An up-to-date sub-processor list is available on request. Enterprise customers receive 30 days’ notice of any sub-processor change.
5. Data retention
Customer content is retained for the life of your account plus a 30-day grace period after cancellation, after which it is permanently deleted. Backups are encrypted and rotated on a 30-day schedule. Audit logs and billing records are retained as required by law (typically 7 years).
6. Your rights
Depending on your jurisdiction (including the GDPR in the EU/UK and the CCPA in California), you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data
- Export your data in a portable format
- Object to or restrict processing
To exercise any of these rights, email privacy@lumenqube.com. We respond within 30 days.
7. Security
We implement administrative, technical, and physical safeguards designed to protect your information. See our Security & Compliance page for the architectural detail.
8. International transfers
The Service is hosted in the United States (Google Cloud, us-central1). If you access the Service from outside the US, your information will be transferred to and processed in the US under Standard Contractual Clauses where required.
9. Children
The Service is not directed at individuals under 16. We do not knowingly collect personal data from children.
10. Changes to this policy
We will post any material changes to this page and notify account owners by email. Continued use of the Service after a change constitutes acceptance of the updated policy.
11. Contact
Privacy questions: privacy@lumenqube.com
Security disclosures: security@lumenqube.com
Legal & DPA: legal@lumenqube.com