🔒 Lumenly Privacy Policy

Last updated: Dec 4, 2025

Thank you for using Lumenly, your AI-powered financial copilot.

We are committed to protecting your privacy, maintaining transparency, and handling your data responsibly.

This Privacy Policy explains how Lumenly ("we," "our," or "us") collects, uses, shares, stores, and protects your information when you use our website, web application, and related services (collectively, the "Service").

By using Lumenly, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect the following categories of information to provide, improve, and secure our Service.

1.1 Information You Provide Directly

  • Account information: Name, email address, phone number (if you enable SMS notifications), password or authentication tokens.
  • Business profile information: Business type, team size, financial goals, spending preferences, and other onboarding responses.
  • Communications: When you contact us or interact with notifications (e.g., replying "Y" by SMS).

1.2 Financial Data (via Plaid or other integrations)

When you choose to connect a financial account, we receive read-only access to certain financial data such as:

  • Account name, type, and mask
  • Account balances
  • Transaction history
  • Recurring charges and subscription metadata

We never receive or store:

  • Banking credentials
  • Full account numbers
  • Card numbers

All credential entry happens only through Plaid or your financial institution.

1.3 Automatically Collected Information

  • Device & browser information
  • IP address
  • Log files (errors, usage patterns)
  • Cookies required to maintain sessions
  • Security-related metadata (e.g., MFA info)

1.4 AI Data Inputs

To provide financial insights, we may process:

  • Spending patterns
  • Business profile preferences
  • Behavioral metadata (e.g., which expenses you mark as "essential")

We do not sell or train third-party models using your personal financial data.

2. How We Use Your Information

We use your information to:

2.1 Provide the Core Service

  • Connect your bank and display financial data
  • Analyze transactions and spending trends
  • Provide real-time alerts, insights, and recommendations
  • Send SMS notifications (if you opt in)

2.2 Improve and Personalize Lumenly

  • Tailor insights to your business type and goals
  • Generate contextual recommendations
  • Enhance our AI models (using anonymized or aggregated data only)

2.3 Maintain Safety and Compliance

  • Detect fraudulent or suspicious activity
  • Prevent unauthorized access
  • Comply with legal or regulatory requirements
  • Respond to user requests (e.g., deletion)

3. How We Share Information

We do not sell your data.

We may share limited data with trusted third parties solely for operating the Service:

3.1 Plaid (Financial Data Provider)

When you connect a financial account, you authorize Plaid to collect financial data on your behalf.

Your use of Lumenly is subject to Plaid's End User Privacy Policy.

Plaid securely transmits financial data to us. We never see or store your login credentials.

3.2 Service Providers

We use certain vendors to run our infrastructure, such as:

  • Hosting providers
  • Email & SMS providers (e.g., Twilio)
  • Analytics & logging providers
  • Error tracking tools

These providers only receive the minimum data necessary and are contractually required to protect it.

3.3 Legal, Safety, and Compliance

We may disclose information if required by law, or to protect the rights, property, or safety of users or Lumenly.

4. Information Security

We implement industry-standard security practices to safeguard your data, including:

4.1 Technical Controls

  • HTTPS encryption for all data in transit
  • Encrypted storage for tokens, secrets, and sensitive data
  • Firewalling and least-privilege access for production systems
  • MFA enforced for internal systems (e.g., GitHub, hosting providers)

4.2 Organizational Controls

  • Internal access limited to authorized personnel only
  • Regular review of access logs and permissions
  • Device-level protection (disk encryption, secure passwords)

4.3 Data Isolation

Financial data is never shared between users.

5. Incident Response

In the event of a suspected or confirmed security incident:

  • We immediately investigate and isolate affected systems.
  • We revoke and rotate all relevant credentials.
  • We assess the scope and impact.
  • If user data was affected, we will notify impacted users promptly.
  • We document and review incidents to prevent recurrence.

6. Data Retention & Deletion

6.1 Retention

We retain data only for as long as necessary to provide the Service and comply with our legal obligations.

6.2 Account Deletion

You may request deletion of your account and all personal data at any time by contacting: support@lumenly.ai

Upon verification, we will delete your personal data (including financial connections) within a reasonable timeframe.

6.3 Backup Retention

Backups may persist for a limited period as part of routine disaster recovery practices, after which they are deleted automatically.

7. International Transfers

If you are outside Canada, your data may be processed in Canada or the United States. We ensure that all transfers follow applicable laws and contractual safeguards.

8. Children's Privacy

Lumenly is not intended for individuals under 18. We do not knowingly collect data from minors.

9. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access your personal data
  • Correct inaccuracies
  • Request deletion
  • Withdraw consent (e.g., SMS notifications)
  • Request a copy of your data

Contact us at support@lumenly.ai to exercise these rights.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date will always reflect the most recent revision.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or your personal data, contact us at:

Lumenly

Email: support@lumenly.ai

← Back to home