Privacy Policy
Last updated: July 10, 2026
1. Information we collect
We collect information you provide directly, such as your name, email address, company details, and the financial data your organization uploads or connects to the platform. We also collect usage information automatically, including log data, device information, and how you interact with the product.
2. How we use information
We use your information to provide and improve the Lumacount platform, authenticate your access, provide customer support, communicate about your account and product updates, and maintain the security and reliability of our services. We do not sell your personal information.
3. Customer financial data
Financial data your organization submits to Lumacount is processed solely to deliver the services you request. It is logically isolated per organization, is never used to serve other customers, and is never used to train third-party AI models without your explicit agreement.
4. How we share information
We share information only with service providers who help us operate the platform, when required by law, or in connection with a corporate transaction. Our service providers include WorkOS (authentication), Sentry (error monitoring, which may process your IP address and device information when an error occurs), and our cloud infrastructure providers. All service providers are bound by contractual confidentiality and data-protection obligations. We do not share your information with advertising networks or data brokers.
5. Cookies
We use only cookies that are strictly necessary to operate the platform or that store a preference you have explicitly chosen. We do not use advertising, analytics, or cross-site tracking cookies, and no third party sets tracking cookies through our site. The cookies we set are:
- Authentication (wos-session) — keeps you signed in to your account. Set by our authentication provider, WorkOS, when you log in. Strictly necessary; removed when your session ends.
- Theme (theme, theme-resolved) — remembers your light/dark mode choice. Set only when you use the theme toggle. Stored for 12 months.
- Interface state (sidebar_state and chat panel cookies) — remembers layout preferences such as whether the sidebar or chat history panel is open, and which conversation you had selected. Only set while using the signed-in product. Stored for up to 30 days.
Because none of these cookies are used for tracking or advertising, applicable law (including the EU ePrivacy rules) does not require us to ask for consent before setting them. On your first visit, we show a notice where you can Accept or Decline; since nothing described above requires consent, either choice is only recorded for the future and does not change what happens on the site today. If we ever introduce analytics or marketing cookies, we will honor a prior decline and otherwise ask for your consent first where required. You can delete or block cookies in your browser settings at any time; blocking the authentication cookie will prevent you from staying signed in.
6. Security
We use industry-standard safeguards to protect your information, including encryption in transit and at rest, role-based access controls, and continuous monitoring. No method of transmission or storage is completely secure, but we work to protect your data against unauthorized access, loss, and misuse.
7. Data retention
We retain your information for as long as your account is active or as needed to provide the services, comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your organization's data, subject to legal retention requirements.
8. Your privacy rights
Depending on where you live — including if you are a resident of California, Virginia, Colorado, Connecticut, Texas, or another U.S. state with a comprehensive privacy law — you may have some or all of the following rights over your personal information:
- Right to know / access — request the categories and specific pieces of personal information we have collected about you, the sources, our purposes, and the categories of third parties we disclose it to.
- Right to correct — request that we fix inaccurate personal information.
- Right to delete — request deletion of your personal information, subject to legal retention requirements.
- Right to portability — receive a copy of your personal information in a portable, readily usable format.
- Right to opt out of sale, sharing, and targeted advertising — we do not sell your personal information, share it for cross-context behavioral advertising, or use it for targeted advertising, so there is no such activity to opt out of. For the same reason, opt-out preference signals such as Global Privacy Control do not change how the site behaves.
- Right to non-discrimination — we will never deny you services, charge different prices, or provide a different level of service because you exercised any of these rights.
To exercise any of these rights, email us at the address in Section 10. We will verify your request using information associated with your account (or, for site visitors, the email you contact us from), respond within the timeframe required by applicable law, and you may use an authorized agent to submit a request on your behalf. If we decline a request, we will explain why, and you may appeal our decision by replying to our response; if your appeal is denied, you may contact your state attorney general.
9. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you through the platform or by email before the changes take effect.
10. Contact us
If you have questions about this Privacy Policy or our data practices, or want to exercise any of the rights described in Section 8, contact us at [email protected].