Privacy Policy

LumiChats ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have in relation to it.

We do not sell your personal data. We do not serve advertisements. We do not use your conversations with AI to train any models. This is not a footnote — it is a foundational commitment.

This Policy applies to all users of the LumiChats platform accessible at https://lumichats.com, including registered users, paying subscribers, and visitors. By using the Platform, you agree to the collection and use of information as described in this Policy.

If you have any questions about this Policy or how we handle your data, please contact us at lumichats@gmail.com.

Account Information: When you register, we collect your email address and any display name you choose to provide. We do not require your real name to use the Platform.

Payment Information: When you make a payment, our payment processor collects your card details and billing information. LumiChats does not store your full payment card number. We retain only the information necessary to manage your subscription and process refunds, including transaction identifiers and the last four digits of your card.

Usage Data: We collect information about how you interact with the Platform, including session timestamps, feature usage, token consumption, and AI model selections. This information is used to provide the service, detect abuse, and improve platform performance.

Technical Data: We automatically collect certain technical information when you access the Platform, including your IP address, browser type, operating system, and referring URL. This information is used for security monitoring, fraud detection, and service analytics.

Communications: If you contact us by email, we retain the content of those communications for as long as necessary to respond to and resolve your enquiry.

Conversation Data: The content of your AI conversations is processed in real time to provide the service. We retain conversation history to enable you to access previous sessions. We do not use the content of your conversations to train AI models.

To provide and operate the Platform — processing your prompts, delivering AI responses, maintaining your account, and managing your subscription.

To process payments and issue refunds — communicating with payment processors, managing billing, and handling disputes.

To maintain platform security and integrity — detecting and preventing fraud, abuse, bot activity, and violations of our Terms of Service. This includes reviewing account patterns and credential data to identify accounts using disposable or unverifiable identity signals.

To communicate with you — sending service-related notifications, responding to support enquiries, and informing you of material changes to our Terms or this Privacy Policy. We do not send promotional emails unless you have explicitly opted in.

To comply with legal obligations — retaining records required by law and responding to lawful requests from authorities where required.

To improve the Platform — using aggregated and anonymised usage data to understand how features are used. This data cannot be used to identify you individually.

LumiChats takes the protection of all people — including those who are not users of the Platform — seriously.

As part of our security and integrity practices, we monitor account registration signals including email domain reputation, payment method patterns, and usage behaviour. Accounts that show signs of fraudulent registration — such as the use of email domains flagged by global fraud databases, inconsistent identity signals, or behaviour indicative of platform misuse — may be flagged for review and suspended without prior notice.

Where a user shares personal information about a third party — such as the social media profiles or contact details of a person who is not a LumiChats user — in a manner that appears intended to facilitate harm, impersonation, or non-consensual content generation, we treat this as a serious violation of our Terms of Service. The account involved will be reviewed and may be permanently terminated.

We do not share the personal data of terminated users publicly. Enforcement actions are documented and disclosed in aggregate and anonymised form only.

If you believe that your personal data or likeness has been used on our Platform without your consent, please contact us immediately at lumichats@gmail.com. We will investigate and take appropriate action promptly.

We do not sell, rent, or trade your personal data to any third party for commercial purposes.

AI Model Providers: Your prompts are transmitted to third-party AI model providers (including Anthropic, OpenAI, and Google) to generate responses. Each provider has their own data handling practices. We encourage you to review those policies.

Payment Processors: Your payment information is handled by Razorpay and Stripe. We share only the information necessary to complete your transaction.

Infrastructure Providers: We use Supabase for database hosting and authentication. Data is stored in secure, encrypted environments.

Legal Requirements: We may disclose your personal data if required to do so by applicable law, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to protect the rights, safety, or property of LumiChats, our users, or the public.

Business Transfers: In the event of a merger, acquisition, or sale of substantially all of our assets, your personal data may be transferred. We will notify you in advance of any such transfer.

We retain your personal data for as long as your account is active or as needed to provide the service.

Payment records are retained for a minimum of seven years in accordance with financial record-keeping requirements.

Where an account is terminated due to a Terms of Service violation, we retain sufficient account information to prevent re-registration and to support any legal or regulatory process that may follow. This includes the email address, IP address, and payment method identifier associated with the terminated account.

Where an account is closed voluntarily at your request, we will delete your personal data within 30 days, except where retention is required by law or legitimate business interest.

You may request deletion of your data at any time by contacting us at lumichats@gmail.com.

Depending on your jurisdiction, you may have the following rights in relation to your personal data:

The right to access — you may request a copy of the personal data we hold about you.

The right to rectification — you may request that we correct any inaccurate or incomplete personal data.

The right to erasure — you may request that we delete your personal data, subject to our legal obligations as described in Section 6.

The right to data portability — where technically feasible, you may request your personal data in a structured, machine-readable format.

For users in the European Union and EEA, these rights are granted under the GDPR. For users in California, additional rights are granted under the CCPA.

To exercise any of these rights, contact us at lumichats@gmail.com. We will respond within 30 days. We may request identity verification before fulfilling your request.

LumiChats uses cookies and similar technologies to operate the Platform, maintain your authenticated session, and collect basic analytics data.

Essential cookies — required for the Platform to function. These cannot be disabled without breaking core functionality such as login and session management.

Analytics cookies — used to understand how users interact with the Platform in aggregate. This data is anonymised and cannot be used to identify you individually.

We do not use advertising cookies. We do not track you across third-party websites. We do not use your data to build advertising profiles.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption of data in transit and at rest, access controls, and regular security reviews.

No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.

LumiChats is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13.

Users between the ages of 13 and 18 must have parental or guardian consent to use the Platform.

If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have collected data from a child under 13, please contact us at lumichats@gmail.com.

LumiChats is operated from California, USA and serves users across 80+ countries. By using the Platform, you consent to the transfer of your personal data to the United States.

Where transfers of personal data from the European Economic Area to the United States are required, we rely on appropriate safeguards including Standard Contractual Clauses as approved by the European Commission.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Platform at least 14 days before the changes take effect.

Your continued use of the Platform after a change takes effect constitutes your acceptance of the updated Privacy Policy.

LumiChats is the data controller for personal data collected through the Platform.

Email: lumichats@gmail.com

Website: https://lumichats.com

We aim to respond to all privacy-related enquiries within 5 business days. LumiChats · California, USA · Launched January 2025.