Skip to content
Back to home

Privacy Policy

Last updated: April 18, 2026

1. Introduction

Lumen Labs ("Lumen," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our software-as-a-service platform (the "Service") and our website at lumen.risesitelab.com.

2. Information We Collect

We collect the following categories of information:

  • Account data: name, email, organization, billing information.
  • Usage data: log records, IP address, device, browser type, pages viewed, timestamps.
  • Customer content: data, prompts, files, and outputs you submit to or generate within the Service.
  • Cookies and similar technologies: for authentication, preferences, and analytics.

3. How We Use Information

We process personal data to:

  • Provide, maintain, and improve the Service.
  • Process transactions and send related communications.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal and regulatory obligations.
  • Communicate product updates and respond to inquiries.

We do not use customer content to train any general-purpose model. Your data stays your data.

4. Legal Bases (GDPR)

For visitors in the European Economic Area, we process personal data under the following legal bases: performance of a contract, our legitimate interests, compliance with legal obligations, and your consent (where applicable).

5. Sharing

We share information only with sub-processors necessary to operate the Service (cloud hosting, payment processing, email delivery, analytics) under written data-processing agreements. We do not sell personal data.

6. Data Retention

Account and billing records are retained for the duration of your subscription and for up to seven years thereafter for accounting and tax purposes. Customer content is retained until you delete it or terminate your account.

7. International Transfers

We host data in the EU and US. International transfers are carried out under Standard Contractual Clauses approved by the European Commission.

8. Your Rights

Subject to applicable law, you may access, correct, delete, restrict, or port your personal data, and object to certain processing activities. Contact us using the details below to exercise these rights.

9. Security

We use industry-standard technical and organizational measures including encryption in transit, encryption at rest, access controls, and regular audits to protect personal data.

10. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children.

11. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-product notice at least 30 days before taking effect.

12. Contact

For privacy questions or to exercise your rights, contact our Data Protection Officer at [email protected].