Legal

Privacy Policy

This policy explains what personal data we collect, why, and the rights you have under the EU General Data Protection Regulation (GDPR).

Last updated: 11 June 2026

1. Who we are

LumiDoc is the data controller for the personal data described in this policy. For any privacy enquiry, contact privacy@lumidoc.app.

2. Data we collect

  • Account data: your email address and authentication details.
  • Document content: the files you upload and the text extracted from them.
  • Usage data: conversations, queries, and basic technical logs needed to operate and secure the Service.

3. How we use your data

We process your data to:

  • Provide the core Service: indexing your documents and answering your questions.
  • Authenticate you and keep your account secure.
  • Maintain, debug, and improve the Service.

We never use your documents or conversations to train AI models, and we do not sell your data to third parties.

4. Legal basis for processing

We process your data on the basis of contract (to deliver the Service you signed up for), legitimate interests (to secure and improve the Service), and consent where required (for example, optional analytics cookies).

5. Sub-processors

We rely on trusted infrastructure providers to operate LumiDoc, including cloud hosting, database and storage, and AI model providers. These parties process data only on our instructions and under appropriate data-protection agreements.

6. Data retention

We keep your data for as long as your account is active. When you delete a document or your account, the associated content and embeddings are removed from our systems.

7. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Restrict or object to certain processing.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact privacy@lumidoc.app.

8. Security

We protect your data with encryption in transit, private storage buckets, signed URLs, and row-level security that fences every record to its owner at the database layer.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the Service or by email.