radar
LUMIS AI← Back to Home

Privacy Policy

Last updated: March 9, 2026

1. Introduction

Lumis AI ("we," "us," or "our") is owned and operated by The Big Fat Dad, LLC, 2976 E State St #120-2914, Eagle, ID 83616. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI brand visibility monitoring platform at getlumis.ai (the "Service"). By accessing or using the Service, you agree to this Privacy Policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google SSO, we receive your basic profile information (name, email, profile photo) from Google.

2.2 Billing Information

Payment processing is handled by Stripe, Inc. We do not store your full credit card number, CVV, or bank account details on our servers. Stripe may collect and store payment information in accordance with their own privacy policy. We retain your subscription plan, billing cycle, and transaction history for account management.

2.3 Scan & Usage Data

When you run AI visibility scans, we collect the website URLs and queries you submit, the scan results (including AI engine responses, mention analysis, citation data, sentiment scores, and competitive benchmarks), and metadata such as timestamps and scan frequency. This data is stored in Google Cloud Firestore and is necessary to deliver the Service.

2.4 Automatically Collected Data

We automatically collect device information (browser type, operating system, screen resolution), IP address and approximate geolocation, usage analytics and feature interaction data (via Mixpanel), and cookies and similar tracking technologies for session management and analytics.

3. How We Use Your Information

  • To provide, operate, and maintain the Service, including running AI visibility scans and generating reports
  • To process transactions and manage your subscription
  • To communicate with you about your account, service updates, and support inquiries
  • To send scan completion notifications, alert emails, and scheduled report digests
  • To analyze usage patterns and improve the Service
  • To detect, prevent, and address technical issues, fraud, or abuse
  • To comply with legal obligations

4. AI Engine Interactions

Our Service queries third-party AI engines (including but not limited to Google Gemini, OpenAI, Anthropic Claude, Perplexity, and Microsoft Copilot) on your behalf to assess your brand's AI visibility. The queries we submit contain the brand name, website URL, and search queries you provide. We do not share your personal account information with these AI providers. AI engine responses are stored as part of your scan results and are subject to the respective AI providers' terms of service and privacy policies.

5. Data Sharing & Disclosure

We do not sell your personal information. We may share data with:

  • Service Providers: Google Cloud Platform (hosting, database, AI), Stripe (payments), Mixpanel (analytics), Firebase (authentication, hosting), and email delivery services
  • AI Engine Providers: As described in Section 4, limited query data is sent to AI engines to perform scans
  • Legal Requirements: When required by law, subpoena, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity
  • With Your Consent: When you explicitly authorize sharing for a specific purpose

6. Data Retention

We retain your account data for as long as your account is active. Scan results and historical data are retained for the duration of your subscription to enable trend analysis and reporting. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records). Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytical purposes.

7. Data Security

We implement industry-standard security measures including encryption in transit (TLS/SSL) and at rest, secure authentication via Firebase Authentication, access controls and least-privilege principles for internal systems, API keys and secrets stored in Google Cloud Secret Manager, and regular security reviews of our infrastructure. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Cookies & Tracking

We use essential cookies for authentication and session management. We use analytics cookies (Mixpanel) to understand how users interact with the Service. You may disable non-essential cookies through your browser settings, though this may affect Service functionality.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data (subject to legal retention requirements)
  • Export your data in a portable format
  • Opt out of marketing communications
  • Restrict or object to certain processing activities

To exercise any of these rights, contact us at support@getlumis.ai. We will respond within 30 days.

10. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information is collected and how it is used, the right to request deletion of personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To submit a CCPA request, email support@getlumis.ai with the subject line "CCPA Request."

11. International Data Transfers

Our Service is hosted on Google Cloud Platform in the United States (us-central1 region). If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy, please contact us:

The Big Fat Dad, LLC

2976 E State St #120-2914

Eagle, ID 83616

Email: support@getlumis.ai