Privacy policy

1. Who we are

The data controller for the Services is the entity operating Lumiqo. For privacy questions, contact: privacy@lumiqo.ai (replace with your official contact and registered address after legal review).

2. Information we collect

We may collect the following categories of information:

• Account and profile data: name, email address, username, password or authentication tokens, institution or organization affiliation when applicable, and preferences you set in the product.
• Usage and device data: pages or screens viewed, features used, approximate location derived from IP, device type, operating system, browser or app version, and diagnostic or performance logs.
• Learning activity: practice attempts, answers, scores, progress, topics studied, and content you submit in connection with educational features (including prompts or text you send to optional AI-assisted tools).
• Payment and billing: when you purchase a paid plan, our payment processors may collect payment method details and billing address. We typically receive limited transactional identifiers rather than full card numbers.
• Communications: messages you send to support, feedback forms, and metadata about those communications.

3. How we use information

We use information to:

• Provide, maintain, and improve the Services, including personalization and analytics.
• Create and secure your account, authenticate you, and enforce our terms.
• Process payments, fulfill subscriptions, and send transactional notices.
• Operate optional AI features (e.g. explanations or recommendations) using the inputs you provide and contextual product data, subject to safeguards described in our terms and in-app notices.
• Respond to support requests, detect abuse, and protect the security of users and systems.
• Comply with law, respond to lawful requests, and establish or defend legal claims.
• Send optional marketing where permitted; you can opt out as described in those messages or in your account settings where available.

4. Legal bases (where applicable)

If laws such as the GDPR or UK GDPR apply, we rely on one or more of: performance of a contract with you; legitimate interests that are not overridden by your rights (e.g. security, product improvement, and fraud prevention); consent where required; and legal obligation.

5. How we share information

We may share information with:

• Service providers who host infrastructure, process payments, send email, provide analytics, or assist with customer support, under contractual obligations to protect data and use it only on our instructions.
• Institutional administrators when your account is part of an organization or school program that has contracted with us, as described in product settings or separate agreements.
• Professional advisers, regulators, or law enforcement when required or permitted by law.
• A successor in connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards.

We do not sell your personal information in the conventional sense. If we use advertising or analytics partners in ways that constitute a "sale" or "sharing" under U.S. state laws, we will provide choices as required by those laws.

6. Cookies and similar technologies

We and our partners may use cookies, local storage, and similar technologies for essential operation, preferences, analytics, and (where applicable) marketing. You can control some cookies through your browser settings; blocking essential cookies may affect functionality.

7. Retention

We retain information for as long as your account is active and as needed to provide the Services, comply with law, resolve disputes, and enforce agreements. Retention periods may vary by data category and jurisdiction; we may anonymize or aggregate data where continued retention is useful without identifying you.

8. Security

We implement technical and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we encourage strong passwords and careful protection of your credentials.

9. International transfers

We may process and store information in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland. Details can be provided on request.

10. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export certain personal information; object to or restrict certain processing; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority. To exercise rights, contact us at the email above. We may need to verify your identity before responding.

California residents may have additional rights under the CCPA/CPRA (e.g. to know, delete, and opt out of certain sharing). We will honor applicable requests as required by law.

11. Children

The Services are not directed to children under the age required by applicable law for independent consent (often 13 in the U.S., or higher in some regions). We do not knowingly collect personal information from children in violation of those rules. If you believe we have done so, contact us and we will take appropriate steps.

12. Third-party services

The Services may link to or integrate with third-party sites or services. Their privacy practices are governed by their own policies. We are not responsible for those third parties.

13. Changes to this policy

We may update this policy from time to time. We will revise the "Last updated" date above. For material changes, we will provide additional notice as required by law or through the Services. Continued use after the effective date constitutes acknowledgment of the updated policy where permitted by law.

14. Contact

Questions about this policy: privacy@lumiqo.ai. Related terms: Terms & conditions.