Privacy Policy

Introduction

Lumina ERP, LLC ("we," "us," or "our") operates lumina-erp.com and provides the Lumina AI, Lumina Agents, and Lumina Voice platform services (collectively, the "Platform").

This Privacy Policy explains how we collect, use, store, and protect information when you visit our website, use our Platform, or otherwise interact with our services. It applies to all users, including website visitors, trial users, and paying subscribers.

Information We Collect

We collect information you provide directly, data generated through your use of the Platform, and limited technical information captured automatically.

• Account information such as name, email address, phone number, company name, job title, and billing details.
• ERP data you provide or connect to the Platform for AI model training, including transactional records, inventory data, purchasing history, and operational metrics.
• Call recordings and transcriptions generated through Lumina Voice.
• Usage analytics including feature interactions, API call volumes, model inference requests, and session activity.
• Technical data such as browser type, device type, IP address, approximate location, pages visited, and navigation flow.
• Communications you send us, including support requests, feedback, and form submissions.

How We Use Information

We use collected information for the following purposes:

• Provide, operate, and maintain the Platform and its features, including Lumina AI, Lumina Agents, and Lumina Voice.
• Train and fine-tune AI models using your ERP data exclusively for your organization. Your data is never used to train models for other customers.
• Process and transcribe voice calls and generate AI-powered insights.
• Execute autonomous agent workflows such as purchase order creation, exception handling, and demand forecasting.
• Send transactional communications including invoices, service updates, security alerts, and support responses.
• Analyze usage patterns to improve Platform performance, reliability, and user experience.
• Comply with legal, regulatory, and security obligations.

Data Isolation and AI Model Training

Each customer's AI model is trained exclusively on that customer's data within an isolated environment. Customer data is never pooled, shared, or used to improve models belonging to other customers.

Fine-tuned models are logically isolated per customer account. You retain full ownership of your source data and any outputs generated by your models.

Data Storage and Infrastructure

We process and store data using the following infrastructure:

• Cloudflare Workers, D1, R2, and KV for application hosting, structured data storage, file storage, and caching.
• All data is encrypted in transit via TLS and at rest where supported by the underlying storage provider.
• Infrastructure is distributed across Cloudflare's global network to provide low-latency access and high availability.

Third-Party Processors

We use the following third-party service providers to operate the Platform. Each processor is contractually bound to handle data only as instructed by us.

• Deepgram: Real-time speech-to-text transcription for Lumina Voice.
• Google Gemini: AI model capabilities for intelligent analysis and agent suggestions.
• Twilio: Voice calling infrastructure, phone number provisioning, and SMS delivery.
• Cloudflare: Hosting, CDN, security, DNS, Workers compute, and data storage (D1, R2, KV).
• Datadog: Application monitoring, real user monitoring (RUM), and performance analytics.
• Google Analytics 4: Website traffic analysis and interaction measurement.
• Stripe: Payment processing and subscription billing (Stripe never has access to your ERP data).

Cookies

We use cookies that are essential for security and service operation, along with analytics cookies to improve the website experience. We do not use advertising cookies and we do not sell data collected through cookies.

• Cloudflare Access cookies (CF_Authorization) for authentication and session management.
• Cloudflare security cookies (__cf_bm, cf_clearance) for bot protection.
• Datadog RUM cookies for application performance monitoring.
• Google Analytics cookies (_ga, _ga_*) for website traffic analysis.
• You can manage cookie preferences through your browser settings, though some Platform functionality may be affected.

Data Retention

We retain data only as long as necessary for the purposes described in this policy or as required by law.

• ERP data and trained models: retained for the duration of your subscription plus 30 days after cancellation to allow data export.
• Call recordings: retained for 90 days from the date of the call, then automatically deleted.
• Transcripts: retained indefinitely while your account is active, then deleted 30 days after account cancellation.
• Application and access logs: retained for 30 days.
• Analytics event data: retained according to provider settings, typically up to 14 months for Google Analytics.
• Billing records: retained as required by applicable tax and accounting regulations.

Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• To exercise any of these rights, contact us at privacy@lumina-erp.com. We will respond within 30 days.

Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
• Right to Delete: Request deletion of personal information we have collected from you.
• Right to Opt-Out: We do not sell personal information, so no opt-out mechanism is required.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• To submit a request, email privacy@lumina-erp.com. We will verify your identity and respond within 45 days.

Security

We implement administrative, technical, and organizational safeguards appropriate to the sensitivity of the data we process. These include TLS encryption for all data in transit, Cloudflare Access for identity-based authentication, role-based access controls, isolated model environments, and regular security reviews.

While no system is perfectly secure, we are committed to protecting your data and promptly addressing any security incidents.

International Data Transfers

Our infrastructure is distributed globally via Cloudflare's network. Data may be processed in jurisdictions outside your country of residence. Where required, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure adequate protection.

Children's Privacy

The Platform is designed for business use and is not directed to individuals under 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to account holders and reflected on this page with a revised last-updated date. Continued use of the Platform after changes constitutes acceptance of the revised policy.

Contact

For privacy-related inquiries, data requests, or to exercise your rights:

• Company: Lumina ERP, LLC
• Email: privacy@lumina-erp.com
• General inquiries: hello@lumina-erp.com
• Mailing Address: 8080 Westpark Drive, Ste 80341, Houston, TX 77063