Privacy

Last updated: 2026-05-17.

This page explains what Lumen does with the information you give it. Plain language, no boilerplate. If anything is unclear, write to [email protected].

What we store

• Your email address. Used to identify your account and send sign-in links.
• Your password. Stored as a PBKDF2-SHA256 hash with a per-row salt and a server-side HMAC pepper. We never see your password.
• Your API keys for AI providers (Anthropic, OpenAI, Google, xAI). Encrypted at rest with AES-256-GCM, scoped to your tenant only, never readable by other customers.
• Your workspaces, chat history, and prompts. Stored in a tenant-isolated database so Lumen can present the right context to your AI agent each turn.
• Billing identity (Stripe customer id, subscription status). Stripe processes payments; we never see your card number.
• Session metadata (last login time, user-agent, IP). Used for security and for the admin dashboard.

Who sees your data

• You. Always, via this site or by exporting your workspace.
• Your chosen AI provider. When you click Send, Lumen forwards your prompt to the provider whose API key you configured. Their privacy policy governs what happens to your prompt content on their side. Most providers (Anthropic, OpenAI, Google) do not train on API traffic by default; this is a choice you make at the provider level.
• Cloudflare. Lumen runs on Cloudflare Pages + D1 + Workers + Tunnel. Cloudflare sees traffic metadata as part of operating the network.
• Stripe. Only billing-relevant fields (email, customer id, subscription state). Stripe processes payment method data; Lumen never receives card numbers.
• Resend. Only when we send you an email (sign-in link, trial reminder). Resend sees the recipient address and the message body of those transactional emails.
• The Lumen administrator. Sees aggregate account state and individual customer records for support and abuse handling. Does not read your chat content without your explicit permission.

What we do not do

• We do not sell your data.
• We do not train any AI on your prompts.
• We do not share your data with advertisers, analytics brokers, or third parties outside the operators listed above.
• We do not read your chat history except when you specifically request support.

How long we keep it

While your account is active: indefinitely, so your workspaces persist across sessions. If you cancel and ask us to delete your account: within 30 days we delete your D1 customer record, your workspace data on the daemon, and any associated keys. Billing records may be retained longer to meet tax and accounting requirements.

How we secure it

• Password hashing: PBKDF2-SHA256, 100,000 iterations, per-row 16-byte salt, plus a server-side HMAC-SHA256 pepper stored separately.
• API keys at rest: AES-256-GCM with a vault key never exposed to the public surface.
• Sessions: RS256-signed JWTs in HttpOnly, Secure, SameSite=Lax cookies. 14-day expiry; revocable server-side.
• Tenant isolation: Every database query is scoped to your tenant id. Cross-tenant reads are not possible through the public API.
• Transport: All traffic uses TLS via Cloudflare. The daemon backend is unreachable from the public internet except through the authenticated tunnel.

Your rights

• Access: View your account data on the Dashboard.
• Export: Email [email protected] for a copy of your data.
• Delete: Email [email protected] to request account deletion. Self-serve delete is on the roadmap.
• Correct: Edit any data you can see in the app directly; for anything else, contact support.

Contact

Privacy questions, data requests, or anything you would like changed about this policy: [email protected].