What we do with your data.
Lumin Flows is the operator OS for AI agents. To make that work we collect a small amount of data — here’s exactly what, why, and what you can do about it. Plain language. No fine print under the desk.
1. What we collect.
Two buckets. Marketing data — name, work email, company, and the message you send through a form on this site. Product data — the data your team puts into Lumin Flows itself: tickets, messages, attachments, the receipts the agents generate.
We also collect basic technical signals: IP address (used for security and abuse detection, not advertising), user agent string, and the times you signed in.
2. How we use it.
Marketing data goes into our CRM so we can reply to you and, if you opt in, send the occasional product update. Product data is used to run the agents you’ve configured, generate receipts, and provide support when you ask for it.
We do not sell your data. We do not share it with advertisers. We do not train shared models on your data.
3. Where the data lives.
You choose your tenant region when you sign up: EU (Frankfurt, hosted on Hetzner) or US (Ashburn, Virginia). Data stays in the region you pick. Backups stay in the same region.
Model inference is the one place data may temporarily leave the region — see our subprocessor list for the full picture, including which providers run where.
4. Your rights.
Under GDPR you have the right to access the data we hold about you, to ask us to correct it, to ask us to delete it, and to receive a copy of it in a portable format. You also have the right to object to how we use it.
Send any of those requests to legal@luminflows.com. We respond within thirty days, usually within a week.
5. Cookies.
The marketing site uses essential cookies only — session and CSRF. No analytics tracking, no advertising pixels. The full breakdown lives on the cookie policy.
6. Third parties.
We use a small set of subprocessors to run the product: infrastructure providers, email senders, model inference. The current list is published at /subprocessors and we give thirty days’ notice by email before adding a new one.
7. Children.
Lumin Flows is a business product. We don’t knowingly collect data from anyone under sixteen. If you think a child has submitted data through this site, email us and we’ll delete it.
8. Changes to this policy.
When we change anything that matters — what we collect, who we share it with, where it lives — we email customers thirty days before the change takes effect. Smaller edits (a typo, a clearer sentence) ship without notice; the date at the top of this page always reflects the latest revision.
9. Contact.
Privacy questions, GDPR requests, anything else: legal@luminflows.com. A real person reads every note.