Privacy Policy

1. Information we access and collect

• Google account profile. When you sign in with Google, we receive your name, email address, and profile picture to create and secure your account.
• Google Analytics data. When you connect a Google Analytics 4 property, we use read-only access (the Google Analyticsanalytics.readonly scope) to read metrics and dimensions for the properties you choose. We use this only to produce your reports and answer your questions.
• Google Search Console data. If you connect Search Console, we use read-only access (thewebmasters.readonly scope) to read search performance data (queries, pages, clicks, impressions, CTR, and position) for the sites you choose. We use this only to answer your questions. Connecting Search Console is optional and independent of Google Analytics.
• Google authorization tokens.So we can prepare your scheduled reports while you are away, we store the access and refresh tokens Google issues for the access you grant. You can revoke this access at any time (see “Your choices and rights”).
• Information you provide. Business context and goals you enter, notification destinations you configure (such as a Slack or Lark webhook URL), any AI provider API key you add (stored encrypted), and the questions you ask in Ask Lumen.
• Basic technical data. Session information such as IP address and browser user agent, used to keep your session secure.

2. How we use your information

We use the information above solely to provide and operate Lumen: to authenticate you, read the Analytics data you connect, generate reports, insights, and recommendations, answer your questions, and deliver reports to the destinations you choose. We do not use your information for advertising, and we do not sell it.

3. Google API Services Limited Use

Lumen’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google user data to train generalized artificial intelligence or machine-learning models, we do not sell it, and we do not use or transfer it to serve advertisements. We use it only to provide the user-facing features described in this policy.

4. How we share information

We share information only with providers that help us run Lumen, and only as needed:

• AI model providers.To generate insights and to answer your questions, we send analytics data to an AI model provider that returns the analysis. By default, Lumen uses its configured model provider; you may instead connect your own provider (for example Anthropic, OpenAI, or a compatible endpoint) in Settings. For scheduled reports we send aggregated metrics and summaries rather than raw row-level exports; for Ask Lumen we send the results of the specific query needed to answer your question. We send only what is needed to generate your result and do not authorize these providers to use your data for their own purposes. If you connect your own provider, that provider’s terms govern its handling of the data.
• Delivery destinations you configure. If you set up a Slack or Lark webhook, we send report summaries (such as the report title, top metrics, and headline) to that destination, which you control.
• Infrastructure providers. We use trusted providers for hosting, database storage, and scheduled processing to operate the service on our behalf.

We do not sell your personal information or share it for advertising.

5. Storage and security

Your data is stored in a managed PostgreSQL database. Data is encrypted in transit using TLS, and any AI provider API key you add is encrypted at rest. We limit access to your data to what is needed to operate the service. No method of transmission or storage is completely secure, but we work to protect your information.

6. Data retention and deletion

We keep your information while your account is active. You can delete saved reports and workflows in the app at any time. To delete your account and all associated data, contact us at privacy@your-domain.com and we will remove it. You can also revoke Lumen’s access to your Google data at any time from your Google Account permissions at myaccount.google.com/permissions; once revoked, we can no longer access your Analytics data.

7. Your choices and rights

You can access and update your information in the app, revoke Google access as described above, and request deletion of your data. Depending on where you live, you may have additional rights over your personal data; contact us to exercise them.

8. Children

Lumen is intended for businesses and professionals and is not directed to children. We do not knowingly collect information from children.

9. Changes to this policy

We may update this policy from time to time. We will revise the “Last updated” date above and, for material changes, provide a more prominent notice.

10. Contact

Questions about this policy or your data? Contact us at privacy@your-domain.com.