Privacy Policy

This Privacy Policy explains how Lumidoc ("we," "us," or "our") collects, uses, and safeguards information when you use our Service at lumidoc.app. We keep this straightforward: we collect only what we need and never sell your data.

1. Information We Collect

Account information

When you sign in with Google OAuth, we receive your name and email address from Google. When you sign in with a magic link, we collect your email address. This information is used solely to identify your account.

Uploaded documents

When you upload a document (PDF, DOCX, PPTX, or other supported formats), we store the file temporarily to process it. Document pages are sent to a third-party OCR service to extract text. Processed documents and exports are stored on our servers and tied to your account.

Billing information

If you subscribe to a paid plan or purchase a credit top-up, payment is handled by LemonSqueezy. We do not store your full payment card details. We receive confirmation of your subscription status and purchase history from LemonSqueezy.

Usage data

We store basic information about your activity: credit usage, document exports, and account actions. This helps us provide the credits system and support you if something goes wrong.

2. How We Use Your Information

• To provide and operate the Service (processing documents, managing credits, handling subscriptions).
• To send transactional emails, such as magic sign-in links and billing receipts, via Resend.
• To respond to your support requests.
• To enforce our Terms of Service and prevent misuse.
• To comply with legal obligations.

We do not use your documents or personal data to train AI models, run advertising, or sell data to third parties.

3. Cookies and Session Data

Lumidoc uses strictly necessary session cookies to keep you signed in. These cookies are essential for the Service to function and do not track you across other websites.

We use a first-party analytics tool to understand how users interact with our Service and improve the product. It processes data including page views, feature usage, and events like document uploads. This data is used solely for product improvement and is not shared with advertisers or other third parties for marketing purposes.

We do not use advertising cookies or trackers that follow you across other websites. Analytics data is sent directly to our own infrastructure and remains under our control.

4. Third-Party Services

We share limited data with third parties only as needed to operate the Service:

• OCR provider: receives document page images to extract text. Data is used solely for processing your request.
• LemonSqueezy: handles payment processing and subscription management. Subject to LemonSqueezy's Privacy Policy.
• Email delivery provider: sends transactional emails on our behalf (magic links, billing notifications). Your email address is shared only for this purpose.
• Google: if you sign in with Google, your authentication is handled by Google OAuth. Subject to Google's Privacy Policy.
• Analytics provider: first-party analytics to understand product usage. We share page views, feature interactions, and user events solely to improve the Service.

5. Data Retention

We retain your account information and documents for as long as your account is active. When you delete your account, your data is removed from our systems and those of our sub-processors within 30 days.

Documents you delete from the dashboard are removed promptly from storage.

6. Data Security

We use industry-standard practices to protect your data, including encrypted connections (HTTPS) and secure storage. No method of transmission over the Internet is 100% secure, however, and we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have rights regarding your personal data, including:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of your account and all associated data, including any data held by our sub-processors on our behalf.
• Portability: Request your data in a machine-readable format.
• Objection: Object to certain types of processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with their information, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via an in-app notice. The "last updated" date at the top of this page indicates when the most recent changes took effect.

10. Contact

Questions or concerns about this Privacy Policy? Contact us at [email protected].