Lumen Social

Privacy Policy

Last updated: May 17, 2026

1. Introduction

This Privacy Policy explains how Lumen Social ("we," "us," or "our") collects, uses, stores, and shares information when you use our service.

2. Information We Collect

We collect the following categories of information:

  • Account information: name, email address, and authentication identifiers provided during sign-up.
  • Workspace and brand data: brand briefs, strategies, content drafts, and media assets you upload.
  • Third-party integration data: OAuth tokens, account identifiers, page IDs, and metadata from connected platforms (Meta, TikTok, etc.), as authorized by you.
  • Usage data: logs of actions performed within the Service, API usage metrics, and error reports.
  • Conversation data: messages exchanged through connected messaging channels (WhatsApp, Instagram DM, Facebook Messenger) when you authorize the Service to manage them.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Generate content strategies, copies, and media assets using AI models
  • Publish content to your connected social media accounts on your behalf
  • Manage and respond to incoming messages through connected channels
  • Monitor usage, detect abuse, and improve the Service
  • Communicate with you about your account or important updates

4. Sharing with Third Parties

We share your data only with the following categories of service providers, strictly to operate the Service:

  • Social media platforms: Meta (Instagram, Facebook, WhatsApp Cloud API), TikTok, to publish content and exchange messages on your behalf.
  • AI providers: Google AI Studio, Groq, and similar providers, to generate text, images, and other content. Content sent to these providers is processed according to their respective terms.
  • Cloud infrastructure: Supabase (database), Cloudflare R2 (media storage), Vercel (application hosting).
  • Operational services: Resend (transactional email), Sentry (error monitoring), PostHog (product analytics).

We do not sell your personal information to third parties.

5. Data Storage and Security

OAuth tokens and other sensitive credentials are encrypted at rest using AES-256-GCM before being stored. Access to production data is restricted to authorized personnel. We implement reasonable technical and organizational measures to protect your information, but no method of transmission or storage is completely secure.

6. Data Retention

We retain your information for as long as your account is active and as needed to provide the Service. If you delete your account or revoke a connected integration, the associated tokens and credentials are deleted promptly. Content and metadata may be retained for a limited period to comply with legal obligations or to resolve disputes.

7. Cookies and Tracking

The Service uses essential cookies and similar technologies to authenticate users, maintain session state, and improve security. We do not use third-party advertising cookies.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your information
  • Object to or restrict certain processing
  • Request a copy of your information in a portable format
  • Withdraw consent for third-party integrations at any time

To exercise these rights, contact us at the address below.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a minor, we will delete it promptly.

10. International Data Transfers

Your information may be processed and stored in countries other than your country of residence, including the United States and the European Union, where our service providers operate. By using the Service, you consent to such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email. Continued use after changes take effect constitutes acceptance.

12. Contact

For privacy-related questions or to exercise your rights, contact us at hello@lumenlab.app.