Privacy policy.

The data controller of your personal data is:

• Nikita Titov, acting as a private individual (sole operator of the Service);
• Contact e-mail: hello@lumi.estate;
• Trading name: Lumi — an AI-powered calendar & CRM assistant for real-estate agents.

The Service is currently operated by the controller in an individual capacity. Should a company be incorporated, this Policy will be updated and app users will be notified.

Website (lumi.estate)

• Waitlist data you submit: e-mail address, and optionally a name, role, country and a short free-text note.
• Technical data: IP address (temporarily, for rate-limiting), HTTP user-agent, referrer, timestamp.
• Cookie & analytics data as described in our Cookie Policy.

Mobile App (iOS / Android)

• Account data: e-mail address, name, password hash (stored only on our server, never in plaintext), optional Google / Apple Sign-In identifiers.
• Calendar events you create or import: title, start/end time, location, description, attendees.
• CRM / client records you enter: client names, phone numbers, e-mail addresses, stage in your sales pipeline, notes, deal history.
• To-do items: task title, due date, priority, completion status.
• Voice input: when you use the voice command feature, the audio is sent to OpenAI Whisper for transcription. Audio is not retained after transcription.
• Document content (optional): if you upload client documents (PDFs, images), their text is extracted and embedded for semantic search. Originals are stored in your private storage bucket.
• Location (optional, when you enable the check-in feature): approximate GPS coordinates when you arrive at an event location. Used only for check-in detection; not shared with third parties.
• Chat messages you send to the AI assistant: your messages and context (events, tasks) are sent to Anthropic’s Claude API to generate responses.
• Analytics & crash data: anonymised usage events (e.g., “event created”, “chat message sent”) and crash reports.
• Device data: Expo push token (for notifications), platform (iOS/Android), app version.

• Provide the core App features (calendar, CRM, AI assistant, voice, documents). Legal basis: performance of a contract (GDPR art. 6(1)(b); LGPD art. 7(V)).
• Send push notifications and reminders you configure. Legal basis: consent (GDPR art. 6(1)(a), obtained on first notification permission prompt).
• Process AI requests (chat, voice, document search). We disclose to you before you first use each AI feature that your content is sent to Anthropic (Claude) and/or OpenAI (Whisper, embeddings). Legal basis: consent (AI consent gate in onboarding) and performance of a contract.
• Analytics and product improvement. Legal basis: legitimate interest (we use aggregated, anonymised events; no behavioural profiling for advertising).
• Security, fraud prevention, legal compliance. Legal basis: legitimate interest and legal obligation.
• Waitlist and product launch communications. Legal basis: consent.

We will not use your data for automated decision-making with legal or similarly significant effects, and we will never sell your data.

• Chat assistant: your message text and relevant context (event titles, times, client names) → Anthropic Claude API (via our BFF proxy at lumi-bff.vercel.app). Anthropic does not use API data to train models by default.
• Voice commands: audio recording → OpenAI Whisper API (transcription only; audio deleted after).
• Document search: queries and document excerpts → OpenAI embeddings API (text-embedding-3-small) to generate vector representations stored in our Supabase database.
• Call log summaries: free-text call notes → Anthropic Claude API (structured JSON extraction).

You can disable AI features at any time in Settings. Voice recording permission is requested only when you tap the microphone button.

• Account and app data: for as long as your account is active, or until you request deletion.
• After account deletion: data is deleted within 30 days from all databases and storage buckets (see Section 10 for how to delete your account).
• Voice audio: deleted immediately after transcription (not stored).
• Security/rate-limit logs: up to 30 days.
• Anonymised analytics: indefinitely, in a form that cannot identify you.
• Waitlist entries: until you ask us to delete them, or for a maximum of 24 months from your last interaction.

We use the following carefully selected service providers:

Each processor is bound by a Data Processing Agreement (where required) and by Standard Contractual Clauses for international transfers. We do not sell or rent personal data to third parties and we do not disclose it to public authorities unless legally compelled to do so.

Your data may be processed in the EU, the United States and other countries where our processors operate. When data leaves the EEA / UK we rely on: (a) adequacy decisions of the European Commission where available, or (b) Standard Contractual Clauses (2021) combined with encryption in transit and at rest, access controls, and audit logs.

For transfers out of Brazil we rely on LGPD arts. 33–36; out of Mexico — arts. 36–37 LFPDPPP; out of Argentina — Disposition 60-E/2016 of the AAIP; out of the UAE — PDPL Chapter 6 conditions on cross-border transfers.

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erase your data (“right to be forgotten”).
• Restrict or object to processing based on legitimate interest.
• Portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time.
• Lodge a complaint with your supervisory authority (see Section 9).
• Under LGPD: right to information about entities we shared your data with and to review automated decisions.
• Under LFPDPPP: ARCO rights (Access, Rectification, Cancellation, Opposition) and revocation of consent.
• Under Ley 25.326: right to update, rectify and suppress data.
• Under UAE PDPL: rights of access, correction, deletion and objection.

To exercise any right, e-mail hello@lumi.estate. We will respond within 30 calendar days (15 business days under LGPD for access/confirmation requests).

If you believe we are processing your data unlawfully, you may contact:

• EU / EEA: the data protection authority of your country (list: edpb.europa.eu).
• United Kingdom: Information Commissioner’s Office (ico.org.uk).
• Brazil: ANPD (Autoridade Nacional de Proteção de Dados).
• Mexico: INAI.
• Argentina: AAIP.
• UAE: UAE Data Office (uaedataoffice.ae).
• Colombia: Superintendencia de Industria y Comercio (SIC).

You can delete your Lumi account at any time:

• In the App: Settings → Account → Delete account.
• On the web: lumi.estate/account/delete.
• By e-mail: request to hello@lumi.estate.

On deletion: your account, calendar events, CRM entries, todos, documents and chat history are permanently removed within 30 days. Anonymised analytics events are retained (they cannot be linked back to you).

The Service is directed at professional real-estate agents and is not intended for use by children. We do not knowingly collect personal data from children under 16 (EU), under 13 (UK/US), or under 18 where the local definition of a child is broader. If you believe a child has submitted data, contact us and we will delete it promptly.

We apply reasonable technical and organisational measures: encryption in transit (TLS 1.2+) and at rest, principle of least privilege, regular dependency patching, and incident logging. No system is perfectly secure. If we become aware of a personal data breach likely to result in risk to your rights, we will notify the competent supervisory authority within 72 hours and, if the risk is high, notify you directly.

If we change this Policy in a way that materially affects you, we will notify you via in-app notification and e-mail at least 15 days before the change takes effect, and update the “last updated” date at the top of this page.

Nikita Titov — hello@lumi.estate.