Lumetra Privacy Policy

Effective Date: May 22, 2026
Last Updated: May 22, 2026

Lumetra (“Lumetra,” “we,” “us,” or “our”) provides the Engram platform, websites, applications, and related services (the “Service”). This Privacy Policy explains how we collect, use, disclose, sell, share, and protect personal information when you use the Service, and describes your rights and choices.

If you do not agree with this Privacy Policy, do not use the Service.

Who we are / contact

• Lumetra LLC
• privacy@lumetra.io

1) Quick summary

• Free Accounts: As set in our Terms, Lumetra owns all Data (including Raw Inputs, Outputs, and Memories) for Free Accounts and may commercialize and sell such Data. Where required by law (e.g., California), you can opt out of “sale” or “sharing” of your personal information, but some features may be limited; you can choose a Paid Account to avoid sale of your data.
• Paid Accounts: You own your Raw Inputs; Lumetra owns Memories; no selling of Paid Account data. We may use Paid Account data (including Raw Inputs and Memories) to operate, secure, improve, and develop the Service (including model development and analytics), but we do not sell Paid Account personal information.
• Enterprise: An Enterprise Rider may supplement/supersede parts of this policy; in conflicts, the rider controls for that enterprise account.
• 18+ only; no illegal U.S. content; no sanctioned users.
• Logos: If you use the Service, we may display your name and logo to identify you as a customer.

2) Key definitions

• Personal Information / Personal Data: Information that identifies or can reasonably be linked to an identifiable person.
• Raw Inputs: Content you submit (uploads, prompts, instructions, files, data connections).
• Outputs: Content generated by the Service in response to Raw Inputs.
• Memories: Stored records the Service creates or maintains about interactions, context, configurations, or other data derived from use of the Service.
• Sell / Share: Meanings under applicable law (e.g., CPRA “sale” is transfer for valuable consideration; “share” is for cross‑context behavioral advertising).
• Free Account: Account for which no fee is paid.
• Paid Account: Account with an active, paid subscription or contract (non‑enterprise).

3) What we collect

A. Information you provide

• Account & profile: name, email, password, organization, role, preferences.
• Billing (Paid): payment method, billing address (processed by our payment processor).
• Raw Inputs: prompts, uploads, files, connectors/ingestions, settings, fine‑tuning data.
• Support & communications: messages, tickets, feedback, surveys.
• Publicity: your name and logo to identify you as a customer.

B. Information we generate or derive

• Outputs in response to your Raw Inputs.
• Memories (e.g., interaction context, embeddings/derived representations, configuration state, usage metadata).
• Analytics & inferences about feature usage, performance, and quality.

C. Information collected automatically

• Device/Log data: IP address, device IDs, browser type, OS, time zone, referring/exit pages, clickstream, crash logs.
• Usage data: API calls, tokens/characters processed, features used, timestamps, latency.
• Cookies/SDKs: session cookies, authentication, analytics, and—on Free Accounts—advertising/measurement cookies (where permitted).

D. Information from third parties

• Integrations you connect (e.g., cloud storage, ticketing, CRMs).
• Vendors & partners (e.g., analytics, fraud prevention, sanctions screening).
• Public sources (e.g., public websites, open datasets) for safety, quality, and evaluation.
• Prohibited content: You may not submit data that is illegal under U.S. law or content that violates our Terms/AUP (e.g., CSAM, malware, high‑risk regulated data without an approved addendum).

4) How we use information

• Provide and secure the Service (create and manage accounts, authenticate, process Raw Inputs, generate Outputs, store Memories, prevent fraud/abuse, comply with sanctions and law).
• Operate and improve features, models, and infrastructure (quality, reliability, safety, analytics, research, benchmarking).
• Develop and train models and systems (including use of Raw Inputs, Outputs, and Memories) consistent with your account type (see Section 6).
• Communicate with you (service messages, updates, support).
• Market and publicize (with Free/ Paid differences): show your name and logo as a customer; send product news and offers (you can opt out of marketing emails).
• Comply with legal obligations (tax, accounting, security incident handling, sanctions, law enforcement requests).

Legal bases (EEA/UK, if applicable): contract necessity; legitimate interests (e.g., security, improvement); consent (where required, e.g., certain cookies/ads); compliance with law.

5) Disclosures of information

We disclose personal information to:

• Service providers / processors: hosting, storage, data pipelines, analytics, metrics, communications, payment processing, sanctions screening, security.
• Affiliates: for Service operations consistent with this policy.
• Partners / integrations: when you enable or request them.
• Advertising/measurement partners (Free Accounts only): for cross‑context behavioral advertising where permitted by law.
• Business transfers: merger, financing, acquisition, or sale of assets.
• Legal & safety: to comply with law, enforce Terms, protect rights/safety, respond to lawful requests.
• With your direction or consent.

We do not disclose Paid Account personal information for sale; see Section 6.

6) Sale/share and plan‑specific practices

Free Accounts

• Ownership: Per the ToS, Lumetra owns all Data for Free Accounts.
• Sale/Share: We may commercialize, sell, or share Free Account personal information (including Raw Inputs, Outputs, Memories) for purposes such as improving the Service, analytics, advertising/measurement, or model development and commercialization.
• Your choices: Where required by law, you may opt out of sale or sharing via “Do Not Sell or Share My Personal Information” at [link] or by enabling the Global Privacy Control (GPC) signal in your browser. Opting out may reduce functionality or personalization in the Free tier; you can upgrade to a Paid Account to avoid sale.

Paid Accounts

• Ownership: You own Raw Inputs; Lumetra owns Memories.
• No selling: We do not sell Paid Account personal information.
• Use: We may process Paid Account data (Raw Inputs, Outputs, Memories) to operate, secure, improve, and develop the Service and our models/systems, including analytics and research, but not to sell personal information.
• Advertising cookies: Not used for Paid Account workspaces by default.

Enterprise

Enterprise Rider may modify or override the above (e.g., disabling training, custom retention, custom subprocessors). The rider controls for that enterprise account.

7) Cookies and tracking

We use cookies and similar technologies for authentication, security, performance, analytics, and—Free Accounts only—advertising/measurement (where permitted).

Manage preferences at [Cookie Settings link] and (where required) via consent banners. We honor GPC for sale/share opt‑outs in supported regions.

8) Data retention

We retain personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and protect our rights. Typical ranges:

• Account & billing: life of account + up to 7 years (tax/records).
• Raw Inputs / Outputs: operational copies for the life of the account; logs/temporary caches typically ≤ 24 months.
• Memories: while the account remains active; may be retained/de‑identified for improvement and safety.
• Analytics & security logs: typically 12–24 months.
• Backups: retained per rolling backup schedules.

As stated in the ToS, we do not guarantee retention and may retain, anonymize, or delete Data at our discretion, subject to applicable law and any enterprise rider.

9) Security

We implement reasonable technical and organizational measures designed to protect personal information (e.g., encryption in transit/at rest, access controls, logging, segregation, secure development practices). No system is perfectly secure. If we discover a security incident affecting your personal information, we will notify you without undue delay as required by law.

10) International data transfers

We may transfer, store, and process personal information in countries other than where it was collected (including the United States). Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross‑border transfers.

11) Your privacy rights

Depending on your location, you may have rights to:

• Access/Know the categories and specific pieces of personal information we have collected about you.
• Correct inaccuracies.
• Delete personal information (subject to exceptions).
• Portability of certain information.
• Opt out of sale or sharing (Free Accounts) and targeted advertising.
• Limit use of sensitive personal information (where applicable).
• Appeal a decision (CO/CT/VA).
• Withdraw consent (if processing is based on consent).

How to exercise: Email privacy@lumetra.io with your request. We will verify your identity (and agent authorization where applicable) and respond within the time required by law. You will not be discriminated against for exercising your rights; however, the Free tier may offer reduced functionality without sale/share, and you may choose a Paid plan to avoid sale/share by design.

California notices (CPRA):

• Categories collected (past 12 months): identifiers, customer records, commercial information, internet/activity data, geolocation (approximate), inferences, and (only if you submit) professional or education information. We do not intentionally collect sensitive personal information, and we instruct users not to submit regulated/sensitive data unless we have a written addendum.
• Sale/Share: We sell/share personal information only for Free Accounts. We do not knowingly sell/share the personal information of anyone under 18 (use is restricted to 18+).
• Notice of Financial Incentive: Our Free tier may be viewed as a price or service difference related to the value of personal information. We make a good‑faith assessment of value based on factors like the cost of providing the free service, estimated revenue, and market benchmarks. You may opt out of sale/share at any time or choose Paid to avoid sale/share.
• Nevada: You may opt out of sale under NRS 603A by contacting privacy@lumetra.io.
• Colorado/Connecticut/Virginia/Utah: You may opt out of targeted advertising and certain profiling for Free Accounts and appeal denials of rights requests.
• EEA/UK (if applicable): Contact us to exercise GDPR rights (access, rectification, erasure, restriction, portability, objection). You may lodge a complaint with your local authority.

12) Children’s privacy

The Service is for adults (18+) only. We do not knowingly collect personal information from anyone under 18. Do not use the Service if you are under 18. If you believe a minor has provided personal information, contact privacy@lumetra.io for deletion.

13) Sanctions and restricted persons

We do not do business with anyone under U.S. sanctions and may collect/use identifiers, geolocation signals, and screening data to comply with sanctions and export controls.

14) Publicity (logos)

If you use the Service, you grant Lumetra the right to display your name and logo to identify you as a customer on our websites and marketing materials, consistent with our Terms. Enterprise riders may customize publicity permissions.

15) Third‑party services and links

Third‑party services you connect to (or that we use to provide the Service) have their own terms and privacy practices. We are not responsible for their practices. Review their policies before enabling integrations.

16) Changes to this Privacy Policy

We may update this Policy from time to time. We will update the “Last Updated” date and, for material changes, provide notice (e.g., email, in‑product) consistent with applicable law. Your continued use of the Service after the effective date constitutes acceptance.

17) How to contact us

Questions or requests? Email privacy@lumetra.io

18) U.S. “Notice at Collection” (California‑style summary)

Categories we collect → Examples → Sources → Purposes → Disclosed to → Sold/Shared (Free only?)

• Identifiers → name, email, IP, device IDs → you; device; partners → account, security, analytics → vendors, affiliates → Yes (Free); No (Paid)
• Customer records → billing info (Paid) → you; processor → billing, compliance → payment processor → No
• Commercial info → plan, usage, transactions → you; system → operate, improve → vendors → Yes (Free); No (Paid)
• Internet/activity → logs, pages, tokens, clicks → device; system → operate, secure, analytics → vendors → Yes (Free); No (Paid)
• Geolocation (approx.) → IP‑based → device → security, sanctions → vendors → Yes (Free); No (Paid)
• Inferences → preferences, feature use → system → improve, personalize → vendors → Yes (Free); No (Paid)

We do not intentionally collect sensitive personal information and instruct users not to submit regulated categories absent a governing addendum.

19) Your choices

• Marketing emails: Opt out via the email footer or account settings.
• Access/Deletion/Correction: Request via privacy@lumetra.io.
• Paid upgrade: Choose a Paid Account to avoid sale/share by design.

20) Role and processing agreements

By default, Lumetra acts as an independent business/controller for the Service. For certain enterprise features, Lumetra may act as a processor under a Data Processing Addendum (DPA) incorporated into the Enterprise Rider. See [DPA link] for details, including cross‑border transfer mechanisms (e.g., SCCs).