1. What Data We Collect / Access

Because Lume's core functionality is based on API access to Meta and YouTube, we primarily collect or access:

We do not (currently) collect biometric data, location tracking (unless explicitly given), financial data, or other sensitive categories.

2. Legal Basis / Consent

We rely on your consent (via linking accounts and authorizing scopes) as the legal basis for accessing and processing your API data. You may withdraw consent (e.g. unlink account), which may disable features.

3. How We Use the Data

• To provide core functionality: retrieving your content, analytics, showing dashboards, syncing.
• To improve and maintain the Service, fix bugs, monitor performance.
• To communicate with you (notifications, support, updates).
• To enforce policies, detect abuse or misuse.

4. Data Sharing / Disclosure

We will not share your personal data with third parties except in these circumstances:

• With service providers (e.g. hosting, analytics, email) under contract and confidentiality obligations.
• When required by law, court order, or governmental request.
• To prevent fraud or protect the rights, property, safety of Lume, users, or public.
• If Lume merges or is acquired, your data may be part of transferred assets (with notice).

We do not sell your personal information.

5. Data Retention and Deletion

We retain your data as long as necessary to provide the Service or as required by law. You may request deletion of your account/data; we will delete or anonymize your data within a reasonable timeframe, except for data we must retain for legal/compliance reasons.

6. Security Measures

We take reasonable technical, administrative, and organizational measures to protect your data (e.g. encryption in transit and at rest, access controls, least privilege). However, no system is perfectly secure — we cannot guarantee absolute security, but will notify you in case of a data breach as required by law.

7. Third-Party APIs & Their Privacy Terms

Because Lume integrates with Meta and YouTube APIs:

• The data these providers return is subject to their privacy policies, and your use must comply with those.
• You should review Google / YouTube privacy policies and Meta privacy / data use policies.
• We act as a “data controller / processor” (as applicable) for the data we access via your permissions.
• For Google APIs, we must comply with Google API Services User Data Policy (e.g. limited use of certain scopes, transparency about what scopes we request)

8. Children / Minors

We do not knowingly provide our Service to individuals under the age of 13 (or higher threshold depending on jurisdiction). If we discover data from minors was collected without parental consent, we will delete it.

9. International Transfers

Your data may be stored or processed in servers located in jurisdictions outside your home country. We will ensure adequate safeguards (e.g. standard contractual clauses, data protection measures) where required by law.

10. Your Rights & Choices

You may:

• Access, correct, or update your account/profile information
• Revoke permissions for linked API accounts (Meta, YouTube)
• Request deletion or anonymization of your data
• Opt out of nonessential communications
• Lodge a complaint with a data protection authority

11. Changes to This Policy

We may modify this Privacy Policy. For material changes, we will notify you (e.g. via email or prominent notice). Your continued use after the changes constitutes acceptance.

12. Contact Information

If you have questions, concerns, or requests related to this policy or your data, you may contact us at: support@mylume.co