lumenx SAS ("lumenx", "we", "our", "us") operates lumenx.ai, an AI-powered research interview platform. We are committed to protecting your privacy and complying with applicable data protection laws including the EU General Data Protection Regulation (GDPR), UK Data Protection Act, and US state privacy laws.
This Privacy Policy explains how we collect, use, protect, and share information when you use our services.
This policy applies to:
- Customers: Organizations that purchase and use our platform
- Website Visitors: Individuals who visit lumenx.ai
- Interview Participants: Individuals who participate in AI-conducted interviews
Key Terms:
- Personal Data: Any information relating to an identified or identifiable person
- Pseudonymization: Processing personal data so it can no longer be attributed to a specific person without additional information
- Processing: Any operation performed on personal data
3.1 Customer Information
Data collected:
- Account information: company name, contact person, email, phone
- Authentication data: email, hashed passwords
- Billing information: processed by our payment provider
- Usage data: feature usage, session information, support interactions
Legal basis: Contract performance and legitimate interests
3.2 Interview Data
Important Privacy Protection: We pseudonymize interview data by stripping all direct identifiers. Audio is deleted immediately after transcription, and transcripts are stored without speaker metadata.
Data processed:
- Audio recordings: Temporarily processed for transcription only, then immediately deleted
- Transcripts: Stored in pseudonymized form
- Analysis results: Aggregated insights with no personal identifiers
AI Processing: We use AI services via APIs that do not train on or retain your data.
Legal basis: Legitimate interests of our customers in conducting research
3.3 Website and Technical Data
Data collected automatically:
- IP address and approximate location
- Browser type, device information, operating system
- Pages visited, referring sites, interaction data
- Cookies and similar technologies (see Section 9)
Legal basis: Legitimate interests in security and service improvement
4.1 Primary Purposes
We process data to:
- Provide our AI interview and analysis services
- Manage customer accounts and billing
- Ensure platform security and prevent fraud
- Improve our services and develop new features
- Comply with legal obligations
4.2 Pseudonymized Data
We may use pseudonymized interview data to:
- Generate aggregated research insights
- Improve our AI models and algorithms
- Create industry benchmarks and reports
4.3 No Automated Decision-Making
We do not use personal data for automated decision-making or profiling that produces legal or similarly significant effects on individuals.
5.1 Service Providers
We share data with carefully selected service providers:
- AI language model providers (for transcription and analysis)
- Cloud infrastructure providers
- Payment processors
- Analytics providers
AI Service Data Protection:
- API providers do NOT use data to train models
- Data is NOT retained after processing
- These protections are standard for all API usage
Sub-processor List: Available upon request
5.2 Legal Obligations
We may disclose data when required by:
- Law enforcement requests with proper legal authority
- Court orders or legal proceedings
- Protection of our rights, safety, or property
5.3 Business Transfers
In case of merger, acquisition, or asset sale, data may be transferred with appropriate protections.
We never sell personal data.
6.1 Rights by Jurisdiction
GDPR Rights (EU/UK Residents):
- Access your personal data
- Rectify inaccurate data
- Request erasure ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent
US Privacy Rights (California, Virginia, Colorado, Connecticut, Utah):
- Know what personal information we collect
- Delete personal information
- Opt-out of sale (we don't sell data)
- Non-discrimination
- Correct inaccurate information
6.2 Exercising Your Rights
- Email: privacy@lumenx.ai
- Response time: Within 30 days (GDPR) or 45 days (CCPA)
- Verification: We may request information to verify your identity
- No fee unless requests are excessive or unfounded
For Privacy Inquiries:
lumenx SAS Data Protection Officer: Antoine Ferrere Email: privacy@lumenx.ai