Data privacy#
What we collect#
| Data | Purpose | Retention |
|---|---|---|
| Email address | Authentication | Account lifetime |
| Conversations | Sidekick functionality | Configurable |
| Audit trail | Compliance, debugging | Per plan |
| Usage metrics | Billing, analytics | 2 years |
What we don't collect#
- Conversation content for model training
- Browsing behavior outside the dashboard
- Data from connected services beyond what you request
GDPR compliance#
LumenFlow supports GDPR requirements:
| Right | How to exercise |
|---|---|
| Access | Export all data from Settings → Privacy |
| Rectification | Edit profile in Settings → Account |
| Erasure | Delete account from Settings → Account |
| Portability | Export data as JSON/CSV |
| Objection | Contact hello@hellm.ai |
Data residency#
| Component | Location |
|---|---|
| Application | Global edge network (nearest region) |
| Database | US East by default |
| LLM calls | LumenFlow managed inference or your chosen provider's infrastructure |
Enterprise customers can work with us on data residency requirements and compliance export expectations.
SOC 2 readiness#
LumenFlow is building toward SOC 2 Type II readiness:
- Controls in product — action history, evidence capture, access posture
- Operational baseline — encryption, monitoring, and recovery practices
- Audit preparation — export and review surfaces that support formal assurance work
Responsible AI#
- All AI actions go through governance (no uncontrolled execution)
- Audit trail provides explainability for AI decisions
- Users control autonomy levels per action type
info For enterprise compliance requirements (HIPAA, FedRAMP), contact hello@hellm.ai for custom arrangements.