Privacy Policy

Last updated: March 2026

Introduction

Lumi (a product of Uedge AI) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your data when you use our service.

Contact: info@uedge.ai

1. What We Collect

Email Address

Used for authentication and account recovery. This is the only personal identifier we require.

Memories You Save

Text content you explicitly save to Lumi. These are your memories — we never use this data for any purpose other than storage and retrieval.

Usage Metadata

Timestamps of when memories are created, timestamps of searches, vault and collection names. This helps us improve performance and user experience.

What We Do NOT Collect

We do not collect: browsing history, device information, IP addresses for tracking purposes, location data, or any data you don't explicitly save to Lumi.

2. How Your Data Is Stored

Encryption at Rest: All your memories are encrypted using AES-256 encryption at the infrastructure level. Even Lumi staff cannot read your data.

Encryption in Transit: All data is transmitted using TLS 1.3. Your memories are never sent in plain text.

Row-Level Security: Your data is mathematically isolated from other users. Our database architecture ensures complete data isolation at the row level.

Automated Backups: Your memories are automatically backed up daily to multiple secure locations with point-in-time recovery capabilities.

3. Who Can Access Your Data

Only You: Your memories can only be accessed by you, authenticated via your account credentials.

MCP Tokens: Tokens use SHA-256 hashing — we never store raw tokens. Only you hold the key that grants access.

Lumi Staff: Due to row-level security policies, even Lumi staff cannot query individual user memories. We literally cannot access your data.

Third Parties: No third party can access your memories. We do not sell, rent, or share your data.

4. Third Party Services

Supabase (Database & Auth)

SOC2 Type II certified. Hosts your encrypted memories and handles authentication. Your data remains encrypted at all times.

OpenAI (Embeddings)

Used only for semantic search embedding generation. Your memory content is sent to generate search vectors, but OpenAI does not store or use this data for training.

Stripe (Billing)

We never store card details. Stripe handles all payment processing securely and we only receive billing confirmation.

Vercel (Hosting)

Hosts our web application. Has no access to your memory data — only serves the frontend application.

5. Data Retention

Your Choice: Your memories are retained until you delete them. You control when data is deleted.

Deletion Timeline: When you delete a memory, it is immediately removed from active storage. It is removed from all backups within 30 days.

Account Deletion: If you delete your account, all your data is permanently deleted. This includes all memories, backups, and account information.

6. Your Rights

Access

You can access and export all your memories anytime from your dashboard.

Deletion

You can delete individual memories or your entire account at any time. Deletion is permanent and irreversible.

Portability

Your memories belong to you. You can export all your data in standard formats.

7. Changes to This Policy

We will notify users of any material changes to this Privacy Policy via email. We will not decrease your privacy rights without your explicit consent.

8. Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email: info@uedge.ai