Effective Date: 7 March 2026 | Last Updated: 7 March 2026
This Privacy Policy explains how Lumoside (ABN 27 388 151 298) collects, uses, stores, and discloses your personal information when you use the platform at lumoside.app (the "Service").
We are committed to the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), GDPR for EU-based users, and CCPA for California-based users.
Privacy inquiries: support@lumoside.app
Lumoside is operated by Eli Searle trading as Lumoside, registered in New South Wales, Australia. ABN: 27 388 151 298. Contact: support@lumoside.app | lumoside.app
We use authentication cookies (to keep you logged in), preference cookies (to remember your settings), and Vercel Analytics for anonymous usage statistics. You can control cookies through your browser settings.
We use the information we collect to create and manage your account, process payments via Stripe, provide and improve the Service, generate AI-powered briefings, send transactional emails, send product and lifecycle emails (you may opt out in Settings), detect and prevent fraud, and comply with legal obligations.
We do not use your data for advertising. We do not sell your data to any third party.
When you use AI features, relevant notes and client data may be transmitted to Anthropic Claude APIs for processing. We minimise the data shared to only what is necessary. We do not authorise AI providers to use your data to train their models beyond what is required to provide the API service. Anthropic has committed to not training on customer API data per their Data Processing Addendum.
You are solely responsible for reviewing AI-generated content before distributing it.
We share your data only with Stripe, Supabase (AWS Sydney), Vercel, Resend, Anthropic, and Notion API (if you choose to import notes) to operate the Service. We do not sell, rent, or disclose your information to any other third party except as required by law.
We retain your data while your account is active. Upon cancellation: data is retained for 30 days to allow reactivation; after 30 days, data is queued for permanent deletion; permanent deletion is completed within 60 days of account closure. Transaction records may be retained longer as required by Australian financial record-keeping obligations.
We implement industry-standard security measures including row-level security, encrypted connections (HTTPS/TLS), secure tokenised payment processing via Stripe, and secure cookie-based session management. No system is completely secure. You are responsible for maintaining the security of your account credentials.
Australian users have rights under the Privacy Act 1988. EU users have GDPR rights (access, rectify, erase, restrict, port, object, withdraw consent, lodge complaint). California users have CCPA rights (we do not sell personal information). Contact support@lumoside.app to exercise your rights. We will respond within 30 days.
You may export your client and employee data in CSV or JSON format at any time from within the Service. For a full account data export, contact support@lumoside.app.
The Service is for users aged 18 and over. We do not knowingly collect information from anyone under 18.
Data is stored in AWS Sydney (ap-southeast-2) via Supabase. AI feature processing may involve servers in the United States operated by Anthropic. Appropriate safeguards are applied.
We will notify you of material changes via email and in-app notification at least 14 days before changes take effect. The updated Policy will be posted at lumoside.app/privacy.
For privacy inquiries, data access requests, or complaints: Lumoside — support@lumoside.app — lumoside.app — ABN 27 388 151 298. If unsatisfied with our response, you may lodge a complaint with the OAIC at oaic.gov.au.
Lumoside | support@lumoside.app | lumoside.app | ABN 27 388 151 298