Privacy Policy

This Privacy Policy (“Policy”) what information Lumana.AI, Inc. (“we,” or “us,” or “our”) collects, stores, uses and discloses (collectively, “Processes”), both via our website lumana.ai (“Site”), as well as via Lumana's online subscription-based AI-centric video management software service (the "Lumana Solution"). Specifically, we process the following categories of personal data:

1. Customer Data: Personal Data that we collect, process and manage on behalf of our business customers (“Customers”), submitted to or collected by the Lumana Solution, including our platforms, products, applications, application programming interfaces (“API”), tools, and any ancillary or supplementary Lumana products and services.
   We process such Customer Data on behalf and under the instruction of the respective Customer in our capacity as a “data processor”, in accordance with our Data Processing Addendum with them. For more information, please refer to Section 10 below.
   This Privacy Policy describes Lumana’s independent privacy and data processing practices as a “data controller” with respect to the Lumana Solution, the Site and any other services provided to the Customer by Lumana (“Services”), and does not apply to the processing of Customer Data. If you have any questions or requests regarding Customer Data, please contact your account administrator(s) (“Account Admin”) directly.
2. User Data: Personal Data concerning our Customers’ internal focal point who directly engages with Lumana concerning their Lumana account (e.g. billing contacts and authorized signatories), Customers’ Account Admins, and authorized users of the Lumana Solution (collectively, “Users”);
3. Prospect Data: Personal Data relating to visitors of our Site, participants at events, and any other prospective customer, user or partner (collectively, “Prospects”) who visit or otherwise interact with our programs, marketing and social activities and our websites, digital ads and content, emails, integrations or communications under our control.

Specifically, this Privacy Policy describes our data processing activities regarding -
1. Data Collection & Processing
2. Uses of Personal Data and Legal Basis for Processing
3. Data Location
4. Data Retention
5. Data Disclosure
6. Cookies and Tracking Technologies
7. Communications
8. Data Security
9. Data Subject Rights
10. Data Controller/Processor
11. US State Law Disclosures
12. Additional Notices 

If you are a Customer, User or Prospect, please read this Privacy Policy carefully and make sure that you fully understand it.

You are not legally required to provide us with any of your Personal Data, and may do so (or refrain from doing so) at your own free will. If you do not wish to provide us with your Personal Data, or to have it processed by us or any of our services providers, please simply do not visit or interact with our Sites or use our Services.

You may also choose not to provide us with “optional” Personal Data (i.e. Personal Data that is marked as “optional” on intake forms), but please keep in mind that if you don’t this may have an impact on your user experience with us. 

Capitalized terms not defined herein shall have the meaning given to them in Lumana’s Terms of Use (“Terms”).

In this privacy policy, the term "Personal Data” or “Personal Information" refers to any information that can be used to identify an individual, such as name, email address, phone number, photograph, IP address, and other data that can be reasonably linked to an individual. It does not include aggregated or anonymized information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.1

1. Data Collection & Processing

We collect or generate the following categories of Personal Data

• Directly Collected Personal Data: We collect and process Personal Data you directly provide to us on our Site or via the Lumana Solution, such as your full name, email address, phone number, company name and email address. When you set up an account on the Lumana Solution we collect your name, email, phone number, workplace, login credentials and any other information submitted by Account Admins and Users or otherwise available to us when they sign up or log in to the Lumana Solution, when creating their individual profile (“User Profile”), or by updating their account.

• Automatically Collected Personal Data: We collect information about you during your use of our Services, such as website analytics, IP address, pages you viewed, device and application data (like type, operating system, mobile device or app id, browser version, location and language settings used), activity logs, the relevant cookies and pixels installed or utilized on your device, and the recorded activity (sessions, clicks, use of features, logged activities and other interactions), how long you spent on a page, access times and information about your use of and actions on our Site. We may combine this with information you provide us via the Site.

• Additional Personal Data: We collect Personal data contained in any forms and inquiries that you submit to us, including support requests, interactions through social media channels and instant messaging apps, registrations to events that we host, organize or sponsor, and participation in our online and offline communities and activities, surveys, feedback and testimonials, needs, preferences, attributes and insights relevant to our potential or existing engagement, phone and video conference recordings (e.g., with our customer experience or product consultants), as well as written correspondence, screen recordings, screenshots, documentation and related information that may be automatically recorded, tracked, transcribed and analyzed, for purposes including analytics, technical support, quality control and improvements, training, and record-keeping purposes.We also utilize tools and channels that collect your Personal Data, such as LinkedIn, ZoomInfo and others. These are commonly used for connecting between companies and individual professionals in order to explore potential business and employment opportunities.
• CCTV footage: Our Customers collect CCTV footage (including thumbnails, images, audio (if elected by Customer), and metadata) via Lumana’s Solution (“Customer Personal Data”). The footage is stored locally in the Customer’s environment and thumbnails and images of the footage will be stored in Lumana-owned servers. We have remote access to the Customer-stored footage in cases where our Customer actively grants us access to their footage for the purpose of providing support. Our customers can also use Lumana’s cloud storage to store their CCTV footage, in which case we will have access to such stored footage. Lumana will not carry out any processing on such stored footage other than as instructed by our Customer. Note that Customer Personal Data is processed by us in our capacity as data processor, as further detailed in Section 10 below.

2. Uses of Personal Data and Legal Basis for Processing

We use Personal Data as necessary for the performance of our Services (“Performance of Contract”); to comply with our legal and contractual obligations (“Legal Obligations”); and to support our legitimate interests in maintaining and improving our Services, e.g. understanding how our Services are used and how our marketing campaigns are performing, and gaining insights which help us dedicate our resources and efforts more efficiently; providing customer services and technical support; and protecting and securing our Users, Customers and Prospects, Lumana and our Services (“Legitimate Interests”).

If you reside or are using the Services in a territory governed by privacy laws under which consent is the only or most appropriate legal basis for processing Personal Data as described in this Privacy Policy, your acceptance of our Terms of Use and of this Privacy Policy and use of the Services will be deemed as your consent to the processing of your Personal Data for all purposes detailed in this Privacy Policy, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at privacy@lumana.ai.

Specifically, we use Personal Data for the following purposes (and in reliance on the legal bases for processing noted next to them, as appropriate):

3. Data Location

We and our authorized Service Providers (defined below) maintain, store and process Personal Data in the United States (US) and Israel, and other locations as reasonably necessary for the proper performance and delivery of our Services, or as may be required by applicable law.

While privacy laws vary between jurisdictions, Lumana, its affiliates and Service Providers are each committed to protect Personal Data in accordance with this Privacy Policy, customary and reasonable industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

Lumana is headquartered in the United States.For data transfers from the EEA, the UK and Switzerland to the United States we and the relevant data exporters and importers have entered into Standard Contractual Clauses as approved by the European Commission, the UK Information Commissioner’s Office (ICO), and the Swiss FDPIC, as applicable.

4. Data Retention

We may retain your Personal Data for as long as it is reasonably needed to maintain and expand our relationship and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (e.g. as required by laws applicable to records-keeping and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following you ending the use of our Services), all in accordance with our data retention policy and at our reasonable discretion. 

To determine the appropriate retention period for Personal Data, we consider (i) whether we are required to retain your Personal Data in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) whether we may need it to defend any legal action. We also consider the amount, nature, and sensitivity of such data, the potential risk of harm from unauthorized use or disclosure of such data, the purposes for which we process it, and the applicable legal requirements. If you have any questions about our data retention policy, please contact us at privacy@Lumana.ai.

Please note that the retention period for any Customer Data is determined by our Customers in their sole discretion.

5. Data Disclosure

We disclose Personal Data in the following instances:

Service Providers: We engage selected third-parties as “Service Providers”, to perform services on our behalf or complementary to our own. These include providers such as: hosting and server co-location services, communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, fraud detection, investigation and prevention services, web and mobile analytics, email and communication distribution and monitoring services, session or activity recording services, call recording, AI tools, analytics and transcription services, event production and hosting services, remote access services, performance measurement, data optimization and marketing services, social and advertising networks, content, lead generating and data enrichment providers, email, voicemails, video conferencing solutions, support and customer relation management systems, third-party customer support providers, and our legal, compliance and financial advisors and auditors.

Our Service Providers may have access to Personal Data, depending on each of their specific roles and purposes in facilitating and enhancing our Services or other activities, and may only use the data as determined in our agreements with them.

Partnerships: We engage selected resellers, distributors and providers of professional services related to our Services, which allow us to explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences for our prospective and existing Customers and Users. In such instances, we may disclose relevant contact, business and usage details to the respective Partner, to allow them to engage with those Customers and Users for such purposes. 

Event Sponsors: If you register to any event that we host, organize or sponsor, then with your permission we may disclose your registration details to others, including the hosts, organizers, speakers, services providers and sponsors of that event, so that they may contact you with relevant information and offers, or to fulfill any promotions related to the event.

Customers and other Users: Your Personal Data may be disclosed to the Customer owning the Account to which you are subscribed as a User (including data and communications concerning your profile), as well as other Users of that Account. Your Personal Data and activity within the Services may also be monitored, processed and analyzed by the Account Admin. This includes instances where you contact us for help in resolving an issue specific to a team of which you are a member (and which is managed by the same Customer).

Any content submitted by you to the Lumana Solution may still be accessed, copied and processed by your Account Admin(s). Your profile and Personal Data will also be made available to all the authorized Users of the same Customer as you. Please note that Lumana is not responsible for and does not control any further disclosure, use or monitoring by or on behalf of the Customer, that itself acts as the “Data Controller” of such data (as further described in Section 10 below).

Feedback or Recommendations: If you submit a public review or feedback, note that we may (at our discretion) store and present your review publicly, on our Sites and Services. If you wish to remove your public review, please contact us at privacy@lumana.ai. If you choose to send others an email or message inviting them to use the Services, we may use the contact information you provide us to automatically send such invitation email or message on your behalf. Your name and email address may be included in the invitation email or message.

Legal Compliance: In exceptional circumstances, we may disclose or allow government and law enforcement officials access to your Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect the security or integrity of our products and Services.

Protecting Rights and Safety: We may disclose your Personal Data to others if we believe in good faith that this will help protect the rights, property or safety of Lumana, any of our Users or Customers, or any members of the general public.

Lumana Subsidiaries: We disclose Personal Data internally within our group of companies, for the purposes described in this Privacy Policy. In addition, should Lumana or any of its subsidiaries undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your Personal Data may be disclosed with the parties involved in such an event. If we believe that such change in control might materially affect your Personal Data then stored with us, we will notify you of this event and the choices you may have via email or prominent notice on our Services.

Analytics tools: We use various analytics tools on our Site and within the Lumana Solution to better understand how users interact with our services. For example, our Site utilizes Google Analytics to gather insights such as visit frequency, pages viewed, and referral sources. Additionally, we use analytics tools within the Lumana Platform to assess user experience, including ease of navigation, clarity of language, and functionality of interface elements. We may add or remove analytics tools as needed to improve our services.

For the avoidance of doubt, Lumana may disclose your Personal Data in additional manners, pursuant to your explicit approval, if we are legally obligated to do so, or if we have successfully rendered such data non-personal and anonymous.

6. Cookies and Tracking Technologies

Our Sites and Services (including some of our Services Providers) utilize “cookies”, anonymous identifiers, pixels, container tags and other technologies in order for us to provide and monitor our Services and Sites, to ensure that they perform properly, to analyze our performance and marketing activities, and to personalize your experience. Such cookies and similar files or tags may also be temporarily placed on your device. Certain cookies and other technologies serve to recall Personal Data, such as an IP address. You may also use the “Cookie settings” feature available in our Services depending on your location and activity on our Services, as applicable. You may set most browsers to notify you if you receive a cookie, or to block or remove cookies altogether.

7. Communications

We engage in Services and promotional communications, through email, phone, SMS and notifications.

Services Communications: We may contact you with important information regarding our Services. For example, we may send you notifications (through any of the means available to us) of changes or updates to our Services, billing issues, log-in attempts or password reset notices, etc. Our Customers, and other Users on the same Account, may also send you notifications, messages and other updates regarding their or your use of the Services. You can control your communications and notifications settings from your Account settings, or otherwise in accordance with the instructions that may be included in the communications sent to you. However, please note that you will not be able to opt-out of receiving certain Services communications which are integral to your use (like password resets or billing notices).

Promotional Communications: We may also notify you about new features, additional offerings, events and special opportunities or any other information we think you will find valuable, as our Customer, User, or Prospect. We may provide such notices through any of the contact means available to us (e.g. phone, mobile or email), through the Services, or through our marketing campaigns on any other sites or platforms. If you do not wish to receive such promotional communications, you may notify us at any time by sending an email to privacy@lumana.ai, changing your communications preferences in your User Profile settings, or by following the “unsubscribe”, “stop”, “opt-out” or “change email preferences” instructions contained in the promotional communications you receive.

8. Data Security

We implement and maintain reasonable security measures appropriate to the nature of the Personal Information that we collect, use, retain, transfer or otherwise process. Those measures include administrative, physical and technical safeguards to protect the security, confidentiality and integrity of Personal Information. However, please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any third parties as described above.

9. Data Subject Rights

 Under various privacy and data protection laws, such as the GDPR (in the EU and the UK) and the CCPA (in California), you have rights regarding your Personal Data, which may include the right to:

• Access: You have the right to request access to your Personal Data and obtain a copy of it.
• Rectification: You have the right to request that we correct any inaccurate or incomplete Personal Data.
• Erasure: You have the right to request that we erase your Personal Data in certain circumstances, such as when it is no longer necessary for the purpose for which it was collected.
• Restriction of processing: You have the right to request that we restrict the processing of your Personal Data in certain circumstances, such as when you contest the accuracy of the information.
• Data portability: You have the right to request that we provide you with a copy of your Personal Data in a structured, commonly used, and machine-readable format.
• Right to object: You have the right to object to the processing of your Personal Data where the processing is based on our legitimate interests.

If any or all of these rights apply to you, and you wish to exercise any of them – please contact us by email at privacy@lumana.ai. If you are a GDPR-protected individual, you also have the right to lodge a complaint with the relevant supervisory authority in the EEA or the UK, as applicable.

You may designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us. In such cases, we may request further information to verify such power of attorney and authorization.

Please note that when you ask us to exercise any of your rights under this Privacy Policy or applicable law, we may instruct you on how to fulfill your request independently through your Account; refer you to your Account Admin; or require additional information and documents, including certain Personal Data and credentials in order to process your request in a proper manner (e.g. in order to authenticate and validate your identity so that we know which data in our systems relates to you, and where necessary, to better understand the nature and scope of your request). Such additional information will be then retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request, and of how each request was handled), in accordance with this Privacy Policy.

We may redact from the data which we make available to you, any personal or confidential data related to others.

10. Data Controller/Processor

Certain data protection laws and regulations, such as the GDPR or the CCPA, typically distinguish between two main roles for parties processing Personal Data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes such data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.

Lumana is the “data controller” of its Prospect and User Personal Data, as detailed in Section 1 above. Accordingly, we assume the responsibilities of a data controller (solely to the extent applicable under law), as detailed in this Privacy Policy.

Lumana is the “data processor” of any Personal Data contained within Customer Data, as submitted by our Customers and their Users to the Lumana Solution. We process such Personal Data on behalf of our Customer (who is the “data controller” of such data) and in accordance with its reasonable instructions, subject to our Terms of Use, our Data Processing Addendum (to the extent applicable) and other commercial agreements with our Customer.

Our Customers are solely responsible for determining whether and how they wish to use our Services, and for ensuring that all individuals using the Services on the Customer’s behalf or at their request, as well as all individuals whose Personal Data may be captured and included in Customer Data have been provided with adequate notice and given informed consent to the processing of their Personal Data, where such consent is necessary, and that all legal requirements applicable to the collection, use or other processing of data through our Services are fully met by the Customer. Our Customers are also responsible for handling data subject rights requests under applicable law, by their Users and other individuals whose data they process through the Services.

If you would like to make any requests or queries regarding Personal Data we process as a data processor on our Customer’s behalf, please contact your Account Admin directly.

11. US State Law Disclosures

These additional disclosures are required by certain state privacy laws to the extent they apply to your use of our Services, and serve as a Notice at Collection under the California Privacy Rights Act.

Categories of personal information collected: The personal information that we may collect, or may have collected from consumers in the preceding twelve months, fall into the following categories established by the California Privacy Rights Act and other state privacy laws, depending on how you engage with our Services:

• Identifiers, such as your name, alias, address, phone numbers, or IP address, your account log-in information, or a government-issued identifier (such as an ID you provide for identity verification, which in some cases may reflect citizenship or immigration status);
• personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as your name,  physical characteristics or description and your payment information;
• characteristics of protected classifications under California or US federal law, such as age, race, or gender;
• commercial information, such as purchase activity;
• internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;
• information used to prevent and detect fraud or other unauthorized activity, including informing Customers if such activity were to affect them;
• Images of your face and your person;
• geolocation data, which may in some cases constitute precise geolocation information, such as the location of your device or computer, for example if you enable location services to enhance your experience through event applications we offer;
• audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;
• professional or employment-related information, for example data you may provide about your business; and
• inference data, such as information about your preferences.

We collect this information from you, automatically through your interaction with the Lumana Solution, or from third parties. We collect this information for the business and commercial purposes described in the “Uses of Personal Data and Legal Basis for Processing” section above.

Categories of personal information disclosed for a business purpose. The personal information that we may have disclosed about consumers for a business purpose in the preceding twelve months fall into the following categories established by the California Privacy Rights Act and other state privacy laws, depending on how you engage with our Services:

• Identifiers, such as your name, alias, address, phone numbers, or IP address, your account log-in information, or a government-issued identifier (such as an ID you provide for identity verification, which in some cases may reflect citizenship or immigration status);
• personal information as described in subdivision (e) of Section 1798.80 of the California Civil Code, such as your name,  physical characteristics or description and your payment information;
• characteristics of protected classifications under California or US federal law, such as age, race, or gender;
• commercial information, such as purchase activity;
• internet or other electronic network activity information, including content interaction information, such as content downloads, streams, and playback details;
• information used to prevent and detect fraud or other unauthorized activity, including informing Customers if such activity were to affect them;
• Images of your face and your person;
• geolocation data, which may in some cases constitute precise geolocation information, such as the location of your device or computer, for example if you enable location services to enhance your experience through event applications we offer;
• audio, visual, electronic or other similar information, including when you communicate with us by phone or otherwise;
• professional or employment-related information, for example data you may provide about your business; and
• inference data, such as information about your preferences.

“Sale” and “Sharing” of Personal Information. The CCPA places requirements on businesses relating to the “sale” or “sharing” of personal information. Where we refer to “sell” or “share” (or their variants) in quotes, we are referring to those terms as uniquely defined in the CCPA. We may use third-party analytics services and online advertising services that may result in the “sharing” of online identifiers and other identifiers (e.g., cookie data, IP addresses, device identifiers, general location information, usage information, email addresses) with analytics partners to help us analyze and understand use of the Site and our Services and to advertise the Lumana Solution on other websites. In some cases, such practice may also constitute a “sale” of personal information under the CCPA. If you or your authorized agent would like to opt out of our “sharing” or “sale” of your information for such purposes, you may do so by emailing privacy@lumana.ai. 

We do not share mobile information with third parties for their own marketing/promotional purposes. However, we may use third-party services for business contact verification and enrichment.

De-identified Data Disclosure: We may use de-identified data in some instances. We either maintain such data without attempting to re-identify it or treat such data as personal data subject to applicable law.

Please note that we also respond to and abide by opt-out preference signals sent through the Global Privacy Control. Any opt-out preferences you have exercised through these methods will only apply to the specific device/browser on which you made them. For more information on how to use the Global Privacy Control, see www.globalprivacycontrol.org. We do not knowingly “sell” or “share” the personal information of children under 16.

California Privacy Rights Act Sensitive Personal Information Disclosure. The categories of data that we collect and disclose for a business purpose include “sensitive personal information” as defined under the California Privacy Rights Act. We do not use or disclose sensitive personal information for any purpose not expressly permitted by the California Privacy Rights Act.

California Privacy Rights Act Non-Discrimination Statement. We will not discriminate against any consumer for exercising their rights under the California Privacy Rights Act.

Colorado Privacy Act and Oregon Privacy Act Profiling Disclosure. We do not engage in profiling of consumers in furtherance of automated decisions that produce legal or similarly significant effects, as those terms are defined under the Colorado Privacy Act or the Oregon Privacy Act. 

California Shine the Light: California Civil Code Section 1798.83, also known as the “Shine the Light” law, permits California residents that have an established business relationship with a business to annually request, free of charge, information about certain categories of Personal Information a business has disclosed to third parties for those parties’ direct marketing purposes in the preceding calendar year. We do not disclose Personal Information to third parties for their direct marketing purposes.

12. Additional Notices

Automated Decision Making: Lumana does not use Personal Data for profiling or to make automated decisions that have a legal or other significant effect on you without your explicit consent. Lumana’s Customers may configure the Lumana Solution in such a manner which does constitute an automated decision or profiling (e.g. calling law enforcement if a certain individual is detected), based on automated analysis of video footage, which may be based on Personal Data contained within Customer Data. Note that these configurations are made exclusively by the Customer in its sole discretion. Lumana has no control over this configuration or automated decisions made by the Customer. If you have any questions about such practices please contact the relevant Lumana Customer directly.

Updates and Amendments: We may update and amend this Privacy Policy from time to time by posting an amended version on our Services. The amended version will be effective as of the date it is published. When we make material changes to this Privacy Policy, we will give notice as appropriate under the circumstances, e.g., by displaying a prominent notice within the Services or by sending an email. Your continued use of the Services after the changes have been implemented will constitute your acceptance of the changes.

Third Party Websites and Services: Our Services includes links to third party websites and services, integrations with third parties and social media buttons. These websites and third parties, and any information you process, submit, transmit or otherwise use with websites, services, social media platforms, and third parties, are governed by such third party’s terms and privacy practices and policies, and not by this Privacy Policy. We encourage you to carefully read the terms and privacy policies of such websites, services, social media platforms and third parties.

Children under the age of 16: We do not knowingly collect Personal Data from children and do not wish to do so. If we learn that a person under the age of 16 is using the Services, we will attempt to prohibit and block such use and will make our best efforts to promptly delete any Personal Data stored with us with regard to such a child. If you believe that we might have any such data, please contact us by email at privacy@lumana.ai.

DNT Signals: We do not respond to Do Not Track (DNT) header signals at this time (please note that these are different from the global opt-out signals mentioned in the US Disclosures above).

Accessibility: We want our communications to be accessible to people with disabilities. To make accessibility-related requests or report barriers, please contact us at support@lumana.ai.

Questions, concerns or general complaints: We welcome your comments or questions about this privacy policy. You may contact us via email at privacy@lumana.ai.

‍