Privacy

What we collect. Why. Who sees it.

Lumis is in private beta. This page is the plain-language version of our privacy practices. A formal legal policy lands before general availability and before our first paying customer.

Last updated · 2026-04-18

Who we are

Lumis is operated by the team at Lumis Work (“Lumis”, “we”). Our domain is lumis.work. You can reach us at hello@lumis.work, or for security-specific questions at security@lumis.work.

What we collect

Three categories, nothing else:

  • Account data. Your work email, your name if you provide it, your organization name, the role you’re invited under, and login timestamps. Passwords are hashed with Argon2id; we never see your plaintext password.
  • Integration data. When you connect a PM tool (Asana today, others as they ship), we store the OAuth or PAT credential encrypted at rest with AES-256-GCM. We then read the tasks, comments, custom fields, and metadata scoped by that credential so Lumis can do its job — sync edits, flag unclear tasks, draft digests.
  • Usage data. The actions you take inside Lumis — sync events, AI calls (model, tokens, cost, outcome), integration connects and disconnects. Used for auditing, debugging, and showing you what things cost. Not sold, not shared with advertisers, not used to train any shared model.

We do not run third-party analytics scripts or advertising pixels. No cookie banner because there’s nothing to consent to beyond the session cookie that keeps you logged in.

Who sees it

Your organization’s own admins and members see the data you put into Lumis, same as any SaaS. Lumis staff does not see inside your organization by default — our staff portal only accesses customer data when an admin in your organization has explicitly opted in (allowSupportAccess). Any access Lumis staff makes into your workspace is recorded in your own audit log with the staff member’s email and timestamp.

A small list of infrastructure vendors sees subsets of your data in transit or at rest. See the subprocessor list on our security page for the full accounting.

How long we keep it

Account and integration data stays for as long as the organization is active. When you delete your account or your organization, we delete the associated rows within 30 days and purge backups within 90 days. AI usage logs roll off after 12 months unless your organization has extended retention for compliance.

AI and your data

Every AI feature in Lumis has an on/off/template toggle per feature. Template mode runs on variables like {task_title} and calls no LLM. AI mode calls Claude (Anthropic) or OpenAI via the appropriate API, scoped to the task at hand.

Accept/reject/edit signals from AI features feed back into your organization’s own prompt tuning. Those signals stay inside your tenant and never train a model shared across customers. An admin can edit or clear them from the settings page.

International, residency, and GDPR

Private beta is US-only today. International signups capture country, team size, and current PM tool so we can prioritize regions to open up next. When we open up the EU, we’ll publish a DPA (Data Processing Agreement) and list the EU subprocessor arrangement here before a single EU customer connects.

GDPR access, export, and deletion requests are honored within the regulatory window. Send the request to privacy@lumis.work.

Changes to this page

If our practices change in a way that affects what we collect or who sees it, we’ll update this page and send a heads-up to the email on your account before the change takes effect. The change itself lands in the changelog.