Lumis

Privacy Policy

Last updated: March 8, 2026

1. Introduction

Lumis by Luminous Metrics ("Lumis", "we", "us", or "our") is a marketing analytics platform that helps businesses connect their Google Ads, Google Analytics 4, and Google Search Console accounts to view performance data in a unified dashboard. This Privacy Policy explains how we collect, use, and protect your information.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name, industry, and company size.

Google API Data

When you connect your Google accounts, we access your marketing data through Google APIs with your explicit consent. This includes:

  • Google Analytics 4: Website traffic, user behavior, and conversion data (read-only access via analytics.readonly scope)
  • Google Search Console: Search performance, keyword rankings, and indexing data (read-only access via webmasters.readonly scope)
  • Google Ads: Campaign performance, spend, and conversion data (optional, via adwords scope)

Usage Data

We collect standard web analytics data about how you use our platform, such as pages visited and features used.

3. How We Use Your Information

  • Display your marketing data in our dashboard
  • Generate AI-powered insights and recommendations
  • Create performance reports
  • Provide customer support
  • Improve our platform and services

4. Google API Services User Data Policy

Lumis's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • We only access the Google data necessary to provide our services to you
  • We do not sell your Google data to third parties
  • We do not use your Google data for advertising purposes
  • We do not allow humans to read your Google data except with your consent, for security purposes, to comply with law, or for our internal operations
  • All Google API data is encrypted in transit (TLS) and at rest (AES-256-GCM)

5. Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL) with row-level security policies. Google OAuth tokens are encrypted with AES-256-GCM before storage. We use HTTPS for all data transmission.

6. Data Sharing

We do not sell, rent, or trade your personal data or Google API data. We may share data only:

  • With service providers that help operate our platform (e.g., hosting, email)
  • When required by law or to protect our legal rights
  • With your explicit consent

7. Data Retention and Deletion

We retain your data for as long as your account is active. You can request deletion of your account and all associated data at any time by contacting us. Upon deletion, we remove all stored Google OAuth tokens and cached API data within 30 days.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Revoke Google account access at any time via Google Account Permissions
  • Export your data

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at privacy@luminousai.com

Back to Lumis