Privacy Policy

Last updated: May 12, 2026

Note

If the Chinese translation conflicts with this English version, this English version governs.

1. Introduction

Lumart AI ("we," "our," or "us") operates the lumart.ai website and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

  • Account information: Email address, display name, and profile picture when you sign up via Google OAuth or email magic link.
  • Payment information: Billing details processed securely by Stripe. We do not store your full card number on our servers.
  • Usage data: Generation history, prompts, API usage logs, Star balance and transaction records.
  • Technical data: IP address, browser type, device information, and access timestamps collected automatically.

3. How We Use Your Information

  • Provide, maintain, and improve our AI generation services.
  • Process payments and manage your Star balance.
  • Send transactional communications (order confirmations, balance alerts).
  • Enforce our Terms of Service and prevent abuse.
  • Comply with legal obligations.

4. Third-Party Services

We share limited data with the following third-party providers to operate our services:

  • Stripe — payment processing and billing.
  • AI model providers (e.g., OpenAI, DeepSeek, Google, ByteDance) — your prompts and inputs are sent to these providers to generate content. We do not share your account or billing information with them.
  • Cloud storage — generated files are stored on Cloudflare R2 or equivalent S3-compatible storage.

5. Data Retention

We retain your account information and generation history for as long as your account is active. Billing records are retained as required by applicable tax and accounting regulations. You may request deletion of your data at any time (see Section 6).

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated data.
  • Export your data in a portable format.

To exercise any of these rights, please contact us at support@lumart.ai.

7. Security

We implement industry-standard security measures including encryption at rest (AES-256) and in transit (TLS 1.2+), HMAC-hashed API keys with server-side pepper, role-based access controls, and regular security audits. However, no method of electronic transmission or storage is 100% secure.

8. International Users & Data Transfers

Lumart AI is operated for a global audience. Our primary servers are located in the United States; generated assets are stored on globally distributed S3-compatible object storage. By using the Service you consent to your information being transferred to and processed in the United States and in any country where our upstream model providers (e.g. OpenAI, Anthropic, Google, ByteDance) operate.

  • EEA / UK (GDPR): You have the right to access, rectify, erase, restrict and port your personal data, and to object to processing. Lawful bases include contract performance, legitimate interest and consent. You may lodge a complaint with your local supervisory authority.
  • California (CCPA / CPRA): You have the right to know what personal information we collect, to delete it, and to opt out of any "sale" or "sharing" of personal information. We do not sell personal information in the traditional sense.
  • China (PIPL): For users in mainland China, personal information is processed under contract necessity. Cross-border transfers occur only where needed to deliver the Service (e.g. routing requests to upstream model providers).
  • Children: The Service is not directed to anyone under 18, and we do not knowingly collect data from minors.

To exercise any of these rights, email support@lumart.ai from your account email — we'll respond within 30 days.

9. Cookies & Local Storage

We use strictly necessary cookies for authentication (session tokens), CSRF protection, and locale preference. We do not use third-party advertising or cross-site tracking cookies. Optional analytics, if enabled, is anonymized and aggregated.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact

If you have any questions about this Privacy Policy, please contact us at support@lumart.ai.

Privacy Policy - Lumart AI | Lumart AI