Privacy Policy

1. Information We Collect

Luminvera collects information necessary to provide AI discovery and agentic commerce services:

• Business Information: Company name, website, industry, location
• Product Data: Product names, descriptions, pricing, inventory
• Contact Information: Email, phone (for service communications)
• Payment Data: Processed securely through Stripe (we never see your full card details)
• AI Interaction Data: Bot traffic analytics, AI citations, invocation metrics

2. How We Use Your Information

We use your data to:

• Generate and maintain your agent.json file
• Host your Product Feed API
• Submit your business to AI registries (OpenAI, Anthropic, Google, Perplexity, xAI)
• Provide analytics on AI citations and invocations
• Process payments and subscriptions
• Send service updates and compliance notifications

3. AI Agent Interactions (GDPR 2026 Compliant)

Your business data is made available to AI agents through:

• agent.json file: Machine-readable service definitions hosted on your domain
• Product Feed API: Real-time product data hosted on our servers
• AI Registry Submissions: Direct integration with OpenAI, Anthropic, Google, Perplexity, xAI

Your Rights: You can update, restrict, or remove your data from AI registries at any time through your dashboard. Updates sync within 24 hours via IndexNow pings.

4. CCPA Rights (California Residents)

Under the California Consumer Privacy Act, you have the right to:

• Know what personal data we collect
• Know if we sell your personal data (we do not)
• Request deletion of your personal data
• Opt-out of the sale of personal data (not applicable - we don't sell data)
• Non-discrimination for exercising your rights

To exercise these rights: Contact us at privacy@luminvera.com

5. GDPR 2026 Compliance

For EU residents, we comply with GDPR requirements:

• Lawful Basis: Consent, contract performance, legitimate interest
• Data Minimization: We collect only data necessary for AI discovery services
• Right to Erasure: Request deletion at privacy@luminvera.com
• Data Portability: Export your data anytime from your dashboard
• Breach Notification: We notify you within 72 hours of any data breach

6. Data Security

We protect your data with:

• SOC 2 Type II compliant hosting (AWS)
• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Stripe PCI DSS Level 1 certification for payments
• Regular security audits and penetration testing

7. Third-Party Services

We share data with:

• Stripe: Payment processing (PCI DSS compliant)
• AI Registries: OpenAI, Anthropic, Google, Perplexity, xAI (for discovery)
• Supabase: Secure database hosting (SOC 2 compliant)
• AWS: Cloud infrastructure (ISO 27001 certified)

We never sell your data. Third parties only receive data necessary to provide services.

8. Cookies and Tracking

We use:

• Essential Cookies: Authentication, session management
• Analytics Cookies: Track bot traffic, AI citations (anonymous)
• No Marketing Cookies: We don't track you for ads

9. Data Retention

Active Subscribers: Data retained while you use our service

Canceled Subscriptions: Data deleted within 30 days (except legal requirements)

Analytics: Anonymized after 90 days

10. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect data from minors.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure:

• Adequacy decisions for EU data (EU-US Data Privacy Framework)
• Standard Contractual Clauses (SCCs) for other transfers
• AWS EU data regions for European customers

12. Contact Us

Privacy Questions: privacy@luminvera.com

General Inquiries: info@luminvera.com

Address: Chicago, IL

13. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email and dashboard notifications.

Last Updated: April 7, 2026