Privacy Policy

Lumeo is an AI optimization platform. When you run an Agentic Scan or use our services, we process your website's publicly available content—structure, metadata, and text—to produce visibility audits, structured data recommendations, and machine-readable artifacts (such as llms.txt and JSON-LD).

We collect: (1) the URLs you submit for scanning, (2) the results of our crawls and AI analysis, (3) your account and billing information when you subscribe, and (4) technical logs necessary to operate and improve our services. We do not collect information about your website's visitors unless you explicitly integrate such data into our systems.

We do not use your site data to train our own models. Any content we crawl, parse, or analyze is used solely for delivering AI optimization services to you.

It is never fed into general-purpose AI training pipelines. Our AI agents (Surveyor, Architect, Scribe, Machinist) operate on your data in real time to produce outputs for your account only. We do not retain your content for model improvement or share it with third-party model providers for training purposes.

You have the right to request deletion of agentic logs, cached data, and analysis results associated with your domain or account. We honor such requests within 30 days of verification.

To initiate a deletion request, contact privacy@lumeoagent.com with your account email and the domain(s) you wish to have removed. We will confirm receipt, verify your identity, and provide a completion notice once all applicable data has been purged.

• Deletion covers crawl outputs, audit results, and any cached representations of your site.
• Billing records may be retained for legal and tax compliance as required by law.

Lumeo is designed to comply with the General Data Protection Regulation (EU) and the California Consumer Privacy Act as extended and amended in 2026. We process personal data under legitimate interest for service delivery, consent where required, and contractual necessity.

You have the right to: access your data, correct inaccuracies, request deletion, restrict processing, data portability, and object to processing. You may also withdraw consent at any time. To exercise these rights, contact privacy@lumeoagent.com. We respond within 30 days.

Our Data Processing Agreement (DPA) and Standard Contractual Clauses for international transfers are available for enterprise customers upon request.

• We do not sell personal data. We do not use your data for profiling beyond service delivery.
• Sub-processors (e.g., cloud infrastructure, AI providers) are bound by confidentiality and data protection obligations.

Lumeo Analytics (Ghost Tracker) measures agent engagement without tracking PII. We collect aggregate signals—such as query patterns, page paths crawled, and conversion intent—using fingerprinting that cannot be linked to individual users or devices.

We do not use cookies, local storage, or any persistent identifiers for analytics. Session data is hashed and aggregated within 24 hours. Our analytics are designed for B2B insights (e.g., how many agent sessions hit your pricing page) and are not used for advertising or cross-site tracking.

• Agent fingerprints are one-way hashes and cannot be reversed to identify users.
• You can opt out of Ghost Tracker data collection in your Lumeo dashboard.

Crawl and audit data is retained for the duration of your subscription plus 90 days after cancellation to support dispute resolution, support requests, and historical analysis at your discretion. After this period, we purge all associated data.

We may retain data longer only when required by law—for example, tax records or legal holds. In such cases, retention is limited to the minimum necessary.

• You may request early deletion at any time.
• Aggregated, anonymized metrics used for product improvement are not considered personal data and may be retained indefinitely.

For privacy-related questions, deletion requests, or to exercise your rights, contact us at privacy@lumeoagent.com. Our Data Protection Officer can be reached at the same address.