Privacy Policy

Last updated: March 22, 2026

LumeKit ("we," "us," "our") operates lumekit.co. This policy describes how we collect, use, and protect your information.

Information We Collect

Account data: Email address and hashed password when you create an account.

Uploaded images: Product photos you upload for processing, stored in our cloud infrastructure.

Payment data: Processed by Stripe. We never see or store your card number.

Usage data: Which scenes you select, credit usage, and standard server logs (IP address, browser type).

How We Use Your Information

We use your data solely to provide the service: authenticating your account, processing your images with AI, managing credits, and processing payments. We do not sell your data to anyone.

Third-Party Services

We share data with these processors to deliver the service:

Supabase (US) — authentication, database, and image storage
Stripe (US) — payment processing
Fal.ai (US) — AI image processing. Your uploaded images are sent to Fal.ai for scene placement and relighting. Images are processed and not retained by Fal.ai after delivery.

We do not share your data with advertisers, data brokers, or any other third parties.

AI Processing Disclosure

LumeKit uses artificial intelligence to process product images. All exported images are tagged with "Generated by AI" EXIF metadata to comply with transparency standards. Users are responsible for disclosing AI usage per marketplace requirements when listing products.

Cookies & Session Data

We use session tokens for authentication. These are essential to the service and cannot be disabled. We do not use analytics, advertising, or tracking cookies.

Data Retention

Your uploaded and processed images are stored until you delete them or your account. Account data is retained while your account is active. Server logs are retained for 30 days.

Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing us. California residents have additional rights under the CCPA, including the right to know what data we collect, request deletion, and opt out of data sales (we do not sell data).

Children

LumeKit is not intended for users under 13. We do not knowingly collect data from children.

Security

Data is encrypted in transit (TLS) and at rest. Passwords are hashed. We use industry-standard security practices through our infrastructure providers.

Changes

We may update this policy. Continued use of the service after changes constitutes acceptance.

Contact

For privacy questions or data requests: privacy@lumekit.co