Privacy Policy

Effective Date: January 1, 2025 | Last Updated: January 21, 2026

Lumios Law, Inc. ("Lumios," "Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered legal discovery platform and related services (collectively, the "Services"). Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. INFORMATION WE COLLECT

1.1 Information You Provide to Us

We collect information that you voluntarily provide when using our Services, including:

  • Account Information: When you register for an account, we collect your name, email address, organization name, job title, and password.
  • Customer Data: Legal documents, case materials, correspondence, and other content you upload to the Services for processing and analysis.
  • Payment Information: Billing address and payment details processed through our third-party payment processors.
  • Communications: Information you provide when you contact us for support, provide feedback, or communicate with us.

1.2 Information Collected Automatically

When you access our Services, we automatically collect certain information, including:

  • Device Information: Device type, operating system, browser type, unique device identifiers, and mobile network information.
  • Log Information: Access times, pages viewed, IP address, and the page you visited before navigating to our Services.
  • Usage Information: Features used, actions taken, and how you interact with our Services.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activities.

1.3 Information from Third Parties

We may receive information about you from third parties, including identity verification services, payment processors, and business partners who provide services on our behalf.

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  • Provide and Maintain Services: To operate, maintain, and improve our AI-powered legal discovery platform, including document processing, fact extraction, chronology building, and case analysis features.
  • Process Customer Data: To analyze your uploaded documents using artificial intelligence and machine learning technologies to extract facts, build chronologies, identify entities, and generate insights.
  • Account Management: To create and manage your account, authenticate users, and provide customer support.
  • Communications: To send you technical notices, updates, security alerts, and administrative messages.
  • Improve Services: To analyze usage patterns, diagnose technical issues, and develop new features and functionality.
  • Security: To detect, prevent, and address fraud, security breaches, and other harmful activities.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.

3. AI AND MACHINE LEARNING PROCESSING

3.1 How AI Processes Your Data

Our Services utilize artificial intelligence and machine learning technologies to process Customer Data. This processing includes:

  • Extracting facts, dates, entities, and relationships from legal documents;
  • Building chronologies and timelines from document evidence;
  • Generating semantic embeddings for intelligent search;
  • Identifying document categories and relevance;
  • Creating knowledge graphs and entity relationships; and
  • Generating AI-assisted analysis and summaries.

3.2 Third-Party AI Providers

We use third-party AI service providers (including OpenAI and Anthropic) to power certain features of our Services. When your Customer Data is processed by these providers:

  • Data is transmitted securely using encryption;
  • We have data processing agreements in place with these providers;
  • These providers are contractually prohibited from using your data to train their models; and
  • Processing is performed in accordance with our security standards.

3.3 Model Training

We do not use your Customer Data to train general-purpose AI models. Any improvements to our Services are made using anonymized and aggregated data that cannot be traced back to you or your organization.

4. HOW WE SHARE YOUR INFORMATION

We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf, including cloud hosting, AI processing, payment processing, and analytics.
  • Legal Requirements: When required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of the transaction.
  • With Your Consent: When you have given us explicit permission to share your information.

We do not sell your personal information or Customer Data to third parties for their marketing purposes.

5. DATA SECURITY

We implement and maintain comprehensive security measures to protect your information:

  • Encryption: All data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption.
  • Access Controls: We implement role-based access controls and require authentication for all system access.
  • Infrastructure Security: Our systems are hosted on enterprise-grade cloud infrastructure with SOC 2 Type II compliance.
  • Monitoring: We employ continuous security monitoring and regular vulnerability assessments.
  • Employee Training: Our team receives regular security awareness training.

While we use commercially reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. DATA RETENTION

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this Privacy Policy. Specifically:

  • Account Information: Retained for the duration of your account plus a reasonable period for legal and business purposes.
  • Customer Data: Retained during your subscription. Upon termination, we retain your data for 30 days to allow for export, after which it is deleted.
  • Usage Data: Retained in aggregated form for analytics and service improvement purposes.

You may request deletion of your personal information by contacting us at the address below, subject to our legal retention obligations.

7. YOUR RIGHTS AND CHOICES

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request access to the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to certain exceptions.
  • Data Portability: Request a copy of your data in a structured, machine-readable format.
  • Opt-Out: Opt out of certain data processing activities, including marketing communications.

To exercise these rights, please contact us at admin@lumios.law. We will respond to your request within the timeframes required by applicable law.

8. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • The right to know what personal information we collect, use, and disclose;
  • The right to request deletion of your personal information;
  • The right to opt-out of the sale or sharing of personal information;
  • The right to non-discrimination for exercising your privacy rights; and
  • The right to limit use of sensitive personal information.

We do not sell personal information as defined under the CCPA/CPRA. To exercise your California privacy rights, please contact us at admin@lumios.law.

9. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer information internationally, we implement appropriate safeguards, including standard contractual clauses approved by relevant authorities, to protect your information in accordance with this Privacy Policy.

10. CHILDREN'S PRIVACY

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete such information promptly.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our Services prior to the effective date of the changes. Your continued use of our Services after the effective date constitutes acceptance of the updated Privacy Policy.

12. CONTACT US

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Lumios Law, Inc.

Email: admin@lumios.law

Return to Home