Legal

Privacy Policy

Last updated: April 20, 2026

Lumen is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we handle it.

01

Information We Collect

When you connect your Instagram account, we collect your Instagram username and a long-lived access token issued by Meta. This token allows Lumen to publish content on your behalf.

We also store the brand settings you provide during onboarding — including your brand name, industry, tone of voice, target audience, and any uploaded brand assets such as logos and photos.

Your email address is collected at account registration and used solely for authentication and service communications.

02

How We Use Your Data

Your Instagram access token is used exclusively to create and publish posts to your Instagram account through the Meta Graph API. We do not read your direct messages, follower list, or any other account data beyond what is necessary to publish content.

Your brand settings are passed to AI models (OpenAI, Anthropic, Google Gemini) solely to generate captions, image prompts, and visual content tailored to your brand. We do not use your data to train third-party models.

Aggregated, anonymised usage data may be used to improve Lumen's generation quality and reliability.

03

Data Storage

All user data is stored in a PostgreSQL database hosted by Supabase. Media assets and generated images are stored in Supabase Storage.

Data is encrypted at rest and in transit. Access is governed by Row-Level Security policies — no user can access another user's data.

Our Supabase project is hosted in the EU (West Europe region). If you are located outside the EU, your data may be transferred internationally when processed by third-party AI services.

04

Third-Party Services

Lumen integrates with the following third-party services to deliver its core functionality:

  • Meta / Instagram Graph API — for OAuth authentication and post publishing
  • Anthropic — for generating image prompts and template text
  • Google Gemini — for AI image generation
  • Supabase — for database, authentication, and file storage
  • Vercel — for application hosting and serverless execution
05

Data Retention

Your data is retained for as long as your account is active. Generated posts and brand assets are stored indefinitely to power your content history and generation improvements.

Upon account deletion, all personally identifiable data — including your access token, brand settings, and generated posts — is permanently deleted within 30 days.

You may request deletion of your Instagram access token at any time without deleting your account. This will disconnect Instagram publishing until you reconnect.

06

Your Rights

You have the right to access, correct, or delete any personal data we hold about you. You may also request a copy of your data in a portable format.

To exercise any of these rights, email us at lumenhq.contact@gmail.com. We will respond within 30 days.

You can revoke Lumen's access to your Instagram account at any time through Meta's app permission settings at facebook.com/settings/connected-apps.

07

Contact

If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us at:

lumenhq.contact@gmail.com