Privacy Policy

Effective Date: March 21, 2026

1. Scope and Roles

This Privacy Policy describes how Horizon Home Lights, LLP d/b/a Lumi ("Lumi," "we," "our," or "us") collects, uses, discloses, and protects personal data when you use Lumi websites, applications, and related services, including LumiCRM and LumiSketch (collectively, the "Services").

1. This policy applies when Lumi acts as a controller (for example account administration, billing, support, product analytics, and service communications).
2. When customers use the Services to process their own contacts and end-user data, Lumi generally acts as a processor/service provider on behalf of those customers.
3. If your data is controlled by one of our customers, contact that customer directly to exercise your rights.

2. Personal Data We Collect

2.1 Data You Provide

• Account and profile data (name, email, company, role, login identifiers).
• Billing and subscription data (plan, status, transaction references, billing contact).
• Support and communications data (tickets, messages, attachments, call notes).
• Customer content and operational data you upload into the Services.

2.2 Data Collected Automatically

• Device and browser attributes, IP address, logs, and telemetry.
• Usage events, diagnostics, security events, and fraud-prevention signals.
• Cookie and similar technology data used for service function and analytics.

2.3 Data From Third Parties

• Identity providers and social/SSO login providers.
• Payment and billing providers.
• Integration partners you enable.
• Public or commercial business information sources where lawful.

3. How We Use Personal Data

We use personal data to:

1. Provide, operate, maintain, and secure the Services.
2. Authenticate users and manage accounts, team access, and permissions.
3. Process subscriptions, billing, invoicing, and payment operations.
4. Deliver support and transactional service communications.
5. Monitor reliability and improve product performance and features.
6. Detect, prevent, and investigate fraud, abuse, and security incidents.
7. Comply with legal obligations and enforce our agreements.

4. Legal Bases for Processing

Where required by law (including EEA/UK/Switzerland), we process personal data on one or more legal bases:

• Performance of a contract.
• Legitimate interests.
• Consent (where required).
• Legal obligation.

5. How We Share Personal Data

We may disclose personal data to the following categories of recipients:

1. Service providers and subprocessors that support hosting, identity, billing, messaging, analytics, and security.
2. Integration partners you connect.
3. Professional advisers (legal, tax, accounting, audit) under confidentiality duties.
4. Authorities and law enforcement where legally required.
5. Counterparties in a merger, acquisition, financing, or asset transfer.

We do not sell personal data for money. Where state laws define "sale" or "sharing" broadly, we provide applicable opt-out rights.

6. Cookies and Similar Technologies

1. We use cookies and similar technologies for authentication, security, service functionality, and analytics.
2. You can manage cookie preferences via browser settings and available cookie controls.
3. Disabling certain cookies may limit service functionality.

7. Data Retention

1. We retain personal data only as long as needed for the purposes described in this Policy, including legal, accounting, tax, security, and dispute-resolution requirements.
2. Retention periods vary by data type and account status.
3. We may de-identify or aggregate data and retain it where lawful.

8. International Data Transfers

1. Personal data may be processed in countries outside your jurisdiction, including the United States.
2. Where required, we use transfer safeguards such as standard contractual clauses or equivalent mechanisms.
3. We apply reasonable contractual and technical protections for transferred data.

9. Security

1. We implement administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, alteration, or misuse.
2. No method of transmission or storage is completely secure.
3. You are responsible for protecting your credentials and device access.

10. Your Privacy Rights

Depending on your location, you may have rights to:

• Access, correct, or delete personal data.
• Request portability or restriction.
• Object to certain processing.
• Withdraw consent where processing relies on consent.
• Appeal a denied request.
• Opt out of certain targeted-advertising or sharing practices where applicable.

To submit a rights request, email support@lumi-usa.com or use the Support Form in-app. We may verify identity before fulfilling requests.

11. Marketing Communications

1. You can unsubscribe from marketing emails using the unsubscribe link.
2. Service and transactional communications may still be sent when needed for account operation and security.

12. Children's Privacy

The Services are not directed to children under 16 (or a higher age threshold required by local law). We do not knowingly collect children's personal data without appropriate legal basis.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updates are posted with a revised effective date and, where required by law, additional notice.

14. Contact

Questions, privacy requests, or complaints may be sent to support@lumi-usa.com or submitted through the Support Form in-app.

This Privacy Policy should be read together with our Terms of Service.