Trust & Security

Your Privacy is Our Priority

Lumyvo is built with privacy-first principles, GDPR compliance, and enterprise-grade security. Your emails are processed securely with automatic deletion policies.

Zero Human Access

100% automated AI processing. No Lumyvo employee ever sees your email content. Fully encrypted and isolated.

60-Day Auto-Delete

Email bodies automatically deleted after 60 days. Only metadata retained for analytics, fully anonymized after 1 year.

GDPR Compliant

Full compliance with GDPR, CCPA, and international privacy laws. Your rights are built into our platform.

Data Retention Policy

0-60 Days: Full Content

Active

Email bodies, subjects, and all metadata accessible in Recent Activity and Escalations. Fully viewable and searchable.

60+ Days: Metadata Only

Restricted

Email bodies permanently deleted. Entries visible with subject, sender, category, and timestamp only. Cannot be expanded or viewed.

1+ Year: Anonymized Analytics

Anonymized

Aggregated counts and trends only (no user linkage). Used for long-term analytics charts. Fully GDPR-compliant.

Security Infrastructure

Encryption

AES-256 at rest

All database data encrypted with military-grade encryption

TLS 1.3 in transit

All data transmission encrypted (emails, API calls)

Credential isolation

Separate encryption for OAuth tokens and IMAP passwords

Access Control

Row-Level Security (RLS)

Users can only access their own data (database-enforced)

Least privilege principle

Service accounts have minimal permissions required

Secure authentication

Industry-standard authentication with encrypted credentials

Infrastructure

SOC 2 Type II certified

Supabase and AWS infrastructure audited

High availability

Built on enterprise-grade infrastructure for reliability

Infrastructure resilience

Built on SOC 2 certified cloud infrastructure

Incident Response

72-hour breach notification

GDPR-compliant incident reporting to affected users

Quarterly security audits

Regular internal security assessments

Annual penetration testing

Third-party security firm assessments

Trusted Partners

All third-party services are SOC 2 certified and bound by strict Data Processing Agreements (DPAs).

Supabase

Database & Authentication (SOC 2 Type II)

OpenAI

AI Classification (Zero Data Retention DPA)

Anthropic

AI Customer Support (Zero Data Retention DPA)

Stripe

Payment Processing (PCI DSS Level 1)

Zero Data Retention: AI providers (OpenAI, Anthropic) do not store your email content for training or any other purpose.

Your Privacy Rights (GDPR)

Right to Access

Export all your data in machine-readable JSON format.

Account Settings → Privacy → Export My Data

Right to Erasure

Permanently delete your account and all associated data.

Account Settings → Privacy → Delete My Account

Right to Rectification

Correct inaccurate or incomplete data anytime.

Dashboard → Edit Categories/Settings

Right to Restrict Processing

Pause AI processing without deleting your data.

Dashboard → Disconnect Email Integration

Questions About Security or Privacy?

We're committed to transparency. Contact our Data Protection Officer or Security Team for any privacy or security concerns.

dpo@lumyvo.com (Privacy Questions)|security@lumyvo.com (Security Incidents)