Last updated: June 23, 2026

Privacy Policy

This policy explains what information LumenQube Analytics Inc. collects when you use IO Lumen Doc, how we use it, who we share it with, and the rights you have. IO Lumen Doc is local-first by design — your files live on your device — and this policy is written to be honest about the moments cloud features transmit your content.

1.Who we are

IO Lumen Doc (the "Service," the "app") is provided by LumenQube Analytics Inc. ("LumenQube," "we," "us," or "our"), a corporation incorporated under the Business Corporations Act (Ontario), Ontario Corporation No. 1001600101, located in Ontario, Canada.

For the purposes of data-protection law, LumenQube is the controller of the personal information described in this policy. If you have any questions, you can reach our privacy team at privacy@lumenqube.com.

2.Scope of this policy

This policy applies to personal information we process when you:

  • download, install, and use the IO Lumen Doc desktop application for macOS, Windows, or Linux;
  • create or use an IO account and our hosted services (account, AI credits, sharing, web publishing) at app.lumenqube.com;
  • view a document shared with you through our web viewer at view.lumenqube.com; or
  • visit our website at lumenqube.com or contact us for support.

It does not apply to third-party products or websites that we do not control, even where we link to them.

3.Local-first by design

IO Lumen Doc is built so that your documents stay on your device by default. The files you open and edit — PDFs, spreadsheets, documents, designs, slides, and notes — are stored locally and are not uploaded to our servers in the background.

Some features you choose to use are, by their nature, cloud features: they only work by sending the relevant content to our servers or to a service provider. These are:

  • AI features — when you ask the app to generate, summarize, transform, transcribe, or otherwise act on content, the relevant input is sent to our backend and on to our AI provider so a result can be returned (see Section 7).
  • Sharing & collaboration — when you share a document, its contents are stored on our servers (encrypted at rest) so other people you authorize can open it.
  • Publish to web — when you publish a document to a public or restricted web link, its contents are stored on our servers so the web viewer can display them.
  • Account & billing — your account, credit balance, and usage metering are stored on our servers.

In plain terms: if you never use AI, sharing, or web publishing, your document contents never leave your device. When you do use those features, only the content needed for that feature is transmitted — and we tell you, in this policy, exactly where it goes.

4.Information we collect

4.1 Information you provide

  • Account information — your name, email address, and a securely hashed password when you create an account. If you sign in with Google, we receive your name, email address, and Google account identifier.
  • Content you choose to process in the cloud — the documents, text, prompts, images, and audio you submit to AI features, sharing, or web publishing, as described in Section 3.
  • Support communications — the contents of bug reports and messages you send us, which may include diagnostic error logs you choose to attach.
  • Payment information — when you buy credits or a subscription, your payment is processed by our payment provider (see Section 9). We do not receive or store your full card number; we receive limited billing details such as your name, email, country, the plan or pack purchased, and the transaction status.

4.2 Information we collect automatically

  • Usage & AI metering — which features you use and how often, the number of AI credits consumed, and aggregate event counts. This lets us meter credits accurately and improve the product. It records that a feature was used, not the document contents behind it.
  • Device & technical information — your app version, operating system and platform, and an IP address observed by our servers, which we use for security, rate-limiting, fraud prevention, and to serve the correct software updates.
  • Logs — server logs that record requests to our backend (such as time, route, status, and IP) for reliability and abuse prevention.

5.How we use information

We use personal information to:

  • provide, maintain, and secure the Service and your account;
  • deliver the cloud features you request, including AI results, sharing, and web publishing;
  • meter and manage AI credits, process payments, and prevent fraud and abuse;
  • provide customer support and respond to your requests;
  • send you essential service communications (for example, email verification, password resets, security notices, and billing receipts);
  • monitor, debug, and improve the reliability, performance, and quality of the Service; and
  • comply with our legal obligations and enforce our Terms of Service.

We do not sell your personal information, and we do not use the contents of your documents to advertise to you.

6.Legal bases (EEA/UK users)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

  • Performance of a contract — to provide the Service and the features you request, and to administer your account and billing.
  • Legitimate interests — to secure the Service, prevent abuse and fraud, and improve our products, balanced against your rights.
  • Consent — where required, for example for optional communications; you may withdraw consent at any time.
  • Legal obligation — to comply with applicable laws, including tax and accounting requirements.

7.How AI features handle your content

AI features are powered through our managed backend. When you invoke an AI feature, the relevant input — for example a prompt, a selection of a document, an attached file or image, or an audio recording you ask us to transcribe — is sent over an encrypted connection to our servers and then to our AI processor so a response can be generated and returned to you.

  • We use enterprise/API offerings from our AI providers. Under their applicable terms, content submitted through their APIs is not used to train their models.
  • Providers may retain inputs and outputs for a limited period for abuse monitoring and to operate their service, after which they are deleted in accordance with their policies.
  • AI outputs can be inaccurate or incomplete. You are responsible for reviewing AI results before relying on them, and AI output is not professional (legal, medical, financial, or other) advice.
  • You bring your own content; you should not submit content to AI features that you are not permitted to share with a service provider.

Our current AI providers are listed in Section 9.

8.When we share information

We share personal information only as described here:

  • With service providers (subprocessors) who process data on our behalf to run the Service, under contracts that require them to protect it — see Section 9.
  • At your direction — for example, when you share a document or publish it to a web link, it becomes accessible to the people or audience you choose.
  • For legal reasons — to comply with applicable law, a lawful request, or legal process, or to protect the rights, property, or safety of LumenQube, our users, or the public.
  • In a business transfer — if we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this policy.

9.Service providers & subprocessors

We use a small set of trusted providers to operate the Service. Each processes only the data needed for its function:

ProviderPurposePrimary region
Google Cloud PlatformHosting, application backend, and database for accounts, credits, encrypted shared documents, and logsUnited States / Canada
AnthropicAI processing (text generation, summarization, transformation, agents)United States
OpenAIAI image generation and audio transcriptionUnited States
Lemon SqueezyPayment processing and merchant-of-record for credits and subscriptionsUnited States
MailjetTransactional email (verification codes, password resets, receipts, share invites)European Union

We may update this list as our infrastructure evolves; the current version is always available on this page. If you would like advance notice of changes to our subprocessors, contact privacy@lumenqube.com.

10.International data transfers

LumenQube is based in Canada, and several of our providers operate in the United States and elsewhere. When we transfer personal information across borders, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses or a provider's adequacy/transfer mechanism, and we take steps designed to ensure your information receives a comparable level of protection.

11.Data retention

  • Account data is retained while your account is active and for a reasonable period afterward to meet legal, tax, and accounting obligations and to resolve disputes.
  • Shared / published content is retained until you delete it, revoke the share, or close your account.
  • AI inputs/outputs are retained by our providers only for the limited period described in Section 7.
  • Logs and metering data are kept for a limited period for security and reliability, then deleted or aggregated.

12.How we protect your data

  • Data in transit is protected with TLS encryption.
  • Shared and published documents are encrypted at rest on our servers using server-managed keys. This is encryption at rest, not end-to-end encryption — because we manage the keys to operate features such as the web viewer, we are technically able to access this content where necessary to provide and secure the Service.
  • On your device, sensitive local data such as notes and audio recordings can be encrypted at rest using your operating system's secure keychain.
  • Passwords are stored only as salted, hashed values; we never store them in plain text.
  • We apply access controls, rate-limiting, and account-lockout protections, and we maintain administrative and technical safeguards appropriate to the risk.

No method of transmission or storage is perfectly secure, but we work to protect your information and to continually improve our safeguards.

13.Your rights & choices

Depending on where you live, you may have some or all of the following rights:

  • Access a copy of the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete your personal information;
  • Port your information to another service;
  • Object to or restrict certain processing; and
  • Withdraw consent where we rely on it.

To exercise any of these rights, email privacy@lumenqube.com. We will respond within the time required by applicable law and may need to verify your identity first.

Canada (PIPEDA). You have the right to access and correct your personal information. If you have a concern we cannot resolve, you may contact the Office of the Privacy Commissioner of Canada.

California (CCPA/CPRA). We do not "sell" or "share" personal information as those terms are defined under California law, and we do not use sensitive personal information for purposes that would require an opt-out. You may exercise your access and deletion rights as described above, and we will not discriminate against you for doing so.

14.Deleting your account & data

You can request deletion of your account and associated personal information at any time by emailing privacy@lumenqube.com from your account email. When you close your account we delete or de-identify your personal information, except where we must retain certain records to comply with legal obligations or resolve disputes. Documents stored only on your device remain on your device and are within your control.

15.Children's privacy

The Service is not directed to children. You must be at least the age of majority in your jurisdiction (or have the consent of a parent or legal guardian) to create an account, and in any event at least 16 years old. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

16.Cookies & similar technologies

Our marketing website uses minimal, essential storage to make the site work and to remember your preferences. Our app and web viewer use local storage and session tokens that are necessary to keep you signed in and to operate features. We do not use third-party advertising cookies or cross-site tracking.

17.Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app or by email. Your continued use of the Service after an update means you accept the revised policy.

18.How to contact us

For privacy questions or to exercise your rights, contact:

LumenQube Analytics Inc. — Privacy
Email: privacy@lumenqube.com
Ontario, Canada

See also our Terms of Service and DocsSupport pages.