Privacy Policy — Lumen-Pro

Version 2026-05-24 · F1661 · Template — consult counsel.

What we collect

• Account: email, name (optional), tier.
• OAuth tokens: encrypted at rest (AES-256-GCM, key separate from billing keys). We never log token bodies.
• Granted scopes: we display what each scope means in plain English at /pro/connections.
• Flow definitions + run records: for billing + audit.
• Agent decisions: we record every fire/skip decision and reason for transparency at /pro/runs.

What we don't collect

• We don't read your email/Slack/Drive content beyond what your flows pass to the action.
• We don't sell data. We don't show ads.

Where data lives

Oracle Cloud (Frankfurt, EU). Audit log mirrored to Elite Agentic Solutions tenant.

Retention

• OAuth tokens: deleted on user disconnect; auto-revoked after 6 months inactivity; max 24 months absolute age (rotated via refresh).
• Run records: 12 months rolling; you can export anytime at /pro/data/export.
• Account deletion: 30-day retention after request (fraud/legal review), then full purge.

Your rights

GDPR + CCPA: export, deletion, rectification. Initiate at /pro/account. Email privacy@eliteaiempire.com for anything else.

Subprocessors

• Oracle Cloud Infrastructure — hosting.
• Brevo (sendinblue) — transactional email.
• Stripe — payments + metered billing.
• Anthropic / Google / Groq / Cerebras — LLM inference (per Lumen cost-router; no token bodies sent — only flow_purpose + trigger_payload).

Cookies

One session cookie (lumenpro_session, HttpOnly, Secure, SameSite=Lax). No analytics cookies on this app.

Last updated: 2026-05-24.