Privacy Policy

Effective Date: March 7, 2026

  1. Overview of Lumacore
    Lumacore Consulting Pte. Ltd. ("Lumacore," "we," "us," or "our") is an operational engineering & digital transformation firm. We provide AI-powered platforms, including the "Business Blueprint" (SOP Builder) & "Grant Compass," dedicated to empowering SMEs to build, automate, & scale their operations. Our mission is to eliminate operational leakage & simplify business management through innovative tools & systemic integrity, while prioritizing the privacy & security of your data. We are committed to ensuring compliance with applicable privacy laws in Singapore (PDPA), the United States, the European Economic Area (GDPR), the United Kingdom, & Switzerland.
  2. Scope of Policy
    This Privacy Policy outlines how Lumacore collects, uses, shares, & processes personal information from users, including founders, directors, & visitors ("User," "you," or "your") of our website, platform, & services (collectively, our "Services"). This Policy incorporates our Terms of Service & any applicable Data Processing Agreement (DPA) by reference. If you do not agree with these terms, please discontinue use of our Services.
  3. Personal Data Definition
    "Personal data" means any information relating to an identified or identifiable natural person. This includes names, business email addresses, telephone numbers, IP addresses, authentication tokens, & usage logs generated through our Services. Operational metrics processed independently for security, billing, or product improvement ("Service Data") are handled separately & are not treated as Customer Personal Data.
  4. Sensitive Data Restriction
    Lumacore does not intentionally collect special-category or sensitive personal data (e.g., health information, biometric identifiers, or precise geolocation). Users are strictly instructed not to upload such information to the platform.
  5. Information You Provide Directly
    We collect information you supply when creating an account, purchasing credits, or opening support tickets. Payment information is processed via Stripe; we do not store full payment card details. For usage-based services, we collect Usage Data to meter consumption against your credit balance. Project artifacts, such as process descriptions or prompts, are used only to serve your workspace & improve our internal logic; they are never used to train general-purpose models for other customers without permission.
  6. Information Collected Automatically
    When you interact with Lumacore, we automatically collect technical data including browser type, operating system, device identifiers, & error logs. Telemetry on service usage is collected to generate invoices & recognize revenue. We record engagement with key features to improve performance.
  7. Data Handling & Infrastructure
    Lumacore utilizes third-party infrastructure for hosting & AI processing. Your Customer Data may be stored & processed on providers like Supabase or Amazon Web Services. Our "AI Buddy" features act as a proxy to third-party providers (including OpenAI, Google Gemini, & Anthropic). By using these features, you consent to the pass-through transmission of your inputs to these providers under their respective privacy policies.
  8. Children's Data
    Our Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal data from minors. If we discover such data has been collected, it will be promptly deleted.
  9. Purposes of Processing
    We process information to provide & maintain Services, personalize your experience, detect & prevent fraud, process authorized transactions, & comply with legal requirements. Lumacore does not engage in automated decision-making that produces legal effects on individuals.
  10. Legal Bases for Processing
    We rely on the Performance of a Contract, Legitimate Interests (platform security), Consent (marketing), & Legal Obligations (tax & accounting).
  11. Sub-Processors
    We engage third-party sub-processors including Stripe, Supabase, & OpenAI/Google. All sub-processors are contractually bound to data protection standards equivalent to our own.
  12. International Data Transfers
    Lumacore safeguards international transfers using legally recognized mechanisms such as Standard Contractual Clauses (SCCs).
  13. Log Data & Cookies
    We collect Log Data for performance monitoring, retained for up to ninety (90) days. We use strictly necessary & functional cookies. You can manage preferences via browser settings.
  14. Information Security
    We implement industry-standard safeguards including data-at-rest encryption, multi-factor authentication, role-based access, & real-time security monitoring.
  15. Retention of Information
    We retain personal information only as long as necessary. Customer data is generally deleted within ninety (90) days of account termination, except where legal hold applies.
  16. Your Privacy Rights
    Depending on jurisdiction, you may have the right to access, port, correct, or delete your data, or withdraw consent. Contact us at privacy@lumacoreconsulting.com to exercise these rights.
  17. No Coding or Legal Advice
    Our Services provide AI-assisted tools & blueprints, but they are not a substitute for professional engineering, legal, or financial judgment. Reliance on generated output is at your own risk.
  18. Contact Details
    Email: privacy@lumacoreconsulting.com
    Mail: Lumacore Consulting Pte. Ltd., Attn: Privacy, Singapore.
  19. Changes to This Policy
    We reserve the right to update this Policy. Material changes will be notified via email or in-product banner thirty (30) days in advance.