Privacy Policy

LumoLetters is committed to protecting your privacy and handling your personal information with transparency and care. This Privacy Policy explains what we collect, how we use it, and the choices available to you when you use our website and services.

Last Updated: January 1, 2025

1. Information We Collect

1.1 Personal Information

We collect information you provide when creating an account, subscribing, or interacting with our service, including:

Your Contact Information: Name, email address, and mailing address for the delivery of your letters.

Subscription Details: Preferences, interests, topics of curiosity, and any information you choose to share during onboarding so your letters can be tailored to you.

Support Communications: Any messages you send through our support channels to help us assist you with your account or service questions.

1.2 Automatically Collected Information

We collect limited technical information when you browse or interact with our website, including IP address, browser type, device information, and page visit timestamps. This helps us maintain site performance, security, and improve our service.

1.3 Payment Information

LumoLetters does not store or process your credit card details. All payment information is securely handled by our payment processor, Stripe, which maintains PCI-DSS compliance.

1.4 Cookies and Tracking

We use essential cookies to maintain your session and remember your login status. We may also use analytics cookies to understand how our service is used and to improve user experience. You can control cookie preferences through your browser settings, though disabling certain cookies may affect site functionality.

2. How We Use Your Information

2.1 Letter Generation and Curation

LumoLetters uses artificial intelligence technology to generate personalized letter content based on your interests and topics. Here's how it works:

AI-Generated Content: Your interests, topics, and preferences are processed by AI systems (such as Google Gemini, Anthropic Claude, or other leading AI services) to draft letter content tailored to you.

Human Curation: All AI-generated letters are reviewed and curated by our team to ensure quality, appropriateness, and alignment with our service standards before being sent to you.

Privacy Protection: Your personal information is used solely to generate your letters and is not used to train external AI models or shared for purposes unrelated to your subscription.

Letter Memory: We store summaries of your past letters to create continuity and evolving dialogue in future correspondence. This helps each new letter feel like part of an ongoing conversation.

2.2 Other Uses

Beyond letter generation, we use your information to:

Manage your subscription and account settings.

Process and fulfill your monthly letter deliveries.

Communicate with you about your account, subscription updates, or service changes.

Improve our service through internal analytics and troubleshooting.

Respond to your support requests and questions.

We do not use your personal information for external marketing purposes or sell your information to third parties.

3. Information Sharing

3.1 Trusted Service Providers

We do not sell or rent your personal information. We share data only with trusted partners who help us operate LumoLetters, including:

Stripe: To securely process payments.

Auth0: To provide secure login and account authentication.

MongoDB Atlas: To securely store your account information, preferences, and letter history with enterprise-grade encryption.

AI Service Providers: To generate letter content based on your interests. These providers process your data solely to provide this service and do not use your information for their own purposes.

Mail Carriers: To deliver your physical letters to the address you provide.

These partners are contractually obligated to use your information only to perform services on our behalf and to maintain appropriate security measures.

3.2 Legal Requirements

We may disclose information if required to comply with a legal obligation, court order, or government request, or to protect the rights, property, and safety of LumoLetters, our users, or the public.

4. Data Security

We take reasonable administrative, technical, and physical steps to safeguard your information from unauthorized access, alteration, disclosure, or loss, including:

Secure account authentication managed through Auth0.

Personal data stored in MongoDB Atlas with encryption at rest and in transit.

All payment processing handled through encrypted, PCI-compliant systems via Stripe.

Regular security reviews and updates to our systems and practices.

Limited employee access to personal information on a need-to-know basis.

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

5. Data Retention

5.1 Account Information

We retain your account information, preferences, and subscription details for as long as your account is active or as needed to provide our service.

5.2 Letter Content and History

Generated letters and their summaries are stored in our database to create continuity in your correspondence. Past letter summaries help inform future letters, making each one feel like part of an evolving dialogue.

5.3 Account Deletion

If you close your account or request deletion of your data, we will permanently remove your personal information, letter content, and summaries from our active databases within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our terms).

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Access: Request access to the personal information we hold about you.

Correction: Request corrections to inaccurate or incomplete data.

Deletion: Request deletion of your personal information and account.

Portability: Request a portable copy of your data in a structured, commonly used format.

Objection: Object to certain processing of your information.

Unsubscribe: Cancel your subscription at any time through your account settings or by contacting us.

To exercise these rights or for questions about your data, contact us at info@lumoletters.com. We will respond to your request within 30 days.

7. Age Requirements

LumoLetters is intended for individuals 18 years of age or older. We do not knowingly collect information from anyone under 18. If you are under 18, please do not use our service or provide any personal information. If we become aware that we have collected information from someone under 18, we will take steps to delete that information promptly.

8. International Data Transfers

LumoLetters operates primarily in the United States. If you are located outside the United States, please be aware that information we collect may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using our service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this page and, for material changes, may notify you via email or through a notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

Email: info@lumoletters.com

We take privacy concerns seriously and will respond to your inquiry as promptly as possible.