LumiGap LumiGap
Register

Privacy Policy

Privacy Policy

Last updated: December 1, 2025

This Privacy Policy explains how LumiGap (“LumiGap”, “we”, “us”) processes personal data when you use our website, dashboard, and macOS application (collectively, the “Services”).

If you have questions, contact: [email protected].

1) Summary (high level)

  • Local processing by default: the app processes screen content locally on your Mac to recognize table state.
  • Payments handled by Stripe: we do not store full payment card details.
  • Optional features may transmit data: if you enable features like Live Export, data is sent to your endpoint.

2) What we collect

Depending on how you use the Services, we may collect:

  1. A. Account data

    • Email address and authentication metadata (e.g., account status, timestamps).
    • Subscription status (plan tier, active/canceled, renewal dates).

  2. B. Payment and billing data (via Stripe)

    • Stripe processes payment details. We receive limited billing information needed to operate subscriptions (e.g., subscription/customer IDs, plan, status). We do not receive or store full card numbers.

  3. C. Website / dashboard usage data

    • Basic technical data such as IP address, device/browser information, and logs, primarily for security, fraud prevention, and service reliability.

  4. D. App data you create

    • Tracker records, datasets, manifests, model files, crops, and related project files are typically stored locally on your device (e.g., in Application Support) unless you choose to upload/share them elsewhere.

  5. E. Screen content (macOS Screen Recording permission)

    • The app may access screen frames only after you grant permission. Screen content is processed locally to recognize table state. We do not need to upload your raw screen frames to provide core recognition features.

  6. F. Live Export data (Pro feature)

    • If enabled, the app periodically sends structured table JSON (e.g., players, stacks, bets, board, pot, timestamps, etc.) to an endpoint you configure (HTTP). This transmission is initiated and controlled by you.

3) What we do not collect (by default)

  • We do not intentionally collect your full payment card details.
  • We do not require you to upload raw screen recordings for core functionality.
  • We do not intentionally collect special categories of personal data (e.g., health, religion) through normal use of the Services.

4) How we use data (purposes)

We use the data above to:

  • Provide and operate the Services (accounts, subscriptions, access control).
  • Process billing and manage subscriptions (via Stripe).
  • Provide customer support, respond to requests, and communicate service updates.
  • Maintain security, prevent abuse, debug and improve reliability.
  • Comply with legal obligations and enforce our Terms.

Regulators generally expect privacy information to clearly describe purposes, sharing, and retention; we aim to do that here.

5) Legal bases (where applicable)

Where data protection law applies, our processing may rely on:

  • Contract necessity (to provide the Services you request).
  • Legitimate interests (security, fraud prevention, service improvement).
  • Consent (where you explicitly opt in, e.g., marketing; and for device permissions).
  • Legal obligation (tax/accounting/compliance).

6) Sharing and disclosures

We may share data with:

  • Payment processors (Stripe) for billing and subscription management.
  • Infrastructure and hosting providers that help us run the Services (e.g., hosting, logging, CDN, authentication).
  • Legal / compliance: if required by law, or to protect rights, safety, and security.
  • Business transfers: if we undergo a merger, acquisition, or sale of assets.

We do not sell personal data.

7) Data retention

We retain personal data only as long as necessary for:

  • Providing the Services and maintaining your account,
  • Compliance (billing/tax/audit),
  • Security and dispute handling.

Local app files (datasets/models/logs) remain on your device until you delete them. If you delete your account, we may retain limited records where required for legal/compliance.

8) Security

We use reasonable technical and organizational measures to protect personal data. No method of transmission or storage is 100% secure, but we work to safeguard data against unauthorized access.

9) International transfers

Our service providers may process data in countries other than where you live. Where required, we use appropriate safeguards for cross-border transfers.

10) Your rights

Depending on your location, you may have rights such as:

  • Access, correction, deletion,
  • Restriction/objection,
  • Portability,
  • Withdrawal of consent (where processing is based on consent).

You can contact [email protected]. We may need to verify your identity.

Transparency and these rights are commonly referenced requirements for privacy notices.

11) Children

The Services are not intended for children. Do not use the Services if you are under the age required by applicable law to consent to data processing or to purchase subscriptions.

12) Third-party services and user responsibility

If you connect third-party services or configure Live Export endpoints, those third parties’ privacy practices apply. You are responsible for securing endpoints you control and for ensuring you have rights to process/export any data you transmit.

13) Changes to this policy

We may update this Privacy Policy. The “Last updated” date indicates when changes were made. Material changes may be communicated through the Services.