LumaVoice

Privacy Policy

Last updated: 11/8/2025

1. Introduction

LumaOne, operated by Noah Kellner ("we," "our," or "us"), is committed to protecting your privacy and handling your data responsibly. This Privacy Policy explains how we collect, use, store, and protect information when you use our AI-powered receptionist service.

By using LumaOne services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

We collect information necessary to provide, maintain, and improve our AI receptionist service:

Account Information

  • Business name, contact name, and email address
  • Business phone number and telecommunications provider information
  • Billing and payment information (processed by our payment processor)
  • Account settings and preferences

Call Data

  • Call recordings and audio files
  • Call transcripts and conversation summaries
  • Caller phone numbers and caller ID information
  • Call metadata (date, time, duration, disposition)
  • Information provided by callers during conversations

Business Information

  • FAQs, service descriptions, and pricing information
  • Business hours and availability schedules
  • Calendar and scheduling preferences
  • Custom workflows and conversation scripts

Technical Information

  • IP addresses and device information
  • Browser type and version
  • Usage analytics and performance metrics
  • Integration and API connection logs

3. How We Use Your Information

We use collected information solely to provide and improve our services:

  • Service Delivery: Process calls, handle conversations, book appointments, and perform AI-driven tasks
  • Service Improvement: Analyze call patterns, optimize conversation flows, and improve AI accuracy
  • Customer Support: Respond to inquiries, troubleshoot issues, and provide technical assistance
  • Account Management: Manage subscriptions, process billing, and communicate service updates
  • Analytics: Generate usage reports, performance metrics, and business insights
  • Compliance: Meet legal obligations, prevent fraud, and enforce our Terms of Service

We do not sell, rent, or share your data with third parties for their marketing purposes.

4. Data Storage and Security

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data transmitted to and from our services uses TLS 1.3 encryption
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption
  • Access Controls: Role-based access controls limit data access to authorized personnel only
  • Secure Infrastructure: Data hosted on enterprise-grade cloud infrastructure with SOC 2 Type II compliance
  • Regular Audits: Periodic security assessments and vulnerability testing
  • Monitoring: 24/7 monitoring for suspicious activity and security incidents

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security but commit to maintaining industry best practices and promptly addressing any vulnerabilities.

5. Call Recording and Consent

Important: Customer Responsibility

You are responsible for complying with all applicable call recording laws in your jurisdiction. This includes, but is not limited to, obtaining proper consent from callers where required by federal, state, or local laws.

Some jurisdictions require two-party consent (all parties must consent to recording), while others require only one-party consent. You must ensure compliance with applicable laws, which may include:

  • Playing automated disclosure messages at the beginning of calls
  • Configuring your AI agent to verbally disclose recording
  • Posting clear notices on your website and marketing materials
  • Maintaining records of consent where required

LumaOne provides tools to help with compliance (e.g., customizable greeting messages), but you remain solely responsible for ensuring your use of call recording complies with applicable laws.

6. Data Retention

We retain different types of data for varying periods based on business necessity and legal requirements:

  • Call Recordings: Retained for 90 days by default; configurable up to 1 year based on your plan
  • Call Transcripts: Retained for 90 days by default; configurable based on your plan
  • Call Metadata: Retained for analytical purposes for up to 2 years
  • Account Information: Retained while your account is active, plus 90 days after cancellation
  • Billing Records: Retained for 7 years for tax and accounting compliance

After the applicable retention period, data is permanently deleted from our systems and backup storage. You may request earlier deletion of specific data by contacting us, subject to legal and operational requirements.

7. Third-Party Service Providers

We share information with carefully selected third-party service providers who help us deliver our services:

Payment Processing

Our third-party payment processor (Merchant of Record) handles all payment processing and billing. Your payment information is never stored on LumaOne servers. The payment processor is PCI DSS compliant and maintains strict security standards.

AI Platform Providers

We use enterprise AI platforms to power our conversational capabilities. Call audio and transcripts may be processed by these providers subject to their privacy policies and data processing agreements. We only work with SOC 2 compliant providers.

Cloud Infrastructure

Our services are hosted on enterprise cloud infrastructure providers with SOC 2 Type II compliance and industry-leading security practices.

Integration Partners

If you connect third-party services (e.g., Google Calendar, CRM systems), we may share data necessary to provide the integration. These integrations are subject to the privacy policies of the respective third-party services.

All third-party providers are contractually required to maintain confidentiality and use data only for purposes of providing services to LumaOne and our customers.

8. Your Rights and Choices

You have the following rights regarding your data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your data, subject to legal retention requirements
  • Export: Request a machine-readable export of your call transcripts and account data
  • Opt-Out: Configure opt-out preferences for callers who do not wish to interact with AI
  • Restrict Processing: Request limitations on how we process certain data
  • Withdraw Consent: Cancel your subscription and discontinue service at any time

To exercise any of these rights, contact us at hey@meetlumavoice.com or noah@meetlumavoice.com. We will respond within 30 days of receiving your request.

9. GDPR and International Privacy Rights

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with comprehensive privacy laws, you have additional rights:

  • Legal Basis: We process data based on contractual necessity, legitimate business interests, and consent where required
  • Data Transfers: Data may be transferred to and processed in countries outside the EEA; we ensure appropriate safeguards are in place
  • Right to Object: Object to processing based on legitimate interests
  • Right to Restrict: Request restriction of processing in certain circumstances
  • Right to Portability: Receive your data in a structured, commonly used format
  • Supervisory Authority: Lodge a complaint with your local data protection authority

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and dashboard for:

  • Essential Cookies: Required for authentication and basic functionality
  • Analytics Cookies: Help us understand how you use our services to improve user experience
  • Preference Cookies: Remember your settings and preferences

You can control cookie preferences through your browser settings. Disabling certain cookies may limit functionality of our services.

11. Children's Privacy

LumaOne services are intended for businesses and are not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Notifications will be sent to your registered email address within 72 hours of discovering the breach, where feasible.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email at least 30 days before taking effect.

Continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

Phone: +1 (323) 741-3166

Privacy Inquiries: hey@meetlumavoice.com

Alternative: noah@meetlumavoice.com

We will respond to privacy inquiries and requests within 30 days.