Privacy Policy

We collect the following types of information:

• Account Information: Email address and authentication credentials through Supabase Auth. This is required to create and manage your account.
• API Usage Data: Token counts, request timestamps, and endpoint usage statistics. This helps us calculate billing and improve service performance.
• Payment Information: Billing details processed securely through Stripe. We do not store full credit card numbers on our servers.
• Technical Data: IP addresses and browser information for security monitoring and rate limiting purposes.

We use your information for the following purposes:

• Service Provision: To authenticate users, process API requests, and deliver AI inference services.
• Billing: To calculate usage charges, generate invoices, and process payments through Stripe.
• Service Improvements: To analyze usage patterns and optimize our infrastructure for better performance and reliability.
• Security: To detect abuse, prevent fraud, and protect our systems from unauthorized access.
• Communication: To send account-related notifications, billing alerts, and service updates.

Your data is stored securely using industry-standard practices and infrastructure:

• User Data: Stored in Supabase (PostgreSQL) with encryption at rest and in transit.
• Billing Data: Processed and stored by Stripe, which maintains PCI DSS compliance for payment security.
• Caching: Temporary data cached in Redis with automatic expiration and no persistent storage of sensitive information.
• Encryption: All data transmitted between your applications and our API uses TLS 1.3 encryption.
• Infrastructure: Hosted on Oracle Cloud in the United States (us-sanjose-1 region) with network isolation and access controls.

We use only essential cookies necessary for the operation of our services:

• Authentication Cookies: Maintain your login session securely through Supabase Auth.
• Security Cookies: Help prevent cross-site request forgery and other security threats.

We do not use tracking cookies, advertising cookies, or third-party analytics services. We do not sell or share your data with advertisers.

You have the following rights regarding your data:

• Access: View your account information and API usage history through the dashboard at any time.
• Correction: Update your email address and profile information through account settings.
• Deletion: Request complete account deletion, which will remove your personal data within 30 days (except where retention is required by law).
• Export: Request a copy of your data, including API usage history and billing records.
• Objection: Opt out of non-essential communications while maintaining access to service-critical notifications.

To exercise these rights, contact us at hello@lumbridgecorp.com.

We retain data according to the following schedule:

• Account Information: Retained until you delete your account or request deletion.
• API Usage Logs: Retained for 365 days for billing verification and service analysis, then automatically purged.
• Billing Records: Retained for 7 years as required by tax and accounting regulations.
• Deleted Accounts: Personal data is removed within 30 days of deletion request, except for anonymized usage statistics and legal records.

If you have questions about this Privacy Policy, want to exercise your data rights, or need to report a security concern, please contact us:

Lumbridge Corp
Operating from Oracle Cloud, US-San Jose Region