Last updated on 23 Jan 2025
Welcome to Lumind (“we,” “our,” or “us”). This Privacy Policy is designed to help you understand how we collect, use, disclose, and safeguard your information when you use our website and AI employee services for audit evidence collection.
1. Who we are
Lumind (“Lumind,” “we,” “our,” or “us”) provides AI-powered software that works like an autonomous AI employee to assist audit firms with retrieving, matching, and preparing audit evidence, and following up with clients as needed.
2. Scope
This policy explains how we process personal data when you use Lumind’s services and sites, when we communicate with you (e.g., email/Slack), and when our service connects to systems you authorize (e.g., SharePoint, Google Drive, CaseWare, Zoho, Slack, Gmail).
3. Roles and responsibilities
When your firm uses Lumind to process information about your personnel, clients, or client contacts, your firm is the data controller (or equivalent under local law) and Lumind is a data processor/service provider acting on your documented instructions.
For our own marketing, billing, security logs, fraud prevention, and site analytics, Lumind is the data controller.
A separate Data Processing Addendum (DPA) will govern controller–processor obligations where required (e.g., GDPR/UK GDPR/PDPL/CCPA). We’ll provide and sign it on request.
4. What we collect
Depending on how you use Lumind, we may process:
Account, billing & firm data
For our own marketing, billing, security logs, fraud prevention, and site analytics, Lumind is the data controller.
Service & operations data
Files, metadata, and messages your firm directs Lumind to process for audit evidence (e.g., documents from SharePoint/Google Drive/CaseWare/Zoho; email or Slack threads for follow-ups; task/ledger metadata you authorize us to access).
Integration tokens/credentials needed to connect to your approved systems (stored and used per your configuration).
System logs and telemetry (timestamps, feature calls, error codes, device/browser info, IPs) for security, reliability, and support.
Communications
Emails, in-product messages, meeting notes, support tickets; recording of consent where required.
Sensitive data
Audit evidence may incidentally contain identifiers or financial information; you decide what to send us. If you need to process special categories (e.g., health data), you must ensure a lawful basis and give us written notice so we can apply any required additional safeguards.
5. Sources
You and your users; your firm’s systems you connect (SharePoint, Google Drive, CaseWare, Zoho, Slack, Gmail); and your clients/engagement contacts that you direct us to follow up with.
6. Why we use the data (purposes & legal bases)
Provide and improve the service (perform the contract with your firm; legitimate interests).
Security and integrity (legitimate interests; legal obligations).
Customer support & communications (perform the contract; legitimate interests; consent where required).
Billing & account management (perform the contract; legal obligations).
Compliance (legal obligations, including responding to lawful requests).
AI features: processing to retrieve, match, and prepare audit evidence, and to follow up with clients, per your configuration.
We do not use your Customer Content to build generalized models for other customers.
7. Sharing & subprocessors
Hosting & cloud infrastructure: our production environment runs in the UAE (AWS Dubai). lumind.app
Other subprocessors may include email delivery, logging, support, analytics, and payment vendors. We require appropriate data protection commitments and limit use to delivering their services to us.
We do not sell personal data.
8. International transfers
We primarily host in the UAE region. If we transfer data outside its origin (e.g., to support personnel or subprocessors), we use appropriate transfer safeguards required by law (e.g., SCCs for EEA/UK, contractual/technical measures for UAE PDPL).
9. Security
Isolated firm environments with encrypted communications and infrastructure.
Encryption in transit (and at rest where applicable).
Access controls, least-privilege, audit logging, and monitoring.
Region-aligned compliance posture (e.g., GDPR/MENA data regulations alignment as stated on our site).
10. Retention & deletion
By default, we operate with zero data retention after job completion unless your firm instructs otherwise (for example, to keep outputs/artifacts for review or audit trails). We may keep limited logs/metadata for security, billing, dispute resolution, and legal compliance for the periods required by law.
11. Your rights
Depending on your location (e.g., EEA/UK GDPR, UAE PDPL, California), you may have rights to access, correct, delete, restrict, object, or port certain data; and to withdraw consent where processing is based on consent. You also may have the right to lodge a complaint with your supervisory authority.
12. Third-party services
When you connect third-party tools (e.g., SharePoint, Google Drive, CaseWare, Zoho, Slack, Gmail), their terms and privacy policies apply to those services. Your firm remains responsible for having rights to share data from those systems with Lumind.
13. Changes
We’ll update this policy from time to time. We’ll post the new version here and update the “Effective date.” Material changes may be notified through the service or by email.
14. Contact
If you have any questions about this Privacy Policy, please contact us at hello@lumind.com
