Privacy Policy

1. Scope

Alumia, Inc. ("Alumia", "we", "us", or "our") provides an AI agent platform through alumia.com, our web application, APIs, agents, projects, canvas workspace, connectors, and related services (collectively, the "Services").

This policy applies to personal information we process as a controller for account, website, billing, support, security, and product operations. When we process Customer Content on behalf of an organization, we generally act as a processor or service provider under the applicable customer agreement.

2. Information We Collect

We collect information from the following sources:

• Account information: name, email address, password hash, profile settings, organization membership, roles, and authentication details.
• Workspace and agent data: projects, prompts, messages, files, canvas blocks, agent instructions, tool calls, outputs, model selections, usage metadata, and related configuration.
• Connector data: OAuth grants, API credentials, permissions, and data retrieved from third-party services when you or your agents request those integrations.
• Billing data: organization wallet balance, credit purchases, transaction history, invoices, tax details, and payment processor identifiers. Stripe or another payment processor handles full card details directly.
• Usage and device data: IP address, browser and device information, log data, pages viewed, API requests, timestamps, diagnostics, errors, security events, and cookie or analytics identifiers.
• Communications: messages you send to support, sales, privacy, security, or legal contacts.

3. How We Use Information

We use information to:

• provide, maintain, secure, and improve the Services;
• create accounts, authenticate users, and manage organizations;
• route prompts, files, and tool calls to selected AI providers;
• execute user-authorized connector and automation actions;
• measure usage, calculate costs, manage credits, and issue invoices;
• provide support, troubleshoot bugs, and respond to requests;
• detect, prevent, and investigate abuse, fraud, and security incidents;
• comply with legal obligations and enforce our terms.

4. AI Providers and Customer Content

Alumia may transmit prompts, files, tool outputs, and related context to AI model providers chosen by you, configured by your organization, or needed to provide the requested feature. If you use bring-your-own-key, your selected provider processes data under its own account relationship and terms.

We do not sell Customer Content. We do not use private Customer Content to train foundation models unless you explicitly opt in or a separate written agreement says otherwise. We may use aggregated, anonymized, or de-identified information to understand usage, improve reliability, and operate the Services.

5. Cookies and Analytics

We use essential cookies and local storage for login, security, preferences, and product functionality. We may also use analytics cookies or similar technologies to understand usage and improve the Services. You can control cookies through your browser, but blocking essential cookies may prevent the Services from working.

6. How We Disclose Information

We may disclose information to:

• service providers that host, secure, monitor, and support Alumia;
• AI model, browser, sandbox, storage, and infrastructure providers;
• payment processors and tax or accounting providers;
• third-party services you connect or direct agents to use;
• professional advisors, auditors, insurers, and legal counsel;
• authorities or other parties when required by law or to protect rights and safety;
• a successor in connection with a merger, acquisition, financing, or asset transfer.

7. Retention

We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and operate legitimate business records. Customer Content retention may depend on your organization settings, deletion requests, backup cycles, legal holds, and applicable agreements.

8. Security

We use technical and organizational measures designed to protect information, including access controls, encryption in transit, credential protection, monitoring, and least-privilege practices. No system is perfectly secure, so you should protect your account credentials and avoid sending sensitive information through channels that are not intended for it.

9. International Transfers

We and our providers may process information in the United States, the European Economic Area, and other locations where we or our providers operate. When required, we rely on appropriate transfer safeguards such as Standard Contractual Clauses, adequacy decisions, or other lawful mechanisms.

10. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal information. You may also have the right to withdraw consent where processing is based on consent.

For more detail on EEA, UK, and Swiss rights, see our GDPR Notice.

11. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child provided us personal information, contact us and we will take appropriate steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the date above and provide notice when required by law.

13. Contact

Privacy requests and questions can be sent to [email protected]. Legal questions can be sent to [email protected].

Alumia, Inc.