Lumi

Privacy Policy

Last updated: June 7, 2026

Lumi (“Lumi”, “we”, “us”), operated by Soarware Labs, provides AI-powered customer support and sales software for online stores. This policy explains what data we process and why.

Who the data belongs to

Lumi is a business-to-business service. Our direct customers are the merchants who use Lumi. On their behalf we also process data about their end shoppers (“end customers”). For end-customer data, the merchant is the data controller and Lumi is a data processor.

What we collect

  • Account data — merchant name, email, organization, and authentication credentials (passwords are stored hashed).
  • Store data — products and orders synced from your connected store (Shopify or WooCommerce) to power order lookups and recommendations.
  • Conversations — chat and email messages between end customers and the AI/your team, including the end customer's name and email when provided.
  • Knowledge base — content you upload for the AI to answer from.
  • Usage data — logs and metrics used to operate, secure, and bill the service.

How we use it

  • To provide the service: answer questions, look up orders, route and resolve conversations, and recommend products.
  • To generate AI responses. Message content and relevant store/knowledge data may be sent to our AI model provider solely to produce a reply; it is not used to train third-party models.
  • To bill, secure, support, and improve the service.

Subprocessors

We use a small number of vetted providers to run Lumi, which may include cloud hosting, an AI model provider, an embeddings provider, email delivery, and payment processing. Each processes data only as needed to provide their part of the service.

Data retention & deletion

We retain data for as long as your account is active. Merchants can delete knowledge content and conversations from the dashboard. On Shopify, we honor the mandatory privacy webhooks: when a shop or customer is redacted, we delete the corresponding data. To delete your account and associated data, contact us.

Security

Data is isolated per tenant at the database level (row-level security). Provider secrets are encrypted at rest. Traffic is served over HTTPS.

Your rights

Depending on your jurisdiction you may have rights to access, correct, or delete personal data. Merchants can exercise these in-product or by contacting us; end customers should contact the merchant whose store they interacted with.

Contact

Questions about privacy? Email support@soarwarelabs.com.