LumiQRqr art system

Privacy Policy

Effective date: April 27, 2026

This Privacy Policy explains how Lumika AI ("Lumika AI," "we," "us," or "our") collects, uses, shares, and protects information when you use LumiQR. LumiQR is a static and branded QR code product for creating, customizing, exporting, and managing QR codes.

1. Information we collect

We collect information you provide directly, information generated by your use of the service, and limited technical information needed to operate LumiQR.

  • Account and authentication information, such as your email address, sign-in status, and authentication provider details when you use email sign-in or Google OAuth.
  • QR content and project data, such as URLs, text, Wi-Fi details, vCards, event details, location links, project names, editor settings, preview settings, saved snapshots, and export preferences.
  • Uploaded and generated assets, such as logos, art source images, prompts, generated images where available, thumbnails, and bulk export result files.
  • Support communications, such as messages you send to support@lumika.ai and related contact details.
  • Local browser data, such as unsaved drafts, guest handoff state, and editor preferences stored in local storage on your device.
  • Technical and usage data, such as device and browser information, pages viewed, approximate region, referrer, session events, error information, and analytics events collected through tools such as Vercel Analytics.

2. How we use information

We use information to provide, secure, maintain, and improve LumiQR. This includes generating previews and exports, saving and loading projects, processing uploads, running bulk jobs, authenticating users, preserving drafts, troubleshooting errors, preventing abuse, responding to support requests, and understanding aggregate product usage.

3. Service providers

We share information with service providers that help us operate LumiQR. These providers process information for us according to their services and our configuration.

  • Supabase provides authentication, database, and account-related infrastructure.
  • Vercel provides hosting, deployment, analytics, and Vercel Blob storage for uploaded files, generated thumbnails, and export files.
  • Google OAuth may be used when you choose Google sign-in.
  • AI and image generation providers may process prompts and related image data when AI-assisted generation features are available and used.

4. Local storage, cookies, and sessions

LumiQR uses browser local storage for unsaved drafts, handoff state, and editor state. Authentication and hosting providers may use cookies or similar technologies to keep you signed in, secure the service, measure usage, and operate the site. You can clear local storage or browser data through your browser settings, but doing so may remove unsaved drafts or sign you out.

5. Retention

We keep information for as long as needed to provide LumiQR, comply with legal obligations, resolve disputes, enforce terms, and maintain security.

  • Unsaved public and authenticated drafts remain in your browser local storage until you clear them, overwrite them, or the app removes expired draft data.
  • Temporary uploads expire after 14 days unless they are saved into a project.
  • Bulk export result downloads expire after 7 days.
  • Saved projects, project snapshots, saved assets, account data, and workspace history remain until deleted, archived where supported, or deletion is requested.
  • Support, security, analytics, and operational records may be retained as needed for legitimate business, security, and legal purposes.

6. Your choices and rights

You can choose what QR content, uploads, prompts, and project data you provide. You can use available product controls to clear local drafts, archive or manage projects, and sign out. Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to certain processing of personal information.

To make a privacy request, contact support@lumika.ai. We may need to verify your identity before completing certain requests.

7. Sale and advertising

Lumika AI does not sell personal information and does not use personal information for cross-context behavioral advertising.

8. Security

We use reasonable technical and organizational measures designed to protect information. No online service or storage system is completely secure, so you should avoid placing highly sensitive information in QR content, uploaded assets, prompts, or support messages unless necessary.

9. International use

LumiQR may be operated from, and service providers may process information in, countries other than your own. Where privacy laws apply, we rely on appropriate legal bases and safeguards for processing and transfers.

10. Children

LumiQR is not intended for children under 13, and we do not knowingly collect personal information from children under 13.

11. Changes to this policy

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to make the updated policy available through the service.

12. Contact

Questions or privacy requests can be sent to support@lumika.ai.