Last updated: May 19, 2026
Your privacy matters to us — not as a legal formality, but as a genuine commitment. We do not sell your data. We do not run ads. This page explains exactly what we collect, why, and how we protect it.
LumiChats ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and what rights you have in relation to it. LumiChats is operated by Aditya Kumar Jha, based in Chennai, Tamil Nadu, India.
We do not sell your personal data. We do not use your conversations with AI to train any models. The LumiChats chat application itself contains no advertisements. However, our editorial content pages — the Blog and AI Glossary — include Google AdSense advertising. This is clearly disclosed in this Policy.
This Policy applies to all users of the LumiChats platform accessible at https://lumichats.com, including registered users, paying subscribers, and visitors. By using the Platform, you agree to the collection and use of information as described in this Policy.
If you have any questions about this Policy or how we handle your data, please contact us at lumichats@gmail.com.
Account Information: When you register, we collect your email address and any display name you choose to provide. You may sign in using Google OAuth, in which case we receive your email address and profile name from Google. We do not require your real name to use the Platform.
Payment Information: When you make a payment, our payment processor (Razorpay) collects your card details and billing information. LumiChats does not store your full payment card number. We retain only the information necessary to manage your subscription and process refunds, including transaction identifiers, amount, currency, and status.
Usage Data: We collect information about how you interact with the Platform, including session timestamps, feature usage, token consumption, and AI model selections. This information is used to provide the service, enforce plan limits, detect abuse, and improve platform performance.
Message Previews: For billing accountability and abuse detection, we store the first 200 characters of each chat message you send and the first 200 characters of each AI response in our usage records (the token_usage table). These previews are not used for advertising or AI training. They are retained for the duration of your account's active period.
Web Search Data: When you use the web search feature, your search query and the results returned are stored in our database. This data is retained so that you can revisit search results within your chat sessions. We do not use your search queries for advertising targeting or sell them to third parties.
Technical Data: We automatically collect certain technical information when you access the Platform, including your IP address, browser type, operating system, and referring URL. This information is used for security monitoring, fraud detection, and service analytics.
Communications: If you contact us by email, we retain the content of those communications for as long as necessary to respond to and resolve your enquiry.
Conversation Data: The content of your AI conversations is processed in real time to provide the service. We retain conversation history to enable you to access previous sessions. We do not use the content of your conversations to train AI models.
To provide and operate the Platform — processing your prompts, delivering AI responses, maintaining your account, and managing your subscription.
To process payments and issue refunds — communicating with Razorpay, managing billing, and handling disputes.
To maintain platform security and integrity — detecting and preventing fraud, abuse, bot activity, and violations of our Terms of Service.
To communicate with you — sending service-related notifications, responding to support enquiries, and informing you of material changes to our Terms or this Policy. We do not send promotional emails unless you have explicitly opted in.
To comply with legal obligations — retaining records required by applicable Indian law and responding to lawful requests from authorities.
To improve the Platform — using aggregated and anonymised usage data to understand how features are used. This data cannot be used to identify you individually.
To serve advertising on editorial content — Google AdSense on our Blog and AI Glossary pages enables us to fund free content. Advertising does not occur within the LumiChats chat application.
LumiChats takes the protection of all people — including those who are not users of the Platform — seriously.
As part of our security and integrity practices, we monitor account registration signals including email domain reputation, payment method patterns, and usage behaviour. Accounts that show signs of fraudulent registration — such as the use of disposable email domains, inconsistent identity signals, or behaviour indicative of platform misuse — may be flagged for review and suspended without prior notice.
Where a user shares personal information about a third party — such as the social media profiles or contact details of a person who is not a LumiChats user — in a manner that appears intended to facilitate harm, impersonation, or non-consensual content generation, we treat this as a serious violation of our Terms of Service. The account involved will be reviewed and may be permanently terminated.
We do not share the personal data of terminated users publicly. Enforcement actions are documented and disclosed in aggregate and anonymised form only.
If you believe that your personal data or likeness has been used on our Platform without your consent, please contact us immediately at lumichats@gmail.com. We will investigate and take appropriate action promptly.
We do not sell, rent, or trade your personal data to any third party for commercial purposes.
AI Model Providers via OpenRouter: Your prompts are routed through OpenRouter to third-party AI model providers including Anthropic (Claude), OpenAI (GPT), Google (Gemini), xAI (Grok), Meta (Llama), Mistral, DeepSeek, and others. The privacy practices applicable to your data depend on which model you select. For example, if you use Claude, Anthropic's Privacy Policy applies to your prompt data; if you use Grok, xAI's Privacy Policy applies. We only route prompts to frontier-class providers whose API terms explicitly state that API data is not used for training without consent. We encourage you to review the privacy policy of the AI provider whose model you choose.
Payment Processor — Razorpay: Your payment information is handled by Razorpay (Razorpay Software Private Limited, India). We share only the information necessary to complete your transaction, including your user ID, plan type, email, and amount. Razorpay is subject to PCI-DSS compliance requirements and its own privacy policy.
Infrastructure — Supabase: We use Supabase for database hosting and authentication services. Your account data, conversation metadata, token usage records, and web search logs are stored in Supabase-managed databases. Data is stored in encrypted environments.
Analytics — Vercel Analytics & Speed Insights: We use Vercel Analytics and Vercel Speed Insights to collect anonymised, aggregate data about page views, navigation patterns, and performance metrics. These services do not set advertising cookies and do not build individual user profiles for advertising purposes.
Advertising — Google AdSense: Google AdSense is loaded on our Blog and AI Glossary pages. Google may use cookies and similar technologies to serve targeted advertisements based on your browsing behaviour. Your IP address and browsing activity on these pages may be collected and processed by Google in accordance with Google's Privacy Policy (policies.google.com/privacy). This advertising does not occur within the LumiChats chat application. You may opt out of personalised Google advertising at adssettings.google.com.
Fonts — Google Fonts: We load fonts from Google Fonts (fonts.googleapis.com) on our pages. This request transmits your IP address and browser metadata to Google's servers as a standard part of font delivery. Google's use of this data is governed by Google's Privacy Policy.
Web Search Providers — Serper.dev and Brave Search: When you use the web search feature, your search query is transmitted to Serper.dev (primary) and Brave Search API (fallback) to retrieve results. These providers receive the search query text but not your LumiChats account identity. Their respective privacy policies apply to the queries they process.
Search Console & SEO Tools: We use Google Search Console to monitor our website's search performance. This involves Google processing metadata about how our pages appear in search results. No user-level personal data from your LumiChats account is shared with Search Console.
Legal Requirements: We may disclose your personal data if required to do so by applicable Indian law, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to protect the rights, safety, or property of LumiChats, our users, or the public.
Business Transfers: In the event of a merger, acquisition, or sale of substantially all of our assets, your personal data may be transferred. We will notify you in advance of any such transfer.
We retain your personal data for as long as your account is active or as needed to provide the service.
Inactivity Policy: If your account has had no activity for a continuous period of six to twelve months, we will delete your personal data — including conversation history, token usage records, web search logs, and profile information — unless retention is required by law.
Payment records are retained for a minimum of seven years in accordance with financial record-keeping requirements under applicable Indian law.
Where an account is terminated due to a Terms of Service violation, we retain sufficient account information to prevent re-registration and to support any legal or regulatory process that may follow. This includes the email address, IP address, and payment method identifier associated with the terminated account.
Where an account is closed voluntarily at your request, we will delete your personal data within 30 days, except where retention is required by law or legitimate business interest.
You may request deletion of your data at any time by contacting us at lumichats@gmail.com.
Depending on your jurisdiction, you may have the following rights in relation to your personal data:
The right to access — you may request a copy of the personal data we hold about you.
The right to rectification — you may request that we correct any inaccurate or incomplete personal data.
The right to erasure — you may request that we delete your personal data, subject to our legal obligations as described in Section 6.
The right to data portability — where technically feasible, you may request your personal data in a structured, machine-readable format.
For users in the European Union and EEA, these rights are granted under the GDPR. For users in California, additional rights are granted under the CCPA. For users in India, your rights are governed by the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.
To exercise any of these rights, contact us at lumichats@gmail.com. We will respond within 30 days. We may request identity verification before fulfilling your request.
LumiChats uses cookies and similar technologies to operate the Platform, maintain your authenticated session, and collect analytics data.
Essential cookies — required for the Platform to function. These include session authentication cookies managed by Supabase. These cannot be disabled without breaking core functionality such as login and session management.
Analytics cookies — Vercel Analytics and Speed Insights collect anonymised performance and navigation data. This data is aggregated and cannot be used to identify you individually. No advertising profiles are built from this data.
Advertising cookies — Google AdSense sets cookies on our Blog and AI Glossary pages to serve targeted advertisements. These cookies may track your browsing activity across other websites that use Google's advertising network. This tracking does not occur on the LumiChats chat application pages (/chat). You may manage or opt out of advertising cookies at adssettings.google.com or through your browser's cookie controls.
We do not use advertising cookies within the LumiChats chat application. We do not track you across third-party websites from within the application. We do not use your chat data to build advertising profiles.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption of data in transit (TLS) and at rest, JWT-based authentication with server-side verification, access controls restricting database access to service-role keys, and Content Security Policy headers that restrict which external resources may load on the Platform.
No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities as required by applicable law.
LumiChats is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13.
Users between the ages of 13 and 18 must have parental or guardian consent to use the Platform.
If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will take steps to delete that information as quickly as possible. If you believe we may have collected data from a child under 13, please contact us at lumichats@gmail.com.
LumiChats is operated by Aditya Kumar Jha, based in Chennai, Tamil Nadu, India, and serves users across 80+ countries. By using the Platform, you consent to the transfer of your personal data to India, where our infrastructure and data processors are located.
Where transfers of personal data from the European Economic Area to countries outside the EEA are required, we rely on appropriate safeguards including Standard Contractual Clauses as approved by the European Commission, or the data processing terms of our third-party processors (Supabase, Razorpay, Vercel) who have their own GDPR-compliant data transfer mechanisms.
For Indian users, our data handling practices are designed to be consistent with the requirements of the Digital Personal Data Protection Act, 2023 (DPDP Act).
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on the Platform at least 14 days before the changes take effect.
Your continued use of the Platform after a change takes effect constitutes your acceptance of the updated Privacy Policy.
LumiChats is the data controller for personal data collected through the Platform.
Data Controller: Aditya Kumar Jha
Email: lumichats@gmail.com
Website: https://lumichats.com
Location: Chennai, Tamil Nadu, India
We aim to respond to all privacy-related enquiries within 5 business days.