Lume
Home

Privacy Policy

Last updated: 2026-06-03

⚠️ These pages follow standard Japanese requirements, but the business details in 【 】/[ ] must be replaced with your real information. We recommend a final check by a professional (lawyer / administrative scrivener) before you start charging.

1. Operator

Personal-data controller: 【business name】 (【representative】). Our address and other contact details are stated in the “Specified Commercial Transactions Act” notice.

2. Information we collect

Registration data (name, email, authentication details, display language), plus usage data, device data and cookies, and the analysis inputs you enter (target URLs, keywords, competitor domains). For payments, the necessary data is handled via our payment provider; we do not store raw card numbers.

3. Purposes of use

To provide the Service, verify identity, bill and invoice, respond to inquiries, improve quality and features, prevent abuse, and send important notices.

4. External services & processing

To deliver analyses we send the necessary queries (URLs, keywords, etc.) to external APIs: DataForSEO (ranks/keywords), Google (Search Console / OAuth), AI models via OpenRouter (AI visibility — ChatGPT, Perplexity, etc.) and Google Gemini (AI reports). We also rely on Supabase (auth & data storage), Vercel (hosting) and Resend (email) as processors. Their handling is governed by their own privacy policies.

5. Cross-border transfer

Some of the services above are operated by companies located outside Japan (mainly the U.S. and others). As needed to fulfill the purposes above, personal data (entered URLs/keywords, email, etc.) may be transferred to third parties abroad. In line with Japan's data-protection law, we provide information about the destination country, its regime and the measures taken, and obtain your consent where required.

6. Cookies & analytics

We use cookies to keep you signed in and remember your display language (lume-lang). We may use analytics to understand usage, handled under this policy. You can disable cookies in your browser, though some features may stop working.

7. Limits on third-party provision

Except where required by law or necessary to protect life, body or property, we do not provide personal data to third parties without your prior consent (other than the processing and cross-border transfers described above).

8. Security measures

We take necessary and appropriate measures to prevent leakage, loss or damage of personal data, including access controls, encryption in transit, and proper supervision of processors.

9. Access, correction & deletion

We respond, in accordance with law, to requests to disclose, correct, add to, delete, suspend the use of, or stop third-party provision of your retained personal data. Contact the channel in section 12; after identity verification we respond within a reasonable period (a fee may apply within the limits of law). Deleting your account removes related data such as projects.

10. Rights of international users (GDPR, etc.)

The Service is available to users abroad. Residents of the EU/EEA, the UK and similar jurisdictions may be covered by the GDPR and comparable laws, with rights to access, rectify, erase, restrict processing of, and port their personal data, and to object to processing. Our legal bases for processing include performance of a contract, legitimate interests, and consent where required. To exercise these rights or for questions, contact the channel in section 12.

11. Changes

We may revise this policy as laws or the Service change. We announce material changes within the Service; they take effect when posted.

12. Contact & complaints

For privacy inquiries, disclosure requests and complaints: 【contact email】.