Privacy Policy

Your privacy is important to us. We are committed to protecting personal data, handling customer content responsibly, and complying with applicable data protection laws.

This Privacy Policy explains how GlobeScribe.AI Ltd trading as Luman collects, uses, stores, shares and protects personal data when you visit our website, create an account, use our platform, purchase services, upload content, communicate with us, or otherwise interact with Luman.

This Privacy Policy should be read together with our Terms and Conditions and Cookie Policy.

1. Company Details

For the purposes of this Privacy Policy, “Luman”, “we”, “us” and “our” means GlobeScribe.AI Ltd trading as Luman. Our company details are:

GlobeScribe.AI Ltd trading as Luman
7 Forbes Business Centre, Kempson Way
Bury St Edmunds, Suffolk
United Kingdom IP32 7AR
Company number: 16452951
Email: hello@lumantechnology.com

Luman is a trading name of GlobeScribe.AI Ltd.

2. Our Role Under Data Protection Law

We may act as either a data controller or a data processor, depending on the context.

Where we act as controller

We act as controller when we decide how and why personal data is processed. This includes personal data used for:

• account registration;
• customer support;
• billing and payments;
• order history;
• subscription management;
• website analytics;
• marketing communications;
• legal compliance;
• security and fraud prevention;
• running and improving our business.

Where we act as processor

Where you upload manuscripts, books, style guides, reports, files or other customer content that contains personal data, we normally act as processor for that personal data. In that situation, you remain the controller, and we process the content on your behalf for the purpose of providing the relevant Luman service. This may include processing content for translation, proofreading support, manuscript intelligence, file conversion, formatting, report generation, platform delivery, and support and troubleshooting.

3. Data We Collect

We collect different types of personal data depending on how you interact with us.

3.1 Contact Data

This may include: name; email address; telephone number; business address; billing address; company or organisation name; job title.

3.2 Account Data

This may include: username; password or authentication details; account settings; login information; user role; organisation or team details; subscription details.

3.3 Payment and Transaction Data

This may include: records of purchases; order history; subscription plan; invoices; payment status; billing details; tax information. We generally use third-party payment processors, such as Stripe, to process payments. We do not usually store full payment card details ourselves.

3.4 Commercial and Service Data

This may include: services purchased; projects created; languages selected; word counts; manuscript counts; usage volumes; support requests; customer preferences; service history; account notes; communications with us.

3.5 Technical and Usage Data

This may include: IP address; browser type; operating system; device information; referring website; pages visited; session duration; clicks and interactions; error logs; platform usage; security logs; cookie identifiers; analytics data.

3.6 Customer Content

This may include: manuscripts; books; uploaded files; DOCX files; EPUB files; PDF files; style guides; glossaries; dictionaries; project instructions; metadata; proofreading settings; manuscript intelligence reports; translation outputs; proofreading outputs; support files. Customer Content may contain personal data relating to you, authors, characters based on real people, contributors, employees, contractors, readers, agents, publishers, or other identifiable individuals.

3.7 Marketing Data

This may include: email preferences; newsletter subscription status; marketing consent records; campaign interactions; referral information; responses to surveys or promotions.

4. How We Collect Personal Data

We collect personal data in the following ways.

4.1 Directly from you

For example, when you create an account; place an order; buy a subscription; upload a manuscript; submit a support request; contact us by email; complete a form; request a demo; subscribe to marketing; provide billing details; or give us project instructions.

4.2 Automatically

For example, when you use our website or platform, we may collect technical and usage data through cookies, logs, analytics tools and similar technologies.

4.3 From third parties

We may receive personal data from third parties, including payment processors, analytics providers, email service providers, referral partners, authentication providers, customer organisations, professional advisers, and service providers helping us deliver the platform.

5. How and Why We Use Personal Data

We only process personal data where we have a lawful basis to do so.

5.1 To provide our services

We use personal data to provide Luman services, including translation, proofreading support, manuscript intelligence, account access, project processing, file delivery, customer support, subscriptions and order management. Data used may include Contact Data, Account Data, Payment and Transaction Data, Commercial and Service Data, Technical and Usage Data, and Customer Content. Our legal basis is usually: performance of a contract, where processing is necessary to provide services to you; or legitimate interests, where processing is necessary to operate and support the platform.

5.2 To process Customer Content

We process Customer Content to provide the service you request. This may include: translating manuscripts; generating proofreading suggestions; generating manuscript intelligence reports; converting or formatting files; applying style guides or project settings; delivering outputs; troubleshooting technical issues. Where Customer Content contains personal data and you are the controller, we process that personal data as your processor and in accordance with your instructions.

5.3 To manage accounts, orders and subscriptions

We use personal data to create and manage accounts, process orders, manage subscriptions, issue invoices, collect payments, provide receipts, manage renewals, administer usage allowances, and respond to account queries. Our legal basis is usually performance of a contract or legitimate interests.

5.4 To communicate with you

We use personal data to respond to enquiries, provide customer support, send service updates, notify you about orders or outputs, communicate about subscriptions, provide administrative messages, and manage complaints or disputes. Our legal basis is usually performance of a contract, legitimate interests, or legal obligation, depending on the communication.

5.5 To improve and secure our website and platform

We may use technical, usage and diagnostic data to monitor performance, fix bugs, improve functionality, understand usage patterns, prevent fraud, maintain security, detect abuse, test new features, and improve user experience. Our legal basis is usually legitimate interests, namely operating, securing and improving our website, platform and services.

5.6 To comply with legal obligations

We may process personal data to keep accounting and tax records, comply with company law, respond to lawful requests, comply with data protection obligations, handle legal claims, enforce our terms, and cooperate with regulators or authorities where required. Our legal basis may be legal obligation or legitimate interests.

5.7 To send marketing communications

We may send newsletters, product updates, offers, event invitations or other marketing communications where you have consented or where we are otherwise permitted by law to do so. You can unsubscribe from marketing communications at any time by using the unsubscribe link in our emails or by contacting us. Our legal basis is usually consent or, where applicable, legitimate interests.

6. AI Systems, Customer Content and Model Training

We understand that manuscripts, unpublished works and publishing materials are sensitive. Our default position is that we process Customer Content to provide the services requested by you.

6.1 No training on Customer Content by default

We do not use Customer Content, manuscripts, unpublished works, Translation Outputs, Proofreading Outputs or Manuscript Intelligence Reports to train, fine-tune or improve our own artificial intelligence models or systems, unless you expressly agree otherwise in writing.

6.2 Third-party AI infrastructure and model providers

To provide our services, we may use third-party infrastructure, hosting providers, storage providers, AI infrastructure providers, model providers, file conversion tools, monitoring tools, security tools and other service providers. Where we use third-party AI infrastructure or model providers to process Customer Content, we use reasonable efforts to use business, enterprise or API services, settings or terms that do not permit Customer Content to be used to train or fine-tune third-party models, unless you expressly agree otherwise in writing. We do not intentionally provide Customer Content to third-party providers for the purpose of training or fine-tuning third-party models.

6.3 Operational processing by providers

Third-party providers may process Customer Content and related technical data for limited operational purposes, such as providing the relevant service, maintaining security, preventing abuse, troubleshooting, performance monitoring, temporary caching, logging, legal compliance, and enforcing their own service terms. This depends on the provider and service used.

6.4 Aggregated and de-identified information

We may use aggregated or de-identified information about use of the services to monitor performance, improve the platform, understand usage patterns, develop features and operate our business, provided that such information does not identify you, your unpublished Customer Content, your confidential projects or your individual manuscripts.

7. Cookies and Similar Technologies

We use cookies and similar technologies on our website and platform. These may include:

• essential cookies needed for the website or platform to function;
• analytics cookies to understand how visitors use the website;
• preference cookies to remember settings;
• marketing cookies or pixels, where used, to measure or support marketing activity.

You can manage your cookie preferences through our cookie banner or browser settings. For more information, please read our Cookie Policy.

8. Google Analytics and Similar Tools

We may use Google Analytics or similar analytics tools to understand how visitors use our website and platform. These tools may collect Technical and Usage Data, including pages visited, time spent on pages, browser type, device type, approximate location, referring website, interactions with content, and cookie identifiers. Analytics data helps us understand website performance, improve user experience and assess marketing effectiveness. Where required, non-essential analytics cookies will only be used with your consent. You can learn more about Google’s privacy practices by visiting Google’s Privacy Policy. You can also use Google’s browser add-on to opt out of Google Analytics where available.

9. Marketing

We may use personal data to send marketing communications about Luman products, services, offers, updates, webinars, events or related content. We will only send marketing where we have a lawful basis to do so. You can opt out of marketing at any time by clicking the unsubscribe link in a marketing email or by contacting us at hello@lumantechnology.com. Withdrawing consent does not affect the lawfulness of processing before consent was withdrawn.

10. Who We Share Personal Data With

We may share personal data with trusted third parties where necessary to provide, operate, secure, improve or administer our services. These may include:

10.1 Payment processors

For example, Stripe or another payment provider, to process payments securely.

10.2 Hosting and infrastructure providers

To host our website, platform, databases, files and systems.

10.3 AI infrastructure and model providers

To process Customer Content and generate outputs for translation, proofreading support, manuscript intelligence or related services.

10.4 File conversion, storage and delivery providers

To convert, store, process, download or deliver files and outputs.

10.5 Email and communication providers

To send transactional emails, service messages, newsletters, support replies and other communications.

10.6 Analytics providers

For example, Google Analytics or similar providers, to understand website and platform usage.

10.7 Security, monitoring and support providers

To detect errors, protect systems, prevent abuse, monitor performance and provide customer support.

10.8 Professional advisers

Including lawyers, accountants, auditors, insurers and other advisers.

10.9 Government, regulators or law enforcement

Where required by law, court order, legal process, regulatory requirement, or where necessary to protect our legal rights.

10.10 Business transfers

If we sell, merge, restructure or transfer all or part of our business, personal data may be shared with potential buyers, advisers, investors or successor organisations, subject to appropriate safeguards.

11. International Data Transfers

Our operations are based in the United Kingdom, but some of our service providers may process personal data outside the UK or the European Economic Area. Where personal data is transferred internationally, we will use appropriate safeguards where required by applicable data protection law. These safeguards may include:

• adequacy regulations or adequacy decisions;
• UK International Data Transfer Agreements;
• UK Addendum to EU Standard Contractual Clauses;
• EU Standard Contractual Clauses;
• Data Privacy Framework certifications where applicable;
• other lawful transfer mechanisms.

12. How Long We Keep Personal Data

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including providing services, maintaining accounts, meeting legal obligations, resolving disputes, enforcing agreements, maintaining security and operating our business. Retention periods vary depending on the type of data and the purpose of processing.

12.1 Account Data

We may keep account data while your account remains active and for a reasonable period after account closure for customer support, reactivation, legal, security and record-keeping purposes.

12.2 Order, Subscription and Financial Data

We may keep order, invoice, payment and transaction records for at least six years where required for tax, accounting and legal purposes.

12.3 Customer Content

Retention periods for Customer Content may vary depending on the service, account type, subscription plan, project status, customer settings, support requirements and legal obligations. Unless otherwise stated in the relevant service, order form, subscription plan, enterprise agreement or written arrangement, we may retain Customer Content and Outputs for as long as reasonably necessary to provide the services, maintain your account, support project history, allow downloads, provide customer support, resolve disputes, comply with legal obligations, maintain security, and operate the platform. Where a specific deletion period is stated for a service, we will use reasonable efforts to delete the relevant Customer Content in accordance with that period, subject to backups, legal obligations, security requirements and operational limitations.

12.4 Technical and Usage Data

Technical and Usage Data may be kept for as long as necessary for analytics, security, troubleshooting, performance monitoring and service improvement.

12.5 Marketing Data

Marketing consent and preference records may be kept until you withdraw consent or opt out, and for a reasonable period afterwards to maintain suppression records and demonstrate compliance.

12.6 Legal Claims and Compliance

We may retain relevant data for longer where necessary to establish, exercise or defend legal claims, comply with legal obligations, resolve disputes or enforce agreements. If we do not have a fixed retention period for a category of personal data, we use criteria such as the nature of the data, purpose of processing, legal requirements, customer relationship, security needs and risk level to decide how long to keep it.

13. How We Protect Personal Data

We use reasonable technical and organisational measures designed to protect personal data and Customer Content against accidental loss, unauthorised access, unauthorised disclosure, alteration, misuse or destruction. These measures may include access controls, secure hosting, encryption where appropriate, authentication controls, logging and monitoring, backup processes, confidentiality obligations, supplier due diligence, internal access restrictions and security reviews.

No online service, file transfer, software platform, AI system or internet-based service can be guaranteed to be completely secure. You are responsible for keeping your own account credentials, systems, devices and downloaded files secure.

14. Your Data Protection Rights

Depending on your location and the applicable data protection law, you may have rights in relation to your personal data. These may include:

14.1 Right of access

You can ask us for a copy of the personal data we hold about you.

14.2 Right to rectification

You can ask us to correct personal data that is inaccurate or incomplete.

14.3 Right to erasure

You can ask us to delete your personal data in certain circumstances.

14.4 Right to restrict processing

You can ask us to restrict how we use your personal data in certain circumstances.

14.5 Right to object

You can object to certain types of processing, including processing based on legitimate interests and direct marketing.

14.6 Right to data portability

You can ask us to provide certain personal data in a structured, commonly used and machine-readable format.

14.7 Right to withdraw consent

Where we rely on consent, you can withdraw that consent at any time.

14.8 Right to complain

You can complain to the Information Commissioner’s Office or another relevant supervisory authority if you are unhappy with how we handle your personal data.

15. How to Exercise Your Rights

To exercise your data protection rights, please contact us at hello@lumantechnology.com. We may need to verify your identity before responding to your request. We will usually respond within one month, unless the request is complex or we are legally permitted to extend the response period. If we process personal data contained in Customer Content as processor on behalf of a customer, we may need to refer your request to the relevant customer who controls that data.

16. Children

Our website, platform and services are not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take reasonable steps to delete it. If you believe we may hold personal data about a child under 18, please contact us at hello@lumantechnology.com.

17. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. These may include:

• the right to know what personal information we collect, use, disclose or share;
• the right to request access to personal information;
• the right to request deletion of personal information;
• the right to request correction of inaccurate personal information;
• the right to opt out of sale or sharing of personal information;
• the right to limit certain uses of sensitive personal information;
• the right not to receive discriminatory treatment for exercising privacy rights.

We do not sell personal information in the traditional sense for monetary compensation. However, depending on the cookies, pixels, advertising tools or analytics tools used on our website, some Technical and Usage Data may be considered “sharing” under California privacy law if it is used for cross-context behavioural advertising. You can exercise California privacy rights by contacting us at hello@lumantechnology.com. You can also manage cookie and tracking preferences through our cookie banner where available.

18. Links to Other Websites

Our website or platform may contain links to third-party websites, resources or services. We are not responsible for the privacy practices, content or policies of third-party websites or services. You should read the privacy notices of any third-party websites or services you use.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, platform, technology, legal obligations, suppliers or business practices. The most recent version will be posted on our website with the updated date. Where changes are material, we may take additional steps to notify you where appropriate.

20. Contact Us

If you have any questions about this Privacy Policy, the personal data we hold about you, or how to exercise your data protection rights, please contact us at:

GlobeScribe.AI Ltd trading as Luman
7 Forbes Business Centre, Kempson Way
Bury St Edmunds, Suffolk
United Kingdom IP32 7AR
Email: hello@lumantechnology.com

21. How to Complain

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue. You also have the right to complain to the UK Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

If you are outside the UK, you may also have the right to contact your local data protection authority.