Privacy Policy
Lumiqa is an MCP-native video review platform operated by AB Tools, sole proprietorship of Abramo Benedetti, based in Lucca, Italy. We take privacy seriously, especially because our users include developers connecting AI agents (Claude, ChatGPT, custom LLMs) to video pipelines that may handle sensitive creative work. This policy explains, in plain language, what we collect, why we collect it, who we share it with, how long we keep it, and what rights you have.
Contents
- Data Controller
- What data we collect
- Purposes and legal basis (GDPR Art. 6)
- Retention periods
- Recipients and sub-processors
- OAuth integrations (Meta, Google, LinkedIn, TikTok)
- Autoposting — publishing on your behalf
- AI processing and your content
- International data transfers
- Your rights under GDPR
- Cookies and tracking
- Security
- Children
- Changes to this policy
- Contact and DPO
1. Data Controller
The data controller responsible for processing your personal data is:
- AB Tools — sole proprietorship of Abramo Benedetti
- Registered address: Via M. Bertini 32, 55100 Lucca, Italy
- VAT ID: IT02742450469
- Contact: [email protected] (general), [email protected] (GDPR / privacy requests)
Lumiqa does not currently appoint an external Data Protection Officer (DPO) because our processing does not meet the mandatory thresholds of Article 37 GDPR. The owner of AB Tools acts as the privacy point of contact.
2. What data we collect
2.1 Account data (when you sign up)
- Email address (required)
- Display name (optional, you can set it yourself)
- Workspace slug and team name (optional)
- Authentication identifiers from Clerk (user ID, OAuth provider IDs if you sign in with Google or GitHub)
- Password is hashed and stored by Clerk — Lumiqa never sees it
2.2 Workspace content (what you upload)
- Video files, audio files, project metadata, comments, annotations
- File names, captions, version notes you provide
- Team member invitations and roles within your workspace
2.3 OAuth tokens (when you connect third-party platforms)
- Access and refresh tokens for Meta (Facebook / Instagram), Google (YouTube / Drive), LinkedIn, TikTok
- The minimum profile information returned by those platforms when you authorize the connection (typically: account ID, display name, public profile picture URL)
- We do not request scopes beyond what's necessary to publish or read the content you explicitly tell us to handle
2.4 Billing data
- Stripe customer ID, subscription status, plan tier (Pro €29/mo or Team €99/mo)
- Invoice records: amount, date, VAT, billing country
- Billing email and country (for tax determination)
- Lumiqa never stores credit card numbers — Stripe handles all card data as a PCI-DSS Level 1 processor
2.5 Usage and telemetry data
- API usage logs: which MCP tool or REST endpoint was called, timestamp, response status, latency
- Storage and bandwidth counters (to enforce plan quotas)
- Crash reports and error traces (for debugging — no video content payload)
- IP address and user agent in HTTP request logs (rolling 14-day window)
2.6 Analytics (only with your consent)
If you accept our cookie banner, we use Google Analytics 4 to understand which pages and features visitors use. GA4 collects pseudonymous identifiers, page views, session duration, and referral source. No identifiable user content (videos, comments) is ever sent to GA4.
3. Purposes and legal basis (GDPR Art. 6)
| Purpose | Data used | Legal basis |
|---|---|---|
| Provide the Lumiqa service (authentication, workspace, MCP API, file storage) | Account, workspace content, OAuth tokens | Contract (Art. 6(1)(b)) |
| Billing, invoicing, tax compliance | Billing data, name, address | Legal obligation (Art. 6(1)(c)) + Contract |
| Transactional emails (account confirmations, billing receipts, security alerts) | Email address, name | Contract (Art. 6(1)(b)) |
| Service improvement, debugging, fraud prevention | Usage logs, IPs, error traces | Legitimate interest (Art. 6(1)(f)) |
| Analytics, marketing measurement | GA4 cookies, page visit data | Consent (Art. 6(1)(a)) |
| Publishing content via OAuth to external platforms (Meta, Google, LinkedIn, TikTok) | OAuth tokens, file payloads you explicitly publish | Contract + your explicit instruction |
| Compliance with court orders, law enforcement requests | Any relevant data | Legal obligation (Art. 6(1)(c)) |
4. Retention periods
| Data category | Retention |
|---|---|
| Active account and workspace data | For the lifetime of your account |
| Deleted workspace files (R2 storage) | Permanently deleted within 30 days of deletion request |
| Backups | Up to 30 days after deletion, then purged |
| API usage logs (per-request) | 14 days rolling window |
| Aggregate usage counters (quota) | Reset monthly; aggregate stats kept up to 24 months |
| Billing and invoice records | 10 years (Italian tax law — DPR 633/1972 Art. 39) |
| OAuth tokens (Meta, Google, LinkedIn, TikTok) | Until you disconnect the integration or delete the account; revoked tokens purged within 7 days |
| GA4 analytics | 14 months (GA4 default) |
| Email logs (Resend) | 30 days |
| Support correspondence | 3 years after last contact |
5. Recipients and sub-processors
To run Lumiqa we use third-party services that act as data processors on our behalf, under written Data Processing Agreements (DPAs) compliant with Article 28 GDPR.
| Sub-processor | Purpose | Location / safeguards |
|---|---|---|
| Cloudflare, Inc. | Hosting (Pages), edge CDN, R2 object storage, D1 database, KV, Workers | EU edges preferred; SCCs + DPA |
| Clerk Inc. | Authentication and user identity | USA; SCCs + DPA |
| Stripe Payments Europe Ltd. | Subscription billing, invoicing, tax | Ireland (EU); DPA |
| Resend, Inc. | Transactional email (account, billing, security) | USA; SCCs + DPA |
| Anthropic PBC | AI processing — only when a user explicitly invokes an AI-powered tool (e.g. summarisation, transcript analysis); content sent on-demand, not stored by Anthropic for training | USA; SCCs + Zero Data Retention agreement |
| Replicate, Inc. | AI model inference (image/video models) — only when explicitly invoked by you or your agent | USA; SCCs + DPA |
| Google Ireland Ltd. | GA4 analytics (consent-based only) | EU + USA; SCCs + Google EU representative |
| Meta Platforms Ireland Ltd. | Only when you connect a Meta account and publish content via OAuth | Ireland (EU); your direct relationship |
We do not sell or rent your personal data to anyone. We do not share data with advertisers. We do not use your video content to train AI models.
6. OAuth integrations
If you connect a Meta, Google, LinkedIn, or TikTok account to your Lumiqa workspace, we store the access and refresh tokens necessary to perform the actions you authorize (typically: publishing or reading content). Tokens are encrypted at rest in Cloudflare KV / D1.
- You can disconnect any OAuth integration at any time from Settings → Integrations. On disconnect, the token is revoked and purged within 7 days.
- We request only the minimum scopes needed for the features you use.
- If Meta, Google, LinkedIn, or TikTok revoke a token (e.g. you revoke from their side), our system detects it on next use and removes the token from our store.
- For Meta-specific data deletion callbacks, see our Data Deletion page.
6-bis. Autoposting — publishing on your behalf
If you enable autoposting, you authorize Lumiqa to publish video content to the social accounts you connect (YouTube, Instagram, TikTok, Facebook, LinkedIn), on your behalf, either immediately or at a scheduled time. This section explains exactly what social data we process for that feature, why, and how you stay in control.
What social data we collect for autoposting
- OAuth access tokens and refresh tokens issued by each platform when you connect an account. These let us call the platform's publishing API as you.
- Account identifiers returned at connection time: platform user/account ID, YouTube channel ID, Instagram professional account ID, Facebook Page ID, TikTok open ID, and the public display name / handle of the connected account.
- The content you choose to publish: the video file (delivered to the platform from our Cloudflare R2 storage via a short-lived signed URL), plus the caption, title, description, thumbnail, hashtags, and privacy/visibility setting you provide.
- Publishing metadata we generate: the scheduled time, the publish status (queued, publishing, published, failed), the external post ID and public URL returned by the platform, attempt count, and any error message — so you can see what happened.
Why we process it (purpose)
Solely to perform the publishing action you instruct: create the upload, transfer the video, set the caption and visibility, schedule it, poll its status, and report the result back to you. We do not use connected-account data for any other purpose, do not read your followers, private messages, or analytics beyond what is strictly needed to publish, and do not post anything you did not explicitly queue or schedule.
Legal basis (GDPR Art. 6)
- Performance of a contract (Art. 6(1)(b)) — autoposting is a core feature of the Service you subscribed to.
- Your explicit consent (Art. 6(1)(a)) — granted at the moment you authorize each platform connection through its official OAuth consent screen, and withdrawable at any time by disconnecting.
How we store it
Access and refresh tokens are encrypted at rest using AES-256-GCM before being written to our Cloudflare D1 database; the encryption key is held as a server-side secret and is never exposed to the browser or to other workspaces. Tokens are decrypted only in memory, on the server, for the duration of a single publishing call. Video files are stored in Cloudflare R2 and handed to the destination platform through a short-lived, HMAC-signed delivery URL that expires after the upload.
Retention
- Tokens: kept only while the integration is connected. When you disconnect, or delete your account, the token is revoked and purged within 7 days.
- Publishing records (status, external post ID/URL, errors): kept for the life of the workspace so you have an audit trail; deleted with the workspace within 30 days of an account-deletion request.
- Meta long-lived tokens expire after 60 days; if not refreshed they become unusable and are cleared on next use.
How you stay in control / revoke
- Disconnect any account at any time from Settings → Integrations. This calls
/api/integrations/disconnect, which immediately revokes and clears the stored tokens (purged within 7 days). - You can also revoke Lumiqa's access directly on the platform side: Google Account → Security → Third-party access; Meta → Settings → Business Integrations; TikTok → Settings → Manage app permissions.
- Disconnecting stops all future scheduled posts for that account. It does not retract posts already published — those live on the platform under your account and must be removed there.
Third parties
When you publish, your content and the necessary tokens are transmitted to the destination platform you selected, acting as an independent controller of the data once it reaches them: Google LLC / YouTube, Meta Platforms (Instagram, Facebook), TikTok, and LinkedIn. Their handling of the published content is governed by their own terms and privacy policies. We share with them only what is required to publish what you asked us to publish.
Google / YouTube API Services — limited use disclosure
Lumiqa's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained through the YouTube Data API is used only to upload and manage the videos you instruct us to publish; it is not sold, not used for advertising, and not used to train AI models. Your use of YouTube features is also subject to the YouTube Terms of Service and the Google Privacy Policy.
7. AI processing and your content
Lumiqa is an MCP-native platform. AI agents (Claude, ChatGPT, custom LLMs) can connect to your workspace via MCP or REST API and perform actions you authorize. Some considerations:
- Your AI agent runs under your control. When you connect Claude Desktop or any MCP client to Lumiqa, the conversation between you and your AI happens on Anthropic / OpenAI infrastructure, not ours.
- Server-side AI features. If you invoke a Lumiqa-built AI tool (e.g. auto-summary, auto-transcript), we call Anthropic or Replicate on your behalf. Anthropic operates under a Zero Data Retention agreement: content is not retained beyond the request, not used for training.
- We do not train models on your data. Period. Your videos, comments, transcripts, and project content are never used to train Lumiqa, Anthropic, OpenAI, Replicate, or any third-party model.
- AI outputs are not legal or factual guarantees. See our Terms of Service, section "AI outputs disclaimer".
8. International data transfers
Lumiqa primarily operates on Cloudflare's EU infrastructure. Some sub-processors (Clerk, Resend, Anthropic, Replicate) are located in the United States. For any transfer of personal data outside the European Economic Area (EEA), we rely on:
- Standard Contractual Clauses (SCCs) adopted by the European Commission;
- Additional technical safeguards: encryption in transit (TLS 1.2+), encryption at rest, access controls;
- Sub-processor commitments under the EU-US Data Privacy Framework where applicable.
9. Your rights under GDPR
You have the following rights under the General Data Protection Regulation (Regulation (EU) 2016/679):
- Right of access (Art. 15) — request a copy of personal data we hold about you.
- Right to rectification (Art. 16) — correct inaccurate or incomplete data.
- Right to erasure / "right to be forgotten" (Art. 17) — request deletion. See our Data Deletion page for the full process.
- Right to restriction of processing (Art. 18).
- Right to data portability (Art. 20) — export your workspace data in machine-readable format (JSON + original files). Available from Settings → Export, or by emailing [email protected].
- Right to object (Art. 21) — object to processing based on legitimate interest.
- Right to withdraw consent (Art. 7(3)) — for consent-based processing (analytics).
- Right to lodge a complaint with a supervisory authority — in Italy, the Garante per la Protezione dei Dati Personali (garanteprivacy.it).
We respond to verified requests within 30 days (extendable by a further 60 days for complex cases under Art. 12(3) GDPR). To exercise a right, email [email protected] with your account email so we can authenticate you.
10. Cookies and tracking
Lumiqa uses only a minimal set of cookies and similar technologies:
- Strictly necessary: session cookies set by Clerk for login persistence. These cannot be disabled and require no consent.
- Analytics (consent-based): Google Analytics 4 cookies (
_ga,_ga_*). Only set after you accept the cookie banner. You can withdraw consent at any time by clearing local storage or revoking via the banner. - Marketing cookies: a Meta Pixel may be active on public marketing pages (homepage, /blog, /docs) to measure ad performance. Activated only after consent.
- We do not use cross-site tracking or browser fingerprinting.
11. Security
We apply technical and organizational measures appropriate to the risk (GDPR Art. 32):
- TLS 1.2+ for all network traffic (HTTPS-only, HSTS enabled)
- Encryption at rest for D1, KV, R2 (provider-managed encryption)
- OAuth tokens encrypted with workspace-scoped keys
- Principle of least privilege for staff access (only the owner of AB Tools has production access)
- Audit logging of administrative actions
- Regular dependency updates and security patches
- Backup snapshots with 30-day retention, then automatic purge
If we detect a personal data breach, we will notify the supervisory authority within 72 hours and affected users without undue delay, in accordance with Articles 33 and 34 GDPR.
12. Children
Lumiqa is not directed at children under 16. We do not knowingly collect personal data from minors. If you believe a child has registered an account, contact [email protected] and we will remove the account promptly.
13. Changes to this policy
We may update this policy to reflect changes in our services, legal requirements, or business practices. Material changes are announced via email to registered users at least 14 days in advance. The "Last updated" date at the top reflects the latest revision. Historical versions are available on request.
14. Contact
For any privacy-related question, request, or complaint:
- Email: [email protected]
- General contact: [email protected]
- Postal mail: AB Tools — Via M. Bertini 32, 55100 Lucca, Italy
We respond to every legitimate privacy request, even if you don't have an active account.