Privacy Policy

Last Updated: February 12, 2026.

This Privacy Policy describes how Lumari, Inc. ("we," "us," or "our") collects, uses, and discloses information about you when you access or use our websites (including lumari.io, app.lumari.io, and any other associated subdomains), the Lumari Supplier Portal, contact our support teams, or interact with us on social media (collectively, the "Sites").

This Privacy Policy does not apply to information that we process on behalf of our business customers while providing services to them. When we process data on behalf of our business customers, we act as a data processor (or service provider) and our use of that information is governed by our Customer Service Agreement with such customers. We are the data controller only for information we collect directly through the Sites as described in this policy.

Our websites, products, and services are designed for enterprise customers and their representatives. We do not offer products or services intended for use by individuals for their personal, familial, or household purposes.

1. Information We Collect

We collect the following types of information when you use our Sites. Our Sites may integrate with third-party services that operate independently from us. This Privacy Policy does not apply to such third parties.

a. Information You Provide to Us

• Account and Registration Data: Business contact information such as name, email address, company name, and job title when you register for an account or request a demo.

• Supplier Portal Data: Information submitted by suppliers in response to procurement requests, including quotes, product details, and business contact information.

• Support and Communications: Content of messages you send to us via email or support tickets.

• Marketing Data: Your preferences for receiving marketing communications and details about how you engage with them.

b. Information Collected Automatically

When you visit our Sites, we may automatically log information using cookies, pixel tags, and similar technologies:

• Device Information: Computer or mobile operating system, browser type, IP address, and unique device identifiers.

• Usage Information: Pages viewed, time spent on pages, links clicked, and referral sources.

• Bot Protection: We use Cloudflare Turnstile on our login and registration forms to protect against automated abuse. Cloudflare may process your IP address and browser metadata to verify you are human. See Cloudflare's Privacy Policy for more information.

c. Analytics and Tracking Technologies

We use cookies, pixels, and similar technologies to operate the Sites, keep you signed in, understand how the Sites are used, and improve our content and marketing. We use the following third-party tools:

• PostHog: We use PostHog for product analytics, which collects usage data such as pages viewed, features used, clicks, and session information to help us understand how our Sites are used and improve the experience. PostHog may process your IP address and browser metadata. See PostHog's Privacy Policy for more information.

• Vector: We use Vector, a third-party visitor identification service, to help us understand which businesses are visiting our Sites. When you visit our Sites, Vector may use device attributes, IP address, and similar technologies to match your visit against its identity graph and provide us with business contact information such as name, email address, company, and job title. This service operates only for visitors located in the United States. To opt out of Vector's identification, you may submit a request at vector.co/opt-out or email security@vector.co.

Data processed for analytics and monitoring is handled in the United States. You can control cookies through your browser settings, but some features of the Sites may not work properly without them.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Sites.

• To authenticate and manage your access to the Sites.

• To facilitate procurement activities through the Supplier Portal, including sharing supplier responses with the relevant Lumari customer.

• To monitor and verify identity or service access, combat fraud, and protect the security of our Sites.

• To send you service, technical, and security notices.

• To respond to your questions, requests, and support inquiries.

• To send you marketing communications where permitted by law, and to honor your preferences.

• To analyze usage of the Sites and improve our content, features, and marketing.

• To comply with applicable laws and protect our legal rights.

For users in the European Economic Area, United Kingdom, and Switzerland, we process personal information where:

• it is necessary to provide the Sites and services you request,

• it is necessary for our legitimate interests in operating, securing, and improving the Sites and communicating with you, or

• you have given your consent, where required by law.

3. Sharing of Information

We do not sell your personal information. We share information only in the following contexts:

• Service Providers: Third-party service providers that carry out work on our behalf, including hosting, analytics, email delivery, and customer support tools. A list of our current sub-processors is available upon request by contacting privacy@lumari.io.

• Lumari Customers: Information submitted through the Supplier Portal is shared with the Lumari customer that initiated the relevant procurement request.

• Legal Requirements: If we believe disclosure is in accordance with, or required by, any applicable law or legal process.

• Business Transfers: In connection with a merger, sale of company assets, financing, or acquisition of all or a portion of our business.

• Third parties designated by you: We may share your personal information with third parties where you have provided your consent to do so.

4. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this policy, maintain the security and operation of our Sites, comply with legal obligations, and resolve disputes. When we no longer have a legitimate business need to process your personal information, we will delete or anonymize it.

5. Data Security

We use technical, administrative, and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

Additional commitments regarding data protection, security measures, and compliance with applicable data protection laws (including GDPR) are set forth in our Customer Service Agreement and Data Processing Addendum. To learn more, please contact privacy@lumari.io.

6. International Data Transfers

Your information may be transferred to and maintained on servers located in the United States or other countries outside your country of residence. Where required by applicable law, we use appropriate safeguards for international data transfers, such as Standard Contractual Clauses approved by the European Commission or other mechanisms recognized under applicable data protection laws.

7. Your Rights

Depending on where you live, you may have certain rights regarding your personal information, such as:

• Access: You can request copies of your personal information

• Correction: You can request that we correct inaccurate personal information

• Deletion: You can request that we delete your personal information

• Objection: You can object to certain types of processing (e.g., direct marketing) 

To exercise these rights, please contact us at privacy@lumari.io. We may ask you to provide information to help verify your identity. We will respond to requests as required by applicable law.

8. California Privacy Rights

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), as amended, including the right to know, access, correct, and delete certain personal information we collect, and the right to opt out of the sale or sharing of personal information. You also have the right not to be discriminated against for exercising these rights.

The categories of personal information we collect and the purposes for which we use them are described in Sections 1 and 2 above. You may manage your privacy preferences, including opting out of third-party visitor identification as described in Section 1(c), by visiting vector.co/opt-out or contacting us at privacy@lumari.io.

9. Minors

Our Sites are designed for business use and are not intended for individuals under the age of 18. If we discover that we have collected personal information from a minor in violation of applicable law, we will delete it. If you believe we might have information from or about a minor, please contact us at privacy@lumari.io.

10. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. We will notify you of material changes through updating the date at the top of this policy and any other appropriate notice. Your continued use of our Sites after any changes indicates your acceptance of the updated policy.

11. Contact Us

If you have any questions or concerns about our Privacy Policy or data practices, please contact us.

Email: privacy@lumari.io
Mail: 2261 Market Street, STE 86634, San Francisco, CA 94114, USA