Effective Date: January 28, 2026
Welcome to Luminaire, a service of Ann Arbor Radio LLC ("Ann Arbor Radio," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Luminaire service, including our AI-powered shopping assistant ("Concierge") and merchant analytics dashboard ("Vantage") (collectively, the "Service").
This Privacy Policy is part of our Terms of Service and applies to all users of the Service, including merchants who install the Luminaire application and shoppers who interact with the Concierge widget.
Data Controller: Ann Arbor Radio LLC is the data controller for merchant account information. For shopper conversation data, merchants using our Service act as data controllers, and Luminaire acts as a data processor.
Geographic Processing: Your data is processed and stored in the United States using Amazon Web Services (AWS) infrastructure.
We collect information in three ways: directly from you, from your Ecwid store, and automatically when you use the Service.
When you install and use the Luminaire application, we collect:
When shoppers interact with the Concierge widget on your store, we collect:
Important: We do NOT collect shopper names, email addresses, phone numbers, or any other personally identifiable information unless voluntarily provided in conversation messages. We do NOT track shoppers across websites or link conversations to individual customer accounts.
When you use the Service, we automatically collect:
For clarity, Luminaire does NOT collect:
We use the information we collect for the following purposes:
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data on the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| Providing the Service, managing your account, processing payments | Contract Performance: Necessary to perform our contract with you (Terms of Service) |
| Processing shopper conversation data on behalf of merchants | Legitimate Interest: Merchant's legitimate interest in providing AI-powered customer service |
| Improving AI models and service functionality | Legitimate Interest: Our legitimate interest in improving our service and developing new features |
| Security monitoring and fraud prevention | Legitimate Interest: Our legitimate interest in protecting our service and users from security threats |
| Compliance with laws and legal obligations | Legal Obligation: Necessary to comply with applicable laws and regulations |
| Marketing communications | Consent: Your explicit consent (where required) or legitimate interest (where permitted) |
You have the right to object to processing based on legitimate interests. See Section 8 for more information about your rights.
We do not sell, rent, or trade your personal information. We share your information only in the following circumstances:
We share information with third-party service providers who perform services on our behalf:
These service providers are contractually obligated to protect your information and use it only for the purposes we specify.
If Luminaire is involved in a merger, acquisition, sale of assets, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your information.
We may disclose your information if required to do so by law or in response to:
We may share your information with third parties when you explicitly consent to such sharing.
We may share aggregated, anonymized data that does not identify you or your customers for research, marketing, analytics, or other business purposes. For example, we may share industry benchmarks or usage statistics.
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy. Specific retention periods include:
| Data Type | Retention Period |
|---|---|
| Account and store configuration | Until account deletion or 90 days after subscription cancellation |
| Product catalog data | Duration of active subscription, deleted upon account closure |
| Conversation logs (shopper interactions) | 90 days by default (configurable by merchant: 30, 60, or 90 days) |
| Analytics and aggregated data | 12 months for detailed data; indefinitely in anonymized, aggregated form |
| API request logs | 30 days |
| Billing and payment records | 7 years (for tax and accounting compliance) |
| Support communications | 3 years after case closure |
After the retention period expires, we securely delete or anonymize your information. We may retain certain information for longer periods when required by law or for legitimate business purposes (e.g., dispute resolution, legal compliance).
We implement comprehensive security measures to protect your information from unauthorized access, disclosure, alteration, and destruction:
Our infrastructure provider, Amazon Web Services, maintains industry-leading security certifications including:
While we implement industry-standard security measures, no system is completely secure. You acknowledge that you provide information at your own risk. We cannot guarantee absolute security, and we are not responsible for unauthorized access to your data resulting from circumstances beyond our reasonable control.
In the event of a data breach that affects your personal information, we will notify you and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR and applicable data protection laws.
Luminaire is based in the United States, and your information is processed and stored on servers located in the United States. If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we ensure that international data transfers comply with applicable data protection laws through the following mechanisms:
You may request a copy of the safeguards we have implemented for international transfers by contacting us at privacy@getluminaire.com.
Depending on your location, you may have certain rights regarding your personal information.
If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights:
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
To exercise any of these rights, please contact us at:
Please include the following information in your request:
To protect your privacy and security, we will verify your identity before processing your request. We may request additional information to confirm your identity and ensure we are providing information to the correct person.
We will respond to your request within:
California residents may designate an authorized agent to make privacy requests on their behalf. We require written authorization from you confirming the agent's authority.
In some cases, we may be unable to fulfill your request due to legal obligations, ongoing investigations, security concerns, or other legitimate reasons. We will explain any limitations in our response.
The Luminaire Service is not intended for use by children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages.
If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@getluminaire.com, and we will promptly delete such information.
The Luminaire Service uses minimal cookies and tracking technologies:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Session management, authentication, security features | Session (deleted when browser closes) or 30 days |
| Functional Cookies | Remember your preferences and settings | 90 days |
| Concierge Session ID | Anonymous session identifier for shopper conversations (no personal identification) | Session (deleted when browser closes) |
Luminaire does NOT use:
You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of the Service. Shopper-facing cookies (Concierge session ID) do not contain personally identifiable information and are necessary for the chatbot to function.
The Service may contain links to third-party websites, including Ecwid's platform. This Privacy Policy applies only to Luminaire's Service. We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.
California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do NOT share personal information with third parties for their direct marketing purposes.
Some browsers support "Do Not Track" (DNT) signals. Because there is no consistent industry standard for recognizing DNT signals, Luminaire does not currently respond to DNT browser signals. We do not track users across third-party websites and do not use tracking for advertising purposes.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Material changes will take effect 30 days after notification, unless a longer period is required by law. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.
We encourage you to review this Privacy Policy periodically for any updates.
Email: privacy@getluminaire.com
Support: support@getluminaire.com
Website: https://getluminaire.com
For requests related to your privacy rights (access, deletion, portability, etc.), please email:
Email: privacy@getluminaire.com
Subject Line: "Privacy Rights Request - [Your Request Type]"
If you are located in the EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority:
The following disclosures are required under the California Consumer Privacy Act:
In the past 12 months, we have collected the following categories of personal information:
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Email address, Ecwid store ID, session IDs | YES |
| Commercial Information | Product catalog, order data, subscription information | YES |
| Internet Activity | API requests, usage patterns, conversation logs | YES |
| Geolocation Data | Store location (country/region), IP-derived location | YES |
| Professional Information | Store industry/category, business information | YES |
| Inferences | Product preferences, customer behavior patterns | YES |
| Sensitive Personal Information | Precise geolocation, account credentials | NO |
We use personal information for the purposes described in Section 2 (How We Use Your Information).
We share personal information with the following categories of third parties:
WE DO NOT SELL PERSONAL INFORMATION. We have not sold personal information in the past 12 months, and we do not sell personal information of minors under 16 years of age.
See Section 5 (Data Retention) for detailed retention periods.
© 2026 Ann Arbor Radio LLC. All rights reserved.
Last Updated: January 28, 2026