Privacy Policy

Lumro ("we", "us") is a Discord integration that mirrors server activity into a private database owned by the community operator who installed the bot. We process data on behalf of that operator under their Discord server's terms; the operator is the data controller, we are the data processor.

This policy describes what we collect, how long we keep it, and what choices you (a member of a server running Lumro) have.

When the bot is installed in a Discord server, we mirror:

• Messages — content, attachments metadata, timestamps, edit history, author Discord user ID
• Members — Discord user ID, server display name, avatar URL, join date, role assignments
• Reactions — message ID, user ID, emoji
• Channels & threads — names, topics, permissions, parent channel
• Server metadata — server name, icon, owner ID, member count, role definitions

We do not collect: voice/video content, direct messages between members, payment information, or anything from servers where the bot is not installed.

Mirrored data powers the analytics, retention insights, and bot DMs that the community operator configured. Specifically:

• Showing the operator who's active, who's churning, and what topics drive engagement
• Drafting bot DMs to members (operator approves before send)
• Producing aggregate analytics dashboards

We do not sell data. We do not share data between operators.

We call third-party AI APIs (Anthropic, OpenAI) for analysis and draft generation. Per their enterprise terms, content sent to their APIs is not used to train their models. We don't train models ourselves. Your messages aren't fed into any AI training run, ever.

We keep mirrored data for 365 days after the source message is deleted in Discord. When a server uninstalls Lumro, we perform a hard delete of all data for that server within 30 days (Discord Developer Policy requirement).

Tombstones — small records of which message IDs existed — may persist longer to prevent duplicate re-ingestion during the deletion window. Tombstones contain no message content.

You can opt out of being mirrored. Once opted out, we stop ingesting any new content authored by your Discord user ID and we erase your historical messages from our database within 30 days.

To opt out:

• DM the bot the command /optout, or
• POST your Discord user ID and verification token to /api/privacy/opt-out

Opt-outs are recorded per Discord user ID and apply across every server where Lumro sees you.

We use the following subprocessors to deliver the service:

• Supabase (PostgreSQL hosting, EU/US regions)
• Vercel (dashboard hosting)
• Fly.io (bot & worker hosting)
• Anthropic (LLM API — Claude)
• OpenAI (LLM API — fallback drafting)
• Axiom (structured log storage)
• Healthchecks.io (external dead-man's-switch for sweep watchdog)

All subprocessors are bound by DPAs that prohibit using customer data outside of providing the service to us.

We comply with the Discord Developer Policy, in particular Section 7 (data handling): we only collect data necessary for the functionality the operator authorized, we honor server & user data deletion requests, and we perform a hard delete on uninstall within 30 days.

EU/EEA users have the right to access, correct, port, or erase their data. Send a request to privacy@lumro.ai. We respond within 30 days.

Server operators acting as data controllers under GDPR can request a signed DPA at the same address.

Privacy questions: privacy@lumro.ai

Security disclosures: security@lumro.ai