Last updated: May 2026
Lumenii is a trading name of ForrTech Ltd, registered in England and Wales (company number: pending registration). Our registered office is at London, UK. References to "Lumenii", "we", "us", or "our" in this policy refer to ForrTech Ltd trading as Lumenii.
We can be contacted at: tom@lumenii.io
This Privacy Policy explains how we collect, use, store, and protect personal data when you use the Lumenii platform at lumenii.io, and when you connect your Microsoft 365 or Google Workspace tenant to our service.
This policy applies to:
When you sign up, contact us, or subscribe, we collect: your name, email address, company name, and billing information. We use this to provide the service, process payments, and communicate with you about your account. The legal basis is performance of a contract (UK GDPR Article 6(1)(b)).
When you connect your Microsoft 365 or Google Workspace tenant, Lumenii reads the following data via read-only API access:
We do not read: email content, document content, calendar entries, messages, files, or any personal communications.
The legal basis for this processing is performance of a contract (UK GDPR Article 6(1)(b)) — this data is necessary to provide the AI governance monitoring service you have contracted us to provide.
When you visit lumenii.io, we collect standard server logs including IP addresses, browser type, pages visited, and timestamps. We use this for security monitoring and to improve the service. The legal basis is legitimate interests (UK GDPR Article 6(1)(f)).
Account data is retained for the duration of your subscription and for 12 months after cancellation, to allow for reactivation and to comply with our legal obligations.
Workspace scan data (the list of AI tools detected in your organisation) is retained for 90 days of rolling history. Older scan data is automatically deleted.
Server log data is retained for 30 days.
We use the following sub-processors who may process personal data on our behalf:
We do not sell personal data to third parties. We do not share personal data with any party other than those listed above without your explicit consent, except where required by law.
All personal data is processed and stored within the United Kingdom and European Economic Area. Where any sub-processor operates outside the UK/EEA, we ensure appropriate safeguards are in place under UK GDPR Chapter V, including Standard Contractual Clauses where applicable.
Under UK GDPR you have the right to: access your personal data, correct inaccurate data, request deletion of your data, object to processing, request restriction of processing, and data portability. To exercise any of these rights, contact tom@lumenii.io. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
All data in transit is encrypted using TLS 1.3. All data at rest is encrypted using AES-256. Access to production systems is restricted to authorised personnel only. We conduct regular security reviews of our infrastructure.
Lumenii uses essential cookies for authentication and session management. These are strictly necessary for the service to function and cannot be disabled. We do not use advertising cookies or third-party tracking cookies.
Lumenii is a business-to-business service intended for use by organisations and their employees. We do not knowingly collect personal data from individuals under the age of 18.
We may update this Privacy Policy from time to time. Material changes will be notified to registered users by email at least 14 days before they take effect. The date at the top of this page always reflects when the policy was last updated.
For any privacy-related questions:
Lumenii is a trading name of ForrTech Ltd. Registered in England and Wales.