Lumist Logo

Privacy Policy

Last Updated: January 13, 2025

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. How We Share Your Information
  5. Cookies and Tracking Technologies
  6. Artificial Intelligence and Machine Learning
  7. Data Security
  8. Data Retention
  9. Your Privacy Rights and Choices
  10. Children's Privacy
  11. International Data Transfers
  12. State-Specific Privacy Rights
  13. Changes to This Privacy Policy
  14. Contact Us
  15. B2B/School Partnership Data Protections

1. Introduction

Welcome to Lumist. We are committed to protecting your privacy and being transparent about how we collect, use, and share your personal information.

About Lumist

Lumist is an AI-powered SAT preparation platform that provides personalized, adaptive learning experiences through a subscription-based model. Our Service includes web-based and mobile applications that help students improve their SAT scores through:

  • AI-driven personalized study plans
  • Predictive scoring algorithms (Lumist Score)
  • Comprehensive question banks with detailed explanations
  • Performance analytics and progress tracking
  • Gamified learning features (XP, levels, streaks, leaderboards)
  • Study tools including Focus Mode and vocabulary learning

Who We Are

Lumist, Inc. 15501 Bruce B Downs Blvd, Tampa, FL 33647

Contact: contact@lumist.ai

Scope of This Policy

This Privacy Policy applies to personal information we collect through:

  • Our website at https://lumist.ai (the "Site")
  • Our web application at https://app.lumist.ai (the "App")
  • Email, text, and other electronic communications
  • Customer support interactions
  • Any other services we provide (collectively, the "Service")

This Privacy Policy does not apply to third-party websites, applications, or services, even if they are linked from our Service.

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.

If you are under 18 years old, your parent or legal guardian must review and agree to this Privacy Policy on your behalf before you use the Service.

2. Information We Collect

We collect several types of information from and about users of our Service.

2.1 Personal Information You Provide Directly

When you create an account, subscribe to our Service, or interact with us, you may provide:

Account Information:

  • Full name
  • Email address
  • Username
  • Password (encrypted and securely stored)
  • Phone number (optional)

Billing Information:

  • Billing address
  • Payment information (processed securely by Stripe; we do not store complete credit card numbers)

Communication Preferences:

  • Email notification preferences
  • Marketing communication preferences
  • Study reminder preferences

Profile Information:

  • Educational background (optional)
  • Target SAT score
  • Test date
  • Grade level

Support and Communication Data:

  • Messages you send us through support channels
  • Feedback and survey responses
  • Information you provide when you contact us

2.2 Student Educational Data

As an educational platform, we collect and process student educational records and performance data, including:

Test Performance Data:

  • Diagnostic test scores
  • Practice test scores and results
  • Section scores (Reading, Writing and Language, Math)
  • Question-by-question responses and accuracy
  • Time spent per question and section
  • Lumist Score predictions and tracking
  • Official SAT score reports (if you provide them for our Score Improvement Guarantee)

Learning Activity Data:

  • Study sessions and duration
  • Questions attempted and completed
  • Practice tests taken
  • Concepts studied and mastered
  • Topics reviewed
  • Video and lesson completion
  • Exercise completion rates

Performance Analytics:

  • Strengths and weaknesses analysis
  • Progress over time
  • Learning velocity and patterns
  • Predicted improvement trajectory
  • Skill mastery levels
  • Redemption Bounties completed

Study Behavior:

  • Daily study streaks
  • Weekly activity patterns
  • Focus Mode usage
  • Time of day study preferences
  • Study consistency metrics

2.3 Information Collected Automatically

When you access or use our Service, we automatically collect:

Device and Browser Information:

  • Device type (computer, tablet, smartphone)
  • Operating system and version
  • Browser type and version
  • Device identifiers
  • Screen resolution

Usage and Analytics Data:

  • Pages visited and features used
  • Click patterns and navigation paths
  • Time spent on pages and features
  • Search queries within the platform
  • Feature interaction patterns
  • Session duration and frequency

Network and Location Information:

  • IP address
  • General geographic location (country, state, city — derived from IP address)
  • Internet service provider
  • Time zone

2.4 Information We Do NOT Collect

To be clear, we do not collect:

  • Social Security numbers
  • Driver's license numbers
  • Biometric data (fingerprints, facial recognition)
  • Health or medical information
  • Precise GPS geolocation (we only collect city-level location from IP addresses)
  • Audio or video recordings

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide and Improve Our Service

  • Create and manage your account
  • Provide access to our platform features
  • Process your subscription payments
  • Deliver personalized study plans and recommendations
  • Generate your Lumist Score predictions
  • Track your progress and performance
  • Enable gamification features (XP, levels, streaks, leaderboards)
  • Provide customer support
  • Analyze usage patterns to improve our Service
  • Train and improve our AI models and algorithms

3.2 To Personalize Your Experience

  • Create adaptive study plans based on your performance
  • Identify your specific weaknesses and create Redemption Bounties
  • Predict your SAT score with increasing accuracy
  • Recommend content and practice questions suited to your level
  • Generate personalized study reminders and motivational messages

3.3 To Communicate with You

Service Communications:

  • Send account notifications (password resets, security alerts)
  • Provide subscription and billing updates
  • Send study reminders and progress reports
  • Respond to your support requests

Marketing Communications:

  • Send promotional emails about our Service
  • Notify you of special offers and discounts

You may opt out of marketing communications at any time by clicking "unsubscribe" in emails or adjusting your account settings.

B2B/School Account Restrictions: For accounts created through educational institutions, we will NOT use student personally identifiable information (PII) for behavioral targeting, third-party advertising, or marketing of non-educational products and services.

  • Detect and prevent fraud, abuse, and security incidents
  • Comply with applicable laws and regulations (FERPA, COPPA, state student privacy laws)
  • Enforce our Terms of Service

If you are in the European Economic Area, our legal bases include:

  • Performance of a Contract: To provide the Service you've subscribed to
  • Legitimate Interests: To improve our Service and prevent fraud
  • Consent: For marketing communications (you may withdraw at any time)
  • Legal Obligation: To comply with applicable laws and regulations

4. How We Share Your Information

We do not sell your personal information. We share your information only in the limited circumstances described below.

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Payment Processing: Stripe (PCI-DSS certified)
  • Cloud Infrastructure: Hosting and content delivery services
  • AI and Machine Learning: Google Cloud AI and other AI providers
  • Analytics Services: Usage analytics and performance monitoring
  • Communication Services: Email and customer support platforms

All service providers are contractually obligated to use your information only to provide services to us and implement appropriate security measures.

4.2 Educational Partners (B2B)

If you access Lumist through an educational institution, we may share your performance data and progress reports with that institution through their admin dashboard.

We may disclose your information if required by law, court order, or to protect the rights, property, or safety of our users or the public.

4.4 Business Transfers

If Lumist is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

4.5 What We Do NOT Share

  • We do not sell your personal information to data brokers or advertisers
  • We do not share your individual test scores with third parties for their marketing
  • We do not use your educational data for advertising targeting

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

Strictly Necessary Cookies:

  • Enable core functionality like user authentication
  • Remember your login session
  • Cannot be disabled without affecting core functionality

Performance and Analytics Cookies:

  • Understand how you use our Service (e.g., Google Analytics)
  • Track which features are most used
  • Identify technical issues

Functionality Cookies:

  • Remember your preferences and settings
  • Customize your user interface

Most browsers allow you to view, delete, or block cookies. Note that disabling cookies may prevent you from using certain features.

You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on.

6. Artificial Intelligence and Machine Learning

6.1 How We Use AI

Our AI systems power:

  • Adaptive Learning: Analyze your responses and adjust question difficulty in real-time
  • Predictive Scoring: Generate your "Lumist Score" — a prediction of your expected SAT score
  • Content Recommendation: Suggest practice questions and generate "Redemption Bounties"
  • Performance Analysis: Identify optimal study patterns and detect disengagement risk

6.2 Data Used to Train AI

We use aggregated, de-identified data to train and improve our AI models. Individual identifiable data is NOT used to train general AI models. Your specific data is used only to personalize your own experience.

6.3 AI Limitations

Our AI predictions and recommendations are not guarantees. Lumist Score predictions are estimates — results depend on many factors including your effort, consistency, and individual learning style. You should verify important information from AI outputs independently.

6.4 Opting Out of AI Features

Some AI features are core to how Lumist works and cannot be disabled. To discuss your options, contact us at contact@lumist.ai.

7. Data Security

7.1 Our Security Measures

Technical Safeguards:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure password hashing
  • Regular security vulnerability assessments
  • Firewalls and intrusion detection systems

Administrative Safeguards:

  • Limited employee access to personal data (need-to-know basis)
  • Employee training on data protection
  • Incident response procedures

Payment Security: Payment information is handled exclusively by Stripe, which is PCI-DSS Level 1 certified. We do not store complete credit card numbers.

7.2 Your Security Responsibilities

  • Maintain the confidentiality of your password
  • Log out after using shared computers
  • Notify us immediately of any unauthorized access

7.3 Security Limitations

No system is completely secure. In the event of a data breach:

  • For individual users: We will notify you as required by applicable law
  • For B2B/School accounts: We will notify the institution within 72 hours of discovering the breach

If you believe your account has been compromised, immediately change your password and contact us at contact@lumist.ai.

8. Data Retention

8.1 How Long We Keep Your Information

Active Accounts:

  • Account information: Retained as long as your account is active
  • Usage data: Retained for up to 2 years for analytics purposes

After Account Cancellation:

  • We retain your data for 90 days to allow you to reactivate your subscription
  • After 90 days, most personal data is deleted

After Account Deletion:

  • Core personal data is deleted within 30 days
  • Transaction records: Up to 7 years (for tax and accounting purposes)
  • Aggregate, de-identified data: May be retained indefinitely

8.2 How to Request Data Deletion

To delete your account and personal data:

  1. Log into your account
  2. Go to Account Settings
  3. Select "Delete My Account"
  4. Confirm deletion

Or email us at contact@lumist.ai with your deletion request. Deletion is permanent and cannot be undone.

9. Your Privacy Rights and Choices

You have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correct: Update inaccurate information in your account settings
  • Delete: Request deletion of your account and personal data
  • Portability: Export your study progress and performance data
  • Opt-Out: Unsubscribe from marketing communications at any time

How to Exercise Your Rights

Email: contact@lumist.ai Subject line: Privacy Rights Request

Include your full name, the email address associated with your account, and the specific right you wish to exercise. We will respond within 30 days.

10. Children's Privacy

10.1 Age Requirements

Our Service is intended for users who are at least 13 years old. We do not knowingly collect personal information from children under 13 without verifiable parental consent, except through School Partnerships where the school has obtained necessary parental consent as required by COPPA.

Users aged 13–17 may create an account with parental consent.

10.2 COPPA Compliance

For users under 13 accessing through school partnerships:

  • We obtain verifiable parental consent before collecting personal information
  • Parents may review, request deletion of, or refuse further collection of their child's information

10.3 FERPA

For students whose schools use Lumist, we comply with the Family Educational Rights and Privacy Act (FERPA), acting as a "school official" with legitimate educational interests.

10.4 Parental Rights

Parents or guardians may contact us at contact@lumist.ai (Subject: Children's Privacy Request) to review, correct, or delete their child's information.

11. International Data Transfers

Lumist is based in the United States. Your information may be transferred to and processed in the U.S. and countries where our service providers operate.

For users in the European Economic Area (EEA) or UK, we rely on Standard Contractual Clauses (SCCs) for international transfers. You may request a copy of the SCCs by contacting contact@lumist.ai.

12. State-Specific Privacy Rights

12.1 California Residents (CCPA/CPRA)

California residents have the right to:

  1. Know what personal information we collect and how it is used
  2. Delete your personal information (subject to certain exceptions)
  3. Correct inaccurate personal information
  4. Opt-Out of Sale/Sharing — we do not sell personal information
  5. Non-Discrimination — we will not discriminate against you for exercising your rights

We do not sell your personal information. To exercise your rights, email contact@lumist.ai (Subject: California Privacy Rights Request). We will respond within 45 days.

12.2 Virginia, Colorado, Connecticut, Utah, and Other States

Residents of states with comprehensive privacy laws have similar rights including access, correction, deletion, and data portability. Contact us at contact@lumist.ai to exercise these rights.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you by email and/or through a prominent notice on our Service

Your continued use of the Service after changes take effect constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices:

Email: contact@lumist.ai

Mailing Address: Lumist, Inc. 15501 Bruce B Downs Blvd, Tampa, FL 33647

We will respond to your inquiry within 30 days. If you are in the EEA or UK and believe we have violated your privacy rights, you have the right to lodge a complaint with your local data protection authority.

15. B2B/School Partnership Data Protections

This section applies to educational institutions, schools, and B2B partners and supersedes any conflicting terms for B2B/School accounts.

15.1 FERPA Compliance

Lumist operates as a "School Official" with a "legitimate educational interest" as defined under FERPA 34 CFR § 99.31(a)(1). We:

  • Process Student Data solely to provide contracted educational services
  • Maintain appropriate security safeguards for Education Records
  • Do not re-disclose Education Records without institutional authorization

15.2 Data Ownership and Control

  • All Student Data remains the exclusive property of the educational institution
  • No perpetual or irrevocable licenses apply to B2B/School account Student Data
  • Upon contract termination, Student Data will be securely deleted or returned within 30 days

15.3 Prohibited Uses

For B2B/School accounts, we strictly prohibit:

  • Using student PII for behavioral targeting or profiling for non-educational purposes
  • Selling or sharing Student Data with third parties for their marketing
  • Building profiles of students for purposes unrelated to educational services

15.4 Breach Notification for B2B Accounts

In the event of a data breach affecting B2B/School Student Data, we will notify the educational institution within 72 hours of discovering the breach.

15.5 Data Processing Addendum

All B2B/School partnerships are governed by a separate Data Processing Addendum. To request a copy, contact: contact@lumist.ai.

© 2026 Lumist, Inc. · 15501 Bruce B Downs Blvd, Tampa, FL 33647

Privacy Policy — Lumist